Add OAuth2 Applications API

Fixes #344
This commit is contained in:
rubenwardy
2023-10-31 18:40:01 +00:00
parent 1627fa50f2
commit a29715775e
14 changed files with 596 additions and 20 deletions

View File

@@ -93,6 +93,7 @@ class Permission(enum.Enum):
VIEW_AUDIT_DESCRIPTION = "VIEW_AUDIT_DESCRIPTION"
EDIT_COLLECTION = "EDIT_COLLECTION"
VIEW_COLLECTION = "VIEW_COLLECTION"
CREATE_OAUTH_CLIENT = "CREATE_OAUTH_CLIENT"
# Only return true if the permission is valid for *all* contexts
# See Package.check_perm for package-specific contexts
@@ -187,6 +188,7 @@ class User(db.Model, UserMixin):
replies = db.relationship("ThreadReply", back_populates="author", lazy="dynamic", cascade="all, delete, delete-orphan", order_by=db.desc("created_at"))
forum_topics = db.relationship("ForumTopic", back_populates="author", lazy="dynamic", cascade="all, delete, delete-orphan")
collections = db.relationship("Collection", back_populates="author", lazy="dynamic", cascade="all, delete, delete-orphan", order_by=db.asc("title"))
clients = db.relationship("OAuthClient", back_populates="owner", lazy="dynamic", cascade="all, delete, delete-orphan")
ban = db.relationship("UserBan", foreign_keys="UserBan.user_id", back_populates="user", uselist=False)
@@ -252,6 +254,11 @@ class User(db.Model, UserMixin):
return user.rank.at_least(UserRank.NEW_MEMBER)
else:
return user.rank.at_least(UserRank.MODERATOR) and user.rank.at_least(self.rank)
elif perm == Permission.CREATE_OAUTH_CLIENT:
if user == self:
return user.rank.at_least(UserRank.EDITOR)
else:
return user.rank.at_least(UserRank.MODERATOR) and user.rank.at_least(self.rank)
else:
raise Exception("Permission {} is not related to users".format(perm.name))
@@ -545,3 +552,19 @@ class UserBan(db.Model):
@property
def has_expired(self):
return self.expires_at and datetime.datetime.now() > self.expires_at
class OAuthClient(db.Model):
__tablename__ = "oauth_client"
id = db.Column(db.String(24), primary_key=True)
title = db.Column(db.String(64), unique=True)
secret = db.Column(db.String(32))
redirect_url = db.Column(db.String(128))
owner_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
owner = db.relationship("User", foreign_keys=[owner_id], back_populates="clients")
tokens = db.relationship("APIToken", back_populates="client", lazy="dynamic", cascade="all, delete, delete-orphan")
created_at = db.Column(db.DateTime, nullable=False, default=datetime.datetime.utcnow)