back/auth: fix access rank, add config validation

2016-03-30 21:23:19 +02:00 · 2016-03-30 21:23:19 +02:00 · 28c90a25f3
commit 28c90a25f3
parent bb474e4cf5
3 changed files with 27 additions and 6 deletions
--- a/config.ini.dist
+++ b/config.ini.dist
@ -23,8 +23,7 @@ user = bot
 pass = groovy123

 [service]
-# note: anonymous, admin and nobody are always reserved
-user_ranks = regular_user, power_user, mod
+user_ranks = anonymous, regular_user, power_user, mod, admin, nobody
 default_user_rank = regular_user
 users_per_page = 20
 posts_per_page = 40
@ -53,7 +52,7 @@ users:edit:self:email = regular_user
 users:edit:self:avatar = regular_user
 users:edit:self:rank = mod
 users:delete:any = admin
-users:delete:self = restricted_user
+users:delete:self = regular_user

 posts:create:anonymous = regular_user
 posts:create:identified = regular_user
--- a/szurubooru/config.py
+++ b/szurubooru/config.py
@ -3,12 +3,36 @@
 import os
 import configobj

+class ConfigurationError(RuntimeError):
+    ''' A problem with config.ini file. '''
+    pass
+
 class Config(object):
    ''' INI config parser and container. '''
    def __init__(self):
        self.config = configobj.ConfigObj('config.ini.dist')
        if os.path.exists('config.ini'):
            self.config.merge(configobj.ConfigObj('config.ini'))
+        self._validate()

    def __getitem__(self, key):
        return self.config[key]
+
+    def _validate(self):
+        '''
+        Checks whether config.ini doesn't contain errors that might prove
+        lethal at runtime.
+        '''
+        all_ranks = self['service']['user_ranks']
+        for privilege, rank in self['privileges'].items():
+            if rank not in all_ranks:
+                raise ConfigurationError(
+                    'Rank %r for privilege %r is missing from user_ranks' % (
+                        rank, privilege))
+        for rank in ['anonymous', 'admin', 'nobody']:
+            if rank not in all_ranks:
+                raise ConfigurationError('Fixed rank %r is missing from user_ranks' % rank)
+        if self['service']['default_user_rank'] not in all_ranks:
+            raise ConfigurationError(
+                'Default rank %r is missing from user_ranks' % (
+                    self['service']['default_user_rank']))
--- a/szurubooru/services/auth_service.py
+++ b/szurubooru/services/auth_service.py
@ -22,9 +22,7 @@ class AuthService(object):
        '''
        Throws an AuthError if the given user doesn't have given privilege.
        '''
-        all_ranks = ['anonymous'] \
-            + self._config['service']['user_ranks'] \
-            + ['admin', 'nobody']
+        all_ranks = self._config['service']['user_ranks']

        assert privilege_name in self._config['privileges']
        assert user.access_rank in all_ranks