From 1f7b1bc9046a6e878b507c4edfa5db1ee7432c87 Mon Sep 17 00:00:00 2001
From: Roberto Rosario <Roberto.Rosario.Gonzalez@gmail.com>
Date: Sat, 17 Dec 2011 16:42:19 -0400
Subject: [PATCH] Update new holder form to user HTML option groups and remove
 class permission current holders

---
 apps/acls/forms.py | 80 ++++++++++++----------------------------------
 1 file changed, 21 insertions(+), 59 deletions(-)

diff --git a/apps/acls/forms.py b/apps/acls/forms.py
index 4235a2331d..0e4b68098c 100644
--- a/apps/acls/forms.py
+++ b/apps/acls/forms.py
@@ -8,72 +8,34 @@ from common.utils import generate_choices_w_labels, encapsulate, get_object_name
 from acls.models import AccessHolder
 
 
+def _as_choice_list(holders):
+    return sorted([(AccessHolder.encapsulate(holder).gid, get_object_name(holder, display_object_type=False)) for holder in holders], key=lambda x: x[1])
+
 class HolderSelectionForm(forms.Form):
     holder_gid = forms.ChoiceField(
         label=_(u'New holder')
     )
     
     def __init__(self, *args, **kwargs):
+        current_holders = kwargs.pop('current_holders', [])
+        if current_holders:
+            current_holders = [holder.source_object for holder in current_holders]
+
         staff_users = User.objects.filter(is_staff=True)
         super_users = User.objects.filter(is_superuser=True)
-        #users = set(User.objects.exclude(pk__in=[member.pk for member in get_role_members(role)])) - set(staff_users) - set(super_users)
-        users = set(User.objects.filter(is_active=True)) - set(staff_users) - set(super_users)
-        roles = set(Role.objects.all())
-        #groups = set(Group.objects.exclude(pk__in=[member.pk for member in get_role_members(role)]))
-        groups = set(Group.objects.all())
-        holder_list = list(users | groups | roles)
+        users = set(User.objects.filter(is_active=True)) - set(staff_users) - set(super_users) - set(current_holders)
+        roles = set(Role.objects.all()) - set(current_holders)
+        groups = set(Group.objects.all()) - set(current_holders)
         
-        #holder_list = kwargs.pop('holder_list', None)
+        non_holder_list = []
+        if users:
+            non_holder_list.append((_(u'Users'), _as_choice_list(list(users))))
+            
+        if groups:
+            non_holder_list.append((_(u'Groups'), _as_choice_list(list(groups))))
+            
+        if roles:
+            non_holder_list.append((_(u'Roles'), _as_choice_list(list(roles))))
+
         super(HolderSelectionForm, self).__init__(*args, **kwargs)
-        #if holder_list:
-        self.fields['holder_gid'].choices = [(AccessHolder.encapsulate(holder).gid, get_object_name(holder)) for holder in holder_list]
-
-
-'''
-def get_role_members(role):
-    user_ct = ContentType.objects.get(model='user')
-    group_ct = ContentType.objects.get(model='group')
-    return [member.member_object for member in role.rolemember_set.filter(member_type__in=[user_ct, group_ct])]
-
-
-def get_non_role_members(role):
-    #non members = all users - members - staff - super users
-    staff_users = User.objects.filter(is_staff=True)
-    super_users = User.objects.filter(is_superuser=True)
-    users = set(User.objects.exclude(pk__in=[member.pk for member in get_role_members(role)])) - set(staff_users) - set(super_users)
-    groups = set(Group.objects.exclude(pk__in=[member.pk for member in get_role_members(role)]))
-    return list(users | groups)
-
-
-def add_role_member(role, selection):
-    model, pk = selection.split(u',')
-    ct = ContentType.objects.get(model=model)
-    new_member, created = RoleMember.objects.get_or_create(role=role, member_type=ct, member_id=pk)
-    if not created:
-        raise Exception
-
-
-def remove_role_member(role, selection):
-    model, pk = selection.split(u',')
-    ct = ContentType.objects.get(model=model)
-    member = RoleMember.objects.get(role=role, member_type=ct, member_id=pk)
-    member.delete()
-
-def role_members(request, role_id):
-    check_permissions(request.user, [PERMISSION_ROLE_EDIT])
-    role = get_object_or_404(Role, pk=role_id)
-
-    return assign_remove(
-        request,
-        left_list=lambda: generate_choices_w_labels(get_non_role_members(role)),
-        right_list=lambda: generate_choices_w_labels(get_role_members(role)),
-        add_method=lambda x: add_role_member(role, x),
-        remove_method=lambda x: remove_role_member(role, x),
-        left_list_title=_(u'non members of role: %s') % role,
-        right_list_title=_(u'members of role: %s') % role,
-        extra_context={
-            'object': role,
-            'object_name': _(u'role'),
-        }
-    )
-'''
+        self.fields['holder_gid'].choices = non_holder_list