def action(self) -> ActionResult:
if not transactions.check_transaction():
return redirect(self.mode_url())
if request.var("_delete"):
delid = request.get_ascii_input_mandatory("_delete")
if delid not in self._roles:
raise MKUserError(None, _("This role does not exist."))
if transactions.transaction_valid() and self._roles[delid].get(
"builtin"):
raise MKUserError(None,
_("You cannot delete the builtin roles!"))
users = userdb.load_users()
for user in users.values():
if delid in user["roles"]:
raise MKUserError(
None,
_("You cannot delete roles, that are still in use (%s)!"
) % delid,
)
self._rename_user_role(delid, None) # Remove from existing users
del self._roles[delid]
self._save_roles()
watolib.add_change("edit-roles",
_("Deleted role '%s'") % delid,
sites=get_login_sites())
elif request.var("_clone"):
cloneid = request.get_ascii_input_mandatory("_clone")
try:
cloned_role = self._roles[cloneid]
except KeyError:
raise MKUserError(None, _("This role does not exist."))
newid = cloneid
while newid in self._roles:
newid += "x"
new_role = {}
new_role.update(cloned_role)
new_alias = new_role["alias"]
while not watolib.is_alias_used("roles", newid, new_alias)[0]:
new_alias += _(" (copy)")
new_role["alias"] = new_alias
if cloned_role.get("builtin"):
new_role["builtin"] = False
new_role["basedon"] = cloneid
self._roles[newid] = new_role
self._save_roles()
watolib.add_change("edit-roles",
_("Created new role '%s'") % newid,
sites=get_login_sites())
return redirect(self.mode_url())
def action(self) -> ActionResult:
if html.form_submitted("search"):
return None
alias = request.get_unicode_input_mandatory("alias")
unique, info = watolib.is_alias_used("roles", self._role_id, alias)
if not unique:
assert info is not None
raise MKUserError("alias", info)
new_id = request.get_ascii_input_mandatory("id")
if not new_id:
raise MKUserError("id", "You have to provide a ID.")
if not re.match("^[-a-z0-9A-Z_]*$", new_id):
raise MKUserError(
"id",
_("Invalid role ID. Only the characters a-z, A-Z, 0-9, _ and - are allowed."
))
if new_id != self._role_id:
if new_id in self._roles:
raise MKUserError("id",
_("The ID is already used by another role"))
self._role["alias"] = alias
# based on
if not self._role.get("builtin"):
basedon = request.get_ascii_input_mandatory("basedon")
if basedon not in builtin_role_ids:
raise MKUserError(
"basedon",
_("Invalid valid for based on. Must be id of builtin rule."
))
self._role["basedon"] = basedon
# Permissions
permissions = self._role["permissions"]
for var_name, value in request.itervars(prefix="perm_"):
try:
perm = permission_registry[var_name[5:]]
except KeyError:
continue
if value == "yes":
permissions[perm.name] = True
elif value == "no":
permissions[perm.name] = False
elif value == "default":
try:
del permissions[perm.name]
except KeyError:
pass # Already at defaults
if self._role_id != new_id:
self._roles[new_id] = self._role
del self._roles[self._role_id]
self._rename_user_role(self._role_id, new_id)
self._save_roles()
watolib.add_change("edit-roles",
_("Modified user role '%s'") % new_id,
sites=get_login_sites())
return redirect(mode_url("roles"))
def _add_change(self, action_name, text):
add_change(action_name,
text,
domains=[watolib.ConfigDomainGUI],
sites=get_login_sites())