From 513de6945d40b66368a061dff6a81646e8bda7a0 Mon Sep 17 00:00:00 2001 From: Hassan Abouelela Date: Sat, 5 Feb 2022 17:39:33 +0400 Subject: Add Role Based Authorized Readers Adds a new property on forms to declare which roles are authorized to access form responses. Signed-off-by: Hassan Abouelela --- backend/models/form.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'backend/models/form.py') diff --git a/backend/models/form.py b/backend/models/form.py index f19ed85..45a7e0b 100644 --- a/backend/models/form.py +++ b/backend/models/form.py @@ -1,10 +1,10 @@ import typing as t import httpx -from pydantic import constr, BaseModel, Field, root_validator, validator +from pydantic import BaseModel, Field, constr, root_validator, validator from pydantic.error_wrappers import ErrorWrapper, ValidationError -from backend.constants import FormFeatures, WebHook +from backend.constants import DISCORD_GUILD, FormFeatures, WebHook from .question import Question PUBLIC_FIELDS = [ @@ -43,6 +43,7 @@ class Form(BaseModel): submitted_text: t.Optional[str] = None webhook: _WebHook = None discord_role: t.Optional[str] + response_readers: t.Optional[list[str]] class Config: allow_population_by_field_name = True @@ -67,6 +68,13 @@ class Form(BaseModel): return value + @validator("response_readers") + def validate_role_scoping(cls, value: t.Optional[list[str]]): + """Ensure special role based permissions aren't granted to the @everyone role.""" + if value and str(DISCORD_GUILD) in value: + raise ValueError("You can not add the everyone role as an access scope.") + return value + @root_validator def validate_role(cls, values: dict[str, t.Any]) -> t.Optional[dict[str, t.Any]]: """Validates does Discord role provided when flag provided.""" -- cgit v1.2.3