Fix acls_class_acl_detail view

apps/acls/__init__.py

@@ -4,16 +4,16 @@ from navigation.api import register_links, register_multi_item_links
 from permissions.models import PermissionNamespace, Permission
 from project_setup.api import register_setup
 
-from acls.models import AccessHolder, AccessObjectClass
+from acls.models import AccessHolder, AccessObjectClass, ClassAccessHolder
 
 acls_namespace = PermissionNamespace('acls', _(u'Access control lists'))
+acls_setup_namespace = PermissionNamespace('acls_setup', _(u'Access control lists'))
 
 ACLS_EDIT_ACL = Permission.objects.register(acls_namespace, 'acl_edit', _(u'Edit ACLs'))
 ACLS_VIEW_ACL = Permission.objects.register(acls_namespace, 'acl_view', _(u'View ACLs'))
 
-ACLS_CLASS_EDIT_ACL = Permission.objects.register(acls_namespace, 'acl_edit', _(u'Edit class default ACLs'))
-ACLS_CLASS_VIEW_ACL = Permission.objects.register(acls_namespace, 'acl_view', _(u'View class default ACLs'))
-
+ACLS_CLASS_EDIT_ACL = Permission.objects.register(acls_setup_namespace, 'acl_class_edit', _(u'Edit class default ACLs'))
+ACLS_CLASS_VIEW_ACL = Permission.objects.register(acls_setup_namespace, 'acl_class_view', _(u'View class default ACLs'))
 
 acl_list = {'text': _(u'ACLs'), 'view': 'acl_list', 'famfam': 'lock', 'permissions': [ACLS_VIEW_ACL]}
 acl_detail = {'text': _(u'edit'), 'view': 'acl_detail', 'args': ['access_object.gid', 'object.gid'], 'famfam': 'lock', 'permissions': [ACLS_VIEW_ACL]}
@@ -23,6 +23,7 @@ acl_revoke = {'text': _(u'revoke'), 'view': 'acl_multiple_revoke', 'famfam': 'ke
 acl_setup_valid_classes = {'text': _(u'Default ACLs'), 'view': 'acl_setup_valid_classes', 'icon': 'lock.png'}#, 'permissions': [ACLS_EDIT_ACL]}
 acl_class_list = {'text': _(u'List of classes'), 'view': 'acl_setup_valid_classes', 'famfam': 'package'}#, 'permissions': [ACLS_EDIT_ACL]}
 acl_class_acl_list = {'text': _(u'ACLs for class'), 'view': 'acl_class_acl_list', 'args': 'object.gid', 'famfam': 'lock'}#, 'permissions': [ACLS_VIEW_ACL]}
+acls_class_acl_detail = {'text': _(u'edit'), 'view': 'acls_class_acl_detail', 'args': ['access_object_class.gid', 'object.gid'], 'famfam': 'lock', 'permissions': [ACLS_VIEW_ACL]}
 acl_class_new_holder_for = {'text': _(u'New holder'), 'view': 'acl_class_new_holder_for', 'args': 'object.gid', 'famfam': 'user'}#, 'permissions': [ACLS_VIEW_ACL]}
 acl_class_grant = {'text': _(u'grant'), 'view': 'acl_class_multiple_grant', 'famfam': 'key_add', 'permissions': [ACLS_EDIT_ACL]}
 acl_class_revoke = {'text': _(u'revoke'), 'view': 'acl_class_multiple_revoke', 'famfam': 'key_delete', 'permissions': [ACLS_EDIT_ACL]}
@@ -33,6 +34,8 @@ register_multi_item_links(['acl_detail'], [acl_grant, acl_revoke])
 register_setup(acl_setup_valid_classes)
 register_links(['acl_setup_valid_classes', 'acl_class_acl_list', 'acl_class_new_holder_for', 'acls_class_acl_detail'], [acl_class_list], menu_name='sidebar')
 
+register_links(ClassAccessHolder, [acls_class_acl_detail])
+
 register_links(AccessObjectClass, [acl_class_acl_list])
 register_links(AccessObjectClass, [acl_class_new_holder_for])
 register_multi_item_links(['acls_class_acl_detail'], [acl_class_grant, acl_class_revoke])

apps/acls/urls.py

@@ -3,14 +3,12 @@ from django.conf.urls.defaults import patterns, url
 urlpatterns = patterns('acls.views',
     url(r'^new_holder_for/(?P<app_label>[-\w]+)/(?P<model_name>[-\w]+)/(?P<object_id>\d+)/$', 'acl_new_holder_for', (), 'acl_new_holder_for'),
     url(r'^list_for/(?P<app_label>[-\w]+)/(?P<model_name>[-\w]+)/(?P<object_id>\d+)/$', 'acl_list', (), 'acl_list'),
-    #url(r'^object/(?P<app_label>[-\w]+)/(?P<model_name>[-\w]+)/(?P<object_id>\d+)/holder/(?P<holder_app_label>[-\w]+)/(?P<holder_model_name>[-\w]+)/(?P<holder_id>\d+)/$', 'acl_detail', (), 'acl_detail'),
     url(r'^details/(?P<access_object_gid>[.\w]+)/holder/(?P<holder_object_gid>[.\w]+)/$', 'acl_detail', (), 'acl_detail'),
  
     url(r'^multiple/grant/$', 'acl_grant', (), 'acl_multiple_grant'),
     url(r'^multiple/revoke/$', 'acl_revoke', (), 'acl_multiple_revoke'),
 
     url(r'^class/$', 'acl_setup_valid_classes', (), 'acl_setup_valid_classes'),
-    #url(r'^class/list_for/(?P<app_label>[-\w]+)/(?P<model_name>[-\w]+)/$', 'acl_class_acl_list', (), 'acl_class_acl_list'),    
     url(r'^class/details/(?P<access_object_class_gid>[.\w]+)/holder/(?P<holder_object_gid>[.\w]+)/$', 'acls_class_acl_detail', (), 'acls_class_acl_detail'),
     url(r'^class/list_for/(?P<access_object_class_gid>[.\w]+)/$', 'acl_class_acl_list', (), 'acl_class_acl_list'),    
     url(r'^class/holder/new/(?P<access_object_class_gid>[.\w]+)/$', 'acl_class_new_holder_for', (), 'acl_class_new_holder_for'),

apps/acls/views.py

@@ -18,9 +18,10 @@ from permissions.models import Permission, Role
 from common.utils import generate_choices_w_labels, encapsulate
 from common.widgets import two_state_template
 
-from acls import ACLS_EDIT_ACL, ACLS_VIEW_ACL
+from acls import (ACLS_EDIT_ACL, ACLS_VIEW_ACL, ACLS_CLASS_EDIT_ACL,
+    ACLS_CLASS_VIEW_ACL)
 from acls.models import (AccessEntry, AccessObject, AccessHolder,
-    DefaultAccessEntry, AccessObjectClass)
+    DefaultAccessEntry, AccessObjectClass, ClassAccessHolder)
 from acls.widgets import object_w_content_type_icon
 from acls.forms import HolderSelectionForm
 
@@ -295,15 +296,12 @@ def acl_new_holder_for(request, obj, extra_context=None):
 
 # Setup views
 def acl_setup_valid_classes(request):
-    #Permission.objects.check_permissions(request.user, [ACLS_VIEW_ACL])
+    Permission.objects.check_permissions(request.user, [ACLS_CLASS_VIEW_ACL, ACLS_CLASS_EDIT_ACL])
     logger.debug('DefaultAccessEntry.get_classes(): %s' % DefaultAccessEntry.get_classes())
 
     context = {
-        #'object_list': [AccessObjectClass.encapsulate(cls) for cls in DefaultAccessEntry.get_classes()],
         'object_list': DefaultAccessEntry.get_classes(),
-        #'title': _(u'default access control lists'),
         'title': _(u'classes'),
-        #'hide_links': True,
         'extra_columns': [
             {'name': _(u'class'), 'attribute': encapsulate(lambda x: object_w_content_type_icon(x.source_object))},
             ],
@@ -315,21 +313,18 @@ def acl_setup_valid_classes(request):
 
 
 def acl_class_acl_list(request, access_object_class_gid):
-    #Permission.objects.check_permissions(request.user, [ACLS_VIEW_ACL])
+    Permission.objects.check_permissions(request.user, [ACLS_CLASS_VIEW_ACL, ACLS_CLASS_EDIT_ACL])
     
     access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
     context = {
         'object_list': DefaultAccessEntry.objects.get_holders_for(access_object_class.source_object),
         'title': _(u'default access control lists for class: %s') % access_object_class,
-        #'multi_select_as_buttons': True,
-        #'hide_links': True,
-        #'extra_columns': [
-            #{'name': _(u'holder'), 'attribute': encapsulate(lambda x: object_w_content_type_icon(x.source_object))},
-            #{'name': _(u'permissions'), 'attribute': encapsulate(lambda x: _permission_titles(AccessEntry.objects.get_holder_permissions_for(obj, x.source_object)))},
-        #    ],
-        #'hide_object': True,
-        #'access_object': AccessObject.encapsulate(ct)
-        'object': access_object_class,
+        'extra_columns': [
+            {'name': _(u'holder'), 'attribute': encapsulate(lambda x: object_w_content_type_icon(x.source_object))},
+            {'name': _(u'permissions'), 'attribute': encapsulate(lambda x: _permission_titles(DefaultAccessEntry.objects.get_holder_permissions_for(access_object_class.source_object, x.source_object)))},
+            ],
+        'hide_object': True,
+        'access_object_class': access_object_class,
     }
 
     return render_to_response('generic_list.html', context,
@@ -337,8 +332,7 @@ def acl_class_acl_list(request, access_object_class_gid):
 
 
 def acls_class_acl_detail(request, access_object_class_gid, holder_object_gid):
-    #Permission.objects.check_permissions(request.user, [ACLS_VIEW_ACL, ACLS_EDIT_ACL])
-    
+    Permission.objects.check_permissions(request.user, [ACLS_CLASS_VIEW_ACL, ACLS_CLASS_EDIT_ACL])
     try:
         holder = AccessHolder.get(gid=holder_object_gid)
         access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
@@ -380,21 +374,20 @@ def acls_class_acl_detail(request, access_object_class_gid, holder_object_gid):
         
 
 def acl_class_new_holder_for(request, access_object_class_gid):
-    #Permission.objects.check_permissions(request.user, [ACLS_EDIT_ACL])
+    Permission.objects.check_permissions(request.user, [ACLS_CLASS_EDIT_ACL])
     access_object_class = AccessObjectClass.get(gid=access_object_class_gid)
 
     if request.method == 'POST':
         form = HolderSelectionForm(request.POST)
         if form.is_valid():
             try:
-                #access_object = AccessObject.encapsulate(access_object_class)
-                access_holder = AccessHolder.get(form.cleaned_data['holder_gid'])
+                access_holder = ClassAccessHolder.get(form.cleaned_data['holder_gid'])
 
                 return HttpResponseRedirect(reverse('acls_class_acl_detail', args=[access_object_class.gid, access_holder.gid]))
             except ObjectDoesNotExist:
                 raise Http404
     else:
-        form = HolderSelectionForm()
+        form = HolderSelectionForm(current_holders=DefaultAccessEntry.objects.get_holders_for(access_object_class))
 
     context = {
         'form': form,
@@ -409,7 +402,7 @@ def acl_class_new_holder_for(request, access_object_class_gid):
 
 
 def acl_class_multiple_grant(request):
-    #Permission.objects.check_permissions(request.user, [ACLS_EDIT_ACL])
+    Permission.objects.check_permissions(request.user, [ACLS_CLASS_EDIT_ACL])
     items_property_list = loads(request.GET.get('items_property_list', []))
     post_action_redirect = None
 
@@ -489,7 +482,7 @@ def acl_class_multiple_grant(request):
 
 
 def acl_class_multiple_revoke(request):
-    #Permission.objects.check_permissions(request.user, [ACLS_EDIT_ACL])
+    Permission.objects.check_permissions(request.user, [ACLS_CLASS_EDIT_ACL])
     items_property_list = loads(request.GET.get('items_property_list', []))
     post_action_redirect = None