From 1557ae829bf1d5b3279e80fbc4072b0dccb6a08b Mon Sep 17 00:00:00 2001 From: Roberto Rosario Date: Thu, 3 Nov 2011 12:04:35 -0400 Subject: [PATCH] ACL grant view updates --- apps/acls/__init__.py | 6 ++- apps/acls/urls.py | 2 +- apps/acls/views.py | 111 +++++++++++++++++++++++++++++++++++++++--- 3 files changed, 108 insertions(+), 11 deletions(-) diff --git a/apps/acls/__init__.py b/apps/acls/__init__.py index 679830b4bf..6406ea087a 100644 --- a/apps/acls/__init__.py +++ b/apps/acls/__init__.py @@ -1,7 +1,7 @@ from django.utils.translation import ugettext_lazy as _ from permissions.api import register_permission, set_namespace_title -from navigation.api import register_links +from navigation.api import register_links, register_multi_item_links from acls.models import AccessHolder @@ -14,6 +14,8 @@ register_permission(ACLS_EDIT_ACL) register_permission(ACLS_VIEW_ACL) acl_list = {'text': _(u'ACLs'), 'view': 'acl_list', 'famfam': 'lock', 'permissions': [ACLS_VIEW_ACL]} -acl_detail = {'text': _(u'Edit'), 'view': 'acl_detail', 'args': ['access_object.gid', 'object.gid'], 'famfam': 'lock', 'permissions': [ACLS_VIEW_ACL]} +acl_detail = {'text': _(u'edit'), 'view': 'acl_detail', 'args': ['access_object.gid', 'object.gid'], 'famfam': 'lock', 'permissions': [ACLS_VIEW_ACL]} +acl_grant = {'text': _(u'grant'), 'view': 'acl_multiple_grant', 'famfam': 'key_add', 'permissions': [ACLS_EDIT_ACL]} register_links(AccessHolder, [acl_detail]) +register_multi_item_links(['acl_detail'], [acl_grant])#, permission_revoke]) diff --git a/apps/acls/urls.py b/apps/acls/urls.py index 7dfc8c25f5..1570140c5e 100644 --- a/apps/acls/urls.py +++ b/apps/acls/urls.py @@ -12,6 +12,6 @@ urlpatterns = patterns('acls.views', # url(r'^role/(?P\d+)/delete/$', 'role_delete', (), 'role_delete'), # url(r'^role/(?P\d+)/members/$', 'role_members', (), 'role_members'), # -# url(r'^permissions/multiple/grant/$', 'permission_grant', (), 'permission_multiple_grant'), + url(r'^multiple/grant/$', 'acl_grant', (), 'acl_multiple_grant'), # url(r'^permissions/multiple/revoke/$', 'permission_revoke', (), 'permission_multiple_revoke'), ) diff --git a/apps/acls/views.py b/apps/acls/views.py index df6b0c4a2c..eab8f25f73 100644 --- a/apps/acls/views.py +++ b/apps/acls/views.py @@ -1,3 +1,6 @@ +import operator +import itertools + from django.utils.translation import ugettext_lazy as _ from django.http import HttpResponseRedirect, Http404 from django.shortcuts import render_to_response, get_object_or_404 @@ -9,8 +12,10 @@ from django.views.generic.create_update import create_object, delete_object, upd from django.contrib.contenttypes.models import ContentType from django.contrib.auth.models import User, Group from django.core.exceptions import ObjectDoesNotExist +from django.utils.simplejson import loads from permissions.api import check_permissions, namespace_titles, get_permission_label, get_permission_namespace_label +from permissions.models import Permission from common.utils import generate_choices_w_labels, encapsulate from common.widgets import two_state_template @@ -71,7 +76,7 @@ def acl_detail(request, access_object_gid, holder_object_gid): raise Http404 permission_list = list(set(AccessEntry.objects.get_permissions_for_holder(access_object.source_object, request.user))) - #TODO : get all globalluy assignes permission, new function get_permissions_for_holder (roles aware) + #TODO : get all globally assigned permission, new function get_permissions_for_holder (roles aware) subtemplates_list = [ { 'name': u'generic_list_subtemplate.html', @@ -96,11 +101,101 @@ def acl_detail(request, access_object_gid, holder_object_gid): #'form': form, 'object': access_object.obj, 'subtemplates_list': subtemplates_list, - #'multi_select_as_buttons': True, - #'multi_select_item_properties': { - # 'permission_id': lambda x: x.pk, - # 'requester_id': lambda x: role.pk, - # 'requester_app_label': lambda x: ContentType.objects.get_for_model(role).app_label, - # 'requester_model': lambda x: ContentType.objects.get_for_model(role).model, - #}, + 'multi_select_as_buttons': True, + 'multi_select_item_properties': { + 'permission_pk': lambda x: x.pk, + 'holder_gid': lambda x: holder.gid, + 'object_gid': lambda x: access_object.gid, + #'requester_id': lambda x: role.pk, + #'requester_app_label': lambda x: ContentType.objects.get_for_model(role).app_label, + #'requester_model': lambda x: ContentType.objects.get_for_model(role).model, + }, }, context_instance=RequestContext(request)) + + +def acl_grant(request): + check_permissions(request.user, [ACLS_EDIT_ACL]) + items_property_list = loads(request.GET.get('items_property_list', [])) + post_action_redirect = None + + next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None))) + previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', None))) + + items = {} + for item_properties in items_property_list: + permission = get_object_or_404(Permission, pk=item_properties['permission_pk']) + try: + requester = AccessHolder.get(gid=item_properties['holder_gid']) + access_object = AccessObject.get(gid=item_properties['object_gid']) + except ObjectDoesNotExist: + raise Http404 + + items.setdefault(requester, {}) + items[requester].setdefault(access_object, []) + items[requester][access_object].append(permission) + + title_suffix = [] + for requester, access_objects_dict in items.items(): + title_suffix.append(unicode(requester)) + for access_object, permissions in access_objects_dict.items(): + if len(permissions) == 1: + permissions_label = _(u'permission') + else: + permissions_label = _(u'permissions') + + title_suffix.append(permission for permission in permissions) + + + title_suffix.append(unicode(access_object)) + #title_suffix.append(_(u'the permissions')) + + + #items = access_objects[access_object] + #sorted_items = sorted(items, key=operator.itemgetter('requester')) + + # Group items by requester + #groups = itertools.groupby(sorted_items, key=operator.itemgetter('requester')) + #grouped_items = [(grouper, [permission['permission'] for permission in group_data]) for grouper, group_data in groups] + + #title_suffix + # Warning: trial and error black magic ahead + #title_suffix.append(_(u' and ').join([_(u'%s to %s') % (', '.join(['"%s"' % unicode(ps) for ps in p]), unicode(r)) for r, p in grouped_items])) + + #if len(grouped_items) == 1 and len(grouped_items[0][1]) == 1: + # permissions_label = _(u'permission') + #else: + # permissions_label = _(u'permissions') + #title_suffix.append(_(t + + print title_suffix + #title_suffix = _(u' and ').join(title_suffix) + permissions_label = _(u'permissions') + + if request.method == 'POST': + for item in items: + if item['permission'].grant_to(item['requester']): + messages.success(request, _(u'Permission "%(permission)s" granted to: %(requester)s.') % { + 'permission': item['permission'], 'requester': item['requester']}) + else: + messages.warning(request, _(u'%(requester)s, already had the permission "%(permission)s" granted.') % { + 'requester': item['requester'], 'permission': item['permission']}) + + return HttpResponseRedirect(next) + + context = { + 'delete_view': True, + 'previous': previous, + 'next': next, + 'form_icon': u'key_add.png', + } + + context['title'] = _(u'Are you sure you wish to grant the %(permissions_label)s %(title_suffix)s?') % { + 'permissions_label': permissions_label, + 'title_suffix': title_suffix, + } + + if len(grouped_items) == 1: + context['object'] = grouped_items[0][0] + + return render_to_response('generic_confirm.html', context, + context_instance=RequestContext(request))