matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update the default class acl setup views to a working state

Browse Source
This commit is contained in:
Roberto Rosario
2011-12-17 14:07:06 -04:00
parent 17b44387c9
commit 574ef3c9c8
3 changed files with 255 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
apps/acls/__init__.py
View File

@@ -11,18 +11,28 @@ acls_namespace = PermissionNamespace('acls', _(u'Access control lists'))
ACLS_EDIT_ACL = Permission.objects.register(acls_namespace, 'acl_edit', _(u'Edit ACLs'))
ACLS_VIEW_ACL = Permission.objects.register(acls_namespace, 'acl_view', _(u'View ACLs'))
ACLS_CLASS_EDIT_ACL = Permission.objects.register(acls_namespace, 'acl_edit', _(u'Edit class default ACLs'))
ACLS_CLASS_VIEW_ACL = Permission.objects.register(acls_namespace, 'acl_view', _(u'View class default ACLs'))
acl_list = {'text': _(u'ACLs'), 'view': 'acl_list', 'famfam': 'lock', 'permissions': [ACLS_VIEW_ACL]}
acl_detail = {'text': _(u'edit'), 'view': 'acl_detail', 'args': ['access_object.gid', 'object.gid'], 'famfam': 'lock', 'permissions': [ACLS_VIEW_ACL]}
acl_grant = {'text': _(u'grant'), 'view': 'acl_multiple_grant', 'famfam': 'key_add', 'permissions': [ACLS_EDIT_ACL]}
acl_revoke = {'text': _(u'revoke'), 'view': 'acl_multiple_revoke', 'famfam': 'key_delete', 'permissions': [ACLS_EDIT_ACL]}
acl_setup_valid_classes = {'text': _(u'Default ACLs'), 'view': 'acl_setup_valid_classes', 'icon': 'lock.png'}#, 'permissions': [ACLS_EDIT_ACL]}
acl_class_list = {'text': _(u'List of classes'), 'view': 'acl_setup_valid_classes', 'famfam': 'package'}#, 'permissions': [ACLS_EDIT_ACL]}
acl_class_acl_list = {'text': _(u'ACLs for class'), 'view': 'acl_class_acl_list', 'args': 'object.gid', 'famfam': 'lock'}#, 'permissions': [ACLS_VIEW_ACL]}
acl_class_new_holder_for = {'text': _(u'New holder'), 'view': 'acl_class_new_holder_for', 'args': 'object.gid', 'famfam': 'user'}#, 'permissions': [ACLS_VIEW_ACL]}
acl_class_grant = {'text': _(u'grant'), 'view': 'acl_class_multiple_grant', 'famfam': 'key_add', 'permissions': [ACLS_EDIT_ACL]}
acl_class_revoke = {'text': _(u'revoke'), 'view': 'acl_class_multiple_revoke', 'famfam': 'key_delete', 'permissions': [ACLS_EDIT_ACL]}
register_links(AccessHolder, [acl_detail])
register_multi_item_links(['acl_detail'], [acl_grant, acl_revoke])
register_setup(acl_setup_valid_classes)
register_links(['acl_setup_valid_classes', 'acl_class_acl_list',], [acl_setup_valid_classes], menu_name='sidebar')
register_links(['acl_setup_valid_classes', 'acl_class_acl_list', 'acl_class_new_holder_for', 'acls_class_acl_detail'], [acl_class_list], menu_name='sidebar')
register_links(AccessObjectClass, [acl_class_acl_list])
register_links(AccessObjectClass, [acl_class_new_holder_for])
register_multi_item_links(['acls_class_acl_detail'], [acl_class_grant, acl_class_revoke])

8
apps/acls/urls.py
View File

@@ -9,7 +9,13 @@ urlpatterns = patterns('acls.views',
url(r'^multiple/grant/$', 'acl_grant', (), 'acl_multiple_grant'),
url(r'^multiple/revoke/$', 'acl_revoke', (), 'acl_multiple_revoke'),
url(r'^class/setup/$', 'acl_setup_valid_classes', (), 'acl_setup_valid_classes'),
url(r'^class/$', 'acl_setup_valid_classes', (), 'acl_setup_valid_classes'),
#url(r'^class/list_for/(?P<app_label>[-\w]+)/(?P<model_name>[-\w]+)/$', 'acl_class_acl_list', (), 'acl_class_acl_list'),
url(r'^class/details/(?P<access_object_class_gid>[.\w]+)/holder/(?P<holder_object_gid>[.\w]+)/$', 'acls_class_acl_detail', (), 'acls_class_acl_detail'),
url(r'^class/list_for/(?P<access_object_class_gid>[.\w]+)/$', 'acl_class_acl_list', (), 'acl_class_acl_list'),
url(r'^class/holder/new/(?P<access_object_class_gid>[.\w]+)/$', 'acl_class_new_holder_for', (), 'acl_class_new_holder_for'),
url(r'^class/multiple/grant/$', 'acl_class_multiple_grant', (), 'acl_class_multiple_grant'),
url(r'^class/multiple/revoke/$', 'acl_class_multiple_revoke', (), 'acl_class_multiple_revoke'),
)

241
apps/acls/views.py
View File

@@ -77,7 +77,7 @@ def acl_detail(request, access_object_gid, holder_object_gid):
{
'name': u'generic_list_subtemplate.html',
'context': {
'title': _(u'permissions held by: %s for %s' % (holder, access_object)),
'title': _(u'permissions available to: %s for %s' % (holder, access_object)),
'object_list': permission_list,
'extra_columns': [
{'name': _(u'namespace'), 'attribute': 'namespace'},
@@ -293,15 +293,16 @@ def acl_new_holder_for(request, obj, extra_context=None):
context_instance=RequestContext(request))
# Setup views
def acl_setup_valid_classes(request):
#Permission.objects.check_permissions(request.user, [ACLS_VIEW_ACL])
logger.debug('DefaultAccessEntry.get_classes(): %s' % DefaultAccessEntry.get_classes())
context = {
#'object_list': [AccessObjectClass.encapsulate(cls) for cls in DefaultAccessEntry.get_classes()],
'object_list': DefaultAccessEntry.get_classes(),
'title': _(u'default access control lists'),
#'title': _(u'default access control lists'),
'title': _(u'classes'),
#'hide_links': True,
'extra_columns': [
{'name': _(u'class'), 'attribute': encapsulate(lambda x: object_w_content_type_icon(x.source_object))},
@@ -319,7 +320,7 @@ def acl_class_acl_list(request, access_object_class_gid):
access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
context = {
'object_list': DefaultAccessEntry.objects.get_holders_for(access_object_class.source_object),
'title': _(u'default access control lists for: %s' % access_object_class.source_object._meta.verbose_name_plural),
'title': _(u'default access control lists for class: %s') % access_object_class,
#'multi_select_as_buttons': True,
#'hide_links': True,
#'extra_columns': [
@@ -328,8 +329,240 @@ def acl_class_acl_list(request, access_object_class_gid):
# ],
#'hide_object': True,
#'access_object': AccessObject.encapsulate(ct)
'object': access_object_class,
}
return render_to_response('generic_list.html', context,
context_instance=RequestContext(request))
def acls_class_acl_detail(request, access_object_class_gid, holder_object_gid):
#Permission.objects.check_permissions(request.user, [ACLS_VIEW_ACL, ACLS_EDIT_ACL])
try:
holder = AccessHolder.get(gid=holder_object_gid)
access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
except ObjectDoesNotExist:
raise Http404
permission_list = list(access_object_class.get_class_permissions())
#TODO : get all globally assigned permission, new function get_permissions_for_holder (roles aware)
subtemplates_list = [
{
'name': u'generic_list_subtemplate.html',
'context': {
'title': _(u'permissions available to: %s for class %s' % (holder, access_object_class)),
'object_list': permission_list,
'extra_columns': [
{'name': _(u'namespace'), 'attribute': 'namespace'},
{'name': _(u'label'), 'attribute': 'label'},
{
'name':_(u'has permission'),
'attribute': encapsulate(lambda x: two_state_template(DefaultAccessEntry.objects.has_accesses(x, holder.source_object, access_object_class.source_object)))
},
],
#'hide_link': True,
'hide_object': True,
}
},
]
return render_to_response('generic_detail.html', {
'object': access_object_class,
'subtemplates_list': subtemplates_list,
'multi_select_as_buttons': True,
'multi_select_item_properties': {
'permission_pk': lambda x: x.pk,
'holder_gid': lambda x: holder.gid,
'access_object_class_gid': lambda x: access_object_class.gid,
},
}, context_instance=RequestContext(request))
def acl_class_new_holder_for(request, access_object_class_gid):
#Permission.objects.check_permissions(request.user, [ACLS_EDIT_ACL])
access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
if request.method == 'POST':
form = HolderSelectionForm(request.POST)
if form.is_valid():
try:
#access_object = AccessObject.encapsulate(access_object_class)
access_holder = AccessHolder.get(form.cleaned_data['holder_gid'])
return HttpResponseRedirect(reverse('acls_class_acl_detail', args=[access_object_class.gid, access_holder.gid]))
except ObjectDoesNotExist:
raise Http404
else:
form = HolderSelectionForm()
context = {
'form': form,
'title': _(u'add new holder for class: %s') % unicode(access_object_class),
'object': access_object_class,
'submit_label': _(u'Select'),
'submit_icon_famfam': 'tick'
}
return render_to_response('generic_form.html', context,
context_instance=RequestContext(request))
def acl_class_multiple_grant(request):
#Permission.objects.check_permissions(request.user, [ACLS_EDIT_ACL])
items_property_list = loads(request.GET.get('items_property_list', []))
post_action_redirect = None
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None)))
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', None)))
items = {}
title_suffix = []
navigation_object = None
navigation_object_count = 0
for item_properties in items_property_list:
try:
permission = Permission.objects.get({'pk': item_properties['permission_pk']})
except Permission.DoesNotExist:
raise Http404
try:
requester = AccessHolder.get(gid=item_properties['holder_gid'])
access_object_class = AccessObjectClass.get(gid=item_properties['access_object_class_gid'])
except ObjectDoesNotExist:
raise Http404
items.setdefault(requester, {})
items[requester].setdefault(access_object_class, [])
items[requester][access_object_class].append(permission)
navigation_object = access_object_class
navigation_object_count += 1
for requester, obj_ps in items.items():
for obj, ps in obj_ps.items():
title_suffix.append(_(u' and ').join([u'"%s"' % unicode(p) for p in ps]))
title_suffix.append(_(u' for %s') % obj)
title_suffix.append(_(u' to %s') % requester)
if len(items_property_list) == 1:
title_prefix = _(u'Are you sure you wish to grant the permission %(title_suffix)s?')
else:
title_prefix = _(u'Are you sure you wish to grant the permissions %(title_suffix)s?')
if request.method == 'POST':
for requester, object_permissions in items.items():
for obj, permissions in object_permissions.items():
for permission in permissions:
if DefaultAccessEntry.objects.grant(permission, requester.source_object, obj.source_object):
messages.success(request, _(u'Permission "%(permission)s" granted to %(requester)s for %(object)s.') % {
'permission': permission,
'requester': requester,
'object': obj
})
else:
messages.warning(request, _(u'%(requester)s, already had the permission "%(permission)s" granted for %(object)s.') % {
'requester': requester,
'permission': permission,
'object': obj,
})
return HttpResponseRedirect(next)
context = {
'delete_view': True,
'previous': previous,
'next': next,
'form_icon': u'key_add.png',
}
context['title'] = title_prefix % {
'title_suffix': u''.join(title_suffix),
}
logger.debug('navigation_object_count: %d' % navigation_object_count)
logger.debug('navigation_object: %s' % navigation_object)
if navigation_object_count == 1:
context['object'] = navigation_object
return render_to_response('generic_confirm.html', context,
context_instance=RequestContext(request))
def acl_class_multiple_revoke(request):
#Permission.objects.check_permissions(request.user, [ACLS_EDIT_ACL])
items_property_list = loads(request.GET.get('items_property_list', []))
post_action_redirect = None
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None)))
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', None)))
items = {}
title_suffix = []
navigation_object = None
navigation_object_count = 0
for item_properties in items_property_list:
try:
permission = Permission.objects.get({'pk': item_properties['permission_pk']})
except Permission.DoesNotExist:
raise Http404
try:
requester = AccessHolder.get(gid=item_properties['holder_gid'])
access_object_class = AccessObjectClass.get(gid=item_properties['access_object_class_gid'])
except ObjectDoesNotExist:
raise Http404
items.setdefault(requester, {})
items[requester].setdefault(access_object_class, [])
items[requester][access_object_class].append(permission)
navigation_object = access_object_class
navigation_object_count += 1
for requester, obj_ps in items.items():
for obj, ps in obj_ps.items():
title_suffix.append(_(u' and ').join([u'"%s"' % unicode(p) for p in ps]))
title_suffix.append(_(u' for %s') % obj)
title_suffix.append(_(u' from %s') % requester)
if len(items_property_list) == 1:
title_prefix = _(u'Are you sure you wish to revoke the permission %(title_suffix)s?')
else:
title_prefix = _(u'Are you sure you wish to revoke the permissions %(title_suffix)s?')
if request.method == 'POST':
for requester, object_permissions in items.items():
for obj, permissions in object_permissions.items():
for permission in permissions:
if DefaultAccessEntry.objects.revoke(permission, requester.source_object, obj.source_object):
messages.success(request, _(u'Permission "%(permission)s" revoked of %(requester)s for %(object)s.') % {
'permission': permission,
'requester': requester,
'object': obj
})
else:
messages.warning(request, _(u'%(requester)s, didn\'t had the permission "%(permission)s" for %(object)s.') % {
'requester': requester,
'permission': permission,
'object': obj,
})
return HttpResponseRedirect(next)
context = {
'delete_view': True,
'previous': previous,
'next': next,
'form_icon': u'key_delete.png',
}
context['title'] = title_prefix % {
'title_suffix': u''.join(title_suffix),
}
logger.debug('navigation_object_count: %d' % navigation_object_count)
logger.debug('navigation_object: %s' % navigation_object)
if navigation_object_count == 1:
context['object'] = navigation_object
return render_to_response('generic_confirm.html', context,
context_instance=RequestContext(request))