Plugin + API + Changing user works
This commit is contained in:
seba
parent
8e0ad87341
commit
a1052df608
|
|
@ -0,0 +1,13 @@
|
|||
Kassensystem
|
||||
|
||||
|
||||
|
||||
Installation Process
|
||||
====================
|
||||
- edit settings.py for database
|
||||
- Add Usergroups: ('Normal User', 'Plugin') ( to be renamed)
|
||||
- ./manage.py syncdb
|
||||
|
||||
|
||||
API
|
||||
===
|
||||
|
|
@ -1,6 +1,9 @@
|
|||
from functools import wraps
|
||||
from django.contrib.auth.models import User, Group
|
||||
from piston.utils import rc
|
||||
from main.models import Plugin, PluginPermission
|
||||
|
||||
def changeUserOnPlugin(apiFunc):
|
||||
def manglePluginPerms(apiFunc):
|
||||
""" Changes to a given user when the authenticated user is an plugin
|
||||
|
||||
When the user which called the apifunc is an plugin this function
|
||||
|
|
@ -15,9 +18,66 @@ def changeUserOnPlugin(apiFunc):
|
|||
|
||||
@wraps(apiFunc)
|
||||
def wrapper(self, request, *args, **kwargs):
|
||||
return self.apiFunc(request, *args, **kwargs)
|
||||
if request.method != 'GET':
|
||||
if not request.content_type:
|
||||
request.data = request.POST
|
||||
else:
|
||||
request.data = request.GET
|
||||
|
||||
# 0. is user a plugin?
|
||||
try:
|
||||
group = request.user.groups.get(name="Plugin")
|
||||
except Group.DoesNotExist:
|
||||
# user is not a plugin, exec the apiFunc
|
||||
return apiFunc(self, request, *args, **kwargs)
|
||||
|
||||
# get the plugin for the user
|
||||
# FIXME: Could throw exception when we have no plugin for the
|
||||
# user - where should we report this?
|
||||
plugin = Plugin.objects.get(user=request.user)
|
||||
|
||||
# 1. find user!
|
||||
user = None
|
||||
try:
|
||||
user = User.objects.get(username=request.data.get('user', ''))
|
||||
except User.DoesNotExist:
|
||||
ret = rc.NOT_HERE
|
||||
ret.write("\nThe user you requested could not be found\n")
|
||||
return ret
|
||||
|
||||
# 2. does the plugin has permission for this user?
|
||||
perms = None
|
||||
try:
|
||||
perms = PluginPermission.objects.get(user=user, plugin=plugin)
|
||||
except PluginPermission.DoesNotExist:
|
||||
ret = rc.FORBIDDEN
|
||||
ret.write("\nThe user did not grant you permission to act on his behalf\n")
|
||||
return ret
|
||||
|
||||
# 3. put stuff into the request
|
||||
request.user = user
|
||||
request.plugin = plugin
|
||||
return apiFunc(self, request, *args, **kwargs)
|
||||
return wrapper
|
||||
|
||||
def requirePlugin(apiFunc):
|
||||
"""Check if user is a plugin.
|
||||
|
||||
Checks if the user is a member of the "Plugin" Group. Returns a rc.FORBIDDEN
|
||||
if not.
|
||||
"""
|
||||
|
||||
@wraps(apiFunc)
|
||||
def wrapper(self, request, *args, **kwargs):
|
||||
try:
|
||||
if request.user:
|
||||
group = request.user.groups.get(name="Plugin")
|
||||
# no exception, exec apiFunc!
|
||||
return apiFunc(self, request, *args, **kwargs)
|
||||
except Groups.DoesNotExist:
|
||||
pass
|
||||
ret = rc.FORBIDDEN
|
||||
|
||||
|
||||
return rc.FORBIDDEN
|
||||
return wrapper
|
||||
|
||||
|
|
|
|||
|
|
@ -2,11 +2,12 @@ from piston.handler import BaseHandler
|
|||
from piston.utils import rc
|
||||
from k4ever.buyable.models import *
|
||||
from k4ever.transaction.models import *
|
||||
from decorators import changeUserOnPlugin
|
||||
from django.contrib.auth.decorators import user_passes_test
|
||||
from django.contrib.auth.models import Group
|
||||
from decorators import *
|
||||
from decimal import Decimal, InvalidOperation
|
||||
import datetime
|
||||
|
||||
|
||||
def getInt(d, key, default):
|
||||
try:
|
||||
return int(d.get(key, default))
|
||||
|
|
@ -39,6 +40,7 @@ class BuyableItemHandler(BaseHandler):
|
|||
error.write("This buyable does not exist in our database")
|
||||
return error
|
||||
|
||||
@manglePluginPerms
|
||||
def create(self, request, itemId=None):
|
||||
if not request.content_type:
|
||||
request.data = request.POST
|
||||
|
|
@ -81,6 +83,7 @@ class TransactionTransactHandler(BaseHandler):
|
|||
model = Transaction
|
||||
fields = ('amount', 'dateTime', 'checked', ('transactionType', ('id', 'name')))
|
||||
|
||||
@manglePluginPerms
|
||||
def read(self, request):
|
||||
num = getInt(request.GET, 'num', 0)
|
||||
if num < 0:
|
||||
|
|
@ -91,6 +94,7 @@ class TransactionTransactHandler(BaseHandler):
|
|||
return userTrans[:num]
|
||||
return userTrans
|
||||
|
||||
@manglePluginPerms
|
||||
def create(self, request):
|
||||
amount = getDecimal(request.POST, 'amount', Decimal(0))
|
||||
tTypeId = getInt(request.POST, 'type', -1)
|
||||
|
|
@ -121,6 +125,8 @@ class TransactionTypeHandler(BaseHandler):
|
|||
|
||||
class AccountBalanceHandler(BaseHandler):
|
||||
allowed_methods = ('GET',)
|
||||
|
||||
@manglePluginPerms
|
||||
def read(self, request):
|
||||
balance = request.user.get_profile().balance
|
||||
return {'balance': balance}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
from models import UserProfile
|
||||
from models import UserProfile, Plugin, PluginPermission
|
||||
from django.contrib import admin
|
||||
|
||||
admin.site.register(UserProfile)
|
||||
admin.site.register(Plugin)
|
||||
admin.site.register(PluginPermission)
|
||||
|
||||
|
|
|
|||
|
|
@ -18,12 +18,21 @@ def createUserProfile(sender, instance, created, **kwargs):
|
|||
|
||||
post_save.connect(createUserProfile, sender=User)
|
||||
|
||||
class Plugin(models.Model):
|
||||
name = models.CharField(max_length=40)
|
||||
user = models.ForeignKey(User, unique=True)
|
||||
author = models.CharField(max_length=40)
|
||||
version = models.CharField(max_length=40)
|
||||
descr = models.TextField(default='')
|
||||
uniqueAuthblob = models.BooleanField(default=False)
|
||||
|
||||
def __unicode__(self):
|
||||
return self.name
|
||||
|
||||
class PluginPermission(models.Model):
|
||||
user = models.ForeignKey(User)
|
||||
plugin = models.ForeignKey('Plugin')
|
||||
authBlob = models.TextField()
|
||||
|
||||
class Plugin(models.Model):
|
||||
user = models.ForeignKey(User)
|
||||
uniqueAuthblob = models.BooleanField(default=False)
|
||||
|
||||
authBlob = models.TextField(default='')
|
||||
|
||||
def __unicode__(self):
|
||||
return "%s allows %s" % (self.user, self.plugin)
|
||||
|
|
|
|||
|
|
@ -7,6 +7,91 @@
|
|||
<br />
|
||||
<br />
|
||||
<br />
|
||||
<h2>Plugin permissions</h2>
|
||||
<h2>Plugin Berechtigungen</h2>
|
||||
<hr />
|
||||
<p>
|
||||
<form method="POST" action="/settings/plugins/addperm/">
|
||||
<select name="pid">
|
||||
<option value="0"> ----- </option>
|
||||
{% for plugin in unallowedplugins %}
|
||||
<option value="{{ plugin.id }}">{{ plugin.name }}</option>
|
||||
{% endfor %}
|
||||
</select>
|
||||
<input type="submit" value="Plugin erlauben">
|
||||
</form>
|
||||
</p>
|
||||
<p>
|
||||
<table>
|
||||
<tr>
|
||||
<th>Name</th>
|
||||
<th>AuthBlob</th>
|
||||
<th>Optionen</th>
|
||||
</tr>
|
||||
{% if pluginpermissions %}
|
||||
{% for pperm in pluginpermissions %}
|
||||
{% if pperm.plugin in plugins %}
|
||||
end test
|
||||
{% endif %}
|
||||
<tr style="background: green">
|
||||
<td style="vertical-align:middle">{{ pperm.plugin }}</td>
|
||||
<td style="vertical-align:middle">
|
||||
<form method="post" action="">
|
||||
<textarea name="authblob">{{ pperm.authBlob }}</textarea>
|
||||
<input type="submit" value="Speichern" />
|
||||
</form>
|
||||
</td>
|
||||
<td style="vertical-align:middle">
|
||||
<form method="post" action="">
|
||||
<input type="submit" value="Berechtigungen aufheben" />
|
||||
</form>
|
||||
<td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
<tr>
|
||||
<td align="center" colspan="10">Du hast bisher keinem Plugin zugriff auf deinen Account gewährt</td>
|
||||
</tr>
|
||||
{% endif %}
|
||||
</table>
|
||||
Perms {{ pluginpermissions }} <br />
|
||||
<br /><br />
|
||||
<h2>Second Idea for Plugin interface</h2>
|
||||
<hr />
|
||||
<p>
|
||||
<table>
|
||||
<tr>
|
||||
<th>Name</th>
|
||||
<th>AuthBlob</th>
|
||||
<th>Optionen</th>
|
||||
</tr>
|
||||
{% if pluginpermissions %}
|
||||
{% for plugin in plugins %}
|
||||
<tr style="{%if plugin in unallowedplugins%}background:red{%else%}background: green{%endif%}">
|
||||
<td style="vertical-align:middle">{{ plugin }}</td>
|
||||
<td style="vertical-align:middle">
|
||||
{%if plugin not in unallowedplugins %}
|
||||
<form method="post" action="">
|
||||
<textarea name="authblob">{{ pperm.authBlob }}</textarea>
|
||||
<input type="submit" value="Speichern" />
|
||||
</form>
|
||||
{%endif%}
|
||||
</td>
|
||||
<td style="vertical-align:middle">
|
||||
<form method="post" action="">
|
||||
{%if plugin in unallowedplugins %}
|
||||
<input type="submit" value="Berechtigungen hinzufügen" />
|
||||
{%else%}
|
||||
<input type="submit" value="Berechtigungen aufheben" />
|
||||
{%endif%}
|
||||
</form>
|
||||
<td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
<tr>
|
||||
<td align="center" colspan="10">Du hast bisher keinem Plugin zugriff auf deinen Account gewährt</td>
|
||||
</tr>
|
||||
{% endif %}
|
||||
</table>
|
||||
</p>
|
||||
{% endblock %}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@ from django.shortcuts import render_to_response
|
|||
from django.template import RequestContext
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.db.models import Count
|
||||
from main.models import Plugin, PluginPermission
|
||||
|
||||
|
||||
from buyable.models import Purchase, Buyable
|
||||
|
||||
|
|
@ -20,4 +22,7 @@ def register(request):
|
|||
|
||||
@login_required
|
||||
def settings(request):
|
||||
return render_to_response("settings/settings.html", RequestContext(request))
|
||||
plugins = Plugin.objects.all()
|
||||
unallowed = Plugin.objects.exclude(pluginpermission__user=request.user)
|
||||
perms = PluginPermission.objects.filter(user=request.user)
|
||||
return render_to_response("settings/settings.html", {'plugins': plugins, 'unallowedplugins': unallowed, 'pluginpermissions': perms}, RequestContext(request))
|
||||
|
|
|
|||
Loading…
Reference in New Issue