michael/pyfedi
1
0
Fork 0
mirror of https://codeberg.org/rimu/pyfedi synced 2025-01-23 19:36:56 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

user roles and permissions

Browse source
This commit is contained in:
rimu 2023-10-18 22:23:59 +13:00
parent 5aa7320bea
commit 4b916fcf86
5 changed files with 170 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

84
app/cli.py
View file

@ -6,7 +6,9 @@ from app import db
import click import click
import os import os
from app.models import Settings, BannedInstances, Interest from app.auth.email import send_verification_email
from app.auth.util import random_token
from app.models import Settings, BannedInstances, Interest, Role, User, RolePermission
from app.utils import file_get_contents from app.utils import file_get_contents
@ -48,33 +50,63 @@ def register(app):
db.drop_all() db.drop_all()
db.configure_mappers() db.configure_mappers()
db.create_all() db.create_all()
db.session.append(Settings(name='allow_nsfw', value=json.dumps(False))) db.session.add(Settings(name='allow_nsfw', value=json.dumps(False)))
db.session.append(Settings(name='allow_nsfl', value=json.dumps(False))) db.session.add(Settings(name='allow_nsfl', value=json.dumps(False)))
db.session.append(Settings(name='allow_dislike', value=json.dumps(True))) db.session.add(Settings(name='allow_dislike', value=json.dumps(True)))
db.session.append(Settings(name='allow_local_image_posts', value=json.dumps(True))) db.session.add(Settings(name='allow_local_image_posts', value=json.dumps(True)))
db.session.append(Settings(name='allow_remote_image_posts', value=json.dumps(True))) db.session.add(Settings(name='allow_remote_image_posts', value=json.dumps(True)))
db.session.append(Settings(name='registration_open', value=json.dumps(True))) db.session.add(Settings(name='registration_open', value=json.dumps(True)))
db.session.append(Settings(name='approve_registrations', value=json.dumps(False))) db.session.add(Settings(name='approve_registrations', value=json.dumps(False)))
db.session.append(Settings(name='federation', value=json.dumps(True))) db.session.add(Settings(name='federation', value=json.dumps(True)))
db.session.append(BannedInstances(domain='lemmygrad.ml')) db.session.add(BannedInstances(domain='lemmygrad.ml'))
db.session.append(BannedInstances(domain='gab.com')) db.session.add(BannedInstances(domain='gab.com'))
db.session.append(BannedInstances(domain='rqd2.net')) db.session.add(BannedInstances(domain='rqd2.net'))
db.session.append(BannedInstances(domain='exploding-heads.com')) db.session.add(BannedInstances(domain='exploding-heads.com'))
db.session.append(BannedInstances(domain='hexbear.net')) db.session.add(BannedInstances(domain='hexbear.net'))
db.session.append(BannedInstances(domain='threads.net')) db.session.add(BannedInstances(domain='threads.net'))
interests = file_get_contents('interests.txt') interests = file_get_contents('interests.txt')
db.session.append(Interest(name='🕊 Chilling', communities=parse_communities(interests, 'chilling'))) db.session.add(Interest(name='🕊 Chilling', communities=parse_communities(interests, 'chilling')))
db.session.append(Interest(name='💭 Interesting stuff', communities=parse_communities(interests, 'interesting stuff'))) db.session.add(Interest(name='💭 Interesting stuff', communities=parse_communities(interests, 'interesting stuff')))
db.session.append(Interest(name='📰 News & Politics', communities=parse_communities(interests, 'news & politics'))) db.session.add(Interest(name='📰 News & Politics', communities=parse_communities(interests, 'news & politics')))
db.session.append(Interest(name='🎮 Gaming', communities=parse_communities(interests, 'gaming'))) db.session.add(Interest(name='🎮 Gaming', communities=parse_communities(interests, 'gaming')))
db.session.append(Interest(name='🤓 Linux', communities=parse_communities(interests, 'linux'))) db.session.add(Interest(name='🤓 Linux', communities=parse_communities(interests, 'linux')))
db.session.append(Interest(name='♻️ Environment', communities=parse_communities(interests, 'environment'))) db.session.add(Interest(name='♻️ Environment', communities=parse_communities(interests, 'environment')))
db.session.append(Interest(name='🏳‍🌈 LGBTQ+', communities=parse_communities(interests, 'lgbtq'))) db.session.add(Interest(name='🏳‍🌈 LGBTQ+', communities=parse_communities(interests, 'lgbtq')))
db.session.append(Interest(name='🛠 Programming', communities=parse_communities(interests, 'programming'))) db.session.add(Interest(name='🛠 Programming', communities=parse_communities(interests, 'programming')))
db.session.append(Interest(name='🖥️ Tech', communities=parse_communities(interests, 'tech'))) db.session.add(Interest(name='🖥️ Tech', communities=parse_communities(interests, 'tech')))
db.session.append(Interest(name='🤗 Mental Health', communities=parse_communities(interests, 'mental health'))) db.session.add(Interest(name='🤗 Mental Health', communities=parse_communities(interests, 'mental health')))
# Initial roles
anon_role = Role(name='Anonymous user', weight=0)
anon_role.permissions.append(RolePermission(permission='register'))
db.session.add(anon_role)
auth_role = Role(name='Authenticated user', weight=1)
db.session.add(auth_role)
staff_role = Role(name='Staff', weight=2)
staff_role.permissions.append(RolePermission(permission='approve registrations'))
staff_role.permissions.append(RolePermission(permission='manage users'))
db.session.add(staff_role)
admin_role = Role(name='Admin', weight=3)
admin_role.permissions.append(RolePermission(permission='change user roles'))
admin_role.permissions.append(RolePermission(permission='manage users'))
db.session.add(admin_role)
# Admin user
user_name = input("Admin user name (ideally not 'admin'): ")
email = input("Admin email address: ")
password = input("Admin password: ")
verification_token = random_token(16)
admin_user = User(user_name=user_name, email=email, verification_token=verification_token)
admin_user.set_password(password)
admin_user.roles.append(admin_role)
send_verification_email(admin_user)
print("Check your email inbox for a verification link.")
db.session.commit() db.session.commit()
print("Done") print("Initial setup is finished.")
def parse_communities(interests_source, segment): def parse_communities(interests_source, segment):

1
app/constants.py
View file

@ -8,6 +8,7 @@ POST_TYPE_POLL = 5
DATETIME_MS_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ" DATETIME_MS_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ"
# Community subscription levels
SUBSCRIPTION_OWNER = 3 SUBSCRIPTION_OWNER = 3
SUBSCRIPTION_MODERATOR = 2 SUBSCRIPTION_MODERATOR = 2
SUBSCRIPTION_MEMBER = 1 SUBSCRIPTION_MEMBER = 1

21
app/models.py
View file

@ -113,6 +113,13 @@ class Community(db.Model):
).all() ).all()
user_role = db.Table('user_role',
db.Column('user_id', db.Integer, db.ForeignKey('user.id')),
db.Column('role_id', db.Integer, db.ForeignKey('role.id')),
db.PrimaryKeyConstraint('user_id', 'role_id')
)
class User(UserMixin, db.Model): class User(UserMixin, db.Model):
query_class = FullTextSearchQuery query_class = FullTextSearchQuery
id = db.Column(db.Integer, primary_key=True) id = db.Column(db.Integer, primary_key=True)
@ -129,7 +136,6 @@ class User(UserMixin, db.Model):
show_nsfl = db.Column(db.Boolean, default=False) show_nsfl = db.Column(db.Boolean, default=False)
created = db.Column(db.DateTime, default=datetime.utcnow) created = db.Column(db.DateTime, default=datetime.utcnow)
last_seen = db.Column(db.DateTime, default=datetime.utcnow, index=True) last_seen = db.Column(db.DateTime, default=datetime.utcnow, index=True)
role = db.Column(db.Integer, default=0)
avatar_id = db.Column(db.Integer, db.ForeignKey('file.id')) avatar_id = db.Column(db.Integer, db.ForeignKey('file.id'))
cover_id = db.Column(db.Integer, db.ForeignKey('file.id')) cover_id = db.Column(db.Integer, db.ForeignKey('file.id'))
public_key = db.Column(db.Text) public_key = db.Column(db.Text)
@ -164,6 +170,8 @@ class User(UserMixin, db.Model):
posts = db.relationship('Post', backref='author', lazy='dynamic', cascade="all, delete-orphan") posts = db.relationship('Post', backref='author', lazy='dynamic', cascade="all, delete-orphan")
post_replies = db.relationship('PostReply', backref='author', lazy='dynamic', cascade="all, delete-orphan") post_replies = db.relationship('PostReply', backref='author', lazy='dynamic', cascade="all, delete-orphan")
roles = db.relationship('Role', secondary=user_role, lazy='dynamic', cascade="all, delete")
def __repr__(self): def __repr__(self):
return '<User {}>'.format(self.user_name) return '<User {}>'.format(self.user_name)
@ -489,6 +497,17 @@ class FilterKeyword(db.Model):
user_id = db.Column(db.Integer, db.ForeignKey('user.id')) user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
class Role(db.Model):
id = db.Column(db.Integer, primary_key=True)
name = db.Column(db.String(50))
weight = db.Column(db.Integer, default=0)
permissions = db.relationship('RolePermission')
class RolePermission(db.Model):
role_id = db.Column(db.Integer, db.ForeignKey('role.id'), primary_key=True)
permission = db.Column(db.String, primary_key=True, index=True)
@login.user_loader @login.user_loader
def load_user(id): def load_user(id):

38
migrations/versions/882e33231c5b_user_roles_additional.py Normal file
View file

@ -0,0 +1,38 @@
"""user roles additional
Revision ID: 882e33231c5b
Revises: f1f0c854ae18
Create Date: 2023-10-18 22:10:16.602027
"""
from alembic import op
import sqlalchemy as sa
# revision identifiers, used by Alembic.
revision = '882e33231c5b'
down_revision = 'f1f0c854ae18'
branch_labels = None
depends_on = None
def upgrade():
# ### commands auto generated by Alembic - please adjust! ###
with op.batch_alter_table('role_permission', schema=None) as batch_op:
batch_op.create_foreign_key(None, 'role', ['role_id'], ['id'])
with op.batch_alter_table('user', schema=None) as batch_op:
batch_op.drop_column('role')
# ### end Alembic commands ###
def downgrade():
# ### commands auto generated by Alembic - please adjust! ###
with op.batch_alter_table('user', schema=None) as batch_op:
batch_op.add_column(sa.Column('role', sa.INTEGER(), autoincrement=False, nullable=True))
with op.batch_alter_table('role_permission', schema=None) as batch_op:
batch_op.drop_constraint(None, type_='foreignkey')
# ### end Alembic commands ###

53
migrations/versions/f1f0c854ae18_user_roles_permissions.py Normal file
View file

@ -0,0 +1,53 @@
"""user roles permissions
Revision ID: f1f0c854ae18
Revises: e82f86c550ac
Create Date: 2023-10-18 21:39:43.281172
"""
from alembic import op
import sqlalchemy as sa
# revision identifiers, used by Alembic.
revision = 'f1f0c854ae18'
down_revision = 'e82f86c550ac'
branch_labels = None
depends_on = None
def upgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.create_table('role',
sa.Column('id', sa.Integer(), nullable=False),
sa.Column('name', sa.String(length=50), nullable=True),
sa.Column('weight', sa.Integer(), nullable=True),
sa.PrimaryKeyConstraint('id')
)
op.create_table('role_permission',
sa.Column('role_id', sa.Integer(), nullable=False),
sa.Column('permission', sa.String(), nullable=False),
sa.PrimaryKeyConstraint('role_id', 'permission')
)
with op.batch_alter_table('role_permission', schema=None) as batch_op:
batch_op.create_index(batch_op.f('ix_role_permission_permission'), ['permission'], unique=False)
op.create_table('user_role',
sa.Column('user_id', sa.Integer(), nullable=False),
sa.Column('role_id', sa.Integer(), nullable=False),
sa.ForeignKeyConstraint(['role_id'], ['role.id'], ),
sa.ForeignKeyConstraint(['user_id'], ['user.id'], ),
sa.PrimaryKeyConstraint('user_id', 'role_id')
)
# ### end Alembic commands ###
def downgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.drop_table('user_role')
with op.batch_alter_table('role_permission', schema=None) as batch_op:
batch_op.drop_index(batch_op.f('ix_role_permission_permission'))
op.drop_table('role_permission')
op.drop_table('role')
# ### end Alembic commands ###