Add web_access field for admin privileges (closes #10)

diath · Nov 29, 2014 · fedb4ee · fedb4ee
1 parent 23b4f70
commit fedb4ee
Show file tree

Hide file tree

Showing 9 changed files with 49 additions and 42 deletions.
diff --git a/pyfsw/helpers.py b/pyfsw/helpers.py
@@ -16,18 +16,21 @@ def decorated(*args, **kwargs):
 
 	return decorated
 
-def admin_required(f):
-	@wraps(f)
-	def decorated(*args, **kwargs):
-		if 'account' not in session:
-			return redirect(url_for('route_account_login', next=request.path))
+def admin_required(access):
+	def decorator(f):
+		@wraps(f)
+		def decorated(*args, **kwargs):
+			if 'account' not in session:
+				return redirect(url_for('route_account_login', next=request.path))
 
-		if session.get('access', 1) != ADMIN_ACCOUNT_TYPE:
-			return redirect(url_for('route_account_login', next=request.path))
+			if session.get('web_access', 0) < access:
+				return redirect(url_for('route_account_login', next=request.path))
 
-		return f(*args, **kwargs)
+			return f(*args, **kwargs)
 
-	return decorated
+		return decorated
+
+	return decorator
 
 def current_user():
 	if 'account' in session:

diff --git a/pyfsw/models/account.py b/pyfsw/models/account.py
@@ -18,6 +18,7 @@ class Account(db.Model):
 	# Custom columns
 	key = Column(String(19))
 	points = Column(Integer, default=0)
+	web_access = Column(Integer, default=0)
 
 	# Relationships
 	players = db.relationship('Player', backref='accounts')

diff --git a/pyfsw/views/account.py b/pyfsw/views/account.py
@@ -28,12 +28,13 @@ def route_account_login_post():
 		hash.update(pswd.encode('utf-8'))
 		pswd = hash.hexdigest()
 
-	account = db.session().query(Account.id, Account.type).filter(Account.name == name).filter(Account.password == pswd).first()
+	account = db.session().query(Account.id, Account.type, Account.web_access).filter(Account.name == name).filter(Account.password == pswd).first()
 	if not account:
 		return render_template('account/login.htm', error=True)
 
 	session['account'] = account.id
 	session['access'] = account.type
+	session['web_access'] = account.web_access
 
 	if 'next' in request.form:
 		return redirect(request.form['next'])
@@ -45,6 +46,7 @@ def route_account_login_post():
 def route_account_logout():
 	session.pop('account')
 	session.pop('access')
+	session.pop('web_access')
 
 	return redirect(url_for('route_account_login'))
 

diff --git a/pyfsw/views/admin/community.py b/pyfsw/views/admin/community.py
@@ -5,7 +5,7 @@
 from pyfsw import Library
 
 @app.route('/admin/community/library')
-@admin_required
+@admin_required(5)
 def route_admin_library():
 	pages = Library.query.all()
 
@@ -15,7 +15,7 @@ def route_admin_library():
 	)
 
 @app.route('/admin/community/library/add', methods=['POST'])
-@admin_required
+@admin_required(5)
 def route_admin_library_add():
 	uri = request.form.get('uri', '')
 	name = request.form.get('name', '')
@@ -36,7 +36,7 @@ def route_admin_library_add():
 	return redirect(url_for('route_admin_library'))
 
 @app.route('/admin/community/library/edit/<int:id>', methods=['GET'])
-@admin_required
+@admin_required(5)
 def route_admin_library_edit(id):
 	page = Library.query.filter(Library.id == id).first()
 
@@ -46,7 +46,7 @@ def route_admin_library_edit(id):
 	)
 
 @app.route('/admin/community/library/edit/<int:id>', methods=['POST'])
-@admin_required
+@admin_required(5)
 def route_admin_library_edit_post(id):
 	page = Library.query.filter(Library.id == id).first()
 	page.uri = request.form.get('uri', '')
@@ -60,7 +60,7 @@ def route_admin_library_edit_post(id):
 	return redirect(url_for('route_admin_library'))
 
 @app.route('/admin/community/library/delete/<int:id>', methods=['GET'])
-@admin_required
+@admin_required(5)
 def route_admin_library_delete(id):
 	page = Library.query.filter(Library.id == id).first()
 

diff --git a/pyfsw/views/admin/dashboard.py b/pyfsw/views/admin/dashboard.py
@@ -5,6 +5,6 @@
 from pyfsw import ADMIN_ACCOUNT_TYPE
 
 @app.route('/admin/dashboard')
-@admin_required
+@admin_required(5)
 def route_admin_dashboard():
 	return render_template('admin/dashboard.htm')
diff --git a/pyfsw/views/admin/forum.py b/pyfsw/views/admin/forum.py
@@ -7,7 +7,7 @@
 from pyfsw import ForumCategory, ForumBoard
 
 @app.route('/admin/forum/categories')
-@admin_required
+@admin_required(5)
 def route_admin_forum_categories():
 	categories = ForumCategory.query.all()
 
@@ -17,7 +17,7 @@ def route_admin_forum_categories():
 	)
 
 @app.route('/admin/forum/category/add', methods=['POST'])
-@admin_required
+@admin_required(5)
 def route_admin_forum_category_add():
 	name = request.form.get('name', '')
 
@@ -35,7 +35,7 @@ def route_admin_forum_category_add():
 	return redirect(url_for('route_admin_forum_categories'))
 
 @app.route('/admin/forum/category/edit/<int:id>')
-@admin_required
+@admin_required(5)
 def route_admin_forum_category_edit(id):
 	category = ForumCategory.query.filter(ForumCategory.id == id).first()
 
@@ -45,7 +45,7 @@ def route_admin_forum_category_edit(id):
 	)
 
 @app.route('/admin/forum/category/edit/<int:id>', methods=['POST'])
-@admin_required
+@admin_required(5)
 def route_admin_forum_category_edit_post(id):
 	category = ForumCategory.query.filter(ForumCategory.id == id).first()
 
@@ -57,7 +57,7 @@ def route_admin_forum_category_edit_post(id):
 	return redirect(url_for('route_admin_forum_categories'))
 
 @app.route('/admin/forum/category/delete/<int:id>')
-@admin_required
+@admin_required(5)
 def route_admin_forum_category_delete(id):
 	category = ForumCategory.query.filter(ForumCategory.id == id).first()
 
@@ -69,7 +69,7 @@ def route_admin_forum_category_delete(id):
 	return redirect(url_for('route_admin_forum_categories'))
 
 @app.route('/admin/forum/boards')
-@admin_required
+@admin_required(5)
 def route_admin_forum_boards():
 	boards = ForumBoard.query.all()
 	categories = ForumCategory.query.all()
@@ -87,7 +87,7 @@ def route_admin_forum_boards():
 	)
 
 @app.route('/admin/forum/board/add', methods=['POST'])
-@admin_required
+@admin_required(5)
 def route_admin_forum_board_add():
 	name = request.form.get('name', '')
 	description = request.form.get('description', '')
@@ -118,7 +118,7 @@ def route_admin_forum_board_add():
 	return redirect(url_for('route_admin_forum_boards'))
 
 @app.route('/admin/forum/board/edit/<int:id>')
-@admin_required
+@admin_required(5)
 def route_admin_forum_board_edit(id):
 	board = ForumBoard.query.filter(ForumBoard.id == id).first()
 	categories = ForumCategory.query.all()
@@ -129,7 +129,7 @@ def route_admin_forum_board_edit(id):
 	)
 
 @app.route('/admin/forum/board/edit/<int:id>', methods=['POST'])
-@admin_required
+@admin_required(5)
 def route_admin_forum_board_edit_post(id):
 	board = ForumBoard.query.filter(ForumBoard.id == id).first()
 
@@ -144,7 +144,7 @@ def route_admin_forum_board_edit_post(id):
 	return redirect(url_for('route_admin_forum_boards'))
 
 @app.route('/admin/forum/board/delete/<int:id>')
-@admin_required
+@admin_required(5)
 def route_admin_forum_board_delete(id):
 	board = ForumBoard.query.filter(ForumBoard.id == id).first()
 

diff --git a/pyfsw/views/admin/news.py b/pyfsw/views/admin/news.py
@@ -7,7 +7,7 @@
 from pyfsw import News, ForumBoard, ForumThread, Player
 
 @app.route('/admin/news/compose', methods=['GET'])
-@admin_required
+@admin_required(5)
 def route_admin_news_compose():
 	user = current_user()
 	boards = ForumBoard.query.all()
@@ -18,7 +18,7 @@ def route_admin_news_compose():
 	)
 
 @app.route('/admin/news/compose', methods=['POST'])
-@admin_required
+@admin_required(5)
 def route_admin_news_compose_post():
 	title = request.form.get('title', '')
 	content = request.form.get('content', '')
@@ -73,7 +73,7 @@ def route_admin_news_compose_post():
 	return redirect(url_for('route_admin_news_compose'))
 
 @app.route('/admin/news/manage', methods=['GET'])
-@admin_required
+@admin_required(5)
 def route_admin_news_manage():
 	news = News.query.all()
 
@@ -88,7 +88,7 @@ def route_admin_news_manage():
 	)
 
 @app.route('/admin/news/edit/<int:id>', methods=['GET'])
-@admin_required
+@admin_required(5)
 def route_admin_news_edit(id):
 	news = News.query.filter(News.id == id).first()
 	user = current_user()
@@ -101,7 +101,7 @@ def route_admin_news_edit(id):
 	)
 
 @app.route('/admin/news/edit/<int:id>', methods=['POST'])
-@admin_required
+@admin_required(5)
 def route_admin_news_edit_post(id):
 	news = News.query.filter(News.id == id).first()
 
@@ -118,7 +118,7 @@ def route_admin_news_edit_post(id):
 	return redirect(url_for('route_admin_news_manage'))
 
 @app.route('/admin/news/delete/<int:id>', methods=['GET'])
-@admin_required
+@admin_required(5)
 def route_admin_news_delete(id):
 	news = News.query.filter(News.id == id).first()
 	thread = ForumThread.query.filter(ForumThread.id == news.thread_id).first()

diff --git a/pyfsw/views/admin/shop.py b/pyfsw/views/admin/shop.py
@@ -5,7 +5,7 @@
 from pyfsw import ShopCategory, ShopItem, ShopOrder
 
 @app.route('/admin/shop/categories')
-@admin_required
+@admin_required(5)
 def route_admin_shop_categories():
 	categories = ShopCategory.query.all()
 
@@ -15,7 +15,7 @@ def route_admin_shop_categories():
 	)
 
 @app.route('/admin/shop/category/add', methods=['POST'])
-@admin_required
+@admin_required(5)
 def route_admin_shop_category_add():
 	name = request.form.get('name', '')
 	enabled = request.form.get('enabled', None)
@@ -35,7 +35,7 @@ def route_admin_shop_category_add():
 	return redirect(url_for('route_admin_shop_categories'))
 
 @app.route('/admin/shop/category/edit/<int:id>')
-@admin_required
+@admin_required(5)
 def route_admin_shop_category_edit(id):
 	category = ShopCategory.query.filter(ShopCategory.id == id).first()
 
@@ -45,7 +45,7 @@ def route_admin_shop_category_edit(id):
 	)
 
 @app.route('/admin/shop/category/edit/<int:id>', methods=['POST'])
-@admin_required
+@admin_required(5)
 def route_admin_shop_category_edit_post(id):
 	category = ShopCategory.query.filter(ShopCategory.id == id).first()
 	category.name = request.form.get('name', '')
@@ -57,7 +57,7 @@ def route_admin_shop_category_edit_post(id):
 	return redirect(url_for('route_admin_shop_categories'))
 
 @app.route('/admin/shop/category/delete/<int:id>')
-@admin_required
+@admin_required(5)
 def route_admin_shop_category_delete(id):
 	category = ShopCategory.query.filter(ShopCategory.id == id).first()
 
@@ -69,7 +69,7 @@ def route_admin_shop_category_delete(id):
 	return redirect(url_for('route_admin_shop_categories'))
 
 @app.route('/admin/shop/items')
-@admin_required
+@admin_required(5)
 def route_admin_shop_items():
 	items = ShopItem.query.all()
 	categories = ShopCategory.query.all()
@@ -80,7 +80,7 @@ def route_admin_shop_items():
 	)
 
 @app.route('/admin/shop/item/add', methods=['POST'])
-@admin_required
+@admin_required(5)
 def route_admin_shop_item_add():
 	name = request.form.get('name', '')
 	description = request.form.get('description', '')
@@ -115,7 +115,7 @@ def route_admin_shop_item_add():
 	return redirect(url_for('route_admin_shop_items'))
 
 @app.route('/admin/shop/item/edit/<int:id>')
-@admin_required
+@admin_required(5)
 def route_admin_shop_item_edit(id):
 	item = ShopItem.query.filter(ShopItem.id == id).first()
 	categories = ShopCategory.query.all()
@@ -126,7 +126,7 @@ def route_admin_shop_item_edit(id):
 	)
 
 @app.route('/admin/shop/item/edit/<int:id>', methods=['POST'])
-@admin_required
+@admin_required(5)
 def route_admin_shop_item_edit_post(id):
 	item = ShopItem.query.filter(ShopItem.id == id).first()
 
@@ -148,7 +148,7 @@ def route_admin_shop_item_edit_post(id):
 	return redirect(url_for('route_admin_shop_items'))
 
 @app.route('/admin/shop/item/delete/<int:id>')
-@admin_required
+@admin_required(5)
 def route_admin_shop_item_delete(id):
 	item = ShopItem.query.filter(ShopItem.id == id).first()
 

diff --git a/sql/accounts.sql b/sql/accounts.sql
@@ -1,3 +1,4 @@
 ALTER TABLE `accounts` ADD `key` VARCHAR(19) DEFAULT '' AFTER `creation`;
 ALTER TABLE `accounts` ADD `points` INT(8) DEFAULT '0' AFTER `key`;
 ALTER TABLE `accounts` ADD `lastpost` INT(11) DEFAULT '0' AFTER `points`;
+ALTER TABLE `accounts` ADD `web_access` INT(4) DEFAULT '0' AFTER `lastpost`;