From cb55b95e66ac4c6ef97c93fd629ee1ea7afcf031 Mon Sep 17 00:00:00 2001 From: Roberto Rosario Date: Sun, 16 Oct 2011 07:28:03 -0400 Subject: [PATCH 1/4] Added granting and revoking permission methods to the permission model --- apps/permissions/models.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/apps/permissions/models.py b/apps/permissions/models.py index df5d7c0626..637a59efab 100644 --- a/apps/permissions/models.py +++ b/apps/permissions/models.py @@ -48,6 +48,18 @@ class Permission(models.Model): if self.has_permission(membership): return True + def grant_to(self, requester): + permission_holder, created = PermissionHolder.objects.get_or_create(permission=self, holder_type=ContentType.objects.get_for_model(requester), holder_id=requester.pk) + return created + + def revoke_from(self, holder): + try: + permission_holder = PermissionHolder.objects.get(permission=self, holder_type=ContentType.objects.get_for_model(holder), holder_id=holder.pk) + permission_holder.delete() + return True + except PermissionHolder.DoesNotExist: + return False + class PermissionHolder(models.Model): permission = models.ForeignKey(Permission, verbose_name=_(u'permission')) From 1e0cbc1fcd2ca1cfc1da3610e62499a52e768747 Mon Sep 17 00:00:00 2001 From: Roberto Rosario Date: Sun, 16 Oct 2011 07:28:51 -0400 Subject: [PATCH 2/4] Correctly calculate the mimetype icons paths when on development mode --- apps/mimetype/api.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/apps/mimetype/api.py b/apps/mimetype/api.py index b4d0d86749..3ef46c711d 100644 --- a/apps/mimetype/api.py +++ b/apps/mimetype/api.py @@ -71,12 +71,18 @@ mimetype_icons = { def get_icon_file_path(mimetype): file_name = mimetype_icons.get(mimetype, UNKNWON_TYPE_FILE_NAME) - return os.path.join(settings.STATIC_ROOT, MIMETYPE_ICONS_DIRECTORY_NAME, file_name) - + if settings.DEVELOPMENT: + return os.path.join(settings.PROJECT_ROOT, 'apps', 'mimetype', 'static', MIMETYPE_ICONS_DIRECTORY_NAME, file_name) + else: + return os.path.join(settings.STATIC_ROOT, MIMETYPE_ICONS_DIRECTORY_NAME, file_name) + def get_error_icon_file_path(): - return os.path.join(settings.STATIC_ROOT, MIMETYPE_ICONS_DIRECTORY_NAME, ERROR_FILE_NAME) - + if settings.DEVELOPMENT: + return os.path.join(settings.PROJECT_ROOT, 'apps', 'mimetype', 'static', MIMETYPE_ICONS_DIRECTORY_NAME, ERROR_FILE_NAME) + else: + return os.path.join(settings.STATIC_ROOT, MIMETYPE_ICONS_DIRECTORY_NAME, ERROR_FILE_NAME) + def get_mimetype(filepath): """ From f634ac60090099f0f29046e20b5920c5666b43d4 Mon Sep 17 00:00:00 2001 From: Roberto Rosario Date: Sun, 16 Oct 2011 07:29:29 -0400 Subject: [PATCH 3/4] Added a new more comprehensive method of passing multiple variables per item in multi item selection views --- .../templates/generic_list_subtemplate.html | 9 ++++++++- apps/common/templatetags/multiselect_tags.py | 14 +++++++++++++ apps/common/views.py | 20 ++++++++++++++----- 3 files changed, 37 insertions(+), 6 deletions(-) create mode 100644 apps/common/templatetags/multiselect_tags.py diff --git a/apps/common/templates/generic_list_subtemplate.html b/apps/common/templates/generic_list_subtemplate.html index 8a317bb7ca..d1494312bf 100644 --- a/apps/common/templates/generic_list_subtemplate.html +++ b/apps/common/templates/generic_list_subtemplate.html @@ -5,6 +5,7 @@ {% load non_breakable %} {% load variable_tags %} {% load main_settings_tags %} +{% load multiselect_tags %} {% get_main_setting "DISABLE_ICONS" as disable_icons %} @@ -91,7 +92,13 @@ {% for object in object_list %} {% if multi_select or multi_select_as_buttons %} - + + {% if multi_select_item_properties %} + + {% else %} + + {% endif %} + {% endif %} {% if not hide_object %} {% if main_object %} diff --git a/apps/common/templatetags/multiselect_tags.py b/apps/common/templatetags/multiselect_tags.py new file mode 100644 index 0000000000..27801f0d93 --- /dev/null +++ b/apps/common/templatetags/multiselect_tags.py @@ -0,0 +1,14 @@ +from django.template import Library +from django.utils.simplejson import dumps + +from common.utils import return_attrib + +register = Library() + + +@register.filter +def get_encoded_parameter(item, parameters_dict): + result = {} + for attrib_name, attrib in parameters_dict.items(): + result[attrib_name] = return_attrib(item, attrib) + return dumps(result) diff --git a/apps/common/views.py b/apps/common/views.py index 48c2570bb5..8575e3b788 100644 --- a/apps/common/views.py +++ b/apps/common/views.py @@ -8,6 +8,7 @@ from django.contrib.contenttypes.models import ContentType from django.core.urlresolvers import reverse from django.utils.http import urlencode from django.contrib.auth.views import login +from django.utils.simplejson import dumps, loads from common.forms import ChoiceForm, UserForm, UserForm_view, \ ChangelogForm, LicenseForm @@ -34,19 +35,28 @@ def multi_object_action_view(request): action = request.GET.get('action', None) id_list = u','.join([key[3:] for key in request.GET.keys() if key.startswith('pk_')]) + items_property_list = [loads(key[11:]) for key in request.GET.keys() if key.startswith('properties_')] if not action: messages.error(request, _(u'No action selected.')) return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/')) - if not id_list: + if not id_list and not items_property_list: messages.error(request, _(u'Must select at least one item.')) return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/')) - return HttpResponseRedirect('%s?%s' % ( - action, - urlencode({'id_list': id_list, 'next': next})) - ) + # Separate redirects to keep backwards compatibility with older + # functions that don't expect a properties_list parameter + if items_property_list: + return HttpResponseRedirect('%s?%s' % ( + action, + urlencode({'items_property_list': dumps(items_property_list), 'next': next})) + ) + else: + return HttpResponseRedirect('%s?%s' % ( + action, + urlencode({'id_list': id_list, 'next': next})) + ) def get_obj_from_content_type_string(string): From b1f8a300a9d8a51a6a8f655f61447911b0c9d0e9 Mon Sep 17 00:00:00 2001 From: Roberto Rosario Date: Sun, 16 Oct 2011 07:30:38 -0400 Subject: [PATCH 4/4] Used new multi parameter passing method to improve the usability of the grant/revoke method --- apps/permissions/__init__.py | 7 +- apps/permissions/urls.py | 6 +- apps/permissions/views.py | 167 ++++++++++++++++++++++++++--------- 3 files changed, 131 insertions(+), 49 deletions(-) diff --git a/apps/permissions/__init__.py b/apps/permissions/__init__.py index 1a8a0f9455..e143c8bbb8 100644 --- a/apps/permissions/__init__.py +++ b/apps/permissions/__init__.py @@ -3,7 +3,7 @@ from django.db.models.signals import post_save from django.core.exceptions import ObjectDoesNotExist from django.utils.translation import ugettext_lazy as _ -from navigation.api import register_links +from navigation.api import register_links, register_multi_item_links from project_setup.api import register_setup from permissions.conf.settings import DEFAULT_ROLES @@ -16,7 +16,6 @@ PERMISSION_ROLE_DELETE = {'namespace': 'permissions', 'name': 'role_delete', 'la PERMISSION_PERMISSION_GRANT = {'namespace': 'permissions', 'name': 'permission_grant', 'label': _(u'Grant permissions')} PERMISSION_PERMISSION_REVOKE = {'namespace': 'permissions', 'name': 'permission_revoke', 'label': _(u'Revoke permissions')} - role_list = {'text': _(u'roles'), 'view': 'role_list', 'famfam': 'medal_gold_1', 'icon': 'medal_gold_1.png', 'permissions': [PERMISSION_ROLE_VIEW]} role_create = {'text': _(u'create new role'), 'view': 'role_create', 'famfam': 'medal_gold_add', 'permissions': [PERMISSION_ROLE_CREATE]} role_edit = {'text': _(u'edit'), 'view': 'role_edit', 'args': 'object.id', 'famfam': 'medal_gold_1', 'permissions': [PERMISSION_ROLE_EDIT]} @@ -24,8 +23,12 @@ role_members = {'text': _(u'members'), 'view': 'role_members', 'args': 'object.i role_permissions = {'text': _(u'role permissions'), 'view': 'role_permissions', 'args': 'object.id', 'famfam': 'key_go', 'permissions': [PERMISSION_PERMISSION_GRANT, PERMISSION_PERMISSION_REVOKE]} role_delete = {'text': _(u'delete'), 'view': 'role_delete', 'args': 'object.id', 'famfam': 'medal_gold_delete', 'permissions': [PERMISSION_ROLE_DELETE]} +permission_grant = {'text': _(u'grant'), 'view': 'permission_multiple_grant', 'famfam': 'key_add', 'permissions': [PERMISSION_PERMISSION_GRANT]} +permission_revoke = {'text': _(u'revoke'), 'view': 'permission_multiple_revoke', 'famfam': 'key_delete', 'permissions': [PERMISSION_PERMISSION_REVOKE]} + register_links(Role, [role_edit, role_delete, role_permissions, role_members]) register_links(['role_members', 'role_list', 'role_view', 'role_create', 'role_edit', 'role_permissions', 'role_delete'], [role_list, role_create], menu_name='sidebar') +register_multi_item_links(['role_permissions'], [permission_grant, permission_revoke]) permission_views = ['role_list', 'role_create', 'role_edit', 'role_members', 'role_permissions', 'role_delete'] diff --git a/apps/permissions/urls.py b/apps/permissions/urls.py index c00514f853..ed85c44527 100644 --- a/apps/permissions/urls.py +++ b/apps/permissions/urls.py @@ -7,7 +7,7 @@ urlpatterns = patterns('permissions.views', url(r'^role/(?P\d+)/edit/$', 'role_edit', (), 'role_edit'), url(r'^role/(?P\d+)/delete/$', 'role_delete', (), 'role_delete'), url(r'^role/(?P\d+)/members/$', 'role_members', (), 'role_members'), - - url(r'^permission/(?P\d+)/for/(?P[\w\-]+)/(?P[\w\-]+)/(?P\d+)/grant/$', 'permission_grant_revoke', {'action': 'grant'}, 'permission_grant'), - url(r'^permission/(?P\d+)/for/(?P[\w\-]+)/(?P[\w\-]+)/(?P\d+)/revoke/$', 'permission_grant_revoke', {'action': 'revoke'}, 'permission_revoke'), + + url(r'^permissions/multiple/grant/$', 'permission_grant', (), 'permission_multiple_grant'), + url(r'^permissions/multiple/revoke/$', 'permission_revoke', (), 'permission_multiple_revoke'), ) diff --git a/apps/permissions/views.py b/apps/permissions/views.py index 48108cc5d4..1a1d843faf 100644 --- a/apps/permissions/views.py +++ b/apps/permissions/views.py @@ -1,3 +1,6 @@ +import operator +import itertools + from django.utils.translation import ugettext_lazy as _ from django.http import HttpResponseRedirect from django.shortcuts import render_to_response, get_object_or_404 @@ -7,11 +10,13 @@ from django.views.generic.list_detail import object_list from django.core.urlresolvers import reverse from django.views.generic.create_update import create_object, delete_object, update_object from django.contrib.contenttypes.models import ContentType -from django.core.exceptions import ObjectDoesNotExist from django.contrib.auth.models import User, Group +from django.contrib.contenttypes.models import ContentType +from django.utils.simplejson import loads from common.views import assign_remove from common.utils import generate_choices_w_labels, encapsulate +from common.widgets import two_state_template from permissions.models import Role, Permission, PermissionHolder, RoleMember from permissions.forms import RoleForm, RoleForm_view @@ -53,9 +58,9 @@ def role_permissions(request, role_id): {'name': _(u'namespace'), 'attribute': encapsulate(lambda x: namespace_titles[x.namespace] if x.namespace in namespace_titles else x.namespace)}, {'name': _(u'name'), 'attribute': u'label'}, { - 'name':_(u'state'), - 'attribute': encapsulate(lambda x: role_permission_link(role, x, role_permissions_list)), - } + 'name':_(u'has permission'), + 'attribute': encapsulate(lambda x: two_state_template(x.has_permission(role))), + }, ], 'hide_link': True, 'hide_object': True, @@ -68,6 +73,13 @@ def role_permissions(request, role_id): 'object': role, 'object_name': _(u'role'), 'subtemplates_list': subtemplates_list, + 'multi_select_as_buttons': True, + 'multi_select_item_properties': { + 'permission_id': lambda x: x.pk, + 'requester_id': lambda x: role.pk, + 'requester_app_label': lambda x: ContentType.objects.get_for_model(role).app_label, + 'requester_model': lambda x: ContentType.objects.get_for_model(role).model, + }, }, context_instance=RequestContext(request)) @@ -105,55 +117,122 @@ def role_delete(request, role_id): }) -def permission_grant_revoke(request, permission_id, app_label, module_name, pk, action): - ct = get_object_or_404(ContentType, app_label=app_label, model=module_name) - requester_model = ct.model_class() - requester = get_object_or_404(requester_model, pk=pk) - permission = get_object_or_404(Permission, pk=permission_id) - - if action == 'grant': - check_permissions(request.user, [PERMISSION_PERMISSION_GRANT]) - title = _(u'Are you sure you wish to grant the permission "%(permission)s" to %(ct_name)s: %(requester)s') % { - 'permission': permission, 'ct_name': ct.name, 'requester': requester} - icon_name = u'key_add.png' - elif action == 'revoke': - check_permissions(request.user, [PERMISSION_PERMISSION_REVOKE]) - title = _(u'Are you sure you wish to revoke the permission "%(permission)s" from %(ct_name)s: %(requester)s') % { - 'permission': permission, 'ct_name': ct.name, 'requester': requester} - icon_name = u'key_delete.png' - else: - return HttpResponseRedirect(u'/') +def permission_grant(request): + check_permissions(request.user, [PERMISSION_PERMISSION_GRANT]) + items_property_list = loads(request.GET.get('items_property_list', [])) + post_action_redirect = None next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None))) previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', None))) + items = [] + for item_properties in items_property_list: + permission = get_object_or_404(Permission, pk=item_properties['permission_id']) + ct = get_object_or_404(ContentType, app_label=item_properties['requester_app_label'], model=item_properties['requester_model']) + requester_model = ct.model_class() + requester = get_object_or_404(requester_model, pk=item_properties['requester_id']) + items.append({'requester': requester, 'permission': permission}) + + sorted_items = sorted(items, key=operator.itemgetter('requester')) + # Group items by requester + groups = itertools.groupby(sorted_items, key=operator.itemgetter('requester')) + grouped_items = [(grouper, [permission['permission'] for permission in group_data]) for grouper, group_data in groups] + + # Warning: trial and error black magic ahead + title_suffix = _(u' and ').join([_(u'%s to %s') % (', '.join(['"%s"' % unicode(ps) for ps in p]), unicode(r)) for r, p in grouped_items]) + + if len(grouped_items) == 1 and len(grouped_items[0][1]) == 1: + permissions_label = _(u'permission') + else: + permissions_label = _(u'permissions') + if request.method == 'POST': - if action == 'grant': - permission_holder, created = PermissionHolder.objects.get_or_create(permission=permission, holder_type=ct, holder_id=requester.pk) - if created: - messages.success(request, _(u'Permission "%(permission)s" granted to %(ct_name)s: %(requester)s.') % { - 'permission': permission, 'ct_name': ct.name, 'requester': requester}) + for item in items: + if item['permission'].grant_to(item['requester']): + messages.success(request, _(u'Permission "%(permission)s" granted to: %(requester)s.') % { + 'permission': item['permission'], 'requester': item['requester']}) else: - messages.warning(request, _(u'%(ct_name)s: %(requester)s, already had the permission "%(permission)s" granted.') % { - 'ct_name': ct.name, 'requester': requester, 'permission': permission}) - elif action == 'revoke': - try: - permission_holder = PermissionHolder.objects.get(permission=permission, holder_type=ct, holder_id=requester.pk) - permission_holder.delete() - messages.success(request, _(u'Permission "%(permission)s" revoked from %(ct_name)s: %(requester)s.') % { - 'permission': permission, 'ct_name': ct.name, 'requester': requester}) - except ObjectDoesNotExist: - messages.warning(request, _(u'%(ct_name)s: %(requester)s doesn\'t have the permission "%(permission)s".') % { - 'ct_name': ct.name, 'requester': requester, 'permission': permission}) + messages.warning(request, _(u'%(requester)s, already had the permission "%(permission)s" granted.') % { + 'requester': item['requester'], 'permission': item['permission']}) + return HttpResponseRedirect(next) - return render_to_response('generic_confirm.html', { - 'object': requester, - 'next': next, + context = { + 'delete_view': True, 'previous': previous, - 'title': title, - 'form_icon': icon_name, - }, context_instance=RequestContext(request)) + 'next': next, + 'form_icon': u'key_add.png', + } + + context['title'] = _(u'Are you sure you wish to grant the %(permissions_label)s %(title_suffix)s?') % { + 'permissions_label': permissions_label, + 'title_suffix': title_suffix, + } + + if len(grouped_items) == 1: + context['object'] = grouped_items[0][0] + + return render_to_response('generic_confirm.html', context, + context_instance=RequestContext(request)) + + +def permission_revoke(request): + check_permissions(request.user, [PERMISSION_PERMISSION_REVOKE]) + items_property_list = loads(request.GET.get('items_property_list', [])) + post_action_redirect = None + + next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None))) + previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', None))) + + items = [] + for item_properties in items_property_list: + permission = get_object_or_404(Permission, pk=item_properties['permission_id']) + ct = get_object_or_404(ContentType, app_label=item_properties['requester_app_label'], model=item_properties['requester_model']) + requester_model = ct.model_class() + requester = get_object_or_404(requester_model, pk=item_properties['requester_id']) + items.append({'requester': requester, 'permission': permission}) + + sorted_items = sorted(items, key=operator.itemgetter('requester')) + # Group items by requester + groups = itertools.groupby(sorted_items, key=operator.itemgetter('requester')) + grouped_items = [(grouper, [permission['permission'] for permission in group_data]) for grouper, group_data in groups] + + # Warning: trial and error black magic ahead + title_suffix = _(u' and ').join([_(u'%s from %s') % (', '.join(['"%s"' % unicode(ps) for ps in p]), unicode(r)) for r, p in grouped_items]) + + if len(grouped_items) == 1 and len(grouped_items[0][1]) == 1: + permissions_label = _(u'permission') + else: + permissions_label = _(u'permissions') + + if request.method == 'POST': + for item in items: + if item['permission'].revoke_from(item['requester']): + messages.success(request, _(u'Permission "%(permission)s" revoked from: %(requester)s.') % { + 'permission': item['permission'], 'requester': item['requester']}) + else: + messages.warning(request, _(u'%(requester)s, doesn\'t have the permission "%(permission)s" granted.') % { + 'requester': item['requester'], 'permission': item['permission']}) + + return HttpResponseRedirect(next) + + context = { + 'delete_view': True, + 'previous': previous, + 'next': next, + 'form_icon': u'key_delete.png', + } + + context['title'] = _(u'Are you sure you wish to revoke the %(permissions_label)s %(title_suffix)s?') % { + 'permissions_label': permissions_label, + 'title_suffix': title_suffix, + } + + if len(grouped_items) == 1: + context['object'] = grouped_items[0][0] + + return render_to_response('generic_confirm.html', context, + context_instance=RequestContext(request)) def get_role_members(role):