🔒️ init auth via roles

2025-12-19 04:19:25 +00:00 · 2022-07-08 21:07:48 +02:00 · 2022-07-08 21:07:48 +02:00 · 90234bc5d7
commit 90234bc5d7
parent 62fe8dbe89
5 changed files with 98 additions and 16 deletions
--- a/src/services/security.py
+++ b/src/services/security.py
@ -1,6 +1,10 @@
+from fastapi import HTTPException, status
 from passlib.context import CryptContext
 from jose import JWTError, jwt
+import logging
 from passlib.hash import pbkdf2_sha256
+from ..services.database import check_database
+from ..services.database import check_database,  learnhouseDB, learnhouseDB

 ### 🔒 JWT ##############################################################

@ -23,3 +27,54 @@ async def security_verify_password(plain_password: str, hashed_password: str):
    return pbkdf2_sha256.verify(plain_password, hashed_password)

 ### 🔒 Passwords Hashing ##############################################################
+
+### 🔒 Roles checking  ##############################################################
+
+
+async def verify_user_rights_with_roles(action: str, user_id: str, element_id: str):
+    """
+    Check if the user has the right to perform the action on the element
+    """
+    await check_database()
+    roles = learnhouseDB["roles"]
+
+    user_roles_cursor = roles.find({
+        "linked_users": str(user_id)
+    })
+
+    user_roles = []
+
+    # Info: permission actions are: read, create, delete, update
+
+    for role in user_roles_cursor:
+        user_roles.append(role)
+
+    for role in user_roles:
+        element = role["elements"][await check_element_type(element_id)]
+        permission_state = role["permissions"][f'action_{action}']
+
+        ##
+        if ("*" in element or element_id in element) and (permission_state is True):
+            return True
+        else:
+            return False
+
+
+async def check_element_type(element_id):
+    """
+    Check if the element is a course, a user, a house or a collection, by checking its prefix
+    """
+    if element_id.startswith("course_"):
+        return "courses"
+    elif element_id.startswith("user_"):
+        return "users"
+    elif element_id.startswith("house_"):
+        return "houses"
+    elif element_id.startswith("collection_"):
+        return "collections"
+    else:
+        raise HTTPException(
+            status_code=status.HTTP_409_CONFLICT, detail="Issue verifying element nature")
+
+
+### 🔒 Roles checking  ##############################################################