aiolabs/lnurlp
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Admin improvements (#60)

Browse source 
* feat: allow admins to alter pay-links

* chore: `make check`
This commit is contained in:
Vlad Stan 2024-08-05 13:14:50 +03:00 committed by GitHub
commit bdef451d89
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 16 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

22
views_api.py
View file

@ -79,7 +79,10 @@ async def api_link_retrieve(
link_wallet = await get_wallet(link.wallet) link_wallet = await get_wallet(link.wallet)
if link_wallet and link_wallet.user != key_info.wallet.user: # admins are allowed to read paylinks beloging to regular users
user = await get_user(key_info.wallet.user)
assert user, "User does not exist"
if not user.admin and link_wallet and link_wallet.user != key_info.wallet.user:
raise HTTPException( raise HTTPException(
detail="Not your pay link.", status_code=HTTPStatus.FORBIDDEN detail="Not your pay link.", status_code=HTTPStatus.FORBIDDEN
) )
@ -92,7 +95,7 @@ async def check_username_exists(username: str):
if prev_link: if prev_link:
raise HTTPException( raise HTTPException(
detail="Username already taken.", detail="Username already taken.",
status_code=HTTPStatus.BAD_REQUEST, status_code=HTTPStatus.CONFLICT,
) )
@ -150,9 +153,10 @@ async def api_link_create_or_update(
status_code=HTTPStatus.BAD_REQUEST, status_code=HTTPStatus.BAD_REQUEST,
) )
if data.username and not re.match("^[a-z0-9-_.]{3,64}$", data.username): if data.username and not re.match("^[a-z0-9-_.]{1,210}$", data.username):
raise HTTPException( raise HTTPException(
detail=f"Invalid username: {data.username}", detail=f"Invalid username: {data.username}. "
"Only letters a-z0-9-_. allowed, min 1 and max 210 characters!",
status_code=HTTPStatus.BAD_REQUEST, status_code=HTTPStatus.BAD_REQUEST,
) )
@ -166,7 +170,10 @@ async def api_link_create_or_update(
detail="Wallet does not exist.", status_code=HTTPStatus.FORBIDDEN detail="Wallet does not exist.", status_code=HTTPStatus.FORBIDDEN
) )
if new_wallet.user != key_info.wallet.user: # admins are allowed to create/edit paylinks beloging to regular users
user = await get_user(key_info.wallet.user)
assert user, "User does not exist"
if not user.admin and new_wallet.user != key_info.wallet.user:
raise HTTPException( raise HTTPException(
detail="Not your pay link.", status_code=HTTPStatus.FORBIDDEN detail="Not your pay link.", status_code=HTTPStatus.FORBIDDEN
) )
@ -202,7 +209,10 @@ async def api_link_delete(link_id: str, wallet: WalletTypeInfo = Depends(get_key
detail="Pay link does not exist.", status_code=HTTPStatus.NOT_FOUND detail="Pay link does not exist.", status_code=HTTPStatus.NOT_FOUND
) )
if link.wallet != wallet.wallet.id: # admins are allowed to delete paylinks beloging to regular users
user = await get_user(wallet.wallet.user)
assert user, "User does not exist"
if not user.admin and link.wallet != wallet.wallet.id:
raise HTTPException( raise HTTPException(
detail="Not your pay link.", status_code=HTTPStatus.FORBIDDEN detail="Not your pay link.", status_code=HTTPStatus.FORBIDDEN
) )