diff --git a/server/szurubooru/app.py b/server/szurubooru/app.py index 7323d952..c73fed5d 100644 --- a/server/szurubooru/app.py +++ b/server/szurubooru/app.py @@ -42,12 +42,12 @@ def validate_config(): Check whether config doesn't contain errors that might prove lethal at runtime. ''' - from szurubooru.db.user import User + from szurubooru.func.auth import RANK_MAP for privilege, rank in config.config['privileges'].items(): - if rank not in User.ALL_RANKS: + if rank not in RANK_MAP.values(): raise errors.ConfigError( 'Rank %r for privilege %r is missing' % (rank, privilege)) - if config.config['default_rank'] not in User.ALL_RANKS: + if config.config['default_rank'] not in RANK_MAP.values(): raise errors.ConfigError( 'Default rank %r is not on the list of known ranks' % ( config.config['default_rank'])) diff --git a/server/szurubooru/db/user.py b/server/szurubooru/db/user.py index 48ee4442..502deb73 100644 --- a/server/szurubooru/db/user.py +++ b/server/szurubooru/db/user.py @@ -13,16 +13,7 @@ class User(Base): RANK_POWER = 'power' RANK_MODERATOR = 'moderator' RANK_ADMINISTRATOR = 'administrator' - RANK_NOBODY = 'nobody' - ALL_RANKS = [ - RANK_ANONYMOUS, - RANK_RESTRICTED, - RANK_REGULAR, - RANK_POWER, - RANK_MODERATOR, - RANK_ADMINISTRATOR, - RANK_NOBODY, # nobody can have higher privileges than administrator - ] + RANK_NOBODY = 'nobody' # used for privileges: "nobody can be higher than admin" user_id = Column('id', Integer, primary_key=True) name = Column('name', Unicode(50), nullable=False, unique=True) diff --git a/server/szurubooru/func/auth.py b/server/szurubooru/func/auth.py index 9134a6c7..95d7f16f 100644 --- a/server/szurubooru/func/auth.py +++ b/server/szurubooru/func/auth.py @@ -1,6 +1,18 @@ import hashlib import random +from collections import OrderedDict from szurubooru import config, db, errors +from szurubooru.func import util + +RANK_MAP = OrderedDict([ + (db.User.RANK_ANONYMOUS, 'anonymous'), + (db.User.RANK_RESTRICTED, 'restricted'), + (db.User.RANK_REGULAR, 'regular'), + (db.User.RANK_POWER, 'power'), + (db.User.RANK_MODERATOR, 'moderator'), + (db.User.RANK_ADMINISTRATOR, 'administrator'), + (db.User.RANK_NOBODY, 'nobody'), +]) def get_password_hash(salt, password): ''' Retrieve new-style password hash. ''' @@ -36,10 +48,12 @@ def is_valid_password(user, password): return valid_hash in possible_hashes def has_privilege(user, privilege_name): + all_ranks = list(RANK_MAP.keys()) assert privilege_name in config.config['privileges'] - assert user.rank in db.User.ALL_RANKS - minimal_rank = config.config['privileges'][privilege_name] - good_ranks = db.User.ALL_RANKS[db.User.ALL_RANKS.index(minimal_rank):] + assert user.rank in all_ranks + minimal_rank = util.flip(RANK_MAP)[ + config.config['privileges'][privilege_name]] + good_ranks = all_ranks[all_ranks.index(minimal_rank):] return user.rank in good_ranks def verify_privilege(user, privilege_name): diff --git a/server/szurubooru/func/users.py b/server/szurubooru/func/users.py index 5a8b3eb5..3c39fb5a 100644 --- a/server/szurubooru/func/users.py +++ b/server/szurubooru/func/users.py @@ -12,8 +12,6 @@ class InvalidPasswordError(errors.ValidationError): pass class InvalidRankError(errors.ValidationError): pass class InvalidAvatarError(errors.ValidationError): pass -# TODO: RANK_MAP - def serialize_user(user, authenticated_user, force_show_email=False): if not user: return {} @@ -80,7 +78,7 @@ def create_user(name, password, email): update_user_password(user, password) update_user_email(user, email) if get_user_count() > 0: - user.rank = config.config['default_rank'] + user.rank = util.flip(auth.RANK_MAP)[config.config['default_rank']] else: user.rank = db.User.RANK_ADMINISTRATOR user.creation_time = datetime.datetime.now() @@ -126,14 +124,15 @@ def update_user_email(user, email): def update_user_rank(user, rank, authenticated_user): if not rank: raise InvalidRankError('Rank cannot be empty.') - rank = rank.strip() - if not rank in db.User.ALL_RANKS: + rank = util.flip(auth.RANK_MAP).get(rank.strip(), None) + all_ranks = list(auth.RANK_MAP.values()) + if not rank: raise InvalidRankError( - 'Rank %r is invalid. Valid ranks: %r' % (rank, db.User.ALL_RANKS)) + 'Rank can be either of %r.' % all_ranks) if rank in (db.User.RANK_ANONYMOUS, db.User.RANK_NOBODY): - raise InvalidRankError('Rank %r cannot be used.' % (rank)) - if db.User.ALL_RANKS.index(authenticated_user.rank) \ - < db.User.ALL_RANKS.index(rank) and get_user_count() > 0: + raise InvalidRankError('Rank %r cannot be used.' % auth.RANK_MAP[rank]) + if all_ranks.index(authenticated_user.rank) \ + < all_ranks.index(rank) and get_user_count() > 0: raise errors.AuthError('Trying to set higher rank than your own.') user.rank = rank