Add user auth to table mods

src/auth.py

@@ -6,6 +6,7 @@ from random import randint
 
 auth = Blueprint("auth_api", __name__)
 
+
 @auth.route("/login", methods=["POST"])
 def login():
     username = request.get_json()["username"]
@@ -19,6 +20,7 @@ def login():
 
     return jsonify({"username": "NONE", "authenticated": False}), 400
 
+
 @auth.route("/logout", methods=["POST"])
 @login_required
 def logout():
@@ -26,6 +28,7 @@ def logout():
         return jsonify({"username": "NONE", "authenticated": False}), 200
     return "Log Out Failed", 400
 
+
 @auth.route("/user")
 def get_current_user():
     if current_user.is_authenticated:
@@ -34,6 +37,7 @@ def get_current_user():
         return jsonify({"username": "NONE", "authenticated": False})
     return "Unauthd", 403
 
+
 @auth.route("/user", methods=["POST"])
 def create_user():
     username = request.get_json()["username"]
@@ -46,6 +50,7 @@ def create_user():
     db.session.commit()
     return jsonify(user.to_dict())
 
+
 @auth.route("/user/<user_id>", methods=["POST"])
 @login_required
 def update_user(user_id):
@@ -55,11 +60,13 @@ def update_user(user_id):
     db.session.commit()
     return jsonify(user.to_dict()), 200
 
+
 @auth.route("/user/<user_id>", methods=["DELETE"])
 @login_required
 def delete_user():
     return
 
+
 @auth.route("/user/<user_id>")
 @login_required
 def get_user():

src/game_table_model.py

@@ -11,7 +11,8 @@ class GameTable(db.Model):
     active = db.Column(db.Boolean)
     version = db.Column(db.Integer)
     docker_id = db.Column(db.Integer)
-    user_id = db.Column(db.Integer)
+    owning_user_id = db.Column(db.Integer)
+
 
     def __repr__(self):
         return f"<Game Table {self.game_table_name}>"
@@ -23,5 +24,5 @@ class GameTable(db.Model):
             "table_link": self.game_table_link,
             "active": self.active,
             "version": self.version,
-            "user_id": self.user_id
+            "user_id": self.owning_user_id,
         }

src/main.py

@@ -6,6 +6,7 @@ from flask_login import LoginManager
 
 db = SQLAlchemy()
 
+
 def create_app():
     app = Flask(__name__)
 
@@ -24,6 +25,7 @@ def create_app():
             db.close()
 
     from user_model import User
+
     @login_manager.user_loader
     def load_user(user_id: string) -> User:
         return User.query.get(int(user_id))

src/tables.py

@@ -13,7 +13,7 @@ tables = Blueprint("tables_api", __name__)
 @tables.route("/tables", methods=["POST"])
 @login_required
 def create_table():
-
+    user = current_user
     allTables = GameTable.query.all()
     allIds = set([table.game_table_id for table in allTables] or [0])
     fullRange = set(range(0, max(allIds) + 2))
@@ -26,6 +26,7 @@ def create_table():
         version=request.get_json()["version"],
         active=False,
         docker_id=None,
+        owning_user_id=user.id
     )
     potato.session.add(table)
     potato.session.commit()
@@ -40,23 +41,34 @@ def get_table(table_id):
 
 
 @tables.route("/tables/<int:table_id>", methods=["POST"])
+@login_required
 def update_table(table_id):
+    user = current_user
     table = GameTable.query.get_or_404(table_id)
+
+    if table.owning_user_id == user.id or user.is_admin:
         table.game_table_name = request.get_json()["table_name"]
         table.game_table_link = request.get_json()["table_link"]
         table.version = request.get_json()["version"]
         potato.session.commit()
+        return jsonify(table.to_dict()), 200
+
+    return "Not auth'd to mod table.", 403
 
 
 @tables.route("tables/<table_id>", methods=["DELETE"])
-@
+@login_required
 def delete_table(table_id):
+    user = current_user
     table = GameTable.query.get_or_404(table_id)
+
+    if table.owning_user_id == user.id or user.is_admin:
         container_managment.delete_file_package(table)
         potato.session.delete(table)
         potato.session.commit()
         return jsonify({}), 200
 
+    return "Not auth'd to mod table.", 403
 
 @tables.route("/tables/active")
 def list_active_tables():
@@ -77,11 +89,16 @@ def list_inactive_tables():
 
 
 @tables.route("/tables/<table_id>:start", methods=["POST"])
+@login_required
 def activate_table(table_id):
+    user = current_user
     hard = bool(request.get_json()["hard"])
     keys = TableKey.query.filter_by(game_table_id=None).all()
     table = GameTable.query.get_or_404(table_id)
 
+    if not table.owning_user_id == user.id and not user.is_admin:
+        return "Not auth'd to mod table.", 403
+
     if table.active:
         return "Table already active", 400
 
@@ -101,10 +118,15 @@ def activate_table(table_id):
 
 
 @tables.route("/tables/<table_id>:stop", methods=["POST"])
+@login_required
 def deactivate_table(table_id):
+    user = current_user
     table = GameTable.query.get_or_404(table_id)
     key = TableKey.query.filter_by(game_table_id=table_id).first()
 
+    if not table.owning_user_id == user.id and not user.is_admin:
+        return "Not auth'd to mod table.", 403
+
     if not table.active:
         return "Table not active", 400
 

src/user_model.py

@@ -4,9 +4,11 @@ from main import db
 from werkzeug.security import generate_password_hash, check_password_hash
 from flask_login import UserMixin
 
+
 def create_new_session(user: User) -> Session:
     return
 
+
 class User(UserMixin, db.Model):
 
     __tablename__ = "users"
@@ -24,7 +26,13 @@ class User(UserMixin, db.Model):
         return check_password_hash(self.password_hash, password)
 
     def to_dict(self):
-        return {"id": self.id, "username": self.user_name, "authenticated": self.is_authenticated}
+        return {
+            "id": self.id,
+            "username": self.user_name,
+            "authenticated": self.is_authenticated,
+            "is_admin": self.is_admin
+        }
+
 
 class Session(db.Model):