matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use keyword arguments in the permissions app

Browse Source 
Additionall rename the views GroupRoleMembersView,
SetupRoleMembersView, SetupRolePermissionsView to
GroupRolesView, RoleGroupsView, RolePermissionsView.

Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
This commit is contained in:
Roberto Rosario
2019-01-13 23:15:15 -04:00
parent 38d7b7cda3
commit 0e800dc314
8 changed files with 201 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
mayan/apps/permissions/exceptions.py
View File

@@ -2,8 +2,11 @@ from __future__ import unicode_literals
class PermissionError(Exception):
pass
"""Base permission exception"""
class InvalidNamespace(PermissionError):
pass
"""
Invalid namespace name. This is probably an obsolete permission namespace,
execute the management command "purgepermissions" and try again.
"""

5
mayan/apps/permissions/icons.py
View File

@@ -3,7 +3,10 @@ from __future__ import absolute_import, unicode_literals
from mayan.apps.appearance.classes import Icon
icon_permission = Icon(driver_name='fontawesome', symbol='thumbs-up')
icon_role_create = Icon(driver_name='fontawesome', symbol='plus')
icon_role_create = Icon(
driver_name='fontawesome-dual', primary_symbol='user-secret',
secondary_symbol='plus'
)
icon_role_delete = Icon(driver_name='fontawesome', symbol='times')
icon_role_edit = Icon(driver_name='fontawesome', symbol='pencil-alt')
icon_role_groups = Icon(driver_name='fontawesome', symbol='users')

15
mayan/apps/permissions/links.py
View File

@@ -3,12 +3,11 @@ from __future__ import unicode_literals
from django.utils.translation import ugettext_lazy as _
from mayan.apps.navigation import Link
from mayan.apps.user_management.icons import icon_group
from mayan.apps.user_management.permissions import permission_group_edit
from .icons import (
icon_permission, icon_role_create, icon_role_delete, icon_role_edit,
icon_role_groups, icon_role_list, icon_role_permissions
icon_role_create, icon_role_delete, icon_role_edit, icon_role_groups,
icon_role_list, icon_role_permissions
)
from .permissions import (
permission_permission_grant, permission_permission_revoke,
@@ -17,7 +16,7 @@ from .permissions import (
)
link_group_roles = Link(
args='object.id', icon_class=icon_role_list,
icon_class=icon_role_list, kwargs={'group_id': 'object.id'},
permissions=(permission_group_edit,), text=_('Roles'),
view='permissions:group_roles',
)
@@ -34,12 +33,12 @@ link_role_create = Link(
text=_('Create new role'), view='permissions:role_create'
)
link_role_delete = Link(
args='object.id', icon_class=icon_role_delete,
icon_class=icon_role_delete, kwargs={'role_id': 'object.id'},
permissions=(permission_role_delete,), tags='dangerous', text=_('Delete'),
view='permissions:role_delete',
)
link_role_edit = Link(
args='object.id', icon_class=icon_role_edit,
icon_class=icon_role_edit, kwargs={'role_id': 'object.id'},
permissions=(permission_role_edit,), text=_('Edit'),
view='permissions:role_edit',
)
@@ -48,12 +47,12 @@ link_role_list = Link(
text=_('Roles'), view='permissions:role_list'
)
link_role_groups = Link(
args='object.id', icon_class=icon_role_groups,
icon_class=icon_role_groups, kwargs={'role_id': 'object.id'},
permissions=(permission_role_edit,), text=_('Groups'),
view='permissions:role_groups',
)
link_role_permissions = Link(
args='object.id', icon_class=icon_role_permissions,
icon_class=icon_role_permissions, kwargs={'role_id': 'object.id'},
permissions=(permission_permission_grant, permission_permission_revoke),
text=_('Role permissions'), view='permissions:role_permissions',
)

108
mayan/apps/permissions/tests/test_api.py
View File

@@ -5,7 +5,7 @@ from django.contrib.auth.models import Group
from rest_framework import status
from mayan.apps.rest_api.tests import BaseAPITestCase
from mayan.apps.user_management.tests.literals import TEST_GROUP_2_NAME
from mayan.apps.user_management.tests.literals import TEST_GROUP_NAME
from ..classes import Permission
from ..models import Role
@@ -15,16 +15,12 @@ from ..permissions import (
)
from .literals import (
TEST_ROLE_2_LABEL, TEST_ROLE_LABEL, TEST_ROLE_LABEL_EDITED
TEST_ROLE_LABEL, TEST_ROLE_LABEL_EDITED
)
from .mixins import RoleTestMixin
class PermissionAPITestCase(BaseAPITestCase):
def setUp(self):
super(PermissionAPITestCase, self).setUp()
self.login_user()
Permission.invalidate_cache()
class PermissionAPITestCase(RoleTestMixin, BaseAPITestCase):
def test_permissions_list_view(self):
response = self.get(viewname='rest_api:permission-list')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@@ -38,18 +34,18 @@ class PermissionAPITestCase(BaseAPITestCase):
def test_roles_list_view_with_access(self):
self.grant_access(
permission=permission_role_view, obj=self.role
permission=permission_role_view, obj=self.test_role
)
response = self.get(viewname='rest_api:role-list')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['count'], 1)
self.assertEqual(response.data['results'][0]['label'], self.role.label)
self.assertEqual(response.data['results'][0]['label'], self.test_role.label)
# Role create
def _role_create_request(self, extra_data=None):
data = {
'label': TEST_ROLE_2_LABEL
'label': TEST_ROLE_LABEL
}
if extra_data:
@@ -69,20 +65,20 @@ class PermissionAPITestCase(BaseAPITestCase):
response = self._role_create_request()
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
role = Role.objects.get(label=TEST_ROLE_2_LABEL)
role = Role.objects.get(label=TEST_ROLE_LABEL)
self.assertEqual(response.data, {'label': role.label, 'id': role.pk})
self.assertEqual(Role.objects.count(), 2)
self.assertEqual(role.label, TEST_ROLE_2_LABEL)
self.assertEqual(role.label, TEST_ROLE_LABEL)
def _create_group(self):
self.group_2 = Group.objects.create(name=TEST_GROUP_2_NAME)
#def _create_group(self):
# self.test_group = Group.objects.create(name=TEST_GROUP_NAME)
def _request_role_create_with_extra_data(self):
self._create_group()
return self._role_create_request(
extra_data={
'groups_pk_list': '{}'.format(self.group_2.pk),
'groups_pk_list': '{}'.format(self.test_group.pk),
'permissions_pk_list': '{}'.format(permission_role_view.pk)
}
)
@@ -106,7 +102,7 @@ class PermissionAPITestCase(BaseAPITestCase):
role = Role.objects.get(label=TEST_ROLE_2_LABEL)
self.assertEqual(role.label, TEST_ROLE_2_LABEL)
self.assertQuerysetEqual(
role.groups.all(), (repr(self.group_2),)
role.groups.all(), (repr(self.test_group),)
)
self.assertQuerysetEqual(
role.permissions.all(),
@@ -124,107 +120,118 @@ class PermissionAPITestCase(BaseAPITestCase):
data.update(extra_data)
return getattr(self, request_type)(
viewname='rest_api:role-detail', args=(self.role.pk,),
viewname='rest_api:role-detail', kwargs={'role_id': self.test_role.pk},
data=data
)
def test_role_edit_via_patch_no_access(self):
self._create_test_role()
response = self._request_role_edit(request_type='patch')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.role.refresh_from_db()
self.assertEqual(self.role.label, TEST_ROLE_LABEL)
self.test_role.refresh_from_db()
self.assertEqual(self.test_role.label, TEST_ROLE_LABEL)
def test_role_edit_via_patch_with_access(self):
self.grant_access(permission=permission_role_edit, obj=self.role)
self._create_test_role()
self.grant_access(permission=permission_role_edit, obj=self.test_role)
response = self._request_role_edit(request_type='patch')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.role.refresh_from_db()
self.assertEqual(self.role.label, TEST_ROLE_LABEL_EDITED)
self.test_role.refresh_from_db()
self.assertEqual(self.test_role.label, TEST_ROLE_LABEL_EDITED)
def _request_role_edit_via_patch_with_extra_data(self):
self._create_test_role()
self._create_group()
return self._request_role_edit(
extra_data={
'groups_pk_list': '{}'.format(self.group_2.pk),
'groups_pk_list': '{}'.format(self.test_group.pk),
'permissions_pk_list': '{}'.format(permission_role_view.pk)
},
request_type='patch'
)
def test_role_edit_complex_via_patch_no_access(self):
self._create_test_role()
response = self._request_role_edit_via_patch_with_extra_data()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.role.refresh_from_db()
self.assertEqual(self.role.label, TEST_ROLE_LABEL)
self.test_role.refresh_from_db()
self.assertEqual(self.test_role.label, TEST_ROLE_LABEL)
self.assertQuerysetEqual(
self.role.groups.all(), (repr(self.group),)
self.test_role.groups.all(), (repr(self.group),)
)
self.assertQuerysetEqual(self.role.permissions.all(), ())
self.assertQuerysetEqual(self.test_role.permissions.all(), ())
def test_role_edit_complex_via_patch_with_access(self):
self.grant_access(permission=permission_role_edit, obj=self.role)
self._create_test_role()
self.grant_access(permission=permission_role_edit, obj=self.test_role)
response = self._request_role_edit_via_patch_with_extra_data()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.role.refresh_from_db()
self.assertEqual(self.role.label, TEST_ROLE_LABEL_EDITED)
self.test_role.refresh_from_db()
self.assertEqual(self.test_role.label, TEST_ROLE_LABEL_EDITED)
self.assertQuerysetEqual(
self.role.groups.all(), (repr(self.group_2),)
self.test_role.groups.all(), (repr(self.test_group),)
)
self.assertQuerysetEqual(
self.role.permissions.all(),
self.test_role.permissions.all(),
(repr(permission_role_view.stored_permission),)
)
def test_role_edit_via_put_no_access(self):
self._create_test_role()
response = self._request_role_edit(request_type='put')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.role.refresh_from_db()
self.assertEqual(self.role.label, TEST_ROLE_LABEL)
self.test_role.refresh_from_db()
self.assertEqual(self.test_role.label, TEST_ROLE_LABEL)
def test_role_edit_via_put_with_access(self):
self.grant_access(permission=permission_role_edit, obj=self.role)
self._create_test_role()
self.grant_access(permission=permission_role_edit, obj=self.test_role)
response = self._request_role_edit(request_type='put')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.role.refresh_from_db()
self.assertEqual(self.role.label, TEST_ROLE_LABEL_EDITED)
self.test_role.refresh_from_db()
self.assertEqual(self.test_role.label, TEST_ROLE_LABEL_EDITED)
def _request_role_edit_via_put_with_extra_data(self):
self._create_test_role()
self._create_group()
return self._request_role_edit(
extra_data={
'groups_pk_list': '{}'.format(self.group_2.pk),
'groups_pk_list': '{}'.format(self.test_group.pk),
'permissions_pk_list': '{}'.format(permission_role_view.pk)
}, request_type='put'
)
def test_role_edit_complex_via_put_no_access(self):
self._create_test_role()
response = self._request_role_edit_via_put_with_extra_data()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.role.refresh_from_db()
self.assertEqual(self.role.label, TEST_ROLE_LABEL)
self.test_role.refresh_from_db()
self.assertEqual(self.test_role.label, TEST_ROLE_LABEL)
self.assertQuerysetEqual(
self.role.groups.all(), (repr(self.group),)
self.test_role.groups.all(), (repr(self.group),)
)
self.assertQuerysetEqual(
self.role.permissions.all(),
self.test_role.permissions.all(),
()
)
def test_role_edit_complex_via_put_with_access(self):
self.grant_access(permission=permission_role_edit, obj=self.role)
self._create_test_role()
self.grant_access(permission=permission_role_edit, obj=self.test_role)
response = self._request_role_edit_via_put_with_extra_data()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.role.refresh_from_db()
self.assertEqual(self.role.label, TEST_ROLE_LABEL_EDITED)
self.test_role.refresh_from_db()
self.assertEqual(self.test_role.label, TEST_ROLE_LABEL_EDITED)
self.assertQuerysetEqual(
self.role.groups.all(), (repr(self.group_2),)
self.test_role.groups.all(), (repr(self.test_group),)
)
self.assertQuerysetEqual(
self.role.permissions.all(),
self.test_role.permissions.all(),
(repr(permission_role_view.stored_permission),)
)
@@ -232,7 +239,8 @@ class PermissionAPITestCase(BaseAPITestCase):
def _request_role_delete_view(self):
return self.delete(
viewname='rest_api:role-detail', args=(self.role.pk,)
viewname='rest_api:role-detail',
kwargs={'role_id': self.test_role.pk}
)
def test_role_delete_view_no_access(self):
@@ -241,7 +249,7 @@ class PermissionAPITestCase(BaseAPITestCase):
self.assertEqual(Role.objects.count(), 1)
def test_role_delete_view_with_access(self):
self.grant_access(permission=permission_role_delete, obj=self.role)
self.grant_access(permission=permission_role_delete, obj=self.test_role)
response = self._request_role_delete_view()
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertEqual(Role.objects.count(), 0)

14
mayan/apps/permissions/tests/test_models.py
View File

@@ -14,18 +14,18 @@ class PermissionTestCase(BaseTestCase):
def test_no_permissions(self):
with self.assertRaises(PermissionDenied):
Permission.check_permissions(
requester=self.user, permissions=(permission_role_view,)
Permission.check_user_permission(
permission=permission_role_view, user=self._test_case_user
)
def test_with_permissions(self):
self.group.user_set.add(self.user)
self.role.permissions.add(permission_role_view.stored_permission)
self.role.groups.add(self.group)
self._test_case_group.user_set.add(self._test_case_user)
self._test_case_role.permissions.add(permission_role_view.stored_permission)
self._test_case_role.groups.add(self._test_case_group)
try:
Permission.check_permissions(
requester=self.user, permissions=(permission_role_view,)
Permission.check_user_permission(
permission=permission_role_view, user=self._test_case_user
)
except PermissionDenied:
self.fail('PermissionDenied exception was not expected.')

92
mayan/apps/permissions/tests/test_views.py
View File

@@ -1,10 +1,8 @@
from __future__ import unicode_literals
from django.contrib.auth.models import Group
from mayan.apps.common.tests import GenericViewTestCase
from mayan.apps.user_management.permissions import permission_group_edit
from mayan.apps.user_management.tests.literals import TEST_GROUP_2_NAME
from mayan.apps.user_management.tests import GroupTestMixin
from ..models import Role
from ..permissions import (
@@ -13,10 +11,11 @@ from ..permissions import (
permission_role_view,
)
from .literals import TEST_ROLE_2_LABEL, TEST_ROLE_LABEL_EDITED
from .literals import TEST_ROLE_LABEL, TEST_ROLE_LABEL_EDITED
from .mixins import RoleTestMixin
class PermissionsViewsTestCase(GenericViewTestCase):
class PermissionsViewsTestCase(GroupTestMixin, RoleTestMixin, GenericViewTestCase):
def setUp(self):
super(PermissionsViewsTestCase, self).setUp()
self.login_user()
@@ -24,7 +23,7 @@ class PermissionsViewsTestCase(GenericViewTestCase):
def _request_create_role_view(self):
return self.post(
viewname='permissions:role_create', data={
'label': TEST_ROLE_2_LABEL,
'label': TEST_ROLE_LABEL,
}
)
@@ -33,7 +32,7 @@ class PermissionsViewsTestCase(GenericViewTestCase):
self.assertEqual(response.status_code, 403)
self.assertEqual(Role.objects.count(), 1)
self.assertFalse(
TEST_ROLE_2_LABEL in Role.objects.values_list('label', flat=True)
TEST_ROLE_LABEL in Role.objects.values_list('label', flat=True)
)
def test_role_creation_view_with_permission(self):
@@ -42,140 +41,139 @@ class PermissionsViewsTestCase(GenericViewTestCase):
self.assertEqual(response.status_code, 302)
self.assertEqual(Role.objects.count(), 2)
self.assertTrue(
TEST_ROLE_2_LABEL in Role.objects.values_list('label', flat=True)
TEST_ROLE_LABEL in Role.objects.values_list('label', flat=True)
)
def _request_role_delete_view(self):
return self.post(
viewname='permissions:role_delete', args=(self.role_2.pk,),
viewname='permissions:role_delete',
kwargs={'role_id': self.test_role.pk}
)
def _create_role(self):
self.role_2 = Role.objects.create(label=TEST_ROLE_2_LABEL)
def test_role_delete_view_no_access(self):
self._create_role()
self._create_test_role()
response = self._request_role_delete_view()
self.assertEqual(response.status_code, 403)
self.assertEqual(Role.objects.count(), 2)
self.assertTrue(
TEST_ROLE_2_LABEL in Role.objects.values_list('label', flat=True)
TEST_ROLE_LABEL in Role.objects.values_list('label', flat=True)
)
def test_role_delete_view_with_access(self):
self._create_role()
self.grant_access(permission=permission_role_delete, obj=self.role_2)
self._create_test_role()
self.grant_access(permission=permission_role_delete, obj=self.test_role)
response = self._request_role_delete_view()
self.assertEqual(response.status_code, 302)
self.assertEqual(Role.objects.count(), 1)
self.assertFalse(
TEST_ROLE_2_LABEL in Role.objects.values_list('label', flat=True)
TEST_ROLE_LABEL in Role.objects.values_list('label', flat=True)
)
def _request_role_edit_view(self):
return self.post(
viewname='permissions:role_edit', args=(self.role_2.pk,), data={
viewname='permissions:role_edit',
kwargs={'role_id': self.test_role.pk}, data={
'label': TEST_ROLE_LABEL_EDITED,
}
)
def test_role_edit_view_no_access(self):
self._create_role()
self._create_test_role()
response = self._request_role_edit_view()
self.assertEqual(response.status_code, 403)
self.role_2.refresh_from_db()
self.test_role.refresh_from_db()
self.assertEqual(Role.objects.count(), 2)
self.assertEqual(self.role_2.label, TEST_ROLE_2_LABEL)
self.assertEqual(self.test_role.label, TEST_ROLE_LABEL)
def test_role_edit_view_with_access(self):
self._create_role()
self.grant_access(permission=permission_role_edit, obj=self.role_2)
self._create_test_role()
self.grant_access(permission=permission_role_edit, obj=self.test_role)
response = self._request_role_edit_view()
self.assertEqual(response.status_code, 302)
self.role_2.refresh_from_db()
self.test_role.refresh_from_db()
self.assertEqual(Role.objects.count(), 2)
self.assertEqual(self.role_2.label, TEST_ROLE_LABEL_EDITED)
self.assertEqual(self.test_role.label, TEST_ROLE_LABEL_EDITED)
def _request_role_list_view(self):
return self.get(viewname='permissions:role_list')
def test_role_list_view_no_access(self):
self._create_role()
self._create_test_role()
response = self._request_role_list_view()
self.assertEqual(response.status_code, 200)
self.assertNotContains(
response=response, text=TEST_ROLE_2_LABEL, status_code=200
response=response, text=TEST_ROLE_LABEL, status_code=200
)
def test_role_list_view_with_access(self):
self._create_role()
self.grant_access(permission=permission_role_view, obj=self.role_2)
self._create_test_role()
self.grant_access(permission=permission_role_view, obj=self.test_role)
response = self._request_role_list_view()
self.assertContains(
response=response, text=TEST_ROLE_2_LABEL, status_code=200
response=response, text=TEST_ROLE_LABEL, status_code=200
)
def _request_role_permissions_view(self):
return self.get(
viewname='permissions:role_permissions', args=(self.role_2.pk,)
viewname='permissions:role_permissions',
kwargs={'role_id': self.test_role.pk}
)
def test_role_permissions_view_no_access(self):
self._create_role()
self._create_test_role()
response = self._request_role_permissions_view()
self.assertEqual(response.status_code, 403)
def test_role_permissions_view_with_permission_grant(self):
self._create_role()
self._create_test_role()
self.grant_access(
permission=permission_permission_grant, obj=self.role_2
permission=permission_permission_grant, obj=self.test_role
)
response = self._request_role_permissions_view()
self.assertEqual(response.status_code, 200)
def test_role_permissions_view_with_permission_revoke(self):
self._create_role()
self._create_test_role()
self.grant_access(
permission=permission_permission_revoke, obj=self.role_2
permission=permission_permission_revoke, obj=self.test_role
)
response = self._request_role_permissions_view()
self.assertEqual(response.status_code, 200)
def _request_role_groups_view(self):
return self.get(
viewname='permissions:role_groups', args=(self.role_2.pk,)
viewname='permissions:role_groups',
kwargs={'role_id': self.test_role.pk}
)
def test_role_groups_view_no_access(self):
self._create_role()
self._create_test_role()
response = self._request_role_groups_view()
self.assertEqual(response.status_code, 403)
def test_role_groups_view_with_access(self):
self._create_role()
self.grant_access(permission=permission_role_edit, obj=self.role_2)
self._create_test_role()
self.grant_access(permission=permission_role_edit, obj=self.test_role)
response = self._request_role_groups_view()
self.assertEqual(response.status_code, 200)
def _create_group(self):
self.group_2 = Group.objects.create(name=TEST_GROUP_2_NAME)
def _request_group_roles_view(self):
return self.get(
viewname='permissions:group_roles', args=(self.group_2.pk,)
viewname='permissions:group_roles',
kwargs={'group_id': self.test_group.pk}
)
def test_group_roles_view_no_access(self):
self._create_group()
self._create_test_group()
response = self._request_group_roles_view()
self.assertEqual(response.status_code, 403)
def test_group_roles_view_with_access(self):
self._create_group()
self.grant_access(permission=permission_group_edit, obj=self.group_2)
self._create_test_group()
self.grant_access(permission=permission_group_edit, obj=self.test_group)
response = self._request_group_roles_view()
self.assertEqual(response.status_code, 200)

52
mayan/apps/permissions/urls.py
View File

@@ -4,34 +4,46 @@ from django.conf.urls import url
from .api_views import APIPermissionList, APIRoleListView, APIRoleView
from .views import (
GroupRoleMembersView, RoleCreateView, RoleDeleteView, RoleEditView,
RoleListView, SetupRoleMembersView, SetupRolePermissionsView
GroupRolesView, RoleCreateView, RoleDeleteView, RoleEditView,
RoleListView, RoleGroupsView, RolePermissionsView
)
urlpatterns = [
url(
r'^group/(?P<pk>\d+)/roles/$', GroupRoleMembersView.as_view(),
name='group_roles'
),
url(r'^role/list/$', RoleListView.as_view(), name='role_list'),
url(r'^role/create/$', RoleCreateView.as_view(), name='role_create'),
url(
r'^role/(?P<pk>\d+)/permissions/$', SetupRolePermissionsView.as_view(),
name='role_permissions'
),
url(r'^role/(?P<pk>\d+)/edit/$', RoleEditView.as_view(), name='role_edit'),
url(
r'^role/(?P<pk>\d+)/delete/$', RoleDeleteView.as_view(),
name='role_delete'
regex=r'^groups/(?P<group_id>\d+)/roles/$', name='group_roles',
view=GroupRolesView.as_view()
),
url(
r'^role/(?P<pk>\d+)/groups/$', SetupRoleMembersView.as_view(),
name='role_groups'
regex=r'^roles/create/$', name='role_create',
view=RoleCreateView.as_view()
),
url(
regex=r'^roles/(?P<role_id>\d+)/delete/$', name='role_delete',
view=RoleDeleteView.as_view()
),
url(
regex=r'^roles/(?P<role_id>\d+)/edit/$', name='role_edit',
view=RoleEditView.as_view()
),
url(
regex=r'^roles/(?P<role_id>\d+)/groups/$', name='role_groups',
view=RoleGroupsView.as_view()
),
url(
regex=r'^roles/(?P<role_id>\d+)/permissions/$', name='role_permissions',
view=RolePermissionsView.as_view()
),
url(regex=r'^roles/list/$', name='role_list', view=RoleListView.as_view()),
]
api_urls = [
url(r'^permissions/$', APIPermissionList.as_view(), name='permission-list'),
url(r'^roles/$', APIRoleListView.as_view(), name='role-list'),
url(r'^roles/(?P<pk>[0-9]+)/$', APIRoleView.as_view(), name='role-detail'),
url(
regex=r'^permissions/$', name='permission-list',
view=APIPermissionList.as_view(),
),
url(regex=r'^roles/$', name='role-list', view=APIRoleListView.as_view()),
url(
regex=r'^roles/(?P<role_id>[0-9]+)/$', name='role-detail',
view=APIRoleView.as_view()
),
]

84
mayan/apps/permissions/views.py
View File

@@ -27,7 +27,7 @@ from .permissions import (
)
class GroupRoleMembersView(AssignRemoveView):
class GroupRolesView(AssignRemoveView):
grouped = False
left_list_title = _('Available roles')
right_list_title = _('Group roles')
@@ -44,7 +44,7 @@ class GroupRoleMembersView(AssignRemoveView):
}
def get_object(self):
return get_object_or_404(klass=Group, pk=self.kwargs['pk'])
return get_object_or_404(klass=Group, pk=self.kwargs['group_id'])
def left_list(self):
return [
@@ -65,22 +65,24 @@ class RoleCreateView(SingleObjectCreateView):
fields = ('label',)
model = Role
view_permission = permission_role_create
post_action_redirect = reverse_lazy('permissions:role_list')
post_action_redirect = reverse_lazy(viewname='permissions:role_list')
class RoleDeleteView(SingleObjectDeleteView):
model = Role
object_permission = permission_role_delete
post_action_redirect = reverse_lazy('permissions:role_list')
pk_url_kwarg = 'role_id'
post_action_redirect = reverse_lazy(viewname='permissions:role_list')
class RoleEditView(SingleObjectEditView):
fields = ('label',)
model = Role
object_permission = permission_role_edit
pk_url_kwarg = 'role_id'
class SetupRoleMembersView(AssignRemoveView):
class RoleGroupsView(AssignRemoveView):
grouped = False
left_list_title = _('Available groups')
right_list_title = _('Role groups')
@@ -101,24 +103,48 @@ class SetupRoleMembersView(AssignRemoveView):
}
def get_object(self):
return get_object_or_404(klass=Role, pk=self.kwargs['pk'])
return get_object_or_404(klass=Role, pk=self.kwargs['role_id'])
def left_list(self):
return [
(force_text(group.pk), group.name) for group in set(Group.objects.all()) - set(self.get_object().groups.all())
]
def remove(self, item):
group = get_object_or_404(klass=Group, pk=item)
self.get_object().groups.remove(group)
def right_list(self):
return [
(force_text(group.pk), group.name) for group in self.get_object().groups.all()
]
def remove(self, item):
group = get_object_or_404(klass=Group, pk=item)
self.get_object().groups.remove(group)
class RoleListView(SingleObjectListView):
model = Role
object_permission = permission_role_view
def get_extra_context(self):
return {
'hide_object': True,
'no_results_icon': icon_role_list,
'no_results_main_link': link_role_create.resolve(
context=RequestContext(request=self.request)
),
'no_results_text': _(
'Roles are authorization units. They contain '
'user groups which inherit the role permissions for the '
'entire system. Roles can also part of access '
'controls lists. Access controls list are permissions '
'granted to a role for specific objects which its group '
'members inherit.'
),
'no_results_title': _('There are no roles'),
'title': _('Roles'),
}
class SetupRolePermissionsView(AssignRemoveView):
class RolePermissionsView(AssignRemoveView):
grouped = True
left_list_title = _('Available permissions')
right_list_title = _('Granted permissions')
@@ -156,7 +182,7 @@ class SetupRolePermissionsView(AssignRemoveView):
permissions=(permission_permission_grant, permission_permission_revoke),
user=self.request.user, obj=self.get_object()
)
return super(SetupRolePermissionsView, self).dispatch(request, *args, **kwargs)
return super(RolePermissionsView, self).dispatch(request, *args, **kwargs)
def get_extra_context(self):
return {
@@ -169,22 +195,17 @@ class SetupRolePermissionsView(AssignRemoveView):
}
def get_object(self):
return get_object_or_404(klass=Role, pk=self.kwargs['pk'])
return get_object_or_404(klass=Role, pk=self.kwargs['role_id'])
def left_list(self):
Permission.refresh()
return SetupRolePermissionsView.generate_choices(
return RolePermissionsView.generate_choices(
entries=StoredPermission.objects.exclude(
id__in=self.get_object().permissions.values_list('pk', flat=True)
)
)
def right_list(self):
return SetupRolePermissionsView.generate_choices(
entries=self.get_object().permissions.all()
)
def remove(self, item):
Permission.check_permissions(
self.request.user, permissions=(permission_permission_revoke,)
@@ -192,26 +213,7 @@ class SetupRolePermissionsView(AssignRemoveView):
permission = get_object_or_404(klass=StoredPermission, pk=item)
self.get_object().permissions.remove(permission)
class RoleListView(SingleObjectListView):
model = Role
object_permission = permission_role_view
def get_extra_context(self):
return {
'hide_object': True,
'no_results_icon': icon_role_list,
'no_results_main_link': link_role_create.resolve(
context=RequestContext(request=self.request)
),
'no_results_text': _(
'Roles are authorization units. They contain '
'user groups which inherit the role permissions for the '
'entire system. Roles can also part of access '
'controls lists. Access controls list are permissions '
'granted to a role for specific objects which its group '
'members inherit.'
),
'no_results_title': _('There are no roles'),
'title': _('Roles'),
}
def right_list(self):
return RolePermissionsView.generate_choices(
entries=self.get_object().permissions.all()
)