From e96f8844e2e83312346635ba355d7494f452a4ae Mon Sep 17 00:00:00 2001
From: Lance Edgar <lance@edbob.org>
Date: Sat, 25 Mar 2023 13:03:47 -0500
Subject: [PATCH] Overhaul the "find by perm" feature a bit

use GET instead of POST on form submit, so can more easily share URL
for a particular result

also get rid of WTForms dependency!  sheesh

results table is still not pretty but..feeling lazy
---
 setup.py                                      |  1 -
 .../templates/principal/find_by_perm.mako     | 72 +++++++++----------
 tailbone/views/principal.py                   | 44 +++++-------
 3 files changed, 52 insertions(+), 65 deletions(-)

diff --git a/setup.py b/setup.py
index 90383def..b295f062 100644
--- a/setup.py
+++ b/setup.py
@@ -99,7 +99,6 @@ requires = [
     'transaction',                      # 1.2.0
     'waitress',                         # 0.8.1
     'WebHelpers2',                      # 2.0
-    'WTForms',                          # 2.1
     'zope.sqlalchemy',                  # 0.7                   2.0
 ]
 
diff --git a/tailbone/templates/principal/find_by_perm.mako b/tailbone/templates/principal/find_by_perm.mako
index 24b43e36..097597fc 100644
--- a/tailbone/templates/principal/find_by_perm.mako
+++ b/tailbone/templates/principal/find_by_perm.mako
@@ -4,6 +4,7 @@
 <%def name="title()">Find ${model_title_plural} by Permission</%def>
 
 <%def name="page_content()">
+  <br />
   <find-principals :permission-groups="permissionGroups"
                    :sorted-groups="sortedGroups">
   </find-principals>
@@ -12,46 +13,45 @@
 <%def name="render_this_page_template()">
   ${parent.render_this_page_template()}
   <script type="text/x-template" id="find-principals-template">
-    <div class="app-wrapper">
+    <div>
 
-      ${h.form(request.current_route_url(), **{'@submit': 'submitForm'})}
-      ${h.csrf_token(request)}
+      ${h.form(request.current_route_url(), method='GET', **{'@submit': 'formSubmitting = true'})}
 
-      <div class="field-wrapper">
-        <label for="permission_group">${form['permission_group'].label}</label>
-        <div class="field">
-          <b-select name="permission_group"
-                    id="permission_group"
-                    v-model="selectedGroup"
-                    @input="selectGroup">
-            <option v-for="groupkey in sortedGroups"
-                    :key="groupkey"
-                    :value="groupkey">
-              {{ permissionGroups[groupkey].label }}
-            </option>
-          </b-select>
-        </div>
-      </div>
+      <b-field label="Permission Group" horizontal>
+        <b-select name="permission_group"
+                  v-model="selectedGroup"
+                  @input="selectGroup">
+          <option v-for="groupkey in sortedGroups"
+                  :key="groupkey"
+                  :value="groupkey">
+            {{ permissionGroups[groupkey].label }}
+          </option>
+        </b-select>
+      </b-field>
 
-      <div class="field-wrapper">
-        <label for="permission">${form['permission'].label}</label>
-        <div class="field">
-          <b-select name="permission"
-                    v-model="selectedPermission">
-            <option v-for="perm in groupPermissions"
-                    :key="perm.permkey"
-                    :value="perm.permkey">
-              {{ perm.label }}
-            </option>
-          </b-select>
-        </div>
-      </div>
+      <b-field label="Permission" horizontal>
+        <b-select name="permission"
+                  v-model="selectedPermission">
+          <option v-for="perm in groupPermissions"
+                  :key="perm.permkey"
+                  :value="perm.permkey">
+            {{ perm.label }}
+          </option>
+        </b-select>
+      </b-field>
 
       <div class="buttons">
+        <once-button tag="a"
+                     href="${request.current_route_url(_query=None)}"
+                     icon-left="ban"
+                     text="Reset">
+        </once-button>
         <b-button type="is-primary"
                   native-type="submit"
+                  icon-pack="fas"
+                  icon-left="search"
                   :disabled="formSubmitting">
-          {{ formButtonText }}
+          {{ formSubmitting ? "Working, please wait..." : "Find ${model_title_plural}" }}
         </b-button>
       </div>
 
@@ -65,7 +65,7 @@
       </div>
       % endif
 
-    </div><!-- app-wrapper -->
+    </div>
   </script>
 </%def>
 
@@ -100,7 +100,6 @@
                 % else:
                 selectedPermission: null,
                 % endif
-                formButtonText: "Find ${model_title_plural}",
                 formSubmitting: false,
             }
         },
@@ -112,11 +111,6 @@
                 this.groupPermissions = this.permissionGroups[groupkey].permissions
                 this.selectedPermission = this.groupPermissions[0].permkey
             },
-
-            submitForm() {
-                this.formSubmitting = true
-                this.formButtonText = "Working, please wait..."
-            }
         }
     })
 
diff --git a/tailbone/views/principal.py b/tailbone/views/principal.py
index 04fe97ad..9effd2af 100644
--- a/tailbone/views/principal.py
+++ b/tailbone/views/principal.py
@@ -29,7 +29,6 @@ import copy
 from rattail.core import Object
 from rattail.util import OrderedDict
 
-import wtforms
 from webhelpers2.html import HTML
 
 from tailbone.db import Session
@@ -54,40 +53,32 @@ class PrincipalMasterView(MasterView):
         """
         View for finding all users who have been granted a given permission
         """
-        permissions = copy.deepcopy(self.request.registry.settings.get('tailbone_permissions', {}))
+        permissions = copy.deepcopy(
+            self.request.registry.settings.get('tailbone_permissions', {}))
 
         # sort groups, and permissions for each group, for UI's sake
         sorted_perms = sorted(permissions.items(), key=self.perm_sortkey)
         for key, group in sorted_perms:
             group['perms'] = sorted(group['perms'].items(), key=self.perm_sortkey)
 
-        # group options are stable, permission options may depend on submitted group
-        group_choices = [(gkey, group['label']) for gkey, group in sorted_perms]
-        permission_choices = [('_any_', "(any)")]
-        if self.request.method == 'POST':
-            if self.request.POST.get('permission_group') in permissions:
-                permission_choices.extend([
-                    (pkey, perm['label'])
-                    for pkey, perm in permissions[self.request.POST['permission_group']]['perms']
-                ])
-
-        class PermissionForm(wtforms.Form):
-            permission_group = wtforms.SelectField(choices=group_choices)
-            permission = wtforms.SelectField(choices=permission_choices)
-
+        # if both field values are in query string, do lookup
         principals = None
-        form = PermissionForm(self.request.POST)
-        if self.request.method == 'POST' and form.validate():
-            permission = form.permission.data
-            principals = self.find_principals_with_permission(self.Session(), permission)
+        permission_group = self.request.GET.get('permission_group')
+        permission = self.request.GET.get('permission')
+        if permission_group and permission:
+            principals = self.find_principals_with_permission(self.Session(),
+                                                              permission)
+        else: # otherwise clear both values
+            permission_group = None
+            permission = None
 
-        context = {'form': form, 'permissions': sorted_perms, 'principals': principals}
+        context = {'permissions': sorted_perms, 'principals': principals}
 
         perms = self.get_buefy_perms_data(sorted_perms)
         context['buefy_perms'] = perms
         context['buefy_sorted_groups'] = list(perms)
-        context['selected_group'] = self.request.POST.get('permission_group', 'common')
-        context['selected_permission'] = self.request.POST.get('permission', None)
+        context['selected_group'] = permission_group or 'common'
+        context['selected_permission'] = permission
 
         return self.render_to_response('find_by_perm', context)
 
@@ -123,8 +114,11 @@ class PrincipalMasterView(MasterView):
         model_title_plural = cls.get_model_title_plural()
 
         # find principal by permission
-        config.add_route('{}.find_by_perm'.format(route_prefix), '{}/find-by-perm'.format(url_prefix))
-        config.add_view(cls, attr='find_by_perm', route_name='{}.find_by_perm'.format(route_prefix),
+        config.add_route('{}.find_by_perm'.format(route_prefix),
+                         '{}/find-by-perm'.format(url_prefix),
+                         request_method='GET')
+        config.add_view(cls, attr='find_by_perm',
+                        route_name='{}.find_by_perm'.format(route_prefix),
                         permission='{}.find_by_perm'.format(permission_prefix))
         config.add_tailbone_permission(permission_prefix, '{}.find_by_perm'.format(permission_prefix),
                                        "Find all {} with permission X".format(model_title_plural))