mia-accounting/src/accounting/utils/permission.py

# The Mia! Accounting Project.
# Author: imacat@mail.imacat.idv.tw (imacat), 2023/1/25

#  Copyright (c) 2023 imacat.
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
"""The permissions.

This module should not import any other module from the application.

"""
from collections.abc import Callable

from flask import abort, Blueprint, Response

from accounting.utils.user import get_current_user, UserUtilityInterface


def has_permission(rule: Callable[[], bool]) -> Callable:
    """The permission decorator to check whether the current user is allowed.

    :param rule: The permission rule.
    :return: The view decorator.
    """

    def decorator(view: Callable) -> Callable:
        """The view decorator to decorate a view with permission tests.

        :param view: The view.
        :return: The decorated view.
        """

        def decorated_view(*args, **kwargs):
            """The decorated view that tests against a permission rule.

            :param args: The arguments of the view.
            :param kwargs: The keyword arguments of the view.
            :return: The response of the view.
            :raise Forbidden: When the user is denied.
            """
            if not rule():
                if get_current_user() is None:
                    response: Response | None = _unauthorized_func()
                    if response is not None:
                        return response
                abort(403)
            return view(*args, **kwargs)

        return decorated_view

    return decorator


__can_view_func: Callable[[], bool] = lambda: True
"""The callback that returns whether the current user can view the accounting
data."""
__can_edit_func: Callable[[], bool] = lambda: True
"""The callback that returns whether the current user can edit the accounting
data."""
__can_admin_func: Callable[[], bool] = lambda: True
"""The callback that returns whether the current user can administrate the
accounting settings."""
_unauthorized_func: Callable[[], Response | None] \
    = lambda: Response(status=403)
"""The callback that returns the response to require the user to log in."""


def can_view() -> bool:
    """Returns whether the current user can view the accounting data.

    :return: True if the current user can view the accounting data, or False
        otherwise.
    """
    return __can_view_func()


def can_edit() -> bool:
    """Returns whether the current user can edit the accounting data.

    The user has to log in.

    :return: True if the current user can edit the accounting data, or False
        otherwise.
    """
    if get_current_user() is None:
        return False
    return __can_edit_func()


def can_admin() -> bool:
    """Returns whether the current user can administrate the accounting
    settings.

    The user has to log in.

    :return: True if the current user can administrate the accounting settings,
        or False otherwise.
    """
    if get_current_user() is None:
        return False
    return __can_admin_func()


def init_app(bp: Blueprint, user_utils: UserUtilityInterface) -> None:
    """Initializes the application.

    :param bp: The blueprint of the accounting application.
    :param user_utils: The user utilities.
    :return: None.
    """
    global __can_view_func, __can_edit_func, __can_admin_func, \
        _unauthorized_func
    __can_view_func = user_utils.can_view
    __can_edit_func = user_utils.can_edit
    __can_admin_func = user_utils.can_admin
    _unauthorized_func = user_utils.unauthorized
    bp.add_app_template_global(user_utils.can_view, "accounting_can_view")
    bp.add_app_template_global(user_utils.can_edit, "accounting_can_edit")
    bp.add_app_template_global(user_utils.can_admin, "accounting_can_admin")
Renamed the project from "Mia! Accounting Flask" to "Mia! Accounting". 2023-04-04 18:17:44 +08:00			`# The Mia! Accounting Project.`
Added the initial application with the main account list, the pagination, the query, the permission, the localization, the documentation, the test case, and a test demonstration site. 2023-01-29 22:28:27 +08:00			`# Author: imacat@mail.imacat.idv.tw (imacat), 2023/1/25`

			`# Copyright (c) 2023 imacat.`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
			`"""The permissions.`

			`This module should not import any other module from the application.`

			`"""`
Replaced importing the "typing" module as "t" with importing the individual names in the "typing" module. Since Python 3.9 introduced type hinting generics in standard collections, we do not have as many names to import now. This is also to be consistent with the practices of most major and standard packages and examples. 2023-04-26 18:22:45 +08:00			`from collections.abc import Callable`
Added the initial application with the main account list, the pagination, the query, the permission, the localization, the documentation, the test case, and a test demonstration site. 2023-01-29 22:28:27 +08:00
Added the unauthorized method to the UserUtilityInterface interface, so that when the user has not logged in, the permission decorator can ask the user to log in instead of failing with HTTP 403 Forbidden. 2023-04-03 19:36:26 +08:00			`from flask import abort, Blueprint, Response`
Added the initial application with the main account list, the pagination, the query, the permission, the localization, the documentation, the test case, and a test demonstration site. 2023-01-29 22:28:27 +08:00
Renamed the AbstractUserUtils class to UserUtilityInterface, and added the can_view and can_edit functions to the UserUtilityInterface interface. There is no need to separately supply two additional can_view and can_edit callbacks. 2023-03-14 08:16:32 +08:00			`from accounting.utils.user import get_current_user, UserUtilityInterface`
Changed the can_edit permission to at least require the user to log in first. 2023-02-07 14:13:37 +08:00
Added the initial application with the main account list, the pagination, the query, the permission, the localization, the documentation, the test case, and a test demonstration site. 2023-01-29 22:28:27 +08:00
Replaced importing the "typing" module as "t" with importing the individual names in the "typing" module. Since Python 3.9 introduced type hinting generics in standard collections, we do not have as many names to import now. This is also to be consistent with the practices of most major and standard packages and examples. 2023-04-26 18:22:45 +08:00			`def has_permission(rule: Callable[[], bool]) -> Callable:`
Added the initial application with the main account list, the pagination, the query, the permission, the localization, the documentation, the test case, and a test demonstration site. 2023-01-29 22:28:27 +08:00			`"""The permission decorator to check whether the current user is allowed.`

			`:param rule: The permission rule.`
			`:return: The view decorator.`
			`"""`

Replaced importing the "typing" module as "t" with importing the individual names in the "typing" module. Since Python 3.9 introduced type hinting generics in standard collections, we do not have as many names to import now. This is also to be consistent with the practices of most major and standard packages and examples. 2023-04-26 18:22:45 +08:00			`def decorator(view: Callable) -> Callable:`
Added the initial application with the main account list, the pagination, the query, the permission, the localization, the documentation, the test case, and a test demonstration site. 2023-01-29 22:28:27 +08:00			`"""The view decorator to decorate a view with permission tests.`

			`:param view: The view.`
			`:return: The decorated view.`
			`"""`

			`def decorated_view(args, *kwargs):`
			`"""The decorated view that tests against a permission rule.`

			`:param args: The arguments of the view.`
			`:param kwargs: The keyword arguments of the view.`
			`:return: The response of the view.`
			`:raise Forbidden: When the user is denied.`
			`"""`
			`if not rule():`
Added the unauthorized method to the UserUtilityInterface interface, so that when the user has not logged in, the permission decorator can ask the user to log in instead of failing with HTTP 403 Forbidden. 2023-04-03 19:36:26 +08:00			`if get_current_user() is None:`
			`response: Response \| None = _unauthorized_func()`
			`if response is not None:`
			`return response`
Added the initial application with the main account list, the pagination, the query, the permission, the localization, the documentation, the test case, and a test demonstration site. 2023-01-29 22:28:27 +08:00			`abort(403)`
			`return view(args, *kwargs)`

			`return decorated_view`

			`return decorator`


Replaced importing the "typing" module as "t" with importing the individual names in the "typing" module. Since Python 3.9 introduced type hinting generics in standard collections, we do not have as many names to import now. This is also to be consistent with the practices of most major and standard packages and examples. 2023-04-26 18:22:45 +08:00			`__can_view_func: Callable[[], bool] = lambda: True`
Added the initial application with the main account list, the pagination, the query, the permission, the localization, the documentation, the test case, and a test demonstration site. 2023-01-29 22:28:27 +08:00			`"""The callback that returns whether the current user can view the accounting`
			`data."""`
Replaced importing the "typing" module as "t" with importing the individual names in the "typing" module. Since Python 3.9 introduced type hinting generics in standard collections, we do not have as many names to import now. This is also to be consistent with the practices of most major and standard packages and examples. 2023-04-26 18:22:45 +08:00			`__can_edit_func: Callable[[], bool] = lambda: True`
Added the initial application with the main account list, the pagination, the query, the permission, the localization, the documentation, the test case, and a test demonstration site. 2023-01-29 22:28:27 +08:00			`"""The callback that returns whether the current user can edit the accounting`
			`data."""`
Replaced importing the "typing" module as "t" with importing the individual names in the "typing" module. Since Python 3.9 introduced type hinting generics in standard collections, we do not have as many names to import now. This is also to be consistent with the practices of most major and standard packages and examples. 2023-04-26 18:22:45 +08:00			`__can_admin_func: Callable[[], bool] = lambda: True`
Added the option management, and moved the configuration of the default currency, the default account for the income and expenses log, and the recurring expenses and incomes to the options. 2023-03-22 15:34:28 +08:00			`"""The callback that returns whether the current user can administrate the`
			`accounting settings."""`
Replaced importing the "typing" module as "t" with importing the individual names in the "typing" module. Since Python 3.9 introduced type hinting generics in standard collections, we do not have as many names to import now. This is also to be consistent with the practices of most major and standard packages and examples. 2023-04-26 18:22:45 +08:00			`_unauthorized_func: Callable[[], Response \| None] \`
Added the unauthorized method to the UserUtilityInterface interface, so that when the user has not logged in, the permission decorator can ask the user to log in instead of failing with HTTP 403 Forbidden. 2023-04-03 19:36:26 +08:00			`= lambda: Response(status=403)`
			`"""The callback that returns the response to require the user to log in."""`
Added the initial application with the main account list, the pagination, the query, the permission, the localization, the documentation, the test case, and a test demonstration site. 2023-01-29 22:28:27 +08:00

			`def can_view() -> bool:`
Fixed the documentation of the can_view and can_edit functions in the "accounting.utils.permission" module. 2023-03-22 04:50:12 +08:00			`"""Returns whether the current user can view the accounting data.`
Added the initial application with the main account list, the pagination, the query, the permission, the localization, the documentation, the test case, and a test demonstration site. 2023-01-29 22:28:27 +08:00
			`:return: True if the current user can view the accounting data, or False`
			`otherwise.`
			`"""`
			`return __can_view_func()`


			`def can_edit() -> bool:`
Fixed the documentation of the can_view and can_edit functions in the "accounting.utils.permission" module. 2023-03-22 04:50:12 +08:00			`"""Returns whether the current user can edit the accounting data.`
Added the initial application with the main account list, the pagination, the query, the permission, the localization, the documentation, the test case, and a test demonstration site. 2023-01-29 22:28:27 +08:00
Changed the can_edit permission to at least require the user to log in first. 2023-02-07 14:13:37 +08:00			`The user has to log in.`

Added the initial application with the main account list, the pagination, the query, the permission, the localization, the documentation, the test case, and a test demonstration site. 2023-01-29 22:28:27 +08:00			`:return: True if the current user can edit the accounting data, or False`
			`otherwise.`
			`"""`
Changed the can_edit permission to at least require the user to log in first. 2023-02-07 14:13:37 +08:00			`if get_current_user() is None:`
			`return False`
Added the initial application with the main account list, the pagination, the query, the permission, the localization, the documentation, the test case, and a test demonstration site. 2023-01-29 22:28:27 +08:00			`return __can_edit_func()`


Added the option management, and moved the configuration of the default currency, the default account for the income and expenses log, and the recurring expenses and incomes to the options. 2023-03-22 15:34:28 +08:00			`def can_admin() -> bool:`
			`"""Returns whether the current user can administrate the accounting`
			`settings.`

			`The user has to log in.`

			`:return: True if the current user can administrate the accounting settings,`
			`or False otherwise.`
			`"""`
			`if get_current_user() is None:`
			`return False`
			`return __can_admin_func()`


Renamed the AbstractUserUtils class to UserUtilityInterface, and added the can_view and can_edit functions to the UserUtilityInterface interface. There is no need to separately supply two additional can_view and can_edit callbacks. 2023-03-14 08:16:32 +08:00			`def init_app(bp: Blueprint, user_utils: UserUtilityInterface) -> None:`
Added the initial application with the main account list, the pagination, the query, the permission, the localization, the documentation, the test case, and a test demonstration site. 2023-01-29 22:28:27 +08:00			`"""Initializes the application.`

Revised the init_app function of the "accounting.utils.permission" module to register the "can_view" and "can_edit" functions under the blueprint instead of the whole application. 2023-02-07 17:05:27 +08:00			`:param bp: The blueprint of the accounting application.`
Renamed the AbstractUserUtils class to UserUtilityInterface, and added the can_view and can_edit functions to the UserUtilityInterface interface. There is no need to separately supply two additional can_view and can_edit callbacks. 2023-03-14 08:16:32 +08:00			`:param user_utils: The user utilities.`
Added the initial application with the main account list, the pagination, the query, the permission, the localization, the documentation, the test case, and a test demonstration site. 2023-01-29 22:28:27 +08:00			`:return: None.`
			`"""`
Added the unauthorized method to the UserUtilityInterface interface, so that when the user has not logged in, the permission decorator can ask the user to log in instead of failing with HTTP 403 Forbidden. 2023-04-03 19:36:26 +08:00			`global __can_view_func, __can_edit_func, __can_admin_func, \`
			`_unauthorized_func`
Renamed the AbstractUserUtils class to UserUtilityInterface, and added the can_view and can_edit functions to the UserUtilityInterface interface. There is no need to separately supply two additional can_view and can_edit callbacks. 2023-03-14 08:16:32 +08:00			`__can_view_func = user_utils.can_view`
			`__can_edit_func = user_utils.can_edit`
Added the option management, and moved the configuration of the default currency, the default account for the income and expenses log, and the recurring expenses and incomes to the options. 2023-03-22 15:34:28 +08:00			`__can_admin_func = user_utils.can_admin`
Added the unauthorized method to the UserUtilityInterface interface, so that when the user has not logged in, the permission decorator can ask the user to log in instead of failing with HTTP 403 Forbidden. 2023-04-03 19:36:26 +08:00			`_unauthorized_func = user_utils.unauthorized`
Renamed the AbstractUserUtils class to UserUtilityInterface, and added the can_view and can_edit functions to the UserUtilityInterface interface. There is no need to separately supply two additional can_view and can_edit callbacks. 2023-03-14 08:16:32 +08:00			`bp.add_app_template_global(user_utils.can_view, "accounting_can_view")`
			`bp.add_app_template_global(user_utils.can_edit, "accounting_can_edit")`
Added the option management, and moved the configuration of the default currency, the default account for the income and expenses log, and the recurring expenses and incomes to the options. 2023-03-22 15:34:28 +08:00			`bp.add_app_template_global(user_utils.can_admin, "accounting_can_admin")`