diff --git a/apps/acls/__init__.py b/apps/acls/__init__.py index a8554290d6..c5ba0faf6a 100644 --- a/apps/acls/__init__.py +++ b/apps/acls/__init__.py @@ -4,16 +4,16 @@ from navigation.api import register_links, register_multi_item_links from permissions.models import PermissionNamespace, Permission from project_setup.api import register_setup -from acls.models import AccessHolder, AccessObjectClass +from acls.models import AccessHolder, AccessObjectClass, ClassAccessHolder acls_namespace = PermissionNamespace('acls', _(u'Access control lists')) +acls_setup_namespace = PermissionNamespace('acls_setup', _(u'Access control lists')) ACLS_EDIT_ACL = Permission.objects.register(acls_namespace, 'acl_edit', _(u'Edit ACLs')) ACLS_VIEW_ACL = Permission.objects.register(acls_namespace, 'acl_view', _(u'View ACLs')) -ACLS_CLASS_EDIT_ACL = Permission.objects.register(acls_namespace, 'acl_edit', _(u'Edit class default ACLs')) -ACLS_CLASS_VIEW_ACL = Permission.objects.register(acls_namespace, 'acl_view', _(u'View class default ACLs')) - +ACLS_CLASS_EDIT_ACL = Permission.objects.register(acls_setup_namespace, 'acl_class_edit', _(u'Edit class default ACLs')) +ACLS_CLASS_VIEW_ACL = Permission.objects.register(acls_setup_namespace, 'acl_class_view', _(u'View class default ACLs')) acl_list = {'text': _(u'ACLs'), 'view': 'acl_list', 'famfam': 'lock', 'permissions': [ACLS_VIEW_ACL]} acl_detail = {'text': _(u'edit'), 'view': 'acl_detail', 'args': ['access_object.gid', 'object.gid'], 'famfam': 'lock', 'permissions': [ACLS_VIEW_ACL]} @@ -23,6 +23,7 @@ acl_revoke = {'text': _(u'revoke'), 'view': 'acl_multiple_revoke', 'famfam': 'ke acl_setup_valid_classes = {'text': _(u'Default ACLs'), 'view': 'acl_setup_valid_classes', 'icon': 'lock.png'}#, 'permissions': [ACLS_EDIT_ACL]} acl_class_list = {'text': _(u'List of classes'), 'view': 'acl_setup_valid_classes', 'famfam': 'package'}#, 'permissions': [ACLS_EDIT_ACL]} acl_class_acl_list = {'text': _(u'ACLs for class'), 'view': 'acl_class_acl_list', 'args': 'object.gid', 'famfam': 'lock'}#, 'permissions': [ACLS_VIEW_ACL]} +acls_class_acl_detail = {'text': _(u'edit'), 'view': 'acls_class_acl_detail', 'args': ['access_object_class.gid', 'object.gid'], 'famfam': 'lock', 'permissions': [ACLS_VIEW_ACL]} acl_class_new_holder_for = {'text': _(u'New holder'), 'view': 'acl_class_new_holder_for', 'args': 'object.gid', 'famfam': 'user'}#, 'permissions': [ACLS_VIEW_ACL]} acl_class_grant = {'text': _(u'grant'), 'view': 'acl_class_multiple_grant', 'famfam': 'key_add', 'permissions': [ACLS_EDIT_ACL]} acl_class_revoke = {'text': _(u'revoke'), 'view': 'acl_class_multiple_revoke', 'famfam': 'key_delete', 'permissions': [ACLS_EDIT_ACL]} @@ -33,6 +34,8 @@ register_multi_item_links(['acl_detail'], [acl_grant, acl_revoke]) register_setup(acl_setup_valid_classes) register_links(['acl_setup_valid_classes', 'acl_class_acl_list', 'acl_class_new_holder_for', 'acls_class_acl_detail'], [acl_class_list], menu_name='sidebar') +register_links(ClassAccessHolder, [acls_class_acl_detail]) + register_links(AccessObjectClass, [acl_class_acl_list]) register_links(AccessObjectClass, [acl_class_new_holder_for]) register_multi_item_links(['acls_class_acl_detail'], [acl_class_grant, acl_class_revoke]) diff --git a/apps/acls/urls.py b/apps/acls/urls.py index 2ee785071e..1ef00855a7 100644 --- a/apps/acls/urls.py +++ b/apps/acls/urls.py @@ -3,14 +3,12 @@ from django.conf.urls.defaults import patterns, url urlpatterns = patterns('acls.views', url(r'^new_holder_for/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/$', 'acl_new_holder_for', (), 'acl_new_holder_for'), url(r'^list_for/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/$', 'acl_list', (), 'acl_list'), - #url(r'^object/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/holder/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/$', 'acl_detail', (), 'acl_detail'), url(r'^details/(?P[.\w]+)/holder/(?P[.\w]+)/$', 'acl_detail', (), 'acl_detail'), url(r'^multiple/grant/$', 'acl_grant', (), 'acl_multiple_grant'), url(r'^multiple/revoke/$', 'acl_revoke', (), 'acl_multiple_revoke'), url(r'^class/$', 'acl_setup_valid_classes', (), 'acl_setup_valid_classes'), - #url(r'^class/list_for/(?P[-\w]+)/(?P[-\w]+)/$', 'acl_class_acl_list', (), 'acl_class_acl_list'), url(r'^class/details/(?P[.\w]+)/holder/(?P[.\w]+)/$', 'acls_class_acl_detail', (), 'acls_class_acl_detail'), url(r'^class/list_for/(?P[.\w]+)/$', 'acl_class_acl_list', (), 'acl_class_acl_list'), url(r'^class/holder/new/(?P[.\w]+)/$', 'acl_class_new_holder_for', (), 'acl_class_new_holder_for'), diff --git a/apps/acls/views.py b/apps/acls/views.py index 25d737b86b..ac8c72ea91 100644 --- a/apps/acls/views.py +++ b/apps/acls/views.py @@ -18,9 +18,10 @@ from permissions.models import Permission, Role from common.utils import generate_choices_w_labels, encapsulate from common.widgets import two_state_template -from acls import ACLS_EDIT_ACL, ACLS_VIEW_ACL +from acls import (ACLS_EDIT_ACL, ACLS_VIEW_ACL, ACLS_CLASS_EDIT_ACL, + ACLS_CLASS_VIEW_ACL) from acls.models import (AccessEntry, AccessObject, AccessHolder, - DefaultAccessEntry, AccessObjectClass) + DefaultAccessEntry, AccessObjectClass, ClassAccessHolder) from acls.widgets import object_w_content_type_icon from acls.forms import HolderSelectionForm @@ -295,15 +296,12 @@ def acl_new_holder_for(request, obj, extra_context=None): # Setup views def acl_setup_valid_classes(request): - #Permission.objects.check_permissions(request.user, [ACLS_VIEW_ACL]) + Permission.objects.check_permissions(request.user, [ACLS_CLASS_VIEW_ACL, ACLS_CLASS_EDIT_ACL]) logger.debug('DefaultAccessEntry.get_classes(): %s' % DefaultAccessEntry.get_classes()) context = { - #'object_list': [AccessObjectClass.encapsulate(cls) for cls in DefaultAccessEntry.get_classes()], 'object_list': DefaultAccessEntry.get_classes(), - #'title': _(u'default access control lists'), 'title': _(u'classes'), - #'hide_links': True, 'extra_columns': [ {'name': _(u'class'), 'attribute': encapsulate(lambda x: object_w_content_type_icon(x.source_object))}, ], @@ -315,21 +313,18 @@ def acl_setup_valid_classes(request): def acl_class_acl_list(request, access_object_class_gid): - #Permission.objects.check_permissions(request.user, [ACLS_VIEW_ACL]) + Permission.objects.check_permissions(request.user, [ACLS_CLASS_VIEW_ACL, ACLS_CLASS_EDIT_ACL]) access_object_class = AccessObjectClass.get(gid=access_object_class_gid) context = { 'object_list': DefaultAccessEntry.objects.get_holders_for(access_object_class.source_object), 'title': _(u'default access control lists for class: %s') % access_object_class, - #'multi_select_as_buttons': True, - #'hide_links': True, - #'extra_columns': [ - #{'name': _(u'holder'), 'attribute': encapsulate(lambda x: object_w_content_type_icon(x.source_object))}, - #{'name': _(u'permissions'), 'attribute': encapsulate(lambda x: _permission_titles(AccessEntry.objects.get_holder_permissions_for(obj, x.source_object)))}, - # ], - #'hide_object': True, - #'access_object': AccessObject.encapsulate(ct) - 'object': access_object_class, + 'extra_columns': [ + {'name': _(u'holder'), 'attribute': encapsulate(lambda x: object_w_content_type_icon(x.source_object))}, + {'name': _(u'permissions'), 'attribute': encapsulate(lambda x: _permission_titles(DefaultAccessEntry.objects.get_holder_permissions_for(access_object_class.source_object, x.source_object)))}, + ], + 'hide_object': True, + 'access_object_class': access_object_class, } return render_to_response('generic_list.html', context, @@ -337,8 +332,7 @@ def acl_class_acl_list(request, access_object_class_gid): def acls_class_acl_detail(request, access_object_class_gid, holder_object_gid): - #Permission.objects.check_permissions(request.user, [ACLS_VIEW_ACL, ACLS_EDIT_ACL]) - + Permission.objects.check_permissions(request.user, [ACLS_CLASS_VIEW_ACL, ACLS_CLASS_EDIT_ACL]) try: holder = AccessHolder.get(gid=holder_object_gid) access_object_class = AccessObjectClass.get(gid=access_object_class_gid) @@ -380,21 +374,20 @@ def acls_class_acl_detail(request, access_object_class_gid, holder_object_gid): def acl_class_new_holder_for(request, access_object_class_gid): - #Permission.objects.check_permissions(request.user, [ACLS_EDIT_ACL]) + Permission.objects.check_permissions(request.user, [ACLS_CLASS_EDIT_ACL]) access_object_class = AccessObjectClass.get(gid=access_object_class_gid) if request.method == 'POST': form = HolderSelectionForm(request.POST) if form.is_valid(): try: - #access_object = AccessObject.encapsulate(access_object_class) - access_holder = AccessHolder.get(form.cleaned_data['holder_gid']) + access_holder = ClassAccessHolder.get(form.cleaned_data['holder_gid']) return HttpResponseRedirect(reverse('acls_class_acl_detail', args=[access_object_class.gid, access_holder.gid])) except ObjectDoesNotExist: raise Http404 else: - form = HolderSelectionForm() + form = HolderSelectionForm(current_holders=DefaultAccessEntry.objects.get_holders_for(access_object_class)) context = { 'form': form, @@ -409,7 +402,7 @@ def acl_class_new_holder_for(request, access_object_class_gid): def acl_class_multiple_grant(request): - #Permission.objects.check_permissions(request.user, [ACLS_EDIT_ACL]) + Permission.objects.check_permissions(request.user, [ACLS_CLASS_EDIT_ACL]) items_property_list = loads(request.GET.get('items_property_list', [])) post_action_redirect = None @@ -489,7 +482,7 @@ def acl_class_multiple_grant(request): def acl_class_multiple_revoke(request): - #Permission.objects.check_permissions(request.user, [ACLS_EDIT_ACL]) + Permission.objects.check_permissions(request.user, [ACLS_CLASS_EDIT_ACL]) items_property_list = loads(request.GET.get('items_property_list', [])) post_action_redirect = None