def permissions(request):
  logging.info(">> users.views.permissions")
  roles = Role.all()
  area = "users"

  if request.method == 'POST':
    for role in roles:
      _list = request.POST.getlist(role.name)
      _ref = Permission.get(role=role.name)
      if _ref is None:
        _ref = Permission(role=role.name)
      _ref.actions = _list
      _ref.put()

  apps = {}
  actions = []
  for app in settings.INSTALLED_APPS:
    app_actions = [x for x in Action.filter('appname =', app) if x.authorizable ]
    if app_actions:
      apps[app] = app_actions
    actions +=  app_actions

  permissions = {}
  for role in roles:
    permission = Permission.get_by_role(role=role.name)
    permissions[role.name] = {}
    for action in actions:
      permissions[role.name].setdefault(action.name, (action.name in permission.actions and True))

  c = template.RequestContext(request, locals())
  _flag_as_admin(c)
  return render_to_response('permissions.html', c)
 def process_request(self, request):
   resolver = get_resolver(None)
   pattern = self._get_pattern(resolver, request.path)
   if pattern is not None:
     request.action_pattern = pattern
     if not request.user.superuser and \
        Action.get(name=pattern.name) and \
        not Permission.can_access(request.user.roles, pattern.name):
       if request.user.username == 'anonymous':
         return util.RedirectLoginError(request, "You can not access to this page, try to login")
       logging.error("   the user %s can NOT access to %s " % (request.user.username, pattern.name))
       return util.RedirectError(request, "   the user %s can NOT access to %s " % (request.user.username, pattern.name))
   return None