inital commit, very early alpha stage
This commit is contained in:
41
backend/app/services/permissions.py
Normal file
41
backend/app/services/permissions.py
Normal file
@@ -0,0 +1,41 @@
|
||||
from fastapi import HTTPException, status
|
||||
|
||||
from app.models import Member
|
||||
|
||||
|
||||
ROLE_ORDER = {
|
||||
"guest": 0,
|
||||
"member": 10,
|
||||
"moderator": 20,
|
||||
"admin": 30,
|
||||
"owner": 40,
|
||||
}
|
||||
|
||||
|
||||
def has_role(member: Member | None, min_role: str) -> bool:
|
||||
if member is None:
|
||||
return False
|
||||
return ROLE_ORDER.get(member.role, -1) >= ROLE_ORDER.get(min_role, 999)
|
||||
|
||||
|
||||
def require_role(member: Member | None, min_role: str = "admin") -> None:
|
||||
if not has_role(member, min_role):
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_403_FORBIDDEN,
|
||||
detail={"error": {"code": "permission_denied", "message": "You do not have permission to do that.", "details": {}}},
|
||||
)
|
||||
|
||||
|
||||
def can(member: Member | None, action: str, resource: object | None = None) -> bool:
|
||||
if member is None:
|
||||
return False
|
||||
if action in {"rsvp", "vote", "comment", "upload_file", "view_group"}:
|
||||
return ROLE_ORDER.get(member.role, -1) >= ROLE_ORDER["member"]
|
||||
if action == "create_official_announcement":
|
||||
return has_role(member, "moderator")
|
||||
if action in {"create_invite", "view_migration", "manage_members", "create_connection_token"}:
|
||||
return has_role(member, "admin")
|
||||
if action in {"create_event", "create_task"}:
|
||||
return has_role(member, "moderator")
|
||||
return False
|
||||
|
||||
Reference in New Issue
Block a user