Add awareness of special 'Authenticated' role, in permissions UI etc.
This commit is contained in:
Lance Edgar
parent
68ca5766d1
commit
35d4d35fd6
|
|
@ -18,7 +18,9 @@ ${parent.body()}
|
||||||
<h2>Users</h2>
|
<h2>Users</h2>
|
||||||
|
|
||||||
% if instance is guest_role:
|
% if instance is guest_role:
|
||||||
<p>The guest role is implied for all users.</p>
|
<p>The guest role is implied for all anonymous users, i.e. when not logged in.</p>
|
||||||
|
% elif instance is authenticated_role:
|
||||||
|
<p>The authenticated role is implied for all users, but only when logged in.</p>
|
||||||
% elif users:
|
% elif users:
|
||||||
<p>The following users are assigned to this role:</p>
|
<p>The following users are assigned to this role:</p>
|
||||||
${users.render_grid()|n}
|
${users.render_grid()|n}
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
################################################################################
|
################################################################################
|
||||||
#
|
#
|
||||||
# Rattail -- Retail Software Framework
|
# Rattail -- Retail Software Framework
|
||||||
# Copyright © 2010-2015 Lance Edgar
|
# Copyright © 2010-2016 Lance Edgar
|
||||||
#
|
#
|
||||||
# This file is part of Rattail.
|
# This file is part of Rattail.
|
||||||
#
|
#
|
||||||
|
|
@ -24,10 +24,10 @@
|
||||||
Role Views
|
Role Views
|
||||||
"""
|
"""
|
||||||
|
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals, absolute_import
|
||||||
|
|
||||||
from rattail.db import model
|
from rattail.db import model
|
||||||
from rattail.db.auth import has_permission, administrator_role, guest_role
|
from rattail.db.auth import has_permission, administrator_role, guest_role, authenticated_role
|
||||||
|
|
||||||
import formalchemy
|
import formalchemy
|
||||||
from webhelpers.html import HTML, tags
|
from webhelpers.html import HTML, tags
|
||||||
|
|
@ -75,7 +75,9 @@ def PermissionsFieldRenderer(permissions, *args, **kwargs):
|
||||||
inner = HTML.tag('p', c=permissions[groupkey]['label'])
|
inner = HTML.tag('p', c=permissions[groupkey]['label'])
|
||||||
perms = permissions[groupkey]['perms']
|
perms = permissions[groupkey]['perms']
|
||||||
for key in sorted(perms, key=lambda p: perms[p]['label'].lower()):
|
for key in sorted(perms, key=lambda p: perms[p]['label'].lower()):
|
||||||
checked = has_permission(Session(), role, key, include_guest=False)
|
checked = has_permission(Session(), role, key,
|
||||||
|
include_guest=False,
|
||||||
|
include_authenticated=False)
|
||||||
label = perms[key]['label']
|
label = perms[key]['label']
|
||||||
if readonly:
|
if readonly:
|
||||||
span = HTML.tag('span', c="[X]" if checked else "[ ]")
|
span = HTML.tag('span', c="[X]" if checked else "[ ]")
|
||||||
|
|
@ -142,14 +144,16 @@ class RolesView(MasterView):
|
||||||
else:
|
else:
|
||||||
kwargs['users'] = None
|
kwargs['users'] = None
|
||||||
kwargs['guest_role'] = guest_role(Session())
|
kwargs['guest_role'] = guest_role(Session())
|
||||||
|
kwargs['authenticated_role'] = authenticated_role(Session())
|
||||||
return kwargs
|
return kwargs
|
||||||
|
|
||||||
def before_delete(self, role):
|
def before_delete(self, role):
|
||||||
admin = administrator_role(Session())
|
admin = administrator_role(Session())
|
||||||
guest = guest_role(Session())
|
guest = guest_role(Session())
|
||||||
if role in (admin, guest):
|
authenticated = authenticated_role(Session())
|
||||||
self.request.session.flash("You may not delete the {0} role.".format(role.name), 'error')
|
if role in (admin, guest, authenticated):
|
||||||
return self.redirect(self.request.get_referrer())
|
self.request.session.flash("You may not delete the {} role.".format(role.name), 'error')
|
||||||
|
return self.redirect(self.request.get_referrer(default=self.request.route_url('roles')))
|
||||||
|
|
||||||
|
|
||||||
class RoleVersionView(VersionView):
|
class RoleVersionView(VersionView):
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,7 @@ from __future__ import unicode_literals, absolute_import
|
||||||
from sqlalchemy import orm
|
from sqlalchemy import orm
|
||||||
|
|
||||||
from rattail.db import model
|
from rattail.db import model
|
||||||
from rattail.db.auth import guest_role, set_user_password
|
from rattail.db.auth import guest_role, authenticated_role, set_user_password
|
||||||
|
|
||||||
import formalchemy
|
import formalchemy
|
||||||
from formalchemy.fields import SelectFieldRenderer
|
from formalchemy.fields import SelectFieldRenderer
|
||||||
|
|
@ -109,6 +109,7 @@ class RolesField(formalchemy.Field):
|
||||||
def get_options(self):
|
def get_options(self):
|
||||||
return Session.query(model.Role.name, model.Role.uuid)\
|
return Session.query(model.Role.name, model.Role.uuid)\
|
||||||
.filter(model.Role.uuid != guest_role(Session()).uuid)\
|
.filter(model.Role.uuid != guest_role(Session()).uuid)\
|
||||||
|
.filter(model.Role.uuid != authenticated_role(Session()).uuid)\
|
||||||
.order_by(model.Role.name)\
|
.order_by(model.Role.name)\
|
||||||
.all()
|
.all()
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue