Sending invitation and validating allowed roles

2025-08-07 11:42:29 +07:00 · 2025-08-07 11:42:29 +07:00 · e50066ea34
commit e50066ea34
parent 988f793598
1 changed files with 35 additions and 4 deletions
--- a/modules/api/auth.py
+++ b/modules/api/auth.py
@ -238,10 +238,10 @@ class auth:
        return response

    def invite(self, params):
-        APIADDR			= "/api/auth/invite"
-        response		= {}
-        allowed_roles		= [1,2]
-        allowed_invitation 	= globalvar.allowed_invitation
+        APIADDR		= "/api/auth/invite"
+        response	= {}
+        allowed_roles	= [1,2]
+        allowed_grant 	= globalvar.allowed_grant
        self.cursor.execute("BEGIN;")
        try:
            loggorilla.prcss(APIADDR, "Define parameters")
@ -257,6 +257,37 @@ class auth:
            loggorilla.prcss(APIADDR, "Account validation")
            user_validation 	= procedure_validation.validation().account(APIADDR, allowed_roles, token)
            user 		= user_validation['data']
+            loggorilla.prcss(APIADDR, "Validating")
+            if not procedure_grant.is_grant_allowed(user['profile']['roles'], roles, allowed_grant):
+                loggorilla.accss(APIADDR, f"{user['profile']['username']} do invitation with unallowed role(s)")
+                loggorilla.accss(APIADDR, f"Rejected roles: {procedure_grant.get_disallowed_roles(user['profile']['roles'], roles, allowed_grant)}")
+                loggorilla.prcss(APIADDR, "Giving response")
+                response["status"	] = "failed"
+                response["desc"		] = "Invitation roles is not allowed"
+            else:
+                loggorilla.prcss(APIADDR, "Set expired datetime")
+                expired 		= globalvar.invitation_link_expiration
+                expired_isoformat 	= expired.isoformat()
+                loggorilla.prcss(APIADDR, "Generate URL")
+                payload 		= {
+                    "expired"	: expired_isoformat,
+                    "roles" 	: roles,
+                    "email" 	: email,
+                    "username"	: username
+                }
+                token_encrypt	= tokenguard.encode(payload, globalvar.ssh['key']['private'], globalvar.ssh['passphrase'])
+                invitation_url	= globalvar.invitation_url(token_encrypt)
+                loggorilla.prcss(APIADDR, "Sending email")
+                webmail_data 	= {"accept": invitation_url}
+                result_webmail	= procedure_webmail.webmail().invitation(APIADDR, params, webmail_data)
+                self.smtpconfig['to'        ] = email
+                self.smtpconfig['subject'   ] = result_webmail['subject'	]
+                self.smtpconfig['text'      ] = result_webmail['text'	]
+                self.smtpconfig['html'      ] = result_webmail['html'	]
+                sendwave.smtp(self.smtpconfig)
+                loggorilla.prcss(APIADDR, "Giving response")
+                response["status"	] = "success"
+                response["desc"	] = "Sending invitation success."
        except Exception as e:
            self.cursor.execute("ROLLBACK;")
            loggorilla.error(APIADDR, str(e) )