Plugin + API + Changing user works

devel/README

@@ -0,0 +1,13 @@
+Kassensystem
+
+
+
+Installation Process
+====================
+ - edit settings.py for database
+ - Add Usergroups: ('Normal User', 'Plugin') ( to be renamed)
+ - ./manage.py syncdb
+
+
+API
+===

k4ever/api2/decorators.py

@@ -1,6 +1,9 @@
 from functools import wraps
+from django.contrib.auth.models import User, Group
+from piston.utils import rc
+from main.models import Plugin, PluginPermission
 
-def changeUserOnPlugin(apiFunc):
+def manglePluginPerms(apiFunc):
 	""" Changes to a given user when the authenticated user is an plugin
 
 		When the user which called the apifunc is an plugin this function
@@ -15,9 +18,66 @@ def changeUserOnPlugin(apiFunc):
 	
 	@wraps(apiFunc)
 	def wrapper(self, request, *args, **kwargs):
-		return self.apiFunc(request, *args, **kwargs)
+		if request.method != 'GET':
+			if not request.content_type:
+				request.data = request.POST
+		else:
+			request.data = request.GET
+		
+		# 0. is user a plugin? 
+		try:
+			group = request.user.groups.get(name="Plugin")
+		except Group.DoesNotExist:
+			# user is not a plugin, exec the apiFunc
+			return apiFunc(self, request, *args, **kwargs)
+		
+		# get the plugin for the user
+		# FIXME: Could throw exception when we have no plugin for the
+		#        user - where should we report this?
+		plugin = Plugin.objects.get(user=request.user)
+
+		# 1. find user!
+		user = None
+		try:
+			user = User.objects.get(username=request.data.get('user', ''))
+		except User.DoesNotExist:
+			ret = rc.NOT_HERE
+			ret.write("\nThe user you requested could not be found\n")
+			return ret
+		
+		# 2. does the plugin has permission for this user?
+		perms = None
+		try:
+			perms = PluginPermission.objects.get(user=user, plugin=plugin)
+		except PluginPermission.DoesNotExist:
+			ret = rc.FORBIDDEN
+			ret.write("\nThe user did not grant you permission to act on his behalf\n")
+			return ret
+		
+		# 3. put stuff into the request
+		request.user = user 
+		request.plugin = plugin
+		return apiFunc(self, request, *args, **kwargs)
 	return wrapper
+
+def requirePlugin(apiFunc):
+	"""Check if user is a plugin.
+
+	Checks if the user is a member of the "Plugin" Group. Returns a rc.FORBIDDEN 
+	if not.
+	"""
 	
+	@wraps(apiFunc)
+	def wrapper(self, request, *args, **kwargs):
+		try:
+			if request.user:
+				group = request.user.groups.get(name="Plugin")
+				# no exception, exec apiFunc!
+				return apiFunc(self, request, *args, **kwargs)
+		except Groups.DoesNotExist:
+			pass
+		ret = rc.FORBIDDEN
 
-
+		return rc.FORBIDDEN
+	return wrapper
 

k4ever/api2/handlers.py

@@ -2,11 +2,12 @@ from piston.handler import BaseHandler
 from piston.utils import rc
 from k4ever.buyable.models import *
 from k4ever.transaction.models import *
-from decorators import changeUserOnPlugin
+from django.contrib.auth.decorators import user_passes_test
+from django.contrib.auth.models import Group
+from decorators import *
 from decimal import Decimal, InvalidOperation
 import datetime
 
-
 def getInt(d, key, default):
 	try:
 		return int(d.get(key, default))
@@ -39,6 +40,7 @@ class BuyableItemHandler(BaseHandler):
 			error.write("This buyable does not exist in our database")
 			return error
 	
+	@manglePluginPerms
 	def create(self, request, itemId=None):
 		if not request.content_type:
 			request.data = request.POST
@@ -81,6 +83,7 @@ class TransactionTransactHandler(BaseHandler):
 	model = Transaction
 	fields = ('amount', 'dateTime', 'checked', ('transactionType', ('id', 'name')))
 	
+	@manglePluginPerms
 	def read(self, request):
 		num = getInt(request.GET, 'num', 0)
 		if num < 0:
@@ -91,6 +94,7 @@ class TransactionTransactHandler(BaseHandler):
 			return userTrans[:num]
 		return userTrans
 	
+	@manglePluginPerms
 	def create(self, request):
 		amount = getDecimal(request.POST, 'amount', Decimal(0))
 		tTypeId  = getInt(request.POST, 'type', -1)
@@ -121,6 +125,8 @@ class TransactionTypeHandler(BaseHandler):
 
 class AccountBalanceHandler(BaseHandler):
 	allowed_methods = ('GET',)
+	
+	@manglePluginPerms
 	def read(self, request):
 		balance = request.user.get_profile().balance
 		return {'balance': balance}

k4ever/main/admin.py

@@ -1,5 +1,7 @@
-from models import UserProfile
+from models import UserProfile, Plugin, PluginPermission
 from django.contrib import admin
 
 admin.site.register(UserProfile)
+admin.site.register(Plugin)
+admin.site.register(PluginPermission)
 

k4ever/main/models.py

@@ -18,12 +18,21 @@ def createUserProfile(sender, instance, created, **kwargs):
 
 post_save.connect(createUserProfile, sender=User)
 
+class Plugin(models.Model):
+	name = models.CharField(max_length=40)
+	user = models.ForeignKey(User, unique=True)
+	author = models.CharField(max_length=40)
+	version = models.CharField(max_length=40)
+	descr = models.TextField(default='')
+	uniqueAuthblob = models.BooleanField(default=False)
+	
+	def __unicode__(self):
+		return self.name
+
 class PluginPermission(models.Model):
 	user = models.ForeignKey(User)
 	plugin = models.ForeignKey('Plugin')
-	authBlob = models.TextField()
+	authBlob = models.TextField(default='')
-
+	
-class Plugin(models.Model):
+	def __unicode__(self):
-	user = models.ForeignKey(User)
+		return "%s allows %s" % (self.user, self.plugin)
-	uniqueAuthblob = models.BooleanField(default=False)
-

k4ever/main/templates/settings/settings.html

@@ -7,6 +7,91 @@
 	<br />
 	<br />
 	<br />
-	<h2>Plugin permissions</h2>
+	<h2>Plugin Berechtigungen</h2>
 	<hr />
+	<p>
+		<form method="POST" action="/settings/plugins/addperm/">
+			<select name="pid">
+				<option value="0"> ----- </option>
+				{% for plugin in unallowedplugins %}
+				<option value="{{ plugin.id }}">{{ plugin.name }}</option>
+				{% endfor %}
+			</select>
+			<input type="submit" value="Plugin erlauben">
+		</form>
+	</p>
+	<p>
+	<table>
+		<tr>
+			<th>Name</th>
+			<th>AuthBlob</th>
+			<th>Optionen</th>
+		</tr>
+	{% if pluginpermissions %}
+		{% for pperm in pluginpermissions %}
+		{% if pperm.plugin in plugins %}
+			end test
+		{% endif %}
+		<tr style="background: green">
+			<td style="vertical-align:middle">{{ pperm.plugin }}</td>
+			<td style="vertical-align:middle">
+				<form method="post" action="">
+					<textarea name="authblob">{{ pperm.authBlob }}</textarea>
+					<input type="submit" value="Speichern" />
+				</form>
+			</td>
+			<td style="vertical-align:middle">
+				<form method="post" action="">
+					<input type="submit"  value="Berechtigungen aufheben" />
+				</form>
+			<td>
+		</tr>
+		{% endfor %}
+	{% else %}
+		<tr>
+			<td align="center" colspan="10">Du hast bisher keinem Plugin zugriff auf deinen Account gew&auml;hrt</td>
+		</tr>
+	{% endif %}
+	</table>
+	Perms {{ pluginpermissions }} <br />
+	<br /><br />
+	<h2>Second Idea for Plugin interface</h2>
+	<hr />
+	<p>
+	<table>
+		<tr>
+			<th>Name</th>
+			<th>AuthBlob</th>
+			<th>Optionen</th>
+		</tr>
+	{% if pluginpermissions %}
+		{% for plugin in plugins %}
+		<tr style="{%if plugin in unallowedplugins%}background:red{%else%}background: green{%endif%}">
+			<td style="vertical-align:middle">{{ plugin }}</td>
+			<td style="vertical-align:middle">
+				{%if plugin not in unallowedplugins %}
+				<form method="post" action="">
+					<textarea name="authblob">{{ pperm.authBlob }}</textarea>
+					<input type="submit" value="Speichern" />
+				</form>
+				{%endif%}
+			</td>
+			<td style="vertical-align:middle">
+				<form method="post" action="">
+					{%if plugin in unallowedplugins %}
+					<input type="submit"  value="Berechtigungen hinzuf&uuml;gen" />
+					{%else%}
+					<input type="submit"  value="Berechtigungen aufheben" />
+					{%endif%}
+				</form>
+			<td>
+		</tr>
+		{% endfor %}
+	{% else %}
+		<tr>
+			<td align="center" colspan="10">Du hast bisher keinem Plugin zugriff auf deinen Account gew&auml;hrt</td>
+		</tr>
+	{% endif %}
+	</table>
+	</p>
 {% endblock %}

k4ever/main/views.py

@@ -2,6 +2,8 @@ from django.shortcuts import render_to_response
 from django.template import RequestContext
 from django.contrib.auth.decorators import login_required
 from django.db.models import Count
+from main.models import Plugin, PluginPermission
+
 
 from buyable.models import Purchase, Buyable
 
@@ -20,4 +22,7 @@ def register(request):
 
 @login_required
 def settings(request):
-	return render_to_response("settings/settings.html", RequestContext(request))
+	plugins = Plugin.objects.all()
+	unallowed = Plugin.objects.exclude(pluginpermission__user=request.user)
+	perms = PluginPermission.objects.filter(user=request.user)
+	return render_to_response("settings/settings.html", {'plugins': plugins, 'unallowedplugins': unallowed, 'pluginpermissions': perms}, RequestContext(request))