Added function to check permissions on specific chat.

The checkChatPermission function checks if a use is allowed to perform an action in a chat

main.py

@@ -44,15 +44,9 @@ except Exception as e:
 
 app = Flask(__name__)
 
-# Chat Details Endpoint:
-# Get or change details about a chat using the chatId
-# Arguments: token (required), details (required), model, name
-@app.route('/api/chat/<_id>/details', methods = ['GET', 'POST'])
-def getChatHistory(_id):
-    # Get user auth token
-    token = request.json['token']
+def checkUserPermission(token, permission):
     # Find the correct user token in user db
-    user = usersCollection.find_one({'tokens.token': token}, {"_id":1,"tokens":{"$elemMatch": {"token":token}}})
+    user = usersCollection.find_one({'tokens.token': token}, {"_id":1,"tokens":{"$elemMatch": {"token":token}}, "permissions":1})
     # If the user exists, continue, otherwise return fail
     if (user):
         # Convert _id to a string, python doesn't like ObjectId()
@@ -61,7 +55,40 @@ def getChatHistory(_id):
         if (user['tokens'][0]['expiry'] > int(datetime.now().timestamp())):
             # Store the userId
             userId = user['_id']
-            print(userId)
+            if permission in user["permissions"]:
+                return True, userId
+            elif (permission == True):
+                return True, userId
+            else:
+                return False, "Incorrect permissions"
+        else:
+            return False, "Token is expired"
+    else:
+        return False, "Token doesn't exist"
+    
+def checkChatPermission(token, chatId, permission):
+    a, userId = checkUserPermission(token, True)
+    if (a == True):
+        # Get the chat from the chatId
+        returnedChat = chatCollection.find_one({'_id': ObjectId(chatId)})
+        # Convert chatId into string
+        returnedChat['_id'] = str(returnedChat['_id'])
+        if permission in returnedChat['permissions']:
+            return True, userId
+        else:
+            return False, "Incorrect permissions"
+    else:
+        return False, "Invalid Token"
+
+# Chat Details Endpoint:
+# Get or change details about a chat using the chatId
+# Arguments: token (required), details (required), model, name
+@app.route('/api/chat/<_id>/details', methods = ['GET', 'POST'])
+def getChatHistory(_id):
+    # Get user auth token
+    token = request.json['token']
+    a, userId = checkUserPermission(token, True)
+    if (a == True):
         # Get the request details
         details = request.json['details']
         # If the user is trying to GET data
@@ -99,8 +126,6 @@ def getChatHistory(_id):
                 return jsonify("Invalid Permissions")
     else:
         return jsonify("User token is invalid")
-    else:
-        return jsonify("User token is invalid")
 
 # Chat creation endpoint
 # Create a new chat
@@ -109,20 +134,8 @@ def getChatHistory(_id):
 def createChat():
     # Get user auth token
     token = request.json['token']
-    # Find the correct user token in user db
-    user = usersCollection.find_one({'tokens.token': token}, {"_id":1,"tokens":{"$elemMatch": {"token":token}}})
-    # If the user exists, continue, otherwise return fail
-    if (user):
-        # Convert _id to a string, python doesn't like ObjectId()
-        user['_id'] = str(user['_id'])
-        # Check if the token expiry is after the current date (Using unix timestamp, other mongodb Date datatype is a pain to use in python)
-        if (user['tokens'][0]['expiry'] > int(datetime.now().timestamp())):
-            # Store the userId
-            userId = user['_id']
-            print(user)
-            print(user['permissions'])
-            if ("createChat" in user['permissions']):
-                print(userId)
+    a, userId = checkUserPermission(token, "createChat")
+    if (a == True):
         name = request.json['name']
         model = request.json['model']
         chatCollection.insert_one(
@@ -143,10 +156,6 @@ def createChat():
             }
         )
         return jsonify("Success")
-            else:
-                return jsonify("Incorrect permissions")
-        else:
-            return jsonify("User token is invalid")
     else:
         return jsonify("User token is invalid")
 
@@ -167,15 +176,11 @@ def index():
     if (token == 'none'):
         return render_template('login.html', appName=appName, githubUrl=github_auth_endpoint, githublogin=settings["github_oauth"]["enabled"], oauthlogin=settings["oauth_login"])
     else:
-        user = usersCollection.find_one({'tokens.token': token}, {"_id":1,"tokens":{"$elemMatch": {"token":token}}})
-        if (user):
-            user['_id'] = str(user['_id'])
-            if (user['tokens'][0]['expiry'] > int(datetime.now().timestamp())):
+        a, userId = checkUserPermission(token, True)
+        if (a == True):
                 return render_template('home.html', appName=appName)
         else:
             render_template('logout.html', appName=appName)
-        else:
-            render_template('logout.html', appName=appName)
 
 # Login endpoint
 # Api backend for login screen, check for user and returns token