From 0e65fca2a881bdfcf5bd480736ac54504c4cf24d Mon Sep 17 00:00:00 2001 From: Hugo H Date: Fri, 22 Aug 2025 11:57:32 +0100 Subject: [PATCH] Update permissions system for chats --- main.py | 54 +++++++++++++++++++++++++++++++++--------------------- notes.md | 3 ++- 2 files changed, 35 insertions(+), 22 deletions(-) diff --git a/main.py b/main.py index 57857de..c9d0008 100644 --- a/main.py +++ b/main.py @@ -45,7 +45,7 @@ except Exception as e: app = Flask(__name__) # Chat Details Endpoint: -# Gets details about a chat using the chatId +# Get or change details about a chat using the chatId # Arguments: token (required), details (required), model, name @app.route('/api/chat/<_id>/details', methods = ['GET', 'POST']) def getChatHistory(_id): @@ -70,25 +70,33 @@ def getChatHistory(_id): returnedChat = chatCollection.find_one({'_id': ObjectId(_id)}) # Convert chatId into string returnedChat['_id'] = str(returnedChat['_id']) - print("Chat " + _id + " has been found with token " + token) - # Check for detail type and return correct value from db - if (details == "history"): - return jsonify(returnedChat["messages"]) - elif (details == "users"): - return jsonify(returnedChat["permissions"]) - elif (details == "model"): - return jsonify(returnedChat["model"]) - elif (details == "name"): - return jsonify(returnedChat["name"]) + try: + returnedChat["permissions"][userId].index("view") + print("Chat " + _id + " has been found with token " + token) + # Check for detail type and return correct value from db + if (details == "history"): + return jsonify(returnedChat["messages"]) + elif (details == "users"): + return jsonify(returnedChat["permissions"]) + elif (details == "model"): + return jsonify(returnedChat["model"]) + elif (details == "name"): + return jsonify(returnedChat["name"]) + except: + return jsonify("Invalid Permissions") else: - # Check for the detail type and add data to db - if (details == "model"): - model = request.json['model'] - chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "model": model } }) - if (details == "name"): - name = request.json['name'] - chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "name": name } }) - return jsonify("Success") + try: + returnedChat["permissions"][userId].index("edit") + # Check for the detail type and add data to db + if (details == "model"): + model = request.json['model'] + chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "model": model } }) + if (details == "name"): + name = request.json['name'] + chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "name": name } }) + return jsonify("Success") + except: + return jsonify("Invalid Permissions") else: return jsonify("User token is invalid") else: @@ -99,8 +107,11 @@ def getChatHistory(_id): # Arguments: token (required), name (required), model (required) @app.route('/api/chat/create', methods = ['POST']) def createChat(): + # Get user auth token token = request.json['token'] - user = usersCollection.find_one({'tokens.token': token}, {"_id":1,"tokens":{"$elemMatch": {"token":token}}, "permissions":1}) + # Find the correct user token in user db + user = usersCollection.find_one({'tokens.token': token}, {"_id":1,"tokens":{"$elemMatch": {"token":token}}}) + # If the user exists, continue, otherwise return fail if (user): user['_id'] = str(user['_id']) if (user['tokens'][0]['expiry'] > int(datetime.now().timestamp())): @@ -119,7 +130,8 @@ def createChat(): userId:[ "owner", "view", - "message" + "message", + "edit" ] }, "messages": [ diff --git a/notes.md b/notes.md index b6765fb..cd4a733 100644 --- a/notes.md +++ b/notes.md @@ -14,7 +14,8 @@ A chat document should be formatted like this: "demoUserUUID":[ 'owner', 'view', - 'message' + 'message', + 'edit' ] }, messages: [