Merge branch 'feature/easy_grant_remove' into development
This commit is contained in:
Roberto Rosario
@@ -5,6 +5,7 @@
|
||||
{% load non_breakable %}
|
||||
{% load variable_tags %}
|
||||
{% load main_settings_tags %}
|
||||
{% load multiselect_tags %}
|
||||
|
||||
{% get_main_setting "DISABLE_ICONS" as disable_icons %}
|
||||
|
||||
@@ -91,7 +92,13 @@
|
||||
{% for object in object_list %}
|
||||
<tr class="{% cycle 'odd' 'even2' %}">
|
||||
{% if multi_select or multi_select_as_buttons %}
|
||||
<td><input type="checkbox" class="checkbox" name="pk_{{ object.pk }}" value="" /></td>
|
||||
<td>
|
||||
{% if multi_select_item_properties %}
|
||||
<input type="checkbox" class="checkbox" name="properties_{{ object|get_encoded_parameter:multi_select_item_properties }}" value="" />
|
||||
{% else %}
|
||||
<input type="checkbox" class="checkbox" name="pk_{{ object.pk }}" value="" />
|
||||
{% endif %}
|
||||
</td>
|
||||
{% endif %}
|
||||
{% if not hide_object %}
|
||||
{% if main_object %}
|
||||
|
||||
14
apps/common/templatetags/multiselect_tags.py
Normal file
14
apps/common/templatetags/multiselect_tags.py
Normal file
@@ -0,0 +1,14 @@
|
||||
from django.template import Library
|
||||
from django.utils.simplejson import dumps
|
||||
|
||||
from common.utils import return_attrib
|
||||
|
||||
register = Library()
|
||||
|
||||
|
||||
@register.filter
|
||||
def get_encoded_parameter(item, parameters_dict):
|
||||
result = {}
|
||||
for attrib_name, attrib in parameters_dict.items():
|
||||
result[attrib_name] = return_attrib(item, attrib)
|
||||
return dumps(result)
|
||||
@@ -8,6 +8,7 @@ from django.contrib.contenttypes.models import ContentType
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.utils.http import urlencode
|
||||
from django.contrib.auth.views import login
|
||||
from django.utils.simplejson import dumps, loads
|
||||
|
||||
from common.forms import ChoiceForm, UserForm, UserForm_view, \
|
||||
ChangelogForm, LicenseForm
|
||||
@@ -34,19 +35,28 @@ def multi_object_action_view(request):
|
||||
|
||||
action = request.GET.get('action', None)
|
||||
id_list = u','.join([key[3:] for key in request.GET.keys() if key.startswith('pk_')])
|
||||
items_property_list = [loads(key[11:]) for key in request.GET.keys() if key.startswith('properties_')]
|
||||
|
||||
if not action:
|
||||
messages.error(request, _(u'No action selected.'))
|
||||
return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/'))
|
||||
|
||||
if not id_list:
|
||||
if not id_list and not items_property_list:
|
||||
messages.error(request, _(u'Must select at least one item.'))
|
||||
return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/'))
|
||||
|
||||
return HttpResponseRedirect('%s?%s' % (
|
||||
action,
|
||||
urlencode({'id_list': id_list, 'next': next}))
|
||||
)
|
||||
# Separate redirects to keep backwards compatibility with older
|
||||
# functions that don't expect a properties_list parameter
|
||||
if items_property_list:
|
||||
return HttpResponseRedirect('%s?%s' % (
|
||||
action,
|
||||
urlencode({'items_property_list': dumps(items_property_list), 'next': next}))
|
||||
)
|
||||
else:
|
||||
return HttpResponseRedirect('%s?%s' % (
|
||||
action,
|
||||
urlencode({'id_list': id_list, 'next': next}))
|
||||
)
|
||||
|
||||
|
||||
def get_obj_from_content_type_string(string):
|
||||
|
||||
@@ -71,12 +71,18 @@ mimetype_icons = {
|
||||
|
||||
def get_icon_file_path(mimetype):
|
||||
file_name = mimetype_icons.get(mimetype, UNKNWON_TYPE_FILE_NAME)
|
||||
return os.path.join(settings.STATIC_ROOT, MIMETYPE_ICONS_DIRECTORY_NAME, file_name)
|
||||
|
||||
if settings.DEVELOPMENT:
|
||||
return os.path.join(settings.PROJECT_ROOT, 'apps', 'mimetype', 'static', MIMETYPE_ICONS_DIRECTORY_NAME, file_name)
|
||||
else:
|
||||
return os.path.join(settings.STATIC_ROOT, MIMETYPE_ICONS_DIRECTORY_NAME, file_name)
|
||||
|
||||
|
||||
def get_error_icon_file_path():
|
||||
return os.path.join(settings.STATIC_ROOT, MIMETYPE_ICONS_DIRECTORY_NAME, ERROR_FILE_NAME)
|
||||
|
||||
if settings.DEVELOPMENT:
|
||||
return os.path.join(settings.PROJECT_ROOT, 'apps', 'mimetype', 'static', MIMETYPE_ICONS_DIRECTORY_NAME, ERROR_FILE_NAME)
|
||||
else:
|
||||
return os.path.join(settings.STATIC_ROOT, MIMETYPE_ICONS_DIRECTORY_NAME, ERROR_FILE_NAME)
|
||||
|
||||
|
||||
def get_mimetype(filepath):
|
||||
"""
|
||||
|
||||
@@ -3,7 +3,7 @@ from django.db.models.signals import post_save
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from navigation.api import register_links
|
||||
from navigation.api import register_links, register_multi_item_links
|
||||
from project_setup.api import register_setup
|
||||
|
||||
from permissions.conf.settings import DEFAULT_ROLES
|
||||
@@ -16,7 +16,6 @@ PERMISSION_ROLE_DELETE = {'namespace': 'permissions', 'name': 'role_delete', 'la
|
||||
PERMISSION_PERMISSION_GRANT = {'namespace': 'permissions', 'name': 'permission_grant', 'label': _(u'Grant permissions')}
|
||||
PERMISSION_PERMISSION_REVOKE = {'namespace': 'permissions', 'name': 'permission_revoke', 'label': _(u'Revoke permissions')}
|
||||
|
||||
|
||||
role_list = {'text': _(u'roles'), 'view': 'role_list', 'famfam': 'medal_gold_1', 'icon': 'medal_gold_1.png', 'permissions': [PERMISSION_ROLE_VIEW]}
|
||||
role_create = {'text': _(u'create new role'), 'view': 'role_create', 'famfam': 'medal_gold_add', 'permissions': [PERMISSION_ROLE_CREATE]}
|
||||
role_edit = {'text': _(u'edit'), 'view': 'role_edit', 'args': 'object.id', 'famfam': 'medal_gold_1', 'permissions': [PERMISSION_ROLE_EDIT]}
|
||||
@@ -24,8 +23,12 @@ role_members = {'text': _(u'members'), 'view': 'role_members', 'args': 'object.i
|
||||
role_permissions = {'text': _(u'role permissions'), 'view': 'role_permissions', 'args': 'object.id', 'famfam': 'key_go', 'permissions': [PERMISSION_PERMISSION_GRANT, PERMISSION_PERMISSION_REVOKE]}
|
||||
role_delete = {'text': _(u'delete'), 'view': 'role_delete', 'args': 'object.id', 'famfam': 'medal_gold_delete', 'permissions': [PERMISSION_ROLE_DELETE]}
|
||||
|
||||
permission_grant = {'text': _(u'grant'), 'view': 'permission_multiple_grant', 'famfam': 'key_add', 'permissions': [PERMISSION_PERMISSION_GRANT]}
|
||||
permission_revoke = {'text': _(u'revoke'), 'view': 'permission_multiple_revoke', 'famfam': 'key_delete', 'permissions': [PERMISSION_PERMISSION_REVOKE]}
|
||||
|
||||
register_links(Role, [role_edit, role_delete, role_permissions, role_members])
|
||||
register_links(['role_members', 'role_list', 'role_view', 'role_create', 'role_edit', 'role_permissions', 'role_delete'], [role_list, role_create], menu_name='sidebar')
|
||||
register_multi_item_links(['role_permissions'], [permission_grant, permission_revoke])
|
||||
|
||||
permission_views = ['role_list', 'role_create', 'role_edit', 'role_members', 'role_permissions', 'role_delete']
|
||||
|
||||
|
||||
@@ -48,6 +48,18 @@ class Permission(models.Model):
|
||||
if self.has_permission(membership):
|
||||
return True
|
||||
|
||||
def grant_to(self, requester):
|
||||
permission_holder, created = PermissionHolder.objects.get_or_create(permission=self, holder_type=ContentType.objects.get_for_model(requester), holder_id=requester.pk)
|
||||
return created
|
||||
|
||||
def revoke_from(self, holder):
|
||||
try:
|
||||
permission_holder = PermissionHolder.objects.get(permission=self, holder_type=ContentType.objects.get_for_model(holder), holder_id=holder.pk)
|
||||
permission_holder.delete()
|
||||
return True
|
||||
except PermissionHolder.DoesNotExist:
|
||||
return False
|
||||
|
||||
|
||||
class PermissionHolder(models.Model):
|
||||
permission = models.ForeignKey(Permission, verbose_name=_(u'permission'))
|
||||
|
||||
@@ -7,7 +7,7 @@ urlpatterns = patterns('permissions.views',
|
||||
url(r'^role/(?P<role_id>\d+)/edit/$', 'role_edit', (), 'role_edit'),
|
||||
url(r'^role/(?P<role_id>\d+)/delete/$', 'role_delete', (), 'role_delete'),
|
||||
url(r'^role/(?P<role_id>\d+)/members/$', 'role_members', (), 'role_members'),
|
||||
|
||||
url(r'^permission/(?P<permission_id>\d+)/for/(?P<app_label>[\w\-]+)/(?P<module_name>[\w\-]+)/(?P<pk>\d+)/grant/$', 'permission_grant_revoke', {'action': 'grant'}, 'permission_grant'),
|
||||
url(r'^permission/(?P<permission_id>\d+)/for/(?P<app_label>[\w\-]+)/(?P<module_name>[\w\-]+)/(?P<pk>\d+)/revoke/$', 'permission_grant_revoke', {'action': 'revoke'}, 'permission_revoke'),
|
||||
|
||||
url(r'^permissions/multiple/grant/$', 'permission_grant', (), 'permission_multiple_grant'),
|
||||
url(r'^permissions/multiple/revoke/$', 'permission_revoke', (), 'permission_multiple_revoke'),
|
||||
)
|
||||
|
||||
@@ -1,3 +1,6 @@
|
||||
import operator
|
||||
import itertools
|
||||
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
from django.http import HttpResponseRedirect
|
||||
from django.shortcuts import render_to_response, get_object_or_404
|
||||
@@ -7,11 +10,13 @@ from django.views.generic.list_detail import object_list
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.views.generic.create_update import create_object, delete_object, update_object
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.contrib.auth.models import User, Group
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.utils.simplejson import loads
|
||||
|
||||
from common.views import assign_remove
|
||||
from common.utils import generate_choices_w_labels, encapsulate
|
||||
from common.widgets import two_state_template
|
||||
|
||||
from permissions.models import Role, Permission, PermissionHolder, RoleMember
|
||||
from permissions.forms import RoleForm, RoleForm_view
|
||||
@@ -53,9 +58,9 @@ def role_permissions(request, role_id):
|
||||
{'name': _(u'namespace'), 'attribute': encapsulate(lambda x: namespace_titles[x.namespace] if x.namespace in namespace_titles else x.namespace)},
|
||||
{'name': _(u'name'), 'attribute': u'label'},
|
||||
{
|
||||
'name':_(u'state'),
|
||||
'attribute': encapsulate(lambda x: role_permission_link(role, x, role_permissions_list)),
|
||||
}
|
||||
'name':_(u'has permission'),
|
||||
'attribute': encapsulate(lambda x: two_state_template(x.has_permission(role))),
|
||||
},
|
||||
],
|
||||
'hide_link': True,
|
||||
'hide_object': True,
|
||||
@@ -68,6 +73,13 @@ def role_permissions(request, role_id):
|
||||
'object': role,
|
||||
'object_name': _(u'role'),
|
||||
'subtemplates_list': subtemplates_list,
|
||||
'multi_select_as_buttons': True,
|
||||
'multi_select_item_properties': {
|
||||
'permission_id': lambda x: x.pk,
|
||||
'requester_id': lambda x: role.pk,
|
||||
'requester_app_label': lambda x: ContentType.objects.get_for_model(role).app_label,
|
||||
'requester_model': lambda x: ContentType.objects.get_for_model(role).model,
|
||||
},
|
||||
}, context_instance=RequestContext(request))
|
||||
|
||||
|
||||
@@ -105,55 +117,122 @@ def role_delete(request, role_id):
|
||||
})
|
||||
|
||||
|
||||
def permission_grant_revoke(request, permission_id, app_label, module_name, pk, action):
|
||||
ct = get_object_or_404(ContentType, app_label=app_label, model=module_name)
|
||||
requester_model = ct.model_class()
|
||||
requester = get_object_or_404(requester_model, pk=pk)
|
||||
permission = get_object_or_404(Permission, pk=permission_id)
|
||||
|
||||
if action == 'grant':
|
||||
check_permissions(request.user, [PERMISSION_PERMISSION_GRANT])
|
||||
title = _(u'Are you sure you wish to grant the permission "%(permission)s" to %(ct_name)s: %(requester)s') % {
|
||||
'permission': permission, 'ct_name': ct.name, 'requester': requester}
|
||||
icon_name = u'key_add.png'
|
||||
elif action == 'revoke':
|
||||
check_permissions(request.user, [PERMISSION_PERMISSION_REVOKE])
|
||||
title = _(u'Are you sure you wish to revoke the permission "%(permission)s" from %(ct_name)s: %(requester)s') % {
|
||||
'permission': permission, 'ct_name': ct.name, 'requester': requester}
|
||||
icon_name = u'key_delete.png'
|
||||
else:
|
||||
return HttpResponseRedirect(u'/')
|
||||
def permission_grant(request):
|
||||
check_permissions(request.user, [PERMISSION_PERMISSION_GRANT])
|
||||
items_property_list = loads(request.GET.get('items_property_list', []))
|
||||
post_action_redirect = None
|
||||
|
||||
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None)))
|
||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', None)))
|
||||
|
||||
items = []
|
||||
for item_properties in items_property_list:
|
||||
permission = get_object_or_404(Permission, pk=item_properties['permission_id'])
|
||||
ct = get_object_or_404(ContentType, app_label=item_properties['requester_app_label'], model=item_properties['requester_model'])
|
||||
requester_model = ct.model_class()
|
||||
requester = get_object_or_404(requester_model, pk=item_properties['requester_id'])
|
||||
items.append({'requester': requester, 'permission': permission})
|
||||
|
||||
sorted_items = sorted(items, key=operator.itemgetter('requester'))
|
||||
# Group items by requester
|
||||
groups = itertools.groupby(sorted_items, key=operator.itemgetter('requester'))
|
||||
grouped_items = [(grouper, [permission['permission'] for permission in group_data]) for grouper, group_data in groups]
|
||||
|
||||
# Warning: trial and error black magic ahead
|
||||
title_suffix = _(u' and ').join([_(u'%s to %s') % (', '.join(['"%s"' % unicode(ps) for ps in p]), unicode(r)) for r, p in grouped_items])
|
||||
|
||||
if len(grouped_items) == 1 and len(grouped_items[0][1]) == 1:
|
||||
permissions_label = _(u'permission')
|
||||
else:
|
||||
permissions_label = _(u'permissions')
|
||||
|
||||
if request.method == 'POST':
|
||||
if action == 'grant':
|
||||
permission_holder, created = PermissionHolder.objects.get_or_create(permission=permission, holder_type=ct, holder_id=requester.pk)
|
||||
if created:
|
||||
messages.success(request, _(u'Permission "%(permission)s" granted to %(ct_name)s: %(requester)s.') % {
|
||||
'permission': permission, 'ct_name': ct.name, 'requester': requester})
|
||||
for item in items:
|
||||
if item['permission'].grant_to(item['requester']):
|
||||
messages.success(request, _(u'Permission "%(permission)s" granted to: %(requester)s.') % {
|
||||
'permission': item['permission'], 'requester': item['requester']})
|
||||
else:
|
||||
messages.warning(request, _(u'%(ct_name)s: %(requester)s, already had the permission "%(permission)s" granted.') % {
|
||||
'ct_name': ct.name, 'requester': requester, 'permission': permission})
|
||||
elif action == 'revoke':
|
||||
try:
|
||||
permission_holder = PermissionHolder.objects.get(permission=permission, holder_type=ct, holder_id=requester.pk)
|
||||
permission_holder.delete()
|
||||
messages.success(request, _(u'Permission "%(permission)s" revoked from %(ct_name)s: %(requester)s.') % {
|
||||
'permission': permission, 'ct_name': ct.name, 'requester': requester})
|
||||
except ObjectDoesNotExist:
|
||||
messages.warning(request, _(u'%(ct_name)s: %(requester)s doesn\'t have the permission "%(permission)s".') % {
|
||||
'ct_name': ct.name, 'requester': requester, 'permission': permission})
|
||||
messages.warning(request, _(u'%(requester)s, already had the permission "%(permission)s" granted.') % {
|
||||
'requester': item['requester'], 'permission': item['permission']})
|
||||
|
||||
return HttpResponseRedirect(next)
|
||||
|
||||
return render_to_response('generic_confirm.html', {
|
||||
'object': requester,
|
||||
'next': next,
|
||||
context = {
|
||||
'delete_view': True,
|
||||
'previous': previous,
|
||||
'title': title,
|
||||
'form_icon': icon_name,
|
||||
}, context_instance=RequestContext(request))
|
||||
'next': next,
|
||||
'form_icon': u'key_add.png',
|
||||
}
|
||||
|
||||
context['title'] = _(u'Are you sure you wish to grant the %(permissions_label)s %(title_suffix)s?') % {
|
||||
'permissions_label': permissions_label,
|
||||
'title_suffix': title_suffix,
|
||||
}
|
||||
|
||||
if len(grouped_items) == 1:
|
||||
context['object'] = grouped_items[0][0]
|
||||
|
||||
return render_to_response('generic_confirm.html', context,
|
||||
context_instance=RequestContext(request))
|
||||
|
||||
|
||||
def permission_revoke(request):
|
||||
check_permissions(request.user, [PERMISSION_PERMISSION_REVOKE])
|
||||
items_property_list = loads(request.GET.get('items_property_list', []))
|
||||
post_action_redirect = None
|
||||
|
||||
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None)))
|
||||
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', None)))
|
||||
|
||||
items = []
|
||||
for item_properties in items_property_list:
|
||||
permission = get_object_or_404(Permission, pk=item_properties['permission_id'])
|
||||
ct = get_object_or_404(ContentType, app_label=item_properties['requester_app_label'], model=item_properties['requester_model'])
|
||||
requester_model = ct.model_class()
|
||||
requester = get_object_or_404(requester_model, pk=item_properties['requester_id'])
|
||||
items.append({'requester': requester, 'permission': permission})
|
||||
|
||||
sorted_items = sorted(items, key=operator.itemgetter('requester'))
|
||||
# Group items by requester
|
||||
groups = itertools.groupby(sorted_items, key=operator.itemgetter('requester'))
|
||||
grouped_items = [(grouper, [permission['permission'] for permission in group_data]) for grouper, group_data in groups]
|
||||
|
||||
# Warning: trial and error black magic ahead
|
||||
title_suffix = _(u' and ').join([_(u'%s from %s') % (', '.join(['"%s"' % unicode(ps) for ps in p]), unicode(r)) for r, p in grouped_items])
|
||||
|
||||
if len(grouped_items) == 1 and len(grouped_items[0][1]) == 1:
|
||||
permissions_label = _(u'permission')
|
||||
else:
|
||||
permissions_label = _(u'permissions')
|
||||
|
||||
if request.method == 'POST':
|
||||
for item in items:
|
||||
if item['permission'].revoke_from(item['requester']):
|
||||
messages.success(request, _(u'Permission "%(permission)s" revoked from: %(requester)s.') % {
|
||||
'permission': item['permission'], 'requester': item['requester']})
|
||||
else:
|
||||
messages.warning(request, _(u'%(requester)s, doesn\'t have the permission "%(permission)s" granted.') % {
|
||||
'requester': item['requester'], 'permission': item['permission']})
|
||||
|
||||
return HttpResponseRedirect(next)
|
||||
|
||||
context = {
|
||||
'delete_view': True,
|
||||
'previous': previous,
|
||||
'next': next,
|
||||
'form_icon': u'key_delete.png',
|
||||
}
|
||||
|
||||
context['title'] = _(u'Are you sure you wish to revoke the %(permissions_label)s %(title_suffix)s?') % {
|
||||
'permissions_label': permissions_label,
|
||||
'title_suffix': title_suffix,
|
||||
}
|
||||
|
||||
if len(grouped_items) == 1:
|
||||
context['object'] = grouped_items[0][0]
|
||||
|
||||
return render_to_response('generic_confirm.html', context,
|
||||
context_instance=RequestContext(request))
|
||||
|
||||
|
||||
def get_role_members(role):
|
||||
|
||||
Reference in New Issue
Block a user