133 lines
5.3 KiB
Python
133 lines
5.3 KiB
Python
# -*- coding: utf-8; -*-
|
|
################################################################################
|
|
#
|
|
# Rattail -- Retail Software Framework
|
|
# Copyright © 2010-2018 Lance Edgar
|
|
#
|
|
# This file is part of Rattail.
|
|
#
|
|
# Rattail is free software: you can redistribute it and/or modify it under the
|
|
# terms of the GNU General Public License as published by the Free Software
|
|
# Foundation, either version 3 of the License, or (at your option) any later
|
|
# version.
|
|
#
|
|
# Rattail is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
|
# details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License along with
|
|
# Rattail. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
################################################################################
|
|
"""
|
|
"Principal" master view
|
|
"""
|
|
|
|
from __future__ import unicode_literals, absolute_import
|
|
|
|
import copy
|
|
|
|
from rattail.db.auth import has_permission
|
|
from rattail.core import Object
|
|
|
|
import wtforms
|
|
from webhelpers2.html import HTML
|
|
|
|
from tailbone.db import Session
|
|
from tailbone.views import MasterView4 as MasterView
|
|
|
|
|
|
class PrincipalMasterView(MasterView):
|
|
"""
|
|
Master view base class for security principal models, i.e. User and Role.
|
|
"""
|
|
|
|
def get_fallback_templates(self, template, mobile=False):
|
|
return [
|
|
'/principal/{}.mako'.format(template),
|
|
] + super(PrincipalMasterView, self).get_fallback_templates(template, mobile=mobile)
|
|
|
|
def find_by_perm(self):
|
|
"""
|
|
View for finding all users who have been granted a given permission
|
|
"""
|
|
permissions = copy.deepcopy(self.request.registry.settings.get('tailbone_permissions', {}))
|
|
|
|
# sort groups, and permissions for each group, for UI's sake
|
|
sorted_perms = sorted(permissions.items(), key=lambda (k, v): v['label'].lower())
|
|
for key, group in sorted_perms:
|
|
group['perms'] = sorted(group['perms'].items(), key=lambda (k, v): v['label'].lower())
|
|
|
|
# group options are stable, permission options may depend on submitted group
|
|
group_choices = [(gkey, group['label']) for gkey, group in sorted_perms]
|
|
permission_choices = [('_any_', "(any)")]
|
|
if self.request.method == 'POST':
|
|
if self.request.POST.get('permission_group') in permissions:
|
|
permission_choices.extend([
|
|
(pkey, perm['label'])
|
|
for pkey, perm in permissions[self.request.POST['permission_group']]['perms']
|
|
])
|
|
|
|
class PermissionForm(wtforms.Form):
|
|
permission_group = wtforms.SelectField(choices=group_choices)
|
|
permission = wtforms.SelectField(choices=permission_choices)
|
|
|
|
principals = None
|
|
form = PermissionForm(self.request.POST)
|
|
if self.request.method == 'POST' and form.validate():
|
|
permission = form.permission.data
|
|
principals = self.find_principals_with_permission(self.Session(), permission)
|
|
|
|
context = {'form': form, 'permissions': sorted_perms, 'principals': principals}
|
|
return self.render_to_response('find_by_perm', context)
|
|
|
|
@classmethod
|
|
def defaults(cls, config):
|
|
cls._principal_defaults(config)
|
|
cls._defaults(config)
|
|
|
|
@classmethod
|
|
def _principal_defaults(cls, config):
|
|
route_prefix = cls.get_route_prefix()
|
|
url_prefix = cls.get_url_prefix()
|
|
permission_prefix = cls.get_permission_prefix()
|
|
model_title_plural = cls.get_model_title_plural()
|
|
|
|
# find principal by permission
|
|
config.add_route('{}.find_by_perm'.format(route_prefix), '{}/find-by-perm'.format(url_prefix))
|
|
config.add_view(cls, attr='find_by_perm', route_name='{}.find_by_perm'.format(route_prefix),
|
|
permission='{}.find_by_perm'.format(permission_prefix))
|
|
config.add_tailbone_permission(permission_prefix, '{}.find_by_perm'.format(permission_prefix),
|
|
"Find all {} with permission X".format(model_title_plural))
|
|
|
|
|
|
class PermissionsRenderer(Object):
|
|
permissions = None
|
|
include_guest = False
|
|
include_authenticated = False
|
|
|
|
def __call__(self, principal, field):
|
|
self.principal = principal
|
|
return self.render()
|
|
|
|
def render(self):
|
|
principal = self.principal
|
|
html = ''
|
|
for groupkey in sorted(self.permissions, key=lambda k: self.permissions[k]['label'].lower()):
|
|
inner = HTML.tag('p', c=self.permissions[groupkey]['label'])
|
|
perms = self.permissions[groupkey]['perms']
|
|
rendered = False
|
|
for key in sorted(perms, key=lambda p: perms[p]['label'].lower()):
|
|
checked = has_permission(Session(), principal, key,
|
|
include_guest=self.include_guest,
|
|
include_authenticated=self.include_authenticated)
|
|
if checked:
|
|
label = perms[key]['label']
|
|
span = HTML.tag('span', c="[X]" if checked else "[ ]")
|
|
inner += HTML.tag('p', class_='perm', c=span + ' ' + label)
|
|
rendered = True
|
|
if rendered:
|
|
html += HTML.tag('div', class_='group', c=inner)
|
|
return html or "(none granted)"
|