192 lines
7.7 KiB
Python
192 lines
7.7 KiB
Python
from django.utils.translation import ugettext as _
|
|
from django.http import HttpResponse, HttpResponseRedirect, Http404
|
|
from django.shortcuts import render_to_response, get_object_or_404, redirect
|
|
from django.template import RequestContext
|
|
from django.contrib import messages
|
|
from django.views.generic.list_detail import object_detail, object_list
|
|
from django.core.urlresolvers import reverse
|
|
from django.views.generic.create_update import create_object, delete_object, update_object
|
|
from django.conf import settings
|
|
from django.contrib.contenttypes.models import ContentType
|
|
from django.core.exceptions import ObjectDoesNotExist
|
|
|
|
from models import Role, Permission, PermissionHolder
|
|
from forms import RoleForm, RoleForm_view
|
|
from permissions import PERMISSION_ROLE_VIEW, PERMISSION_ROLE_EDIT, \
|
|
PERMISSION_ROLE_CREATE, PERMISSION_ROLE_DELETE, PERMISSION_PERMISSION_GRANT, \
|
|
PERMISSION_PERMISSION_REVOKE
|
|
from api import check_permissions, Unauthorized
|
|
|
|
|
|
def role_list(request):
|
|
permissions = [PERMISSION_ROLE_VIEW]
|
|
try:
|
|
check_permissions(request.user, 'permissions', permissions)
|
|
except Unauthorized, e:
|
|
raise Http404(e)
|
|
|
|
return object_list(
|
|
request,
|
|
queryset=Role.objects.all(),
|
|
template_name='generic_list.html',
|
|
extra_context={
|
|
'title':_(u'roles'),
|
|
'hide_link':True,
|
|
},
|
|
)
|
|
|
|
|
|
def _role_permission_link(requester, permission, permission_list):
|
|
ct = ContentType.objects.get_for_model(requester)
|
|
|
|
template = '<a href="%(url)s"><span class="famfam active famfam-%(icon)s"></span>%(text)s</a>'
|
|
|
|
if permission in permission_list:
|
|
return template % {
|
|
'url':reverse('permission_revoke',
|
|
args=[permission.id, ct.app_label, ct.model, requester.id]),
|
|
'icon':'delete', 'text':_(u'Revoke')}
|
|
else:
|
|
return template % {
|
|
'url':reverse('permission_grant',
|
|
args=[permission.id, ct.app_label, ct.model, requester.id]),
|
|
'icon':'add', 'text':_(u'Grant')}
|
|
|
|
|
|
def role_permissions(request, role_id):
|
|
permissions = [PERMISSION_PERMISSION_GRANT, PERMISSION_PERMISSION_REVOKE]
|
|
try:
|
|
check_permissions(request.user, 'permissions', permissions)
|
|
except Unauthorized, e:
|
|
raise Http404(e)
|
|
|
|
role = get_object_or_404(Role, pk=role_id)
|
|
form = RoleForm_view(instance=role)
|
|
|
|
role_permissions = Permission.objects.get_for_holder(role)
|
|
subtemplates_dict = [
|
|
{
|
|
'name':'generic_list_subtemplate.html',
|
|
'title':_(u'permissions'),
|
|
'object_list':Permission.objects.all(),
|
|
'extra_columns':[
|
|
{'name':_(u'namespace'), 'attribute':'namespace'},
|
|
{'name':_(u'name'), 'attribute':'label'},
|
|
{'name':_(u'state'), 'attribute':lambda x: _role_permission_link(role, x, role_permissions)}
|
|
],
|
|
'hide_link':True,
|
|
'hide_object':True,
|
|
},
|
|
]
|
|
|
|
return render_to_response('generic_detail.html', {
|
|
'form':form,
|
|
'object':role,
|
|
'object_name':_(u'role'),
|
|
'subtemplates_dict':subtemplates_dict,
|
|
}, context_instance=RequestContext(request))
|
|
|
|
|
|
def role_edit(request, role_id):
|
|
permissions = [PERMISSION_ROLE_EDIT]
|
|
try:
|
|
check_permissions(request.user, 'permissions', permissions)
|
|
except Unauthorized, e:
|
|
raise Http404(e)
|
|
|
|
return update_object(request, template_name='generic_form.html',
|
|
form_class=RoleForm, object_id=role_id, extra_context={
|
|
'object_name':_(u'role')})
|
|
|
|
|
|
def role_create(request):
|
|
permissions = [PERMISSION_ROLE_CREATE]
|
|
try:
|
|
check_permissions(request.user, 'permissions', permissions)
|
|
except Unauthorized, e:
|
|
raise Http404(e)
|
|
|
|
return create_object(request, model=Role,
|
|
template_name='generic_form.html',
|
|
post_save_redirect=reverse('role_list'))
|
|
|
|
|
|
def role_delete(request, role_id):
|
|
permissions = [PERMISSION_ROLE_DELETE]
|
|
try:
|
|
check_permissions(request.user, 'permissions', permissions)
|
|
except Unauthorized, e:
|
|
raise Http404(e)
|
|
|
|
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None)))
|
|
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', None)))
|
|
|
|
return delete_object(request, model=Role, object_id=role_id,
|
|
template_name='generic_confirm.html',
|
|
post_delete_redirect=reverse('role_list'),
|
|
extra_context={
|
|
'delete_view':True,
|
|
'next':next,
|
|
'previous':previous,
|
|
'object_name':_(u'role'),
|
|
})
|
|
|
|
def permission_grant_revoke(request, permission_id, app_label, module_name, pk, action):
|
|
ct = get_object_or_404(ContentType, app_label=app_label, model=module_name)
|
|
requester_model = ct.model_class()
|
|
requester = get_object_or_404(requester_model, pk=pk)
|
|
permission = get_object_or_404(Permission, pk=permission_id)
|
|
|
|
if action == 'grant':
|
|
permissions = [PERMISSION_PERMISSION_GRANT]
|
|
try:
|
|
check_permissions(request.user, 'permissions', permissions)
|
|
except Unauthorized, e:
|
|
raise Http404(e)
|
|
title = _('Are you sure you wish to grant the permission "%(permission)s" to %(ct_name)s: %(requester)s') % {
|
|
'permission':permission, 'ct_name':ct.name, 'requester':requester}
|
|
|
|
elif action == 'revoke':
|
|
permissions = [PERMISSION_PERMISSION_REVOKE]
|
|
try:
|
|
check_permissions(request.user, 'permissions', permissions)
|
|
except Unauthorized, e:
|
|
raise Http404(e)
|
|
title = _('Are you sure you wish to revoke the permission "%(permission)s" from %(ct_name)s: %(requester)s') % {
|
|
'permission':permission, 'ct_name':ct.name, 'requester':requester}
|
|
else:
|
|
return HttpResponseRedirect('/')
|
|
|
|
next = request.POST.get('next', request.GET.get('next', request.META.get('HTTP_REFERER', None)))
|
|
previous = request.POST.get('previous', request.GET.get('previous', request.META.get('HTTP_REFERER', None)))
|
|
|
|
|
|
if request.method == 'POST':
|
|
if action == 'grant':
|
|
permission_holder, created = PermissionHolder.objects.get_or_create(permission=permission, holder_type=ct, holder_id=requester.id)
|
|
if created:
|
|
messages.success(request, _(u'Permission "%(permission)s" granted to %(ct_name)s: %(requester)s.') % {
|
|
'permission':permission, 'ct_name':ct.name, 'requester':requester})
|
|
else:
|
|
messages.warning(request, _(u'%(ct_name)s: %(requester)s, already had the permission "%(permission)s" granted.') % {
|
|
'ct_name':ct.name, 'requester':requester, 'permission':permission})
|
|
elif action == 'revoke':
|
|
try:
|
|
permission_holder = PermissionHolder.objects.get(permission=permission, holder_type=ct, holder_id=requester.id)
|
|
permission_holder.delete()
|
|
messages.success(request, _(u'Permission "%(permission)s" revoked from %(ct_name)s: %(requester)s.') % {
|
|
'permission':permission, 'ct_name':ct.name, 'requester':requester})
|
|
except ObjectDoesNotExist:
|
|
messages.warning(request, _(u'%(ct_name)s: %(requester)s doesn\'t have the permission "%(permission)s".') % {
|
|
'ct_name':ct.name, 'requester':requester, 'permission':permission})
|
|
return HttpResponseRedirect(next)
|
|
|
|
return render_to_response('generic_confirm.html', {
|
|
'object':requester,
|
|
'next':next,
|
|
'previous':previous,
|
|
'title':title,
|
|
}, context_instance=RequestContext(request))
|
|
|
|
|