Merge master info fix-sessions

ubclaunchpad · Mar 10, 2019 · eb26b43 · eb26b43
1 parent 5d00a6e
commit eb26b43
Show file tree

Hide file tree

Showing 21 changed files with 1,484 additions and 767 deletions.
diff --git a/bounce/db/__init__.py b/bounce/db/__init__.py
@@ -1,11 +1,27 @@
 """Utilities for interacting with the DB."""
 
+from enum import Enum
+
 import sqlalchemy
+from sqlalchemy.dialects.postgresql import ENUM
 from sqlalchemy.ext.declarative import declarative_base
 from sqlalchemy.orm import sessionmaker
 
 BASE = declarative_base()
 
+# postgresql enum used for the memberships role column
+ROLE = ENUM('President', 'Admin', 'Member', name='role')
+
+
+class Roles(Enum):
+    """
+    Python enum used for getting the role of a club's member.
+    Used to determine read/write access to the memberships table.
+    """
+    president = ROLE.enums[0]
+    admin = ROLE.enums[1]
+    member = ROLE.enums[2]
+
 
 def create_engine(driver, user, password, host, port, db_name):
     """Create an Engine for interacting with the DB.

diff --git a/bounce/db/club.py b/bounce/db/club.py
@@ -8,7 +8,7 @@
 from sqlalchemy.orm import relationship
 from sqlalchemy.types import TIMESTAMP
 
-from . import BASE
+from . import BASE, Roles
 
 # The max and min number of results to return in one page.
 # Used in the search method.
@@ -48,11 +48,28 @@ def to_dict(self):
         }
 
 
+def can_delete(editor_role):
+    """
+    Determines whether a user can delete a club given his or her role
+    """
+    # Only President can delete club
+    return editor_role == Roles.president.value
+
+
+def can_update(editor_role):
+    """
+    Determines whether a user can update a club given his or her role
+    """
+    # President and Admin can update club
+    return editor_role in [Roles.president.value, Roles.admin.value]
+
+
 def select(session, name):
     """
     Returns the club with the given name or None if
     there is no such club.
     """
+    # Anyone should be able to read info on the club (including non-members)
     club = session.query(Club).filter(Club.name == name).first()
     return None if club is None else club.to_dict()
 
@@ -81,7 +98,8 @@ def search(session, query=None, page=0, size=MAX_SIZE):
 
 def insert(session, name, description, website_url, facebook_url,
            instagram_url, twitter_url):
-    """Insert a new club into the Clubs table."""
+    """Insert a new club into the Clubs table.
+    Any user should have the permission to insert"""
     club = Club(
         name=name,
         description=description,
@@ -93,10 +111,13 @@ def insert(session, name, description, website_url, facebook_url,
     session.commit()
 
 
-def update(session, name, new_name, description, website_url, facebook_url,
-           instagram_url, twitter_url):
+def update(session, name, editors_role, new_name, description, website_url,
+           facebook_url, instagram_url, twitter_url):
     """Updates an existing club in the Clubs table and returns the
     updated club."""
+    # Only Presidents and Admins can update
+    if not can_update(editors_role):
+        raise PermissionError("Permission denied for updating the club.")
     club = session.query(Club).filter(Club.name == name).first()
     if new_name:
         club.name = new_name
@@ -114,7 +135,11 @@ def update(session, name, new_name, description, website_url, facebook_url,
     return club.to_dict()
 
 
-def delete(session, name):
+def delete(session, name, editors_role):
     """Deletes the club with the given name."""
+    # Only Presidents can delete
+    if not can_delete(editors_role):
+        raise PermissionError("Permission denied for deleting the club.")
+
     session.query(Club).filter(Club.name == name).delete()
     session.commit()