updateShout
This commit is contained in:
knst-kotov
parent
b8b7854c4c
commit
1ce88a3515
|
|
@ -62,8 +62,10 @@ class JWTAuthenticate(AuthenticationBackend):
|
|||
except Exception as exc:
|
||||
return AuthCredentials(scopes=[], error_message=str(exc)), AuthUser(user_id=None)
|
||||
|
||||
if payload is None:
|
||||
return AuthCredentials(scopes=[]), AuthUser(user_id=None)
|
||||
|
||||
scopes = User.get_permission(user_id=payload.user_id)
|
||||
print(scopes)
|
||||
return AuthCredentials(user_id=payload.user_id, scopes=scopes, logged_in=True), AuthUser(user_id=payload.user_id)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ class UserRole(Base):
|
|||
class User(Base):
|
||||
__tablename__ = 'user'
|
||||
|
||||
email: str = Column(String, nullable=False)
|
||||
email: str = Column(String, unique=True, nullable=False)
|
||||
username: str = Column(String, nullable=False, comment="Name")
|
||||
password: str = Column(String, nullable=True, comment="Password")
|
||||
|
||||
|
|
@ -32,7 +32,9 @@ class User(Base):
|
|||
user = session.query(User).filter(User.id == user_id).first()
|
||||
for role in user.roles:
|
||||
for p in role.permissions:
|
||||
scope[p.resource_id] = p.operation_id
|
||||
if not p.resource_id in scope:
|
||||
scope[p.resource_id] = set()
|
||||
scope[p.resource_id].add(p.operation_id)
|
||||
return scope
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
from orm import Shout, User, Organization
|
||||
from orm import Shout, User, Organization, Resource
|
||||
from orm.base import local_session
|
||||
|
||||
from resolvers.base import mutation, query
|
||||
|
|
@ -119,13 +119,16 @@ async def create_shout(_, info, input):
|
|||
|
||||
@mutation.field("updateShout")
|
||||
@login_required
|
||||
async def update_shout(_, info, shout_id, input):
|
||||
async def update_shout(_, info, input):
|
||||
auth = info.context["request"].auth
|
||||
user_id = auth.user_id
|
||||
|
||||
slug = input["slug"]
|
||||
org_id = org = input["org_id"]
|
||||
with local_session() as session:
|
||||
user = session.query(User).filter(User.id == user_id).first()
|
||||
shout = session.query(Shout).filter(Shout.id == shout_id).first()
|
||||
shout = session.query(Shout).filter(Shout.slug == slug).first()
|
||||
org = session.query(Organization).filter(Organization.id == org_id).first()
|
||||
|
||||
if not shout:
|
||||
return {
|
||||
|
|
@ -133,12 +136,30 @@ async def update_shout(_, info, shout_id, input):
|
|||
}
|
||||
|
||||
if shout.author_id != user_id:
|
||||
scope = info.context["request"].scope
|
||||
if not Resource.shout_id in scope:
|
||||
scopes = auth.scopes
|
||||
print(scopes)
|
||||
if not Resource.shout_id in scopes:
|
||||
return {
|
||||
"error" : "access denied"
|
||||
}
|
||||
|
||||
shout.body = input["body"],
|
||||
shout.replyTo = input.get("replyTo"),
|
||||
shout.versionOf = input.get("versionOf"),
|
||||
shout.tags = input.get("tags"),
|
||||
shout.topics = input.get("topics")
|
||||
|
||||
with local_session() as session:
|
||||
session.commit()
|
||||
|
||||
task = GitTask(
|
||||
input,
|
||||
org.name,
|
||||
user.username,
|
||||
user.email,
|
||||
"update shout %s" % (shout.slug)
|
||||
)
|
||||
|
||||
return {
|
||||
"shout" : shout
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user