feat: switch admin identification from user_id to username

- Replace admin_user_ids (list[int]) with admin_usernames (list[str]) - Update all service methods to use username for permission checks - Add delete button to bot responses for message cleanup - Update tests to match new implementation Note: Breaking change - existing data files need fresh start
2026-04-09 08:02:36 +00:00
parent 7822e65d6c
commit 8494b4621c
6 changed files with 473 additions and 208 deletions
--- a/core/models.py
+++ b/core/models.py
@@ -44,18 +44,18 @@ class RoomData:
    The next_id field is used to generate unique bounty IDs within this room.

    The timezone field stores the room's timezone (e.g., "Asia/Jakarta"), default UTC+0.
-    The admin_user_ids field lists users who have admin privileges in this room.
+    The admin_usernames field lists usernames who have admin privileges in this room.
    """

    room_id: int
    bounties: list[Bounty]
    next_id: int
    timezone: str | None = None
-    admin_user_ids: list[int] | None = None
+    admin_usernames: list[str] | None = None

    def __post_init__(self):
-        if self.admin_user_ids is None:
-            self.admin_user_ids = []
+        if self.admin_usernames is None:
+            self.admin_usernames = []


@dataclass
--- a/core/services.py
+++ b/core/services.py
@@ -25,68 +25,79 @@ class BountyService:
    def __init__(self, storage: RoomStorage):
        self._storage = storage

-    def is_admin(self, room_id: int, user_id: int) -> bool:
-        """Check if user is admin in a room."""
+    def is_admin(self, room_id: int, username: str | None) -> bool:
+        """Check if user is admin in a room by username."""
+        if not username:
+            return False
        room_data = self._storage.load(room_id)
        if room_data is None:
            return False
-        return user_id in (room_data.admin_user_ids or [])
+        return username in (room_data.admin_usernames or [])

    def add_admin(
-        self, room_id: int, admin_user_id: int, requesting_user_id: int
+        self, room_id: int, username: str, requesting_username: str | None
    ) -> None:
        """Add an admin to a room. Requires admin permission, or self-promotion if first admin."""
        room_data = self._storage.load(room_id)

-        has_no_admins = room_data is None or not room_data.admin_user_ids
-        is_self_promotion = requesting_user_id == admin_user_id
+        has_no_admins = room_data is None or not room_data.admin_usernames
+        is_self_promotion = requesting_username == username

-        if not self.is_admin(room_id, requesting_user_id):
+        if not self.is_admin(room_id, requesting_username):
            if not (has_no_admins and is_self_promotion):
                raise PermissionError("Only admins can add admins.")

-        if room_data is None or room_data.admin_user_ids is None:
+        if room_data is None:
            room_data = RoomData(
-                room_id=room_id, bounties=[], next_id=1, admin_user_ids=[]
+                room_id=room_id, bounties=[], next_id=1, admin_usernames=[]
            )

-        if admin_user_id not in (room_data.admin_user_ids or []):
-            room_data.admin_user_ids.append(admin_user_id)
-            self._storage.save(room_data)
+        admin_usernames = room_data.admin_usernames
+        if admin_usernames is None:
+            admin_usernames = []
+            room_data.admin_usernames = []
+
+        if username in admin_usernames:
+            raise ValueError(f"@{username} is already an admin.")
+
+        admin_usernames.append(username)
+        self._storage.save(room_data)

    def remove_admin(
-        self, room_id: int, admin_user_id: int, requesting_user_id: int
+        self, room_id: int, username: str, requesting_username: str | None
    ) -> None:
        """Remove an admin from a room. Requires admin permission."""
-        if not self.is_admin(room_id, requesting_user_id):
+        if not self.is_admin(room_id, requesting_username):
            raise PermissionError("Only admins can remove admins.")

        room_data = self._storage.load(room_id)
-        if room_data is None:
-            return
+        if room_data is None or not (room_data.admin_usernames or []):
+            raise ValueError(f"@{username} is not an admin.")

-        if admin_user_id in (room_data.admin_user_ids or []):
-            (room_data.admin_user_ids or []).remove(admin_user_id)
-            self._storage.save(room_data)
+        if username not in (room_data.admin_usernames or []):
+            raise ValueError(f"@{username} is not an admin.")

-    def list_admins(self, room_id: int) -> list[int]:
-        """List all admin user IDs in a room."""
+        (room_data.admin_usernames or []).remove(username)
+        self._storage.save(room_data)
+
+    def list_admins(self, room_id: int) -> list[str]:
+        """List all admin usernames in a room."""
        room_data = self._storage.load(room_id)
        if room_data is None:
            return []
-        return list(room_data.admin_user_ids or [])
+        return list(room_data.admin_usernames or [])

    def set_timezone(
-        self, room_id: int, timezone: str, requesting_user_id: int
+        self, room_id: int, timezone: str, requesting_username: str | None
    ) -> None:
        """Set the timezone for a room. Requires admin permission."""
-        if not self.is_admin(room_id, requesting_user_id):
+        if not self.is_admin(room_id, requesting_username):
            raise PermissionError("Only admins can set timezone.")

        room_data = self._storage.load(room_id)
        if room_data is None:
            room_data = RoomData(
-                room_id=room_id, bounties=[], next_id=1, admin_user_ids=[]
+                room_id=room_id, bounties=[], next_id=1, admin_usernames=[]
            )

        room_data.timezone = timezone
@@ -121,13 +132,14 @@ class BountyService:
        self,
        room_id: int,
        user_id: int,
+        username: str | None,
        text: Optional[str] = None,
        link: Optional[str] = None,
        due_date_ts: Optional[int] = None,
        created_by_username: Optional[str] = None,
    ) -> Bounty:
        """Add a new bounty to the room. Requires admin permission."""
-        if not self.is_admin(room_id, user_id):
+        if not self.is_admin(room_id, username):
            raise PermissionError("Only admins can add bounties.")

        if not self.check_link_unique(room_id, link):
@@ -168,12 +180,12 @@ class BountyService:
                return b
        return None

-    def recover_bounty(self, room_id: int, bounty_id: int, user_id: int) -> str:
+    def recover_bounty(self, room_id: int, bounty_id: int, username: str | None) -> str:
        """Recover a soft-deleted bounty. Admin only.

        Returns: 'recovered', 'not_found', 'not_deleted', 'permission_denied'
        """
-        if not self.is_admin(room_id, user_id):
+        if not self.is_admin(room_id, username):
            return "permission_denied"

        bounty = self.get_deleted_bounty(room_id, bounty_id)
@@ -187,7 +199,7 @@ class BountyService:
        return "recovered"

    def recover_bounties(
-        self, room_id: int, bounty_ids: list[int], user_id: int
+        self, room_id: int, bounty_ids: list[int], username: str | None
    ) -> dict[int, str]:
        """Recover multiple soft-deleted bounties. Admin only.

@@ -195,7 +207,7 @@ class BountyService:
        """
        results = {}
        for bounty_id in bounty_ids:
-            results[bounty_id] = self.recover_bounty(room_id, bounty_id, user_id)
+            results[bounty_id] = self.recover_bounty(room_id, bounty_id, username)
        return results

    def get_bounty(self, room_id: int, bounty_id: int) -> Bounty | None:
@@ -209,7 +221,7 @@ class BountyService:
        self,
        room_id: int,
        bounty_id: int,
-        user_id: int,
+        username: str | None,
        text: Optional[str] = None,
        link: Optional[str] = None,
        due_date_ts: Optional[int] = None,
@@ -220,7 +232,7 @@ class BountyService:
        bounty = self._storage.get_bounty(room_id, bounty_id)
        if not bounty:
            return False
-        if not self.is_admin(room_id, user_id):
+        if not self.is_admin(room_id, username):
            raise PermissionError("Only admins can edit bounties.")

        if link and not self.check_link_unique(
@@ -243,12 +255,12 @@ class BountyService:
        self._storage.update_bounty(room_id, updated)
        return True

-    def delete_bounty(self, room_id: int, bounty_id: int, user_id: int) -> bool:
+    def delete_bounty(self, room_id: int, bounty_id: int, username: str | None) -> bool:
        """Soft delete a bounty. Only admins can delete."""
        bounty = self._storage.get_bounty(room_id, bounty_id)
        if not bounty:
            return False
-        if not self.is_admin(room_id, user_id):
+        if not self.is_admin(room_id, username):
            raise PermissionError("Only admins can delete bounties.")

        bounty.deleted_at = int(time.time())
@@ -256,7 +268,7 @@ class BountyService:
        return True

    def delete_bounties(
-        self, room_id: int, bounty_ids: list[int], user_id: int
+        self, room_id: int, bounty_ids: list[int], username: str | None
    ) -> dict[int, str]:
        """Soft delete multiple bounties. Returns dict of bounty_id -> result.

@@ -268,7 +280,7 @@ class BountyService:
            if not bounty:
                results[bounty_id] = "not_found"
                continue
-            if not self.is_admin(room_id, user_id):
+            if not self.is_admin(room_id, username):
                results[bounty_id] = "permission_denied"
                continue