Let any 'admin' user elevate to 'root' for full system access

But otherwise, let the Administrator role be "normal" and have perms of its own. Hopefully cuts down on unwanted screen noise for admins.
2016-10-18 16:59:38 -05:00 · 2016-10-18 16:59:38 -05:00 · 6bf60365ba
commit 6bf60365ba
parent 4599eaad97
6 changed files with 102 additions and 48 deletions
--- a/tailbone/forms/renderers/users.py
+++ b/tailbone/forms/renderers/users.py
@ -61,35 +61,27 @@ def PermissionsFieldRenderer(permissions, include_guest=False, include_authentic

        def _render(self, readonly=False, **kwargs):
            principal = self.field.model
-            if isinstance(principal, model.Role) and principal is administrator_role(Session()):
-                html = HTML.tag('p', c="This is the administrative role; "
-                                "it has full access to the entire system.")
-                if not readonly:
-                    html += tags.hidden(self.name, value='') # ugly hack..or good idea?
-            else:
-                html = ''
-                for groupkey in sorted(permissions, key=lambda k: permissions[k]['label'].lower()):
-                    inner = HTML.tag('p', c=permissions[groupkey]['label'])
-                    perms = permissions[groupkey]['perms']
-                    rendered = False
-                    for key in sorted(perms, key=lambda p: perms[p]['label'].lower()):
-                        checked = has_permission(Session(), principal, key,
-                                                 include_guest=include_guest,
-                                                 include_authenticated=include_authenticated)
-                        if checked or not readonly:
-                            label = perms[key]['label']
-                            if readonly:
-                                span = HTML.tag('span', c="[X]" if checked else "[ ]")
-                                inner += HTML.tag('p', class_='perm', c=span + ' ' + label)
-                            else:
-                                inner += tags.checkbox(self.name + '-' + key,
-                                                       checked=checked, label=label)
-                            rendered = True
-                    if rendered:
-                        html += HTML.tag('div', class_='group', c=inner)
-                if not html:
-                    return "(none granted)"
-            return html
+            html = ''
+            for groupkey in sorted(permissions, key=lambda k: permissions[k]['label'].lower()):
+                inner = HTML.tag('p', c=permissions[groupkey]['label'])
+                perms = permissions[groupkey]['perms']
+                rendered = False
+                for key in sorted(perms, key=lambda p: perms[p]['label'].lower()):
+                    checked = has_permission(Session(), principal, key,
+                                             include_guest=include_guest,
+                                             include_authenticated=include_authenticated)
+                    if checked or not readonly:
+                        label = perms[key]['label']
+                        if readonly:
+                            span = HTML.tag('span', c="[X]" if checked else "[ ]")
+                            inner += HTML.tag('p', class_='perm', c=span + ' ' + label)
+                        else:
+                            inner += tags.checkbox(self.name + '-' + key,
+                                                   checked=checked, label=label)
+                        rendered = True
+                if rendered:
+                    html += HTML.tag('div', class_='group', c=inner)
+            return html or "(none granted)"

        def render(self, **kwargs):
            return self._render(**kwargs)