diff --git a/mayan/apps/permissions/exceptions.py b/mayan/apps/permissions/exceptions.py index d55e89a704..f1d9c08aeb 100644 --- a/mayan/apps/permissions/exceptions.py +++ b/mayan/apps/permissions/exceptions.py @@ -2,8 +2,11 @@ from __future__ import unicode_literals class PermissionError(Exception): - pass + """Base permission exception""" class InvalidNamespace(PermissionError): - pass + """ + Invalid namespace name. This is probably an obsolete permission namespace, + execute the management command "purgepermissions" and try again. + """ diff --git a/mayan/apps/permissions/icons.py b/mayan/apps/permissions/icons.py index 860b5b537e..594f0eff68 100644 --- a/mayan/apps/permissions/icons.py +++ b/mayan/apps/permissions/icons.py @@ -3,7 +3,10 @@ from __future__ import absolute_import, unicode_literals from mayan.apps.appearance.classes import Icon icon_permission = Icon(driver_name='fontawesome', symbol='thumbs-up') -icon_role_create = Icon(driver_name='fontawesome', symbol='plus') +icon_role_create = Icon( + driver_name='fontawesome-dual', primary_symbol='user-secret', + secondary_symbol='plus' +) icon_role_delete = Icon(driver_name='fontawesome', symbol='times') icon_role_edit = Icon(driver_name='fontawesome', symbol='pencil-alt') icon_role_groups = Icon(driver_name='fontawesome', symbol='users') diff --git a/mayan/apps/permissions/links.py b/mayan/apps/permissions/links.py index 42c194a6ae..c883137b79 100644 --- a/mayan/apps/permissions/links.py +++ b/mayan/apps/permissions/links.py @@ -3,12 +3,11 @@ from __future__ import unicode_literals from django.utils.translation import ugettext_lazy as _ from mayan.apps.navigation import Link -from mayan.apps.user_management.icons import icon_group from mayan.apps.user_management.permissions import permission_group_edit from .icons import ( - icon_permission, icon_role_create, icon_role_delete, icon_role_edit, - icon_role_groups, icon_role_list, icon_role_permissions + icon_role_create, icon_role_delete, icon_role_edit, icon_role_groups, + icon_role_list, icon_role_permissions ) from .permissions import ( permission_permission_grant, permission_permission_revoke, @@ -17,7 +16,7 @@ from .permissions import ( ) link_group_roles = Link( - args='object.id', icon_class=icon_role_list, + icon_class=icon_role_list, kwargs={'group_id': 'object.id'}, permissions=(permission_group_edit,), text=_('Roles'), view='permissions:group_roles', ) @@ -34,12 +33,12 @@ link_role_create = Link( text=_('Create new role'), view='permissions:role_create' ) link_role_delete = Link( - args='object.id', icon_class=icon_role_delete, + icon_class=icon_role_delete, kwargs={'role_id': 'object.id'}, permissions=(permission_role_delete,), tags='dangerous', text=_('Delete'), view='permissions:role_delete', ) link_role_edit = Link( - args='object.id', icon_class=icon_role_edit, + icon_class=icon_role_edit, kwargs={'role_id': 'object.id'}, permissions=(permission_role_edit,), text=_('Edit'), view='permissions:role_edit', ) @@ -48,12 +47,12 @@ link_role_list = Link( text=_('Roles'), view='permissions:role_list' ) link_role_groups = Link( - args='object.id', icon_class=icon_role_groups, + icon_class=icon_role_groups, kwargs={'role_id': 'object.id'}, permissions=(permission_role_edit,), text=_('Groups'), view='permissions:role_groups', ) link_role_permissions = Link( - args='object.id', icon_class=icon_role_permissions, + icon_class=icon_role_permissions, kwargs={'role_id': 'object.id'}, permissions=(permission_permission_grant, permission_permission_revoke), text=_('Role permissions'), view='permissions:role_permissions', ) diff --git a/mayan/apps/permissions/tests/test_api.py b/mayan/apps/permissions/tests/test_api.py index e28fbdef5b..85c3c0045f 100644 --- a/mayan/apps/permissions/tests/test_api.py +++ b/mayan/apps/permissions/tests/test_api.py @@ -5,7 +5,7 @@ from django.contrib.auth.models import Group from rest_framework import status from mayan.apps.rest_api.tests import BaseAPITestCase -from mayan.apps.user_management.tests.literals import TEST_GROUP_2_NAME +from mayan.apps.user_management.tests.literals import TEST_GROUP_NAME from ..classes import Permission from ..models import Role @@ -15,16 +15,12 @@ from ..permissions import ( ) from .literals import ( - TEST_ROLE_2_LABEL, TEST_ROLE_LABEL, TEST_ROLE_LABEL_EDITED + TEST_ROLE_LABEL, TEST_ROLE_LABEL_EDITED ) +from .mixins import RoleTestMixin -class PermissionAPITestCase(BaseAPITestCase): - def setUp(self): - super(PermissionAPITestCase, self).setUp() - self.login_user() - Permission.invalidate_cache() - +class PermissionAPITestCase(RoleTestMixin, BaseAPITestCase): def test_permissions_list_view(self): response = self.get(viewname='rest_api:permission-list') self.assertEqual(response.status_code, status.HTTP_200_OK) @@ -38,18 +34,18 @@ class PermissionAPITestCase(BaseAPITestCase): def test_roles_list_view_with_access(self): self.grant_access( - permission=permission_role_view, obj=self.role + permission=permission_role_view, obj=self.test_role ) response = self.get(viewname='rest_api:role-list') self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['count'], 1) - self.assertEqual(response.data['results'][0]['label'], self.role.label) + self.assertEqual(response.data['results'][0]['label'], self.test_role.label) # Role create def _role_create_request(self, extra_data=None): data = { - 'label': TEST_ROLE_2_LABEL + 'label': TEST_ROLE_LABEL } if extra_data: @@ -69,20 +65,20 @@ class PermissionAPITestCase(BaseAPITestCase): response = self._role_create_request() self.assertEqual(response.status_code, status.HTTP_201_CREATED) - role = Role.objects.get(label=TEST_ROLE_2_LABEL) + role = Role.objects.get(label=TEST_ROLE_LABEL) self.assertEqual(response.data, {'label': role.label, 'id': role.pk}) self.assertEqual(Role.objects.count(), 2) - self.assertEqual(role.label, TEST_ROLE_2_LABEL) + self.assertEqual(role.label, TEST_ROLE_LABEL) - def _create_group(self): - self.group_2 = Group.objects.create(name=TEST_GROUP_2_NAME) + #def _create_group(self): + # self.test_group = Group.objects.create(name=TEST_GROUP_NAME) def _request_role_create_with_extra_data(self): self._create_group() return self._role_create_request( extra_data={ - 'groups_pk_list': '{}'.format(self.group_2.pk), + 'groups_pk_list': '{}'.format(self.test_group.pk), 'permissions_pk_list': '{}'.format(permission_role_view.pk) } ) @@ -106,7 +102,7 @@ class PermissionAPITestCase(BaseAPITestCase): role = Role.objects.get(label=TEST_ROLE_2_LABEL) self.assertEqual(role.label, TEST_ROLE_2_LABEL) self.assertQuerysetEqual( - role.groups.all(), (repr(self.group_2),) + role.groups.all(), (repr(self.test_group),) ) self.assertQuerysetEqual( role.permissions.all(), @@ -124,107 +120,118 @@ class PermissionAPITestCase(BaseAPITestCase): data.update(extra_data) return getattr(self, request_type)( - viewname='rest_api:role-detail', args=(self.role.pk,), + viewname='rest_api:role-detail', kwargs={'role_id': self.test_role.pk}, data=data ) def test_role_edit_via_patch_no_access(self): + self._create_test_role() response = self._request_role_edit(request_type='patch') self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) - self.role.refresh_from_db() - self.assertEqual(self.role.label, TEST_ROLE_LABEL) + self.test_role.refresh_from_db() + self.assertEqual(self.test_role.label, TEST_ROLE_LABEL) def test_role_edit_via_patch_with_access(self): - self.grant_access(permission=permission_role_edit, obj=self.role) + self._create_test_role() + self.grant_access(permission=permission_role_edit, obj=self.test_role) response = self._request_role_edit(request_type='patch') self.assertEqual(response.status_code, status.HTTP_200_OK) - self.role.refresh_from_db() - self.assertEqual(self.role.label, TEST_ROLE_LABEL_EDITED) + self.test_role.refresh_from_db() + self.assertEqual(self.test_role.label, TEST_ROLE_LABEL_EDITED) def _request_role_edit_via_patch_with_extra_data(self): + self._create_test_role() self._create_group() return self._request_role_edit( extra_data={ - 'groups_pk_list': '{}'.format(self.group_2.pk), + 'groups_pk_list': '{}'.format(self.test_group.pk), 'permissions_pk_list': '{}'.format(permission_role_view.pk) }, request_type='patch' ) def test_role_edit_complex_via_patch_no_access(self): + self._create_test_role() + response = self._request_role_edit_via_patch_with_extra_data() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) - self.role.refresh_from_db() - self.assertEqual(self.role.label, TEST_ROLE_LABEL) + self.test_role.refresh_from_db() + self.assertEqual(self.test_role.label, TEST_ROLE_LABEL) self.assertQuerysetEqual( - self.role.groups.all(), (repr(self.group),) + self.test_role.groups.all(), (repr(self.group),) ) - self.assertQuerysetEqual(self.role.permissions.all(), ()) + self.assertQuerysetEqual(self.test_role.permissions.all(), ()) def test_role_edit_complex_via_patch_with_access(self): - self.grant_access(permission=permission_role_edit, obj=self.role) + self._create_test_role() + self.grant_access(permission=permission_role_edit, obj=self.test_role) response = self._request_role_edit_via_patch_with_extra_data() self.assertEqual(response.status_code, status.HTTP_200_OK) - self.role.refresh_from_db() - self.assertEqual(self.role.label, TEST_ROLE_LABEL_EDITED) + self.test_role.refresh_from_db() + self.assertEqual(self.test_role.label, TEST_ROLE_LABEL_EDITED) self.assertQuerysetEqual( - self.role.groups.all(), (repr(self.group_2),) + self.test_role.groups.all(), (repr(self.test_group),) ) self.assertQuerysetEqual( - self.role.permissions.all(), + self.test_role.permissions.all(), (repr(permission_role_view.stored_permission),) ) def test_role_edit_via_put_no_access(self): + self._create_test_role() response = self._request_role_edit(request_type='put') self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) - self.role.refresh_from_db() - self.assertEqual(self.role.label, TEST_ROLE_LABEL) + self.test_role.refresh_from_db() + self.assertEqual(self.test_role.label, TEST_ROLE_LABEL) def test_role_edit_via_put_with_access(self): - self.grant_access(permission=permission_role_edit, obj=self.role) + self._create_test_role() + self.grant_access(permission=permission_role_edit, obj=self.test_role) response = self._request_role_edit(request_type='put') self.assertEqual(response.status_code, status.HTTP_200_OK) - self.role.refresh_from_db() - self.assertEqual(self.role.label, TEST_ROLE_LABEL_EDITED) + self.test_role.refresh_from_db() + self.assertEqual(self.test_role.label, TEST_ROLE_LABEL_EDITED) def _request_role_edit_via_put_with_extra_data(self): + self._create_test_role() self._create_group() return self._request_role_edit( extra_data={ - 'groups_pk_list': '{}'.format(self.group_2.pk), + 'groups_pk_list': '{}'.format(self.test_group.pk), 'permissions_pk_list': '{}'.format(permission_role_view.pk) }, request_type='put' ) def test_role_edit_complex_via_put_no_access(self): + self._create_test_role() response = self._request_role_edit_via_put_with_extra_data() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) - self.role.refresh_from_db() - self.assertEqual(self.role.label, TEST_ROLE_LABEL) + self.test_role.refresh_from_db() + self.assertEqual(self.test_role.label, TEST_ROLE_LABEL) self.assertQuerysetEqual( - self.role.groups.all(), (repr(self.group),) + self.test_role.groups.all(), (repr(self.group),) ) self.assertQuerysetEqual( - self.role.permissions.all(), + self.test_role.permissions.all(), () ) def test_role_edit_complex_via_put_with_access(self): - self.grant_access(permission=permission_role_edit, obj=self.role) + self._create_test_role() + self.grant_access(permission=permission_role_edit, obj=self.test_role) response = self._request_role_edit_via_put_with_extra_data() self.assertEqual(response.status_code, status.HTTP_200_OK) - self.role.refresh_from_db() - self.assertEqual(self.role.label, TEST_ROLE_LABEL_EDITED) + self.test_role.refresh_from_db() + self.assertEqual(self.test_role.label, TEST_ROLE_LABEL_EDITED) self.assertQuerysetEqual( - self.role.groups.all(), (repr(self.group_2),) + self.test_role.groups.all(), (repr(self.test_group),) ) self.assertQuerysetEqual( - self.role.permissions.all(), + self.test_role.permissions.all(), (repr(permission_role_view.stored_permission),) ) @@ -232,7 +239,8 @@ class PermissionAPITestCase(BaseAPITestCase): def _request_role_delete_view(self): return self.delete( - viewname='rest_api:role-detail', args=(self.role.pk,) + viewname='rest_api:role-detail', + kwargs={'role_id': self.test_role.pk} ) def test_role_delete_view_no_access(self): @@ -241,7 +249,7 @@ class PermissionAPITestCase(BaseAPITestCase): self.assertEqual(Role.objects.count(), 1) def test_role_delete_view_with_access(self): - self.grant_access(permission=permission_role_delete, obj=self.role) + self.grant_access(permission=permission_role_delete, obj=self.test_role) response = self._request_role_delete_view() self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) self.assertEqual(Role.objects.count(), 0) diff --git a/mayan/apps/permissions/tests/test_models.py b/mayan/apps/permissions/tests/test_models.py index 5aef04dc79..7dca7ca04b 100644 --- a/mayan/apps/permissions/tests/test_models.py +++ b/mayan/apps/permissions/tests/test_models.py @@ -14,18 +14,18 @@ class PermissionTestCase(BaseTestCase): def test_no_permissions(self): with self.assertRaises(PermissionDenied): - Permission.check_permissions( - requester=self.user, permissions=(permission_role_view,) + Permission.check_user_permission( + permission=permission_role_view, user=self._test_case_user ) def test_with_permissions(self): - self.group.user_set.add(self.user) - self.role.permissions.add(permission_role_view.stored_permission) - self.role.groups.add(self.group) + self._test_case_group.user_set.add(self._test_case_user) + self._test_case_role.permissions.add(permission_role_view.stored_permission) + self._test_case_role.groups.add(self._test_case_group) try: - Permission.check_permissions( - requester=self.user, permissions=(permission_role_view,) + Permission.check_user_permission( + permission=permission_role_view, user=self._test_case_user ) except PermissionDenied: self.fail('PermissionDenied exception was not expected.') diff --git a/mayan/apps/permissions/tests/test_views.py b/mayan/apps/permissions/tests/test_views.py index 851fdb482e..ef49a304e5 100644 --- a/mayan/apps/permissions/tests/test_views.py +++ b/mayan/apps/permissions/tests/test_views.py @@ -1,10 +1,8 @@ from __future__ import unicode_literals -from django.contrib.auth.models import Group - from mayan.apps.common.tests import GenericViewTestCase from mayan.apps.user_management.permissions import permission_group_edit -from mayan.apps.user_management.tests.literals import TEST_GROUP_2_NAME +from mayan.apps.user_management.tests import GroupTestMixin from ..models import Role from ..permissions import ( @@ -13,10 +11,11 @@ from ..permissions import ( permission_role_view, ) -from .literals import TEST_ROLE_2_LABEL, TEST_ROLE_LABEL_EDITED +from .literals import TEST_ROLE_LABEL, TEST_ROLE_LABEL_EDITED +from .mixins import RoleTestMixin -class PermissionsViewsTestCase(GenericViewTestCase): +class PermissionsViewsTestCase(GroupTestMixin, RoleTestMixin, GenericViewTestCase): def setUp(self): super(PermissionsViewsTestCase, self).setUp() self.login_user() @@ -24,7 +23,7 @@ class PermissionsViewsTestCase(GenericViewTestCase): def _request_create_role_view(self): return self.post( viewname='permissions:role_create', data={ - 'label': TEST_ROLE_2_LABEL, + 'label': TEST_ROLE_LABEL, } ) @@ -33,7 +32,7 @@ class PermissionsViewsTestCase(GenericViewTestCase): self.assertEqual(response.status_code, 403) self.assertEqual(Role.objects.count(), 1) self.assertFalse( - TEST_ROLE_2_LABEL in Role.objects.values_list('label', flat=True) + TEST_ROLE_LABEL in Role.objects.values_list('label', flat=True) ) def test_role_creation_view_with_permission(self): @@ -42,140 +41,139 @@ class PermissionsViewsTestCase(GenericViewTestCase): self.assertEqual(response.status_code, 302) self.assertEqual(Role.objects.count(), 2) self.assertTrue( - TEST_ROLE_2_LABEL in Role.objects.values_list('label', flat=True) + TEST_ROLE_LABEL in Role.objects.values_list('label', flat=True) ) def _request_role_delete_view(self): return self.post( - viewname='permissions:role_delete', args=(self.role_2.pk,), + viewname='permissions:role_delete', + kwargs={'role_id': self.test_role.pk} ) - def _create_role(self): - self.role_2 = Role.objects.create(label=TEST_ROLE_2_LABEL) - def test_role_delete_view_no_access(self): - self._create_role() + self._create_test_role() response = self._request_role_delete_view() self.assertEqual(response.status_code, 403) self.assertEqual(Role.objects.count(), 2) self.assertTrue( - TEST_ROLE_2_LABEL in Role.objects.values_list('label', flat=True) + TEST_ROLE_LABEL in Role.objects.values_list('label', flat=True) ) def test_role_delete_view_with_access(self): - self._create_role() - self.grant_access(permission=permission_role_delete, obj=self.role_2) + self._create_test_role() + self.grant_access(permission=permission_role_delete, obj=self.test_role) response = self._request_role_delete_view() self.assertEqual(response.status_code, 302) self.assertEqual(Role.objects.count(), 1) self.assertFalse( - TEST_ROLE_2_LABEL in Role.objects.values_list('label', flat=True) + TEST_ROLE_LABEL in Role.objects.values_list('label', flat=True) ) def _request_role_edit_view(self): return self.post( - viewname='permissions:role_edit', args=(self.role_2.pk,), data={ + viewname='permissions:role_edit', + kwargs={'role_id': self.test_role.pk}, data={ 'label': TEST_ROLE_LABEL_EDITED, } ) def test_role_edit_view_no_access(self): - self._create_role() + self._create_test_role() response = self._request_role_edit_view() self.assertEqual(response.status_code, 403) - self.role_2.refresh_from_db() + self.test_role.refresh_from_db() self.assertEqual(Role.objects.count(), 2) - self.assertEqual(self.role_2.label, TEST_ROLE_2_LABEL) + self.assertEqual(self.test_role.label, TEST_ROLE_LABEL) def test_role_edit_view_with_access(self): - self._create_role() - self.grant_access(permission=permission_role_edit, obj=self.role_2) + self._create_test_role() + self.grant_access(permission=permission_role_edit, obj=self.test_role) response = self._request_role_edit_view() self.assertEqual(response.status_code, 302) - self.role_2.refresh_from_db() + self.test_role.refresh_from_db() self.assertEqual(Role.objects.count(), 2) - self.assertEqual(self.role_2.label, TEST_ROLE_LABEL_EDITED) + self.assertEqual(self.test_role.label, TEST_ROLE_LABEL_EDITED) def _request_role_list_view(self): return self.get(viewname='permissions:role_list') def test_role_list_view_no_access(self): - self._create_role() + self._create_test_role() response = self._request_role_list_view() self.assertEqual(response.status_code, 200) self.assertNotContains( - response=response, text=TEST_ROLE_2_LABEL, status_code=200 + response=response, text=TEST_ROLE_LABEL, status_code=200 ) def test_role_list_view_with_access(self): - self._create_role() - self.grant_access(permission=permission_role_view, obj=self.role_2) + self._create_test_role() + self.grant_access(permission=permission_role_view, obj=self.test_role) response = self._request_role_list_view() self.assertContains( - response=response, text=TEST_ROLE_2_LABEL, status_code=200 + response=response, text=TEST_ROLE_LABEL, status_code=200 ) def _request_role_permissions_view(self): return self.get( - viewname='permissions:role_permissions', args=(self.role_2.pk,) + viewname='permissions:role_permissions', + kwargs={'role_id': self.test_role.pk} ) def test_role_permissions_view_no_access(self): - self._create_role() + self._create_test_role() response = self._request_role_permissions_view() self.assertEqual(response.status_code, 403) def test_role_permissions_view_with_permission_grant(self): - self._create_role() + self._create_test_role() self.grant_access( - permission=permission_permission_grant, obj=self.role_2 + permission=permission_permission_grant, obj=self.test_role ) response = self._request_role_permissions_view() self.assertEqual(response.status_code, 200) def test_role_permissions_view_with_permission_revoke(self): - self._create_role() + self._create_test_role() self.grant_access( - permission=permission_permission_revoke, obj=self.role_2 + permission=permission_permission_revoke, obj=self.test_role ) response = self._request_role_permissions_view() self.assertEqual(response.status_code, 200) def _request_role_groups_view(self): return self.get( - viewname='permissions:role_groups', args=(self.role_2.pk,) + viewname='permissions:role_groups', + kwargs={'role_id': self.test_role.pk} ) def test_role_groups_view_no_access(self): - self._create_role() + self._create_test_role() response = self._request_role_groups_view() self.assertEqual(response.status_code, 403) def test_role_groups_view_with_access(self): - self._create_role() - self.grant_access(permission=permission_role_edit, obj=self.role_2) + self._create_test_role() + self.grant_access(permission=permission_role_edit, obj=self.test_role) response = self._request_role_groups_view() self.assertEqual(response.status_code, 200) - def _create_group(self): - self.group_2 = Group.objects.create(name=TEST_GROUP_2_NAME) - def _request_group_roles_view(self): return self.get( - viewname='permissions:group_roles', args=(self.group_2.pk,) + viewname='permissions:group_roles', + kwargs={'group_id': self.test_group.pk} ) def test_group_roles_view_no_access(self): - self._create_group() + self._create_test_group() response = self._request_group_roles_view() self.assertEqual(response.status_code, 403) def test_group_roles_view_with_access(self): - self._create_group() - self.grant_access(permission=permission_group_edit, obj=self.group_2) + self._create_test_group() + self.grant_access(permission=permission_group_edit, obj=self.test_group) response = self._request_group_roles_view() self.assertEqual(response.status_code, 200) diff --git a/mayan/apps/permissions/urls.py b/mayan/apps/permissions/urls.py index 3c620c2059..5660c5f15c 100644 --- a/mayan/apps/permissions/urls.py +++ b/mayan/apps/permissions/urls.py @@ -4,34 +4,46 @@ from django.conf.urls import url from .api_views import APIPermissionList, APIRoleListView, APIRoleView from .views import ( - GroupRoleMembersView, RoleCreateView, RoleDeleteView, RoleEditView, - RoleListView, SetupRoleMembersView, SetupRolePermissionsView + GroupRolesView, RoleCreateView, RoleDeleteView, RoleEditView, + RoleListView, RoleGroupsView, RolePermissionsView ) urlpatterns = [ url( - r'^group/(?P\d+)/roles/$', GroupRoleMembersView.as_view(), - name='group_roles' - ), - url(r'^role/list/$', RoleListView.as_view(), name='role_list'), - url(r'^role/create/$', RoleCreateView.as_view(), name='role_create'), - url( - r'^role/(?P\d+)/permissions/$', SetupRolePermissionsView.as_view(), - name='role_permissions' - ), - url(r'^role/(?P\d+)/edit/$', RoleEditView.as_view(), name='role_edit'), - url( - r'^role/(?P\d+)/delete/$', RoleDeleteView.as_view(), - name='role_delete' + regex=r'^groups/(?P\d+)/roles/$', name='group_roles', + view=GroupRolesView.as_view() ), url( - r'^role/(?P\d+)/groups/$', SetupRoleMembersView.as_view(), - name='role_groups' + regex=r'^roles/create/$', name='role_create', + view=RoleCreateView.as_view() ), + url( + regex=r'^roles/(?P\d+)/delete/$', name='role_delete', + view=RoleDeleteView.as_view() + ), + url( + regex=r'^roles/(?P\d+)/edit/$', name='role_edit', + view=RoleEditView.as_view() + ), + url( + regex=r'^roles/(?P\d+)/groups/$', name='role_groups', + view=RoleGroupsView.as_view() + ), + url( + regex=r'^roles/(?P\d+)/permissions/$', name='role_permissions', + view=RolePermissionsView.as_view() + ), + url(regex=r'^roles/list/$', name='role_list', view=RoleListView.as_view()), ] api_urls = [ - url(r'^permissions/$', APIPermissionList.as_view(), name='permission-list'), - url(r'^roles/$', APIRoleListView.as_view(), name='role-list'), - url(r'^roles/(?P[0-9]+)/$', APIRoleView.as_view(), name='role-detail'), + url( + regex=r'^permissions/$', name='permission-list', + view=APIPermissionList.as_view(), + ), + url(regex=r'^roles/$', name='role-list', view=APIRoleListView.as_view()), + url( + regex=r'^roles/(?P[0-9]+)/$', name='role-detail', + view=APIRoleView.as_view() + ), ] diff --git a/mayan/apps/permissions/views.py b/mayan/apps/permissions/views.py index aa1ac92d52..5d70ff9d54 100644 --- a/mayan/apps/permissions/views.py +++ b/mayan/apps/permissions/views.py @@ -27,7 +27,7 @@ from .permissions import ( ) -class GroupRoleMembersView(AssignRemoveView): +class GroupRolesView(AssignRemoveView): grouped = False left_list_title = _('Available roles') right_list_title = _('Group roles') @@ -44,7 +44,7 @@ class GroupRoleMembersView(AssignRemoveView): } def get_object(self): - return get_object_or_404(klass=Group, pk=self.kwargs['pk']) + return get_object_or_404(klass=Group, pk=self.kwargs['group_id']) def left_list(self): return [ @@ -65,22 +65,24 @@ class RoleCreateView(SingleObjectCreateView): fields = ('label',) model = Role view_permission = permission_role_create - post_action_redirect = reverse_lazy('permissions:role_list') + post_action_redirect = reverse_lazy(viewname='permissions:role_list') class RoleDeleteView(SingleObjectDeleteView): model = Role object_permission = permission_role_delete - post_action_redirect = reverse_lazy('permissions:role_list') + pk_url_kwarg = 'role_id' + post_action_redirect = reverse_lazy(viewname='permissions:role_list') class RoleEditView(SingleObjectEditView): fields = ('label',) model = Role object_permission = permission_role_edit + pk_url_kwarg = 'role_id' -class SetupRoleMembersView(AssignRemoveView): +class RoleGroupsView(AssignRemoveView): grouped = False left_list_title = _('Available groups') right_list_title = _('Role groups') @@ -101,24 +103,48 @@ class SetupRoleMembersView(AssignRemoveView): } def get_object(self): - return get_object_or_404(klass=Role, pk=self.kwargs['pk']) + return get_object_or_404(klass=Role, pk=self.kwargs['role_id']) def left_list(self): return [ (force_text(group.pk), group.name) for group in set(Group.objects.all()) - set(self.get_object().groups.all()) ] + def remove(self, item): + group = get_object_or_404(klass=Group, pk=item) + self.get_object().groups.remove(group) + def right_list(self): return [ (force_text(group.pk), group.name) for group in self.get_object().groups.all() ] - def remove(self, item): - group = get_object_or_404(klass=Group, pk=item) - self.get_object().groups.remove(group) + +class RoleListView(SingleObjectListView): + model = Role + object_permission = permission_role_view + + def get_extra_context(self): + return { + 'hide_object': True, + 'no_results_icon': icon_role_list, + 'no_results_main_link': link_role_create.resolve( + context=RequestContext(request=self.request) + ), + 'no_results_text': _( + 'Roles are authorization units. They contain ' + 'user groups which inherit the role permissions for the ' + 'entire system. Roles can also part of access ' + 'controls lists. Access controls list are permissions ' + 'granted to a role for specific objects which its group ' + 'members inherit.' + ), + 'no_results_title': _('There are no roles'), + 'title': _('Roles'), + } -class SetupRolePermissionsView(AssignRemoveView): +class RolePermissionsView(AssignRemoveView): grouped = True left_list_title = _('Available permissions') right_list_title = _('Granted permissions') @@ -156,7 +182,7 @@ class SetupRolePermissionsView(AssignRemoveView): permissions=(permission_permission_grant, permission_permission_revoke), user=self.request.user, obj=self.get_object() ) - return super(SetupRolePermissionsView, self).dispatch(request, *args, **kwargs) + return super(RolePermissionsView, self).dispatch(request, *args, **kwargs) def get_extra_context(self): return { @@ -169,22 +195,17 @@ class SetupRolePermissionsView(AssignRemoveView): } def get_object(self): - return get_object_or_404(klass=Role, pk=self.kwargs['pk']) + return get_object_or_404(klass=Role, pk=self.kwargs['role_id']) def left_list(self): Permission.refresh() - return SetupRolePermissionsView.generate_choices( + return RolePermissionsView.generate_choices( entries=StoredPermission.objects.exclude( id__in=self.get_object().permissions.values_list('pk', flat=True) ) ) - def right_list(self): - return SetupRolePermissionsView.generate_choices( - entries=self.get_object().permissions.all() - ) - def remove(self, item): Permission.check_permissions( self.request.user, permissions=(permission_permission_revoke,) @@ -192,26 +213,7 @@ class SetupRolePermissionsView(AssignRemoveView): permission = get_object_or_404(klass=StoredPermission, pk=item) self.get_object().permissions.remove(permission) - -class RoleListView(SingleObjectListView): - model = Role - object_permission = permission_role_view - - def get_extra_context(self): - return { - 'hide_object': True, - 'no_results_icon': icon_role_list, - 'no_results_main_link': link_role_create.resolve( - context=RequestContext(request=self.request) - ), - 'no_results_text': _( - 'Roles are authorization units. They contain ' - 'user groups which inherit the role permissions for the ' - 'entire system. Roles can also part of access ' - 'controls lists. Access controls list are permissions ' - 'granted to a role for specific objects which its group ' - 'members inherit.' - ), - 'no_results_title': _('There are no roles'), - 'title': _('Roles'), - } + def right_list(self): + return RolePermissionsView.generate_choices( + entries=self.get_object().permissions.all() + )