Add awareness of special 'Authenticated' role, in permissions UI etc.

2016-06-15 12:51:10 -05:00 · 2016-06-15 12:51:10 -05:00 · 35d4d35fd6
parent 68ca5766d1
commit 35d4d35fd6
3 changed files with 16 additions and 9 deletions
--- a/tailbone/templates/roles/view.mako
+++ b/tailbone/templates/roles/view.mako
@ -18,7 +18,9 @@ ${parent.body()}
 <h2>Users</h2>

 % if instance is guest_role:
-    <p>The guest role is implied for all users.</p>
+    <p>The guest role is implied for all anonymous users, i.e. when not logged in.</p>
+% elif instance is authenticated_role:
+    <p>The authenticated role is implied for all users, but only when logged in.</p>
 % elif users:
    <p>The following users are assigned to this role:</p>
    ${users.render_grid()|n}
--- a/tailbone/views/roles.py
+++ b/tailbone/views/roles.py
@ -2,7 +2,7 @@
 ################################################################################
 #
 #  Rattail -- Retail Software Framework
-#  Copyright © 2010-2015 Lance Edgar
+#  Copyright © 2010-2016 Lance Edgar
 #
 #  This file is part of Rattail.
 #
@ -24,10 +24,10 @@
 Role Views
 """

-from __future__ import unicode_literals
+from __future__ import unicode_literals, absolute_import

 from rattail.db import model
-from rattail.db.auth import has_permission, administrator_role, guest_role
+from rattail.db.auth import has_permission, administrator_role, guest_role, authenticated_role

 import formalchemy
 from webhelpers.html import HTML, tags
@ -75,7 +75,9 @@ def PermissionsFieldRenderer(permissions, *args, **kwargs):
                    inner = HTML.tag('p', c=permissions[groupkey]['label'])
                    perms = permissions[groupkey]['perms']
                    for key in sorted(perms, key=lambda p: perms[p]['label'].lower()):
-                        checked = has_permission(Session(), role, key, include_guest=False)
+                        checked = has_permission(Session(), role, key,
+                                                 include_guest=False,
+                                                 include_authenticated=False)
                        label = perms[key]['label']
                        if readonly:
                            span = HTML.tag('span', c="[X]" if checked else "[ ]")
@ -142,14 +144,16 @@ class RolesView(MasterView):
        else:
            kwargs['users'] = None
        kwargs['guest_role'] = guest_role(Session())
+        kwargs['authenticated_role'] = authenticated_role(Session())
        return kwargs

    def before_delete(self, role):
        admin = administrator_role(Session())
        guest = guest_role(Session())
-        if role in (admin, guest):
-            self.request.session.flash("You may not delete the {0} role.".format(role.name), 'error')
-            return self.redirect(self.request.get_referrer())
+        authenticated = authenticated_role(Session())
+        if role in (admin, guest, authenticated):
+            self.request.session.flash("You may not delete the {} role.".format(role.name), 'error')
+            return self.redirect(self.request.get_referrer(default=self.request.route_url('roles')))


 class RoleVersionView(VersionView):
--- a/tailbone/views/users.py
+++ b/tailbone/views/users.py
@ -29,7 +29,7 @@ from __future__ import unicode_literals, absolute_import
 from sqlalchemy import orm

 from rattail.db import model
-from rattail.db.auth import guest_role, set_user_password
+from rattail.db.auth import guest_role, authenticated_role, set_user_password

 import formalchemy
 from formalchemy.fields import SelectFieldRenderer
@ -109,6 +109,7 @@ class RolesField(formalchemy.Field):
    def get_options(self):
        return Session.query(model.Role.name, model.Role.uuid)\
            .filter(model.Role.uuid != guest_role(Session()).uuid)\
+            .filter(model.Role.uuid != authenticated_role(Session()).uuid)\
            .order_by(model.Role.name)\
            .all()