add Discord Admin permissions for dashboard

dragonejt · Dec 3, 2023 · 4a58004 · 4a58004
1 parent 6bcba23
commit 4a58004
Show file tree

Hide file tree

Showing 7 changed files with 195 additions and 26 deletions.
diff --git a/Pipfile b/Pipfile
@@ -13,10 +13,11 @@ whitenoise = "*"
 pyyaml = "*"
 gunicorn = "*"
 uritemplate = "*"
+requests = "*"
 
 [dev-packages]
 pylint = "*"
 autopep8 = "*"
 
 [requires]
-python_version = "3.11"
+python_version = "3.11"
diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/clients/discord.py b/clients/discord.py
@@ -0,0 +1,22 @@
+import requests
+
+class DiscordClient():
+
+    url = "https://discord.com/api/v10"
+
+    def __init__(self, access_token):
+        user = requests.get(f"{self.url}/users/@me", headers={
+            "Authorization": f"Bearer {access_token}"
+        }).json()
+        user.raise_for_status()
+
+        self.user_id = user["id"]
+
+    def is_server_admin(self, guild_id):
+        response = requests.get(
+            f"{self.url}/guilds/{guild_id}/members/{self.user_id}").json()
+        response.raise_for_status()
+
+        print(response["permissions"])
+
+        return True
diff --git a/community/models.py b/community/models.py
@@ -1,6 +1,10 @@
 from django.db import models
 from django.contrib.auth import get_user_model
+from rest_framework.views import APIView
+from rest_framework.request import Request
 from rest_framework.serializers import ModelSerializer
+from rest_framework.permissions import BasePermission
+from clients.discord import DiscordClient
 
 # Create your models here.
 
@@ -27,3 +31,18 @@ class CommunitySerializer(ModelSerializer):
     class Meta:
         model = Community
         fields = "__all__"
+
+class DiscordAdmin(BasePermission):
+
+    def has_permission(self, request: Request, view: APIView):
+        return True
+
+    def has_object_permission(self, request: Request, view: APIView, obj: models.Model) -> bool:
+        platform, access_token = request.META["Authorization"].split(" ")
+
+        if (platform != "Discord"): return False
+        if (type(obj) == Community):
+            return DiscordClient(access_token).is_server_admin(obj.community_id)
+
+
+        return False
diff --git a/community/views.py b/community/views.py
@@ -4,19 +4,20 @@
 from rest_framework.permissions import IsAdminUser
 from rest_framework.request import Request
 from rest_framework.response import Response
-from community.models import Community, CommunitySerializer
+from community.models import Community, CommunitySerializer, DiscordAdmin
 from psychopass.models import CommunityPsychoPass
 from dominator.models import MessageDominator, MemberDominator
 
 # Create your views here.
 
 
 class CommunityView(APIView):
-    permission_classes = [IsAdminUser]
+    permission_classes = [IsAdminUser | DiscordAdmin]
 
     def get(self, request: Request) -> Response:
         community = get_object_or_404(
-            Community, platform=request.user, community_id=request.query_params.get("id"))
+            Community, community_id=request.query_params.get("id"))
+        self.check_object_permissions(request, community)
 
         return Response(CommunitySerializer(community).data, status=status.HTTP_200_OK)
 
@@ -49,7 +50,7 @@ def put(self, request: Request) -> Response:
 
     def delete(self, request: Request) -> Response:
         community = get_object_or_404(
-            Community, platform=request.user, community_id=request.query_params.get("id"))
+            Community, community_id=request.query_params.get("id"))
         community.delete()
 
         return Response(status=status.HTTP_204_NO_CONTENT)
diff --git a/psychopass/views.py b/psychopass/views.py
@@ -60,15 +60,15 @@ class CommunityPsychoPassView(APIView):
 
     def get(self, request: Request) -> Response:
         community = get_object_or_404(
-            Community, platform=request.user, community_id=request.query_params.get("id"))
+            Community, community_id=request.query_params.get("id"))
         community_psycho_pass = get_object_or_404(
             CommunityPsychoPass, community=community)
 
         return Response(CommunityPsychoPassSerializer(community_psycho_pass).data, status=status.HTTP_200_OK)
 
     def put(self, request: Request) -> Response:
         community = get_object_or_404(
-            Community, platform=request.user, community_id=request.data.get("communityID"))
+            Community, community_id=request.data.get("communityID"))
         community_psycho_pass = get_object_or_404(
             CommunityPsychoPass, community=community)
         psycho_pass = get_object_or_404(

diff --git a/sibyl/settings.py b/sibyl/settings.py
@@ -139,9 +139,6 @@
     'DEFAULT_AUTHENTICATION_CLASSES': [
         'rest_framework.authentication.TokenAuthentication'
     ],
-    'DEFAULT_PERMISSION_CLASSES': [
-        'rest_framework.permissions.IsAuthenticated'
-    ],
     'DEFAULT_RENDERER_CLASSES': [
         'rest_framework.renderers.JSONRenderer'
     ]