Added role editing, creating and permission granting/revoking views

2011-02-15 01:43:25 -04:00
parent 93f74df2df
commit a2e6f223f4
8 changed files with 191 additions and 102 deletions
--- a/apps/permissions/views.py
+++ b/apps/permissions/views.py
@@ -7,16 +7,23 @@ from django.views.generic.list_detail import object_detail, object_list
 from django.core.urlresolvers import reverse
 from django.views.generic.create_update import create_object, delete_object, update_object
 from django.conf import settings
+from django.contrib.contenttypes.models import ContentType
+from django.core.exceptions import ObjectDoesNotExist
+
+from models import Role, Permission, PermissionHolder
+from forms import RoleForm, RoleForm_view
+from permissions import PERMISSION_ROLE_VIEW, PERMISSION_ROLE_EDIT, \
+    PERMISSION_ROLE_CREATE, PERMISSION_ROLE_DELETE, PERMISSION_PERMISSION_GRANT, \
+    PERMISSION_PERMISSION_REVOKE
+from api import check_permissions, Unauthorized

-from models import Role
-from forms import RoleForm_view

 def role_list(request):
-    #permissions = [PERMISSION_ROLE_VIEW]
-    #try:
-    #    check_permissions(request.user, 'permissions', permissions)
-    #except Unauthorized, e:
-    #    raise Http404(e)
+    permissions = [PERMISSION_ROLE_VIEW]
+    try:
+        check_permissions(request.user, 'permissions', permissions)
+    except Unauthorized, e:
+        raise Http404(e)
            
    return object_list(
        request,
@@ -24,85 +31,155 @@ def role_list(request):
        template_name='generic_list.html',
        extra_context={
            'title':_(u'roles'),
+            'hide_link':True,
        },
    )


-def role_view(request, role_id):
-    #permissions = [PERMISSION_ROLE_VIEW]
-    #try:
-    #    check_permissions(request.user, 'permissions', permissions)
-    #except Unauthorized, e:
-    #    raise Http404(e)
+def _role_permission_link(requester, permission, permission_list):
+    ct = ContentType.objects.get_for_model(requester)
+
+    template = '<a href="%(url)s"><span class="famfam active famfam-%(icon)s"></span>%(text)s</a>'
+
+    if permission in permission_list:
+        return template % {
+            'url':reverse('permission_revoke',
+                args=[permission.id, ct.app_label, ct.model, requester.id]),
+            'icon':'delete', 'text':_(u'Revoke')}
+    else:
+        return template % {
+            'url':reverse('permission_grant',
+                args=[permission.id, ct.app_label, ct.model, requester.id]),
+            'icon':'add', 'text':_(u'Grant')}
+        
+        
+def role_permissions(request, role_id):
+    permissions = [PERMISSION_PERMISSION_GRANT, PERMISSION_PERMISSION_REVOKE]
+    try:
+        check_permissions(request.user, 'permissions', permissions)
+    except Unauthorized, e:
+        raise Http404(e)
            
    role = get_object_or_404(Role, pk=role_id)
-    form = RoleForm_view(instance=role)#, extra_fields=[
-    #    {'label':_(u'Filename'), 'field':'file_filename'},
-    #    {'label':_(u'File extension'), 'field':'file_extension'},
-    #    {'label':_(u'File mimetype'), 'field':'file_mimetype'},
-    #    {'label':_(u'File mime encoding'), 'field':'file_mime_encoding'},
-    #    {'label':_(u'File size'), 'field':lambda x: pretty_size(x.file.storage.size(x.file.path)) if x.exists() else '-'},
-    #    {'label':_(u'Exists in storage'), 'field':'exists'},
-    #    {'label':_(u'Date added'), 'field':lambda x: x.date_added.date()},
-    #    {'label':_(u'Time added'), 'field':lambda x: unicode(x.date_added.time()).split('.')[0]},
-    #    {'label':_(u'Checksum'), 'field':'checksum'},
-    #    {'label':_(u'UUID'), 'field':'uuid'},
-    #    {'label':_(u'Pages'), 'field':lambda x: x.documentpage_set.count()},
-    #])
-
-        
-    #subtemplates_dict = [
-    #        {
-    #            'name':'generic_list_subtemplate.html',
-    #            'title':_(u'metadata'),
-    #            'object_list':document.documentmetadata_set.all(),
-    #            'extra_columns':[{'name':_(u'value'), 'attribute':'value'}],
-    #            'hide_link':True,
-    #        },
-    #    ]
-    
-    #if FILESYSTEM_FILESERVING_ENABLE:
-    #    subtemplates_dict.append({
-    #        'name':'generic_list_subtemplate.html',
-    #        'title':_(u'index links'),
-    #        'object_list':document.documentmetadataindex_set.all(),
-    #        'hide_link':True})
+    form = RoleForm_view(instance=role)

+    role_permissions = Permission.objects.get_for_holder(role)
+    subtemplates_dict = [
+        {
+            'name':'generic_list_subtemplate.html',
+            'title':_(u'permissions'),
+            'object_list':Permission.objects.all(),
+            'extra_columns':[
+                {'name':_(u'namespace'), 'attribute':'namespace'},
+                {'name':_(u'name'), 'attribute':'label'},
+                {'name':_(u'state'), 'attribute':lambda x: _role_permission_link(role, x, role_permissions)}
+            ],
+            'hide_link':True,
+            'hide_object':True,
+        },
+    ]
           
    return render_to_response('generic_detail.html', {
-        #'form_list':[{'form':form, 'object':role}],
        'form':form,
        'object':role,
-        #'object':role,
-        #'subtemplates_dict':subtemplates_dict,
-        #'sidebar_subtemplates_dict':sidebar_groups,
+        'object_name':_(u'role'),
+        'subtemplates_dict':subtemplates_dict,
    }, context_instance=RequestContext(request))


-def role_create(request):
-    #permissions = [PERMISSION_ROLE_CREATE]
-    #try:
-    #    check_permissions(request.user, 'permissions', permissions)
-    #except Unauthorized, e:
-    #    raise Http404(e)
+def role_edit(request, role_id):
+    permissions = [PERMISSION_ROLE_EDIT]
+    try:
+        check_permissions(request.user, 'permissions', permissions)
+    except Unauthorized, e:
+        raise Http404(e)
+
+    return update_object(request, template_name='generic_form.html', 
+        form_class=RoleForm, object_id=role_id, extra_context={
+        'object_name':_(u'role')})
+
+
+def role_create(request):
+    permissions = [PERMISSION_ROLE_CREATE]
+    try:
+        check_permissions(request.user, 'permissions', permissions)
+    except Unauthorized, e:
+        raise Http404(e)
+
+    return create_object(request, model=Role, 
+        template_name='generic_form.html',
+        post_save_redirect=reverse('role_list'))

-    #TODO: post_create redirect
-    return create_object(request, model=Role, template_name='generic_form.html')
    
 def role_delete(request, role_id):
-#    permissions = [PERMISSION_DOCUMENT_DELETE]
-#    try:
-#        check_permissions(request.user, 'documents', permissions)
-#    except Unauthorized, e:
-#        raise Http404(e)
-#            
-    #role = get_object_or_404(Role, pk=role_id)
+    permissions = [PERMISSION_ROLE_DELETE]
+    try:
+        check_permissions(request.user, 'documents', permissions)
+    except Unauthorized, e:
+        raise Http404(e)
+            
+    next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None)))
+    previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', None)))
        
    return delete_object(request, model=Role, object_id=role_id, 
        template_name='generic_confirm.html', 
        post_delete_redirect=reverse('role_list'),
        extra_context={
            'delete_view':True,
-            #'object':document,
+            'next':next,
+            'previous':previous,
            'object_name':_(u'role'),
        })
+
+def permission_grant_revoke(request, permission_id, app_label, module_name, pk, action):
+    ct = get_object_or_404(ContentType, app_label=app_label, model=module_name)
+    requester_model = ct.model_class()
+    requester = get_object_or_404(requester_model, pk=pk)
+    permission = get_object_or_404(Permission, pk=permission_id)
+
+    if action == 'grant':
+        permissions = [PERMISSION_PERMISSION_GRANT]
+        try:
+            check_permissions(request.user, 'permissions', permissions)
+        except Unauthorized, e:
+            raise Http404(e)
+        title = _('Are you sure you wish to grant the permission "%s" to %s: %s') % (permission, ct.name, requester)
+
+    elif action == 'revoke':
+        permissions = [PERMISSION_PERMISSION_REVOKE]
+        try:
+            check_permissions(request.user, 'permissions', permissions)
+        except Unauthorized, e:
+            raise Http404(e)
+        title = _('Are you sure you wish to revoke the permission "%s" from %s: %s') % (permission, ct.name, requester)
+    else:
+        return HttpResponseRedirect('/')
+
+    next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None)))
+    previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', None)))
+
+
+    if request.method == 'POST':
+        if action == 'grant':
+            permission_holder, created = PermissionHolder.objects.get_or_create(permission=permission, holder_type=ct, holder_id=requester.id)
+            if created:
+                messages.success(request, _(u'Permission "%s" granted to %s: %s.') % (permission, ct.name, requester))
+            else:
+                messages.warning(request, _(u'%s: %s, already had the permission "%s" granted.') % (ct.name, requester, permission))
+        elif action == 'revoke':
+            try:
+                permission_holder = PermissionHolder.objects.get(permission=permission, holder_type=ct, holder_id=requester.id)
+                permission_holder.delete()
+                messages.success(request, _(u'Permission "%s" revoked from %s: %s.') % (permission, ct.name, requester))
+            except ObjectDoesNotExist:
+                messages.warning(request, _(u'%s: %s doesn\'t have the permission "%s".') % (ct.name, requester, permission))
+        return HttpResponseRedirect(next)
+        
+    return render_to_response('generic_confirm.html', {
+        'object':requester,
+        'next':next,
+        'previous':previous,
+        'title':title,
+    }, context_instance=RequestContext(request))
+
+