matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
cf99201b89238e43e83a1b8df812d60f390ee5f9
mayan-edms/mayan/apps/permissions/views.py
Roberto Rosario cf99201b89 Add support for Role ACLs. 
Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
2018-04-02 02:36:20 -04:00

177 lines
5.4 KiB
Python
Raw Blame History

from __future__ import unicode_literals
import itertools
from django.contrib.auth.models import Group
from django.shortcuts import get_object_or_404
from django.urls import reverse_lazy
from django.utils.encoding import force_text
from django.utils.translation import ugettext_lazy as _
from common.views import (
AssignRemoveView, SingleObjectCreateView, SingleObjectDeleteView,
SingleObjectEditView, SingleObjectListView
)
from user_management.permissions import permission_group_edit
from .classes import Permission, PermissionNamespace
from .models import Role, StoredPermission
from .permissions import (
permission_permission_grant, permission_permission_revoke,
permission_role_view, permission_role_create, permission_role_delete,
permission_role_edit
)
class GroupRoleMembersView(AssignRemoveView):
grouped = False
left_list_title = _('Available roles')
right_list_title = _('Group roles')
object_permission = permission_group_edit
def add(self, item):
role = get_object_or_404(Role, pk=item)
self.get_object().roles.add(role)
def get_extra_context(self):
return {
'object': self.get_object(),
'title': _('Roles of group: %s') % self.get_object()
}
def get_object(self):
return get_object_or_404(Group, pk=self.kwargs['pk'])
def left_list(self):
return [
(force_text(role.pk), role.label) for role in set(Role.objects.all()) - set(self.get_object().roles.all())
]
def right_list(self):
return [
(force_text(role.pk), role.label) for role in self.get_object().roles.all()
]
def remove(self, item):
role = get_object_or_404(Role, pk=item)
self.get_object().roles.remove(role)
class RoleCreateView(SingleObjectCreateView):
fields = ('label',)
model = Role
view_permission = permission_role_create
post_action_redirect = reverse_lazy('permissions:role_list')
class RoleDeleteView(SingleObjectDeleteView):
model = Role
object_permission = permission_role_delete
post_action_redirect = reverse_lazy('permissions:role_list')
class RoleEditView(SingleObjectEditView):
fields = ('label',)
model = Role
object_permission = permission_role_edit
class SetupRoleMembersView(AssignRemoveView):
grouped = False
left_list_title = _('Available groups')
right_list_title = _('Role groups')
object_permission = permission_role_edit
def add(self, item):
group = get_object_or_404(Group, pk=item)
self.get_object().groups.add(group)
def get_extra_context(self):
return {
'object': self.get_object(),
'title': _('Groups of role: %s') % self.get_object()
}
def get_object(self):
return get_object_or_404(Role, pk=self.kwargs['pk'])
def left_list(self):
return [
(force_text(group.pk), group.name) for group in set(Group.objects.all()) - set(self.get_object().groups.all())
]
def right_list(self):
return [
(force_text(group.pk), group.name) for group in self.get_object().groups.all()
]
def remove(self, item):
group = get_object_or_404(Group, pk=item)
self.get_object().groups.remove(group)
class SetupRolePermissionsView(AssignRemoveView):
grouped = True
left_list_title = _('Available permissions')
right_list_title = _('Granted permissions')
object_permission = permission_role_view
def add(self, item):
Permission.check_permissions(
self.request.user, permissions=(permission_permission_grant,)
)
permission = get_object_or_404(StoredPermission, pk=item)
self.get_object().permissions.add(permission)
def get_extra_context(self):
return {
'object': self.get_object(),
'title': _('Permissions for role: %s') % self.get_object(),
}
def get_object(self):
return get_object_or_404(Role, pk=self.kwargs['pk'])
def left_list(self):
Permission.refresh()
results = []
for namespace, permissions in itertools.groupby(StoredPermission.objects.exclude(id__in=self.get_object().permissions.values_list('pk', flat=True)), lambda entry: entry.namespace):
permission_options = [
(force_text(permission.pk), permission) for permission in permissions
]
results.append(
(PermissionNamespace.get(namespace), permission_options)
)
return results
def right_list(self):
results = []
for namespace, permissions in itertools.groupby(self.get_object().permissions.all(), lambda entry: entry.namespace):
permission_options = [
(force_text(permission.pk), permission) for permission in permissions
]
results.append(
(PermissionNamespace.get(namespace), permission_options)
)
return results
def remove(self, item):
Permission.check_permissions(
self.request.user, permissions=(permission_permission_revoke,)
)
permission = get_object_or_404(StoredPermission, pk=item)
self.get_object().permissions.remove(permission)
class RoleListView(SingleObjectListView):
extra_context = {
'hide_link': True,
'title': _('Roles'),
}
model = Role
object_permission = permission_role_view
Reference in New Issue View Git Blame Copy Permalink