forked from shaba/openuds
Almos finished permissions gui
This commit is contained in:
parent
5bde71b117
commit
6387629e7e
@ -55,13 +55,61 @@ class Permissions(Handler):
|
||||
'''
|
||||
needs_admin = True
|
||||
|
||||
@staticmethod
|
||||
def getClass(arg):
|
||||
cls = {
|
||||
'providers': Provider,
|
||||
'service': Service,
|
||||
'authenticators': Authenticator,
|
||||
'osmanagers': OSManager,
|
||||
'transports': Transport,
|
||||
'networks': Network,
|
||||
'servicespools': ServicesPool
|
||||
}.get(arg, None)
|
||||
|
||||
if cls is None:
|
||||
raise RequestError('Invalid request')
|
||||
|
||||
return cls
|
||||
|
||||
@staticmethod
|
||||
def permsToDict(perms):
|
||||
res = []
|
||||
for perm in perms:
|
||||
if perm.user is None:
|
||||
kind = 'group'
|
||||
entity = perm.group
|
||||
else:
|
||||
kind = 'user'
|
||||
entity = perm.user
|
||||
|
||||
res.append({
|
||||
'type': kind,
|
||||
'auth': entity.manager.uuid,
|
||||
'auth_name': entity.manager.name,
|
||||
'id': entity.uuid,
|
||||
'name': entity.name,
|
||||
'perm': perm.permission,
|
||||
'perm_name': perm.permission_as_string
|
||||
})
|
||||
|
||||
return sorted(res, key=lambda v: v['auth_name'] + v['name'])
|
||||
|
||||
def get(self):
|
||||
'''
|
||||
Processes get requests
|
||||
'''
|
||||
logger.debug("Permissions args for GET: {0}".format(self._args))
|
||||
|
||||
return ''
|
||||
if len(self._args) != 2:
|
||||
raise RequestError('Invalid request')
|
||||
|
||||
cls = Permissions.getClass(self._args[0])
|
||||
obj = cls.objects.get(uuid=self._args[1])
|
||||
|
||||
perms = permissions.getPermissions(obj)
|
||||
|
||||
return Permissions.permsToDict(perms)
|
||||
|
||||
def put(self):
|
||||
'''
|
||||
@ -78,13 +126,7 @@ class Permissions(Handler):
|
||||
'2': permissions.PERMISSION_ALL
|
||||
}.get(self._params.get('perm', '0'), permissions.PERMISSION_NONE)
|
||||
|
||||
cls = {
|
||||
'providers': Provider,
|
||||
'service': Service
|
||||
}.get(self._args[0], None)
|
||||
|
||||
if cls is None:
|
||||
raise RequestError('Invalid request')
|
||||
cls = Permissions.getClass(self._args[0])
|
||||
|
||||
obj = cls.objects.get(uuid=self._args[1])
|
||||
|
||||
@ -93,8 +135,8 @@ class Permissions(Handler):
|
||||
permissions.addUserPermission(user, obj, perm)
|
||||
elif self._args[2] == 'groups':
|
||||
group = Group.objects.get(uuid=self._args[3])
|
||||
permissions.addUserPermission(group, obj, perm)
|
||||
permissions.addGroupPermission(group, obj, perm)
|
||||
else:
|
||||
raise RequestError('Ivalid request')
|
||||
|
||||
return 'ok'
|
||||
return Permissions.permsToDict(permissions.getPermissions(obj))
|
||||
|
@ -32,7 +32,7 @@
|
||||
'''
|
||||
from __future__ import unicode_literals
|
||||
|
||||
__updated__ = '2015-03-02'
|
||||
__updated__ = '2015-03-04'
|
||||
|
||||
from uds.models import Permissions
|
||||
from uds.core.util import ot
|
||||
@ -50,6 +50,10 @@ def clean(obj):
|
||||
Permissions.cleanPermissions(ot.getObjectType(obj), obj.pk)
|
||||
|
||||
|
||||
def getPermissions(obj):
|
||||
return list(Permissions.enumeratePermissions(object_type=ot.getObjectType(obj), object_id=obj.pk))
|
||||
|
||||
|
||||
def addUserPermission(user, obj, permission=PERMISSION_READ):
|
||||
# Some permissions added to some object types needs at least READ_PERMISSION on parent
|
||||
Permissions.addPermission(user=user, object_type=ot.getObjectType(obj), object_id=obj.pk, permission=permission)
|
||||
@ -67,3 +71,7 @@ def checkPermissions(user, obj, permission=PERMISSION_ALL):
|
||||
return False
|
||||
|
||||
return Permissions.getPermissions(user=user, groups=user.groups.all(), object_type=ot.getObjectType(obj), object_id=obj.pk) >= permission
|
||||
|
||||
|
||||
def getPermissionName(perm):
|
||||
return Permissions.permissionAsString(perm)
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
from __future__ import unicode_literals
|
||||
|
||||
__updated__ = '2015-03-02'
|
||||
__updated__ = '2015-03-04'
|
||||
|
||||
from django.utils.encoding import python_2_unicode_compatible
|
||||
from django.utils.translation import ugettext as _
|
||||
@ -153,6 +153,13 @@ class Permissions(UUIDModel):
|
||||
except Exception: # DoesNotExists
|
||||
return Permissions.PERMISSION_NONE
|
||||
|
||||
@staticmethod
|
||||
def enumeratePermissions(object_type, object_id):
|
||||
'''
|
||||
Get users permissions over object
|
||||
'''
|
||||
return Permissions.objects.filter(object_type=object_type, object_id=object_id)
|
||||
|
||||
@staticmethod
|
||||
def cleanPermissions(object_type, object_id):
|
||||
Permissions.objects.filter(object_type=object_type, object_id=object_id).delete()
|
||||
@ -165,6 +172,10 @@ class Permissions(UUIDModel):
|
||||
def cleanGroupPermissions(group):
|
||||
Permissions.objects.filter(group=group).delete()
|
||||
|
||||
@property
|
||||
def permission_as_string(self):
|
||||
return Permissions.permissionAsString(self.permission)
|
||||
|
||||
def __str__(self):
|
||||
return 'Permission {}, user {} group {} object_type {} object_id {} permission {}'.format(
|
||||
self.uuid, self.user, self.group, self.object_type, self.object_id, Permissions.permissionAsString(self.permission)
|
||||
|
@ -268,7 +268,7 @@ class BasicModelRest
|
||||
return
|
||||
|
||||
getPermissions: (id, success_fnc, fail_fnc) ->
|
||||
path = "permissions/" + @path + "/" + id
|
||||
path = "permissions/" + @path + '/' + id
|
||||
@_requestPath path,
|
||||
cacheKey: "."
|
||||
success: success_fnc
|
||||
@ -282,6 +282,15 @@ class BasicModelRest
|
||||
success: success_fnc
|
||||
fail: fail_fnc
|
||||
|
||||
revokePermissions: (id, type, itemIds, success_fnc, fail_fnc)->
|
||||
path = "permissions/revoke/" + @path + '/' + id + '/' + type
|
||||
data =
|
||||
ids: itemIds
|
||||
api.putJson path, data,
|
||||
success: success_fnc
|
||||
fail: fail_fnc
|
||||
|
||||
|
||||
types: (success_fnc, fail_fnc) ->
|
||||
@_requestPath @typesPath,
|
||||
cacheKey: @typesPath
|
||||
|
@ -47,18 +47,64 @@ gui.permissions = (val, rest, tbl, refreshFnc) ->
|
||||
gui.tools.applyCustoms modalId
|
||||
return
|
||||
|
||||
delModal = (forUser, selectedItems) ->
|
||||
if forUser
|
||||
label = gettext('User')
|
||||
items = 'users'
|
||||
else
|
||||
label = gettext('Group')
|
||||
items = 'groups'
|
||||
|
||||
content = '<p>' + gettext("Confirm revocation of following permissions: <br/>")
|
||||
content += '<ul style=\'font-family: "Courier New"\'><li>' + ($(v).text() for v in selectedItems).join('</li><li>') + '</li></ul>'
|
||||
modalId = gui.launchModal gettext("Remove ") + label + " permission", content,
|
||||
actionButton: "<button type=\"button\" class=\"btn btn-primary button-revoke\">" + gettext("Revoke") + "</button>"
|
||||
|
||||
toDel = ($(v).val() for v in selectedItems)
|
||||
|
||||
gui.doLog modalId
|
||||
$(modalId + ' .button-revoke').on('click', () ->
|
||||
rest.revokePermissions val.id, items, toDel
|
||||
$(modalId).modal "hide"
|
||||
)
|
||||
|
||||
|
||||
|
||||
fillSelect = (baseId, perms, forUser) ->
|
||||
$select = $('#' + baseId + (if forUser then '_user_select' else '_group_select'))
|
||||
$select.empty()
|
||||
|
||||
padRight = (str, len)->
|
||||
numPads = len - str.length
|
||||
if (numPads > 0) then str + Array(numPads+1).join(' ') else str
|
||||
|
||||
for item in perms
|
||||
if (forUser is true and item.type is 'user') or (forUser is false and item.type is 'group')
|
||||
$select.append('<option value="' + item.id + '">' + padRight(item.auth_name + '\\' + item.name, 28) + ' | ' + item.perm_name)
|
||||
|
||||
|
||||
api.templates.get "permissions", (tmpl) ->
|
||||
rest.getPermissions val.id, (data) ->
|
||||
rest.getPermissions val.id, (perms) ->
|
||||
id = gui.genRamdonId('perms-')
|
||||
content = api.templates.evaluate(tmpl,
|
||||
id: id
|
||||
perms: perms
|
||||
)
|
||||
modalId = gui.launchModal gettext("Permissions for") + " " + val.name, content,
|
||||
actionButton: " "
|
||||
closeButton: '<button type="button" class="btn btn-default" data-dismiss="modal">Ok</button>'
|
||||
|
||||
# Fills user select
|
||||
fillSelect id, perms, true
|
||||
fillSelect id, perms, false
|
||||
|
||||
|
||||
$('#' + id + '_user_del').on('click', () ->
|
||||
alert('Del user')
|
||||
$select = $('#' + id + '_user_select')
|
||||
selected = $select.find(":selected")
|
||||
return if selected.length is 0
|
||||
|
||||
delModal true, selected
|
||||
)
|
||||
|
||||
$('#' + id + '_user_add').on('click', () ->
|
||||
@ -66,7 +112,11 @@ gui.permissions = (val, rest, tbl, refreshFnc) ->
|
||||
)
|
||||
|
||||
$('#' + id + '_group_del').on('click', () ->
|
||||
alert('Del group')
|
||||
$select = $('#' + id + '_group_select')
|
||||
selected = $select.find(":selected")
|
||||
return if selected.length is 0
|
||||
|
||||
delModal false, selected
|
||||
)
|
||||
|
||||
$('#' + id + '_group_add').on('click', () ->
|
||||
|
@ -5,15 +5,14 @@
|
||||
<div class="col-md-6 column">
|
||||
<div class="form-group">
|
||||
<label for="{{ id }}_select">{% endverbatim %}{% trans 'Users' %}{% verbatim %}</label>
|
||||
<select class="form-control" multiple size="8" id="{{ id }}_select">
|
||||
{{# each values }}<option>{{ this }}</option>{{/ each }}
|
||||
<select class="form-control" multiple size="8" id="{{ id }}_user_select" style='font-family: "Courier New"'>
|
||||
</select>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<div class="row">
|
||||
<div class="col-xs-12">
|
||||
<button type="button" id="{{ id }}_user_del" class="btn btn-warning">{% endverbatim %}{% trans 'Remove' %}{% verbatim %}</button>
|
||||
<button type="button" id="{{ id }}_user_add" class="btn btn-success">{% endverbatim %}{% trans 'Add User' %}{% verbatim %}</button>
|
||||
<button type="button" id="{{ id }}_user_del" class="btn btn-warning">{% endverbatim %}{% trans 'Revoke user permission' %}{% verbatim %}</button>
|
||||
<button type="button" id="{{ id }}_user_add" class="btn btn-success">{% endverbatim %}{% trans 'Add user permission' %}{% verbatim %}</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@ -21,15 +20,14 @@
|
||||
<div class="col-md-6 column">
|
||||
<div class="form-group">
|
||||
<label for="{{ id }}_select">{% endverbatim %}{% trans 'Groups' %}{% verbatim %}</label>
|
||||
<select class="form-control" multiple size="8" id="{{ id }}_select">
|
||||
{{# each values }}<option>{{ this }}</option>{{/ each }}
|
||||
<select class="form-control" multiple size="8" id="{{ id }}_group_select" style='font-family: "Courier New"'>
|
||||
</select>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<div class="row">
|
||||
<div class="col-xs-12">
|
||||
<button type="button" id="{{ id }}_group_del" class="btn btn-warning">{% endverbatim %}{% trans 'Remove' %}{% verbatim %}</button>
|
||||
<button type="button" id="{{ id }}_group_add" class="btn btn-success">{% endverbatim %}{% trans 'Add Group' %}{% verbatim %}</button>
|
||||
<button type="button" id="{{ id }}_group_del" class="btn btn-warning">{% endverbatim %}{% trans 'Revoke group permission' %}{% verbatim %}</button>
|
||||
<button type="button" id="{{ id }}_group_add" class="btn btn-success">{% endverbatim %}{% trans 'Add group permission' %}{% verbatim %}</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
Loading…
Reference in New Issue
Block a user