From 7dcaa1757a9469e32f33076c5b1e0948e67003aa Mon Sep 17 00:00:00 2001 From: Roberto Rosario Date: Wed, 14 Dec 2011 09:11:09 -0400 Subject: [PATCH] Initial class default ACLs views --- apps/acls/__init__.py | 11 ++++- apps/acls/urls.py | 4 ++ apps/acls/views.py | 98 ++++++++++++++++++++----------------------- 3 files changed, 59 insertions(+), 54 deletions(-) diff --git a/apps/acls/__init__.py b/apps/acls/__init__.py index 6753b2779b..f478d84250 100644 --- a/apps/acls/__init__.py +++ b/apps/acls/__init__.py @@ -2,8 +2,9 @@ from django.utils.translation import ugettext_lazy as _ from navigation.api import register_links, register_multi_item_links from permissions.models import PermissionNamespace, Permission +from project_setup.api import register_setup -from acls.models import AccessHolder +from acls.models import AccessHolder, AccessObjectClass acls_namespace = PermissionNamespace('acls', _(u'Access control lists')) @@ -15,5 +16,13 @@ acl_detail = {'text': _(u'edit'), 'view': 'acl_detail', 'args': ['access_object. acl_grant = {'text': _(u'grant'), 'view': 'acl_multiple_grant', 'famfam': 'key_add', 'permissions': [ACLS_EDIT_ACL]} acl_revoke = {'text': _(u'revoke'), 'view': 'acl_multiple_revoke', 'famfam': 'key_delete', 'permissions': [ACLS_EDIT_ACL]} +acl_setup_valid_classes = {'text': _(u'Default ACLs'), 'view': 'acl_setup_valid_classes', 'icon': 'lock.png'}#, 'permissions': [ACLS_EDIT_ACL]} +acl_class_acl_list = {'text': _(u'ACLs for class'), 'view': 'acl_class_acl_list', 'args': 'object.gid', 'famfam': 'lock'}#, 'permissions': [ACLS_VIEW_ACL]} + register_links(AccessHolder, [acl_detail]) register_multi_item_links(['acl_detail'], [acl_grant, acl_revoke]) + +register_setup(acl_setup_valid_classes) +register_links(['acl_setup_valid_classes', 'acl_class_acl_list',], [acl_setup_valid_classes], menu_name='sidebar') + +register_links(AccessObjectClass, [acl_class_acl_list]) diff --git a/apps/acls/urls.py b/apps/acls/urls.py index 2f70970766..13de21e23f 100644 --- a/apps/acls/urls.py +++ b/apps/acls/urls.py @@ -8,4 +8,8 @@ urlpatterns = patterns('acls.views', url(r'^multiple/grant/$', 'acl_grant', (), 'acl_multiple_grant'), url(r'^multiple/revoke/$', 'acl_revoke', (), 'acl_multiple_revoke'), + + url(r'^class/setup/$', 'acl_setup_valid_classes', (), 'acl_setup_valid_classes'), + #url(r'^class/list_for/(?P[-\w]+)/(?P[-\w]+)/$', 'acl_class_acl_list', (), 'acl_class_acl_list'), + url(r'^class/list_for/(?P[.\w]+)/$', 'acl_class_acl_list', (), 'acl_class_acl_list'), ) diff --git a/apps/acls/views.py b/apps/acls/views.py index 6bad2858c7..b3ff2cbcae 100644 --- a/apps/acls/views.py +++ b/apps/acls/views.py @@ -9,7 +9,6 @@ from django.template import RequestContext from django.contrib import messages from django.views.generic.list_detail import object_list from django.core.urlresolvers import reverse -from django.views.generic.create_update import create_object, delete_object, update_object from django.contrib.contenttypes.models import ContentType from django.contrib.auth.models import User, Group from django.core.exceptions import ObjectDoesNotExist @@ -20,7 +19,8 @@ from common.utils import generate_choices_w_labels, encapsulate from common.widgets import two_state_template from acls import ACLS_EDIT_ACL, ACLS_VIEW_ACL -from acls.models import AccessEntry, AccessObject, AccessHolder +from acls.models import (AccessEntry, AccessObject, AccessHolder, + DefaultAccessEntry, AccessObjectClass) from acls.widgets import object_w_content_type_icon from acls.forms import HolderSelectionForm @@ -44,7 +44,7 @@ def acl_list_for(request, obj, extra_context=None): 'extra_columns': [ {'name': _(u'holder'), 'attribute': encapsulate(lambda x: object_w_content_type_icon(x.source_object))}, {'name': _(u'permissions'), 'attribute': encapsulate(lambda x: _permission_titles(AccessEntry.objects.get_holder_permissions_for(obj, x.source_object)))}, - ], + ], 'hide_object': True, 'access_object': AccessObject.encapsulate(obj) } @@ -264,55 +264,6 @@ def acl_revoke(request): return render_to_response('generic_confirm.html', context, context_instance=RequestContext(request)) -''' -def get_role_members(role): - user_ct = ContentType.objects.get(model='user') - group_ct = ContentType.objects.get(model='group') - return [member.member_object for member in role.rolemember_set.filter(member_type__in=[user_ct, group_ct])] - - -def get_non_role_members(role): - #non members = all users - members - staff - super users - staff_users = User.objects.filter(is_staff=True) - super_users = User.objects.filter(is_superuser=True) - users = set(User.objects.exclude(pk__in=[member.pk for member in get_role_members(role)])) - set(staff_users) - set(super_users) - groups = set(Group.objects.exclude(pk__in=[member.pk for member in get_role_members(role)])) - return list(users | groups) - - -def add_role_member(role, selection): - model, pk = selection.split(u',') - ct = ContentType.objects.get(model=model) - new_member, created = RoleMember.objects.get_or_create(role=role, member_type=ct, member_id=pk) - if not created: - raise Exception - - -def remove_role_member(role, selection): - model, pk = selection.split(u',') - ct = ContentType.objects.get(model=model) - member = RoleMember.objects.get(role=role, member_type=ct, member_id=pk) - member.delete() - -def role_members(request, role_id): - check_permissions(request.user, [PERMISSION_ROLE_EDIT]) - role = get_object_or_404(Role, pk=role_id) - - return assign_remove( - request, - left_list=lambda: generate_choices_w_labels(get_non_role_members(role)), - right_list=lambda: generate_choices_w_labels(get_role_members(role)), - add_method=lambda x: add_role_member(role, x), - remove_method=lambda x: remove_role_member(role, x), - left_list_title=_(u'non members of role: %s') % role, - right_list_title=_(u'members of role: %s') % role, - extra_context={ - 'object': role, - 'object_name': _(u'role'), - } - ) -''' - def acl_new_holder_for(request, obj, extra_context=None): Permission.objects.check_permissions(request.user, [ACLS_EDIT_ACL]) @@ -340,4 +291,45 @@ def acl_new_holder_for(request, obj, extra_context=None): return render_to_response('generic_form.html', context, context_instance=RequestContext(request)) - + + +def acl_setup_valid_classes(request): + #Permission.objects.check_permissions(request.user, [ACLS_VIEW_ACL]) + + logger.debug('DefaultAccessEntry.get_classes(): %s' % DefaultAccessEntry.get_classes()) + + context = { + #'object_list': [AccessObjectClass.encapsulate(cls) for cls in DefaultAccessEntry.get_classes()], + 'object_list': DefaultAccessEntry.get_classes(), + 'title': _(u'default access control lists'), + #'hide_links': True, + 'extra_columns': [ + {'name': _(u'class'), 'attribute': encapsulate(lambda x: object_w_content_type_icon(x.source_object))}, + ], + 'hide_object': True, + } + + return render_to_response('generic_list.html', context, + context_instance=RequestContext(request)) + + +def acl_class_acl_list(request, access_object_class_gid): + #Permission.objects.check_permissions(request.user, [ACLS_VIEW_ACL]) + + access_object_class = AccessObjectClass.get(gid=access_object_class_gid) + context = { + 'object_list': DefaultAccessEntry.objects.get_holders_for(access_object_class.source_object), + 'title': _(u'default access control lists for: %s' % access_object_class.source_object._meta.verbose_name_plural), + #'multi_select_as_buttons': True, + #'hide_links': True, + #'extra_columns': [ + #{'name': _(u'holder'), 'attribute': encapsulate(lambda x: object_w_content_type_icon(x.source_object))}, + #{'name': _(u'permissions'), 'attribute': encapsulate(lambda x: _permission_titles(AccessEntry.objects.get_holder_permissions_for(obj, x.source_object)))}, + # ], + #'hide_object': True, + #'access_object': AccessObject.encapsulate(ct) + } + + return render_to_response('generic_list.html', context, + context_instance=RequestContext(request)) +