f3f7b4bb7d
Use the new AddRemove View for the Role's group and permissions views as well as the Group's role views. Convert the API to use viewsets. Add more tests. Add role created and edited events. Add event subscription support to roles. Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
162 lines
5.3 KiB
Python
162 lines
5.3 KiB
Python
from __future__ import unicode_literals
|
|
|
|
from django.contrib.auth.models import Group
|
|
from django.template import RequestContext
|
|
from django.urls import reverse_lazy
|
|
from django.utils.encoding import force_text
|
|
from django.utils.translation import ugettext_lazy as _
|
|
|
|
from mayan.apps.common.generics import (
|
|
AddRemoveView, SingleObjectCreateView, SingleObjectDeleteView,
|
|
SingleObjectEditView, SingleObjectListView
|
|
)
|
|
from mayan.apps.user_management.permissions import permission_group_edit
|
|
|
|
from .icons import icon_role_list
|
|
from .links import link_role_create
|
|
from .models import Role, StoredPermission
|
|
from .permissions import (
|
|
permission_role_create, permission_role_delete, permission_role_edit,
|
|
permission_role_view
|
|
)
|
|
|
|
|
|
class GroupRolesView(AddRemoveView):
|
|
action_add_method = 'roles_add'
|
|
action_remove_method = 'roles_remove'
|
|
main_object_model = Group
|
|
main_object_permission = permission_group_edit
|
|
main_object_pk_url_kwarg = 'group_id'
|
|
secondary_object_model = Role
|
|
secondary_object_permission = permission_role_edit
|
|
list_available_title = _('Available roles')
|
|
list_added_title = _('Group roles')
|
|
related_field = 'roles'
|
|
|
|
def get_actions_extra_kwargs(self):
|
|
return {'_user': self.request.user}
|
|
|
|
def get_extra_context(self):
|
|
return {
|
|
'object': self.main_object,
|
|
'title': _('Roles of group: %s') % self.main_object,
|
|
}
|
|
|
|
|
|
class RoleCreateView(SingleObjectCreateView):
|
|
fields = ('label',)
|
|
model = Role
|
|
post_action_redirect = reverse_lazy(viewname='permissions:role_list')
|
|
view_permission = permission_role_create
|
|
|
|
|
|
class RoleDeleteView(SingleObjectDeleteView):
|
|
model = Role
|
|
object_permission = permission_role_delete
|
|
pk_url_kwarg = 'role_id'
|
|
post_action_redirect = reverse_lazy(viewname='permissions:role_list')
|
|
|
|
|
|
class RoleEditView(SingleObjectEditView):
|
|
fields = ('label',)
|
|
model = Role
|
|
object_permission = permission_role_edit
|
|
pk_url_kwarg = 'role_id'
|
|
|
|
|
|
class RoleGroupsView(AddRemoveView):
|
|
action_add_method = 'groups_add'
|
|
action_remove_method = 'groups_remove'
|
|
main_object_model = Role
|
|
main_object_permission = permission_role_edit
|
|
main_object_pk_url_kwarg = 'role_id'
|
|
secondary_object_model = Group
|
|
secondary_object_permission = permission_group_edit
|
|
list_available_title = _('Available groups')
|
|
list_added_title = _('Role groups')
|
|
related_field = 'groups'
|
|
|
|
def get_actions_extra_kwargs(self):
|
|
return {'_user': self.request.user}
|
|
|
|
def get_extra_context(self):
|
|
return {
|
|
'object': self.main_object,
|
|
'title': _('Groups of role: %s') % self.main_object,
|
|
'subtitle': _(
|
|
'Add groups to be part of a role. They will '
|
|
'inherit the role\'s permissions and access controls.'
|
|
),
|
|
}
|
|
|
|
|
|
class RoleListView(SingleObjectListView):
|
|
model = Role
|
|
object_permission = permission_role_view
|
|
|
|
def get_extra_context(self):
|
|
return {
|
|
'hide_object': True,
|
|
'no_results_icon': icon_role_list,
|
|
'no_results_main_link': link_role_create.resolve(
|
|
context=RequestContext(request=self.request)
|
|
),
|
|
'no_results_text': _(
|
|
'Roles are authorization units. They contain '
|
|
'user groups which inherit the role permissions for the '
|
|
'entire system. Roles can also part of access '
|
|
'controls lists. Access controls list are permissions '
|
|
'granted to a role for specific objects which its group '
|
|
'members inherit.'
|
|
),
|
|
'no_results_title': _('There are no roles'),
|
|
'title': _('Roles'),
|
|
}
|
|
|
|
|
|
class RolePermissionsView(AddRemoveView):
|
|
action_add_method = 'permissions_add'
|
|
action_remove_method = 'permissions_remove'
|
|
grouped = True
|
|
main_object_model = Role
|
|
main_object_permission = permission_role_edit
|
|
main_object_pk_url_kwarg = 'role_id'
|
|
list_available_title = _('Available permissions')
|
|
list_added_title = _('Granted permissions')
|
|
related_field = 'permissions'
|
|
secondary_object_model = StoredPermission
|
|
|
|
def generate_choices(self, queryset):
|
|
namespaces_dictionary = {}
|
|
|
|
# Sort permissions by their translatable label
|
|
object_list = sorted(
|
|
queryset, key=lambda permission: permission.volatile_permission.label
|
|
)
|
|
|
|
# Group permissions by namespace
|
|
for permission in object_list:
|
|
namespaces_dictionary.setdefault(
|
|
permission.volatile_permission.namespace.label,
|
|
[]
|
|
)
|
|
namespaces_dictionary[permission.volatile_permission.namespace.label].append(
|
|
(permission.pk, force_text(permission))
|
|
)
|
|
|
|
# Sort permissions by their translatable namespace label
|
|
return sorted(namespaces_dictionary.items())
|
|
|
|
def get_actions_extra_kwargs(self):
|
|
return {'_user': self.request.user}
|
|
|
|
def get_extra_context(self):
|
|
return {
|
|
'object': self.main_object,
|
|
'subtitle': _(
|
|
'Permissions granted here will apply to the entire system '
|
|
'and all objects.'
|
|
),
|
|
'title': _('Permissions for role: %s') % self.main_object,
|
|
}
|