Merge pull request #46 from jagerman/mods

Moderator/admin control endpoints

Author: jagerman

api.yaml

@@ -940,6 +940,8 @@ def set_moderator(self, user: User, *, added_by: User, admin=False, visible=True
         Sets `user` as a moderator or admin of this room.  Replaces current admin/moderator/visible
         status with the new values if the user is already a moderator/admin of the room.
 
+        `admin` can be specified as None to not touch the current admin permission on the room.
+
         added_by is the user performing the update and must have admin permission.
         """
 
@@ -951,12 +953,13 @@ def set_moderator(self, user: User, *, added_by: User, admin=False, visible=True
             raise BadPermission()
 
         query(
-            """
-            INSERT INTO user_permission_overrides (room, "user", moderator, admin, visible_mod)
-            VALUES (:r, :u, TRUE, :admin, :visible)
+            f"""
+            INSERT INTO user_permission_overrides
+                (room, "user", moderator, {'admin,' if admin is not None else ''} visible_mod)
+            VALUES (:r, :u, TRUE, {':admin,' if admin is not None else ''} :visible)
             ON CONFLICT (room, "user") DO UPDATE SET
                 moderator = excluded.moderator,
-                admin = excluded.admin,
+                {'admin = excluded.admin,' if admin is not None else ''}
                 visible_mod = excluded.visible_mod
             """,
             r=self.id,
@@ -970,16 +973,22 @@ def set_moderator(self, user: User, *, added_by: User, admin=False, visible=True
 
         app.logger.info(f"{added_by} set {user} as {'admin' if admin else 'moderator'} of {self}")
 
-    def remove_moderator(self, user: User, *, removed_by: User):
-        """Remove `user` as a moderator/admin of this room.  Requires admin permission."""
+    def remove_moderator(self, user: User, *, removed_by: User, remove_admin_only: bool = False):
+        """
+        Remove `user` as a moderator/admin of this room.  Requires admin permission.
+
+        If `remove_admin_only` is True then user will have admin permissions removed but will remain
+        a room moderator if already a room moderator or admin.
+        """
 
         if not self.check_admin(removed_by):
             raise BadPermission()
 
         query(
-            """
+            f"""
             UPDATE user_permission_overrides
-            SET moderator = FALSE, admin = FALSE, visible_mod = TRUE
+            SET admin = FALSE
+                {', moderator = FALSE, visible_mod = TRUE' if not remove_admin_only else ''}
             WHERE room = :r AND "user" = :u
             """,
             r=self.id,
@@ -1321,6 +1330,63 @@ def get_rooms():
     return [Room(row) for row in query("SELECT * FROM rooms ORDER BY token")]
 
 
+def get_rooms_with_permission(
+    user: User,
+    *,
+    tokens: Optional[Union[list, tuple]] = None,
+    read: Optional[bool] = None,
+    write: Optional[bool] = None,
+    upload: Optional[bool] = None,
+    banned: Optional[bool] = None,
+    moderator: Optional[bool] = None,
+    admin: Optional[bool] = None,
+):
+    """
+    Returns a list of rooms that the given user has matching permissions for.
+
+    Parameters:
+    user: the user object to query permissions for.  May not be None.
+    tokens: if non-None then this specifies a list or tuple of room tokens to filter by.  When
+            omitted, all rooms are returned.  Note that rooms are returned sorted by token, *not* in
+            the order specified here; duplicates are not returned; nor are entries for non-existent
+            tokens.
+    read/write/upload/banned/moderator/admin:
+        Any of these that are specified as non-None must match the user's permissions for the room.
+        For example `read=True, write=False` would return all rooms where the user has read-only
+        access but not rooms in which the user has both or neither read and write permissions.
+        At least one of these arguments must be specified as non-None.
+    """
+    if user is None:
+        raise RuntimeError("user is required for get_rooms_with_permission")
+    if not any(arg is not None for arg in (read, write, upload, banned, moderator, admin)):
+        raise RuntimeError("At least one of read/write/upload/banned/moderator/admin must be given")
+    if tokens and (
+        not (isinstance(tokens, list) or isinstance(tokens, tuple))
+        or any(not isinstance(t, str) for t in tokens)
+    ):
+        raise RuntimeError("tokens= must be a list or tuple of room token names")
+
+    return [
+        Room(row)
+        for row in query(
+            f"""
+        SELECT rooms.* FROM user_permissions perm JOIN rooms ON rooms.id = room
+        WHERE "user" = :u {'AND token IN :tokens' if tokens else ''}
+            {'' if banned is None else ('AND' if banned else 'AND NOT') + ' perm.banned'}
+            {'' if read is None else ('AND' if read else 'AND NOT') + ' perm.read'}
+            {'' if write is None else ('AND' if write else 'AND NOT') + ' perm.write'}
+            {'' if upload is None else ('AND' if upload else 'AND NOT') + ' perm.upload'}
+            {'' if moderator is None else ('AND' if moderator else 'AND NOT') + ' perm.moderator'}
+            {'' if admin is None else ('AND' if admin else 'AND NOT') + ' perm.admin'}
+        ORDER BY token
+        """,
+            u=user.id,
+            tokens=tokens,
+            bind_expanding=['tokens'] if tokens else None,
+        )
+    ]
+
+
 def get_readable_rooms(user: Optional[User] = None):
     """
     Get a list of rooms that a user can access; if user is None then return all publicly readable
@@ -1329,14 +1395,7 @@ def get_readable_rooms(user: Optional[User] = None):
     if user is None:
         result = query("SELECT * FROM rooms WHERE read ORDER BY token")
     else:
-        result = query(
-            """
-            SELECT rooms.* FROM user_permissions perm JOIN rooms ON rooms.id = room
-            WHERE "user" = :u AND perm.read AND NOT perm.banned
-            ORDER BY token
-            """,
-            u=user.id,
-        )
+        return get_rooms_with_permission(user, read=True, banned=False)
     return [Room(row) for row in result]
 
 

sogs/model/room.py

@@ -34,11 +34,23 @@ def __init__(self, row=None, *, id=None, session_id=None, autovivify=True, touch
         touch - if True (default is False) then update the last_activity time of this user before
         returning it.
         """
+        self._touched = False
+        self._refresh(row=row, id=id, session_id=session_id)
 
-        if sum(x is not None for x in (row, session_id, id)) != 1:
+        if touch:
+            self._touch()
+
+    def _refresh(self, *, row=None, id=None, session_id=None, autovivify=True):
+        """
+        Internal method to (re-)fetch details from the database; this is used during construction
+        but also in the test suite to forcibly re-fetch details.
+        """
+        n_args = sum(x is not None for x in (row, session_id, id))
+        if n_args == 0 and hasattr(self, 'id'):
+            id = self.id
+        elif n_args != 1:
             raise ValueError("User() error: exactly one of row/session_id/id is required")
 
-        self._touched = False
         if session_id is not None:
             row = query("SELECT * FROM users WHERE session_id = :s", s=session_id).first()
 
@@ -62,9 +74,6 @@ def __init__(self, row=None, *, id=None, session_id=None, autovivify=True, touch
             bool(row[c]) for c in ('banned', 'moderator', 'admin', 'visible_mod')
         )
 
-        if touch:
-            self._touch()
-
     def __str__(self):
         """Returns string representation of a user: U[050123…cdef], the id prefixed with @ or % if
         the user is a global admin or moderator, respectively."""
@@ -113,6 +122,8 @@ def set_moderator(self, *, added_by: User, admin=False, visible=False):
         """
         Make this user a global moderator or admin.  If the user is already a global mod/admin then
         their status is updated according to the given arguments (that is, this can promote/demote).
+
+        If `admin` is None then the current admin status is left unchanged.
         """
 
         if not added_by.global_admin:
@@ -123,20 +134,21 @@ def set_moderator(self, *, added_by: User, admin=False, visible=False):
             raise BadPermission()
 
         query(
-            """
+            f"""
             UPDATE users
-            SET moderator = TRUE, admin = :admin, visible_mod = :visible
+            SET moderator = TRUE, visible_mod = :visible
+                {', admin = :admin' if admin is not None else ''}
             WHERE id = :u
             """,
-            admin=admin,
+            admin=bool(admin),
             visible=visible,
             u=self.id,
         )
         self.global_admin = admin
         self.global_moderator = True
         self.visible_mod = visible
 
-    def remove_moderator(self, *, removed_by: User):
+    def remove_moderator(self, *, removed_by: User, remove_admin_only: bool = False):
         """Removes this user's global moderator/admin status, if set."""
 
         if not removed_by.global_admin:
@@ -145,7 +157,14 @@ def remove_moderator(self, *, removed_by: User):
             )
             raise BadPermission()
 
-        query("UPDATE users SET moderator = FALSE, admin = FALSE WHERE id = :u", u=self.id)
+        query(
+            f"""
+            UPDATE users
+            SET admin = FALSE {', moderator = FALSE' if not remove_admin_only else ''}
+            WHERE id = :u
+            """,
+            u=self.id,
+        )
         self.global_admin = False
         self.global_moderator = False
 

sogs/model/user.py

@@ -9,6 +9,7 @@
 from .general import general as general_endpoints
 from .onion_request import onion_request as onion_request_endpoints
 from .rooms import rooms as rooms_endpoints
+from .users import users as users_endpoints
 
 from io import BytesIO
 
@@ -21,6 +22,7 @@
 app.register_blueprint(general_endpoints)
 app.register_blueprint(onion_request_endpoints)
 app.register_blueprint(rooms_endpoints)
+app.register_blueprint(users_endpoints)
 
 
 @app.get("/")

sogs/routes/__init__.py

@@ -205,6 +205,10 @@ def handle_http_auth():
         )
 
     user = User(session_id=pk, autovivify=True, touch=False)
+    if user.banned:
+        # If the user is banned don't even bother verifying the signature because we want to reject
+        # the request whether or not the signature validation passes.
+        abort_with_reason(http.FORBIDDEN, 'Banned', warn=False)
 
     try:
         query('INSERT INTO user_request_nonces ("user", nonce) VALUES (:u, :n)', u=user.id, n=nonce)
@@ -240,8 +244,5 @@ def handle_http_auth():
             http.UNAUTHORIZED, "Invalid authentication: X-SOGS-Hash authentication failed"
         )
 
-    if user.banned:
-        abort_with_reason(http.FORBIDDEN, 'Banned', warn=False)
-
     user.touch()
     g.user = user

sogs/routes/auth.py

@@ -4,7 +4,7 @@
 
 from flask import abort, jsonify, g, Blueprint, request
 
-# General purpose routes for things like capability retrieval and batching
+# Room-related routes
 
 
 rooms = Blueprint('rooms', __name__)

sogs/routes/rooms.py

@@ -0,0 +1,115 @@
+from .. import db, http
+from ..model import room as mroom
+from ..model.user import User
+from ..web import app
+from . import auth
+
+from flask import abort, jsonify, g, Blueprint, request
+
+# User-related routes
+
+
+users = Blueprint('users', __name__)
+
+
+@users.post("/user/<SessionID:sid>/moderator")
+@auth.user_required
+def set_mod(sid):
+
+    user = User(session_id=sid)
+
+    req = request.json
+    room_tokens, global_mod = req.get('rooms'), req.get('global', False)
+
+    if room_tokens and not isinstance(room_tokens, list):
+        app.logger.warning("Invalid request: room_tokens must be a list")
+        abort(http.BAD_REQUEST)
+
+    mod, admin, visible = (
+        None if arg is None else bool(arg)
+        for arg in (req.get('moderator'), req.get('admin'), req.get('visible'))
+    )
+
+    # Filter out any invalid or redundant arguments:
+    if (admin, mod) == (None, None):
+        app.logger.warning(
+            "Invalid moderator request: at least one of admin/moderator must be specified"
+        )
+        abort(http.BAD_REQUEST)
+    elif (admin, mod) == (True, False):
+        app.logger.warning("Invalid moderator call: admin=True, moderator=False is impossible")
+        abort(http.BAD_REQUEST)
+    elif (admin, mod) == (True, True):
+        mod = None  # admin already implies mod so we can ignore it
+    elif (admin, mod) == (False, False):
+        admin = None  # ¬mod implies ¬admin so we can ignore it
+
+    # We now have one of these cases:
+    # (True, None) -- adds admin
+    # (None, True) -- adds mod
+    # (None, False) -- removes mod/admin
+    # (False, True) -- removes admin, adds mod
+    # (False, None) -- removes admin
+
+    with db.transaction():
+        if room_tokens:
+            if visible is None:
+                visible = True
+
+            if global_mod:
+                app.logger.warning(
+                    "Invalid moderator request: cannot specify both 'rooms' and 'global'"
+                )
+                abort(http.BAD_REQUEST)
+
+            if len(room_tokens) > 1 and '*' in room_tokens:
+                app.logger.warning(
+                    "Invalid moderator request: room '*' must be the only rooms value"
+                )
+                abort(http.BAD_REQUEST)
+
+            if room_tokens == ['*']:
+                room_tokens = None
+
+            try:
+                rooms = mroom.get_rooms_with_permission(g.user, tokens=room_tokens, admin=True)
+            except Exception as e:
+                # This is almost certainly a bad room token passed in:
+                app.logger.warning(f"Cannot get rooms for adding a moderator: {e}")
+                abort(http.BAD_REQUEST)
+
+            if room_tokens is not None:
+                if len(rooms) != len(room_tokens):
+                    abort(http.FORBIDDEN)
+            elif not rooms:
+                abort(http.FORBIDDEN)
+
+            for room in rooms:
+                if (admin, mod) in ((True, None), (None, True)):
+                    room.set_moderator(user, added_by=g.user, admin=admin, visible=visible)
+                elif (admin, mod) == (None, False):
+                    room.remove_moderator(user, removed_by=g.user)
+                elif (admin, mod) == (False, None):
+                    room.remove_moderator(user, removed_by=g.user, remove_admin_only=True)
+                elif (admin, mod) == (False, True):
+                    room.remove_moderator(user, removed_by=g.user, remove_admin_only=True)
+                    room.set_moderator(user, added_by=g.user, admin=False, visible=visible)
+                else:
+                    app.logger.error("Internal error: unhandled mod/admin room case")
+                    raise RuntimeError("Internal error: unhandled mod/admin room case")
+
+        else:  # global mod
+            if visible is None:
+                visible = False
+
+            if (admin, mod) in ((True, None), (None, True)):
+                user.set_moderator(added_by=g.user, admin=admin, visible=visible)
+            elif (admin, mod) == (None, False):
+                user.remove_moderator(removed_by=g.user)
+            elif (admin, mod) == (False, None):
+                user.remove_moderator(removed_by=g.user, remove_admin_only=True)
+            elif (admin, mod) == (False, True):
+                user.remove_moderator(removed_by=g.user, remove_admin_only=True)
+                user.set_moderator(added_by=g.user, admin=bool(admin), visible=visible)
+
+    return jsonify({})