Update permissions system for chats

2025-08-22 11:57:32 +01:00
parent 7948e8af91
commit 0e65fca2a8
2 changed files with 35 additions and 22 deletions
--- a/main.py
+++ b/main.py
@@ -45,7 +45,7 @@ except Exception as e:
 app = Flask(__name__)
 # Chat Details Endpoint:
-# Gets details about a chat using the chatId
+# Get or change details about a chat using the chatId
 # Arguments: token (required), details (required), model, name
@app.route('/api/chat/<_id>/details', methods = ['GET', 'POST'])
 def getChatHistory(_id):
@@ -70,25 +70,33 @@ def getChatHistory(_id):
                returnedChat = chatCollection.find_one({'_id': ObjectId(_id)})
                # Convert chatId into string
                returnedChat['_id'] = str(returnedChat['_id'])
-                print("Chat " + _id + " has been found with token " + token)
+                try:
-                # Check for detail type and return correct value from db
+                    returnedChat["permissions"][userId].index("view")
-                if (details == "history"):
+                    print("Chat " + _id + " has been found with token " + token)
-                    return jsonify(returnedChat["messages"])
+                    # Check for detail type and return correct value from db
-                elif (details == "users"):
+                    if (details == "history"):
-                    return jsonify(returnedChat["permissions"])
+                        return jsonify(returnedChat["messages"])
-                elif (details == "model"):
+                    elif (details == "users"):
-                    return jsonify(returnedChat["model"])
+                        return jsonify(returnedChat["permissions"])
-                elif (details == "name"):
+                    elif (details == "model"):
-                    return jsonify(returnedChat["name"])
+                        return jsonify(returnedChat["model"])
                    elif (details == "name"):
                        return jsonify(returnedChat["name"])
                except:
                    return jsonify("Invalid Permissions")
            else:
-                # Check for the detail type and add data to db
+                try:
-                if (details == "model"):
+                    returnedChat["permissions"][userId].index("edit")
-                    model = request.json['model']
+                    # Check for the detail type and add data to db
-                    chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "model": model } })
+                    if (details == "model"):
-                if (details == "name"):
+                        model = request.json['model']
-                    name = request.json['name']
+                        chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "model": model } })
-                    chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "name": name } })
+                    if (details == "name"):
-                return jsonify("Success")
+                        name = request.json['name']
                        chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "name": name } })
                    return jsonify("Success")
                except:
                    return jsonify("Invalid Permissions")
        else:
            return jsonify("User token is invalid")
    else:
@@ -99,8 +107,11 @@ def getChatHistory(_id):
 # Arguments: token (required), name (required), model (required)
@app.route('/api/chat/create', methods = ['POST'])
 def createChat():
    # Get user auth token
    token = request.json['token']
-    user = usersCollection.find_one({'tokens.token': token}, {"_id":1,"tokens":{"$elemMatch": {"token":token}}, "permissions":1})
+    # Find the correct user token in user db
    user = usersCollection.find_one({'tokens.token': token}, {"_id":1,"tokens":{"$elemMatch": {"token":token}}})
    # If the user exists, continue, otherwise return fail
    if (user):
        user['_id'] = str(user['_id'])
        if (user['tokens'][0]['expiry'] > int(datetime.now().timestamp())):
@@ -119,7 +130,8 @@ def createChat():
                            userId:[
                                "owner",
                                "view",
-                                "message"
+                                "message",
                                "edit"
                            ]
                        },
                        "messages": [
--- a/notes.md
+++ b/notes.md
@@ -14,7 +14,8 @@ A chat document should be formatted like this:
        "demoUserUUID":[
            'owner',
            'view',
-            'message'
+            'message',
            'edit'
        ]
    },
    messages: [