def collection_authorizations(request, collection_id):
"""
Display the authorization policies for a :class:`.Collection`\.
"""
collection = get_object_or_404(Collection, pk=collection_id)
_key = lambda auth: auth.granted_to
auths = groupby(sorted(auth.list_authorizations(collection), key=_key),
key=_key)
auths = [{'user': user, 'auths': list(_auths)} for user, _auths in auths]
context = {
'authorizations': auths,
'collection': collection,
}
return render(request, 'collection_authorizations.html', context)
def collection_authorization_list(request, collection_id):
"""
Display permissions for a specific :class:`.Collection` instance.
"""
collection = get_object_or_404(Collection, pk=collection_id)
can_change = authorization.check_authorization('change_authorizations',
request.user, collection)
context = RequestContext(
request, {
'can_change': can_change,
'collection': collection,
'authorizations': authorization.list_authorizations(collection),
})
template = loader.get_template('collection_authorization_list.html')
return HttpResponse(template.render(context))
def resource_authorization_change(request, resource_id, user_id):
"""
Change permissions on a resource for a specific user.
"""
resource = get_object_or_404(Resource, pk=resource_id)
user = get_object_or_404(User, pk=user_id)
if request.method == 'GET':
form = AuthorizationForm(
initial={
'for_user': user,
'authorizations': authorization.list_authorizations(
resource, user)
})
elif request.method == 'POST':
form = AuthorizationForm(request.POST)
if form.is_valid():
if form.cleaned_data.get('for_user') != user:
raise RuntimeError('Whoops, someone f***ed with the user.')
# Synchronously update the Resource itself, so that the user sees
# the effect immediately.
authorization.update_authorizations(
form.cleaned_data.get('authorizations'),
form.cleaned_data.get('for_user'),
resource,
)
# Asynchronously update any downstream resources and entities.
update_authorizations.delay(
form.cleaned_data.get('authorizations'),
form.cleaned_data.get('for_user'),
resource,
by_user=request.user,
propagate=True,
)
return HttpResponseRedirect(
reverse('resource-authorization-list', args=(resource.id, )))
form.fields['for_user'].widget = forms.HiddenInput()
context = RequestContext(request, {
'for_user': user,
'resource': resource,
'form': form,
})
template = loader.get_template('resource_authorization_change.html')
return HttpResponse(template.render(context))
def resource_authorization_list(request, resource_id):
"""
Display permissions for a specific resource.
"""
resource = get_object_or_404(Resource, pk=resource_id)
can_change = authorization.check_authorization('change_authorizations',
request.user, resource)
context = RequestContext(
request, {
'can_change': can_change,
'resource': resource,
'authorizations': authorization.list_authorizations(resource),
})
template = loader.get_template('resource_authorization_list.html')
return HttpResponse(template.render(context))
def collection_authorization_change(request, collection_id, user_id):
"""
Change permissions on a resource for a specific user.
"""
collection = get_object_or_404(Collection, pk=collection_id)
user = get_object_or_404(User, pk=user_id)
if request.method == 'GET':
form = CollectionAuthorizationForm(
initial={
'for_user':
user,
'authorizations':
authorization.list_authorizations(collection, user)
})
elif request.method == 'POST':
form = CollectionAuthorizationForm(request.POST)
if form.is_valid():
if form.cleaned_data.get('for_user') != user:
raise RuntimeError('Whoops, someone f***ed with the user.')
authorizations = form.cleaned_data.get('authorizations')
for_user = form.cleaned_data.get('for_user')
propagate = form.cleaned_data.get('propagate', False)
authorization.update_authorizations(
authorizations,
for_user,
collection,
propagate=propagate,
)
update_authorizations.delay(authorizations, for_user, collection,
request.user)
return HttpResponseRedirect(
reverse('collection-authorization-list',
args=(collection.id, )))
form.fields['for_user'].widget = forms.HiddenInput()
context = RequestContext(request, {
'for_user': user,
'collection': collection,
'form': form,
})
template = loader.get_template('collection_authorization_change.html')
return HttpResponse(template.render(context))
def resource_authorization_create(request, resource_id):
"""
Allow the user to add authorizations for a new user.
This is kind of hacky, but will do for now.
"""
resource = get_object_or_404(Resource, pk=resource_id)
authorized_users = zip(*authorization.list_authorizations(resource))[0]
authorized_users_ids = [user.id for user in authorized_users]
unauthorized_users = User.objects.filter(~Q(
pk__in=authorized_users_ids)).order_by('username')
context = RequestContext(request, {
'unauthorized_users': unauthorized_users,
'resource': resource,
})
template = loader.get_template('resource_authorization_create.html')
return HttpResponse(template.render(context))