Add permissions field when viewing user details

About damn time I'm sure...
2016-08-12 01:58:07 -05:00 · 2016-08-12 01:58:07 -05:00 · a6438e4bb5
commit a6438e4bb5
parent a70c9d3360
5 changed files with 74 additions and 58 deletions
--- a/tailbone/forms/renderers/init.py
+++ b/tailbone/forms/renderers/init.py
@ -38,7 +38,7 @@ from .files import FileFieldRenderer
 from .people import (PersonFieldRenderer, PersonFieldLinkRenderer,
                     CustomerFieldRenderer, CustomerFieldLinkRenderer)

-from .users import UserFieldRenderer
+from .users import UserFieldRenderer, PermissionsFieldRenderer

 from .employees import EmployeeFieldRenderer

--- a/tailbone/forms/renderers/users.py
+++ b/tailbone/forms/renderers/users.py
@ -26,7 +26,13 @@ User Field Renderers

 from __future__ import unicode_literals, absolute_import

+from rattail.db import model
+from rattail.db.auth import has_permission, administrator_role
+
 import formalchemy
+from webhelpers.html import HTML, tags
+
+from tailbone.db import Session


 class UserFieldRenderer(formalchemy.TextFieldRenderer):
@ -39,3 +45,56 @@ class UserFieldRenderer(formalchemy.TextFieldRenderer):
        if not user:
            return ''
        return user.display_name
+
+
+def PermissionsFieldRenderer(permissions, include_guest=False, include_authenticated=False):
+
+    class PermissionsFieldRenderer(formalchemy.FieldRenderer):
+
+        def deserialize(self):
+            perms = []
+            i = len(self.name) + 1
+            for key in self.params:
+                if key.startswith(self.name):
+                    perms.append(key[i:])
+            return perms
+
+        def _render(self, readonly=False, **kwargs):
+            principal = self.field.model
+            if isinstance(principal, model.Role) and principal is administrator_role(Session()):
+                html = HTML.tag('p', c="This is the administrative role; "
+                                "it has full access to the entire system.")
+                if not readonly:
+                    html += tags.hidden(self.name, value='') # ugly hack..or good idea?
+            else:
+                html = ''
+                for groupkey in sorted(permissions, key=lambda k: permissions[k]['label'].lower()):
+                    inner = HTML.tag('p', c=permissions[groupkey]['label'])
+                    perms = permissions[groupkey]['perms']
+                    rendered = False
+                    for key in sorted(perms, key=lambda p: perms[p]['label'].lower()):
+                        checked = has_permission(Session(), principal, key,
+                                                 include_guest=include_guest,
+                                                 include_authenticated=include_authenticated)
+                        if checked or not readonly:
+                            label = perms[key]['label']
+                            if readonly:
+                                span = HTML.tag('span', c="[X]" if checked else "[ ]")
+                                inner += HTML.tag('p', class_='perm', c=span + ' ' + label)
+                            else:
+                                inner += tags.checkbox(self.name + '-' + key,
+                                                       checked=checked, label=label)
+                            rendered = True
+                    if rendered:
+                        html += HTML.tag('div', class_='group', c=inner)
+                if not html:
+                    return "(none granted)"
+            return html
+
+        def render(self, **kwargs):
+            return self._render(**kwargs)
+
+        def render_readonly(self, **kwargs):
+            return self._render(readonly=True, **kwargs)
+
+    return PermissionsFieldRenderer