def share(): """ Show the list of desk to with the item can be push """ item = application.getItemByUUID(request.args(0)) if item is None: raise HTTP(404) query = (db.desk.id != session.desk_id) query &= auth.accessible_query('push_items', db.desk) posible_desk = db(query).select() fld_to_desk = Field('to_desk', 'integer') fld_to_desk.label = T("Push to organization desk") fld_to_desk.comment = T("Select where to push the item") fld_to_desk.requires = IS_EMPTY_OR( IS_IN_SET([(desk.id, desk.name) for desk in posible_desk])) fld_personal_desk = Field('to_person_desk', 'integer') fld_personal_desk.label = T("Push to other person desk") fld_personal_desk.comment = T("Select a person from the list.") # list of person on orgs persons = [] # search up all the persons orgs = db(db.organization.users.contains(auth.user.id)).select() for org in orgs: x = [db.auth_user(id=y) for y in org.users if y != auth.user.id] persons.extend(x) persons = list(set(persons)) fld_personal_desk.requires = IS_EMPTY_OR( IS_IN_SET([(per.id, "{} {}".format(per.first_name, per.last_name)) for per in persons])) fld_cond = Field('cond', 'boolean', default=False) fld_cond.label = T('To other person?') form = SQLFORM.factory(fld_to_desk, fld_personal_desk, fld_cond, submit_button=T("Send"), table_name='share') if form.process().accepted: src = session.desk_id if form.vars.cond: # send the item to other user other_user = db.auth_user(form.vars.to_person_desk) target = application.getUserDesk(other_user).id else: # send the item to the selected desk target = form.vars.to_desk if target: ct = application.getContentType(item.item_type) ct.shareItem(item.unique_id, src, target) response.js = "$('#metaModal').modal('hide');" response.flash = None return locals()
def members(): org = db.organization(request.args(0)) if not request.args(1): fld_email = Field('email', 'string', label=T("Email")) fld_email.requires = IS_EMAIL() form = SQLFORM.factory(fld_email, formstyle='bootstrap3_inline', submit_button=T("Add user"), table_name='members') if form.process().accepted: u = db.auth_user(email=form.vars.email) if u is not None: # create new share if u.id in org.users: form.errors.email = T( "The user is already in the organization") else: user_list = org.users user_list.insert(0, u.id) org.update_record(users=user_list) g_id = auth.user_group(u.id) auth.add_permission(g_id, 'read', db.organization, org.id) else: # no user with that email response.flash = "" form.errors.email = T("The user don't exists on this system") elif request.args(1) == 'delete': # remove the user on args(2) from the org members list # TODO: remove else any perms on the org desks user_to_remove = db.auth_user(request.args(2)) if user_to_remove is not None: user_list = org.users user_list.remove(user_to_remove.id) org.update_record(users=user_list) # remove perms over the org auth.del_permission(auth.user_group(user_to_remove.id), 'read', db.organization, org.id) # remove, also, all rights over the desks in the org. desk_perms = [ 'read_desk', 'update_items', 'push_items', 'update_desk' ] for desk_id in org.desks: for perm in desk_perms: auth.del_permission(auth.user_group(user_to_remove.id), perm, db.desk, desk_id) redirect(URL('org', 'members', args=[org.id])) return locals()
def delete(): desk = db.desk(request.args(0)) session.desk_id = desk.id db.desk.item_list.readable = False db.desk.item_list.writable = False form = SQLFORM.confirm(T("Are you sure?"), {T('Cancel'): URL('index', args=[desk.id])}) if form.accepted: # empty move all the items in the desk to the owners desk for item_id in desk.item_list: item = db.item(item_id) owner = db.auth_user(item.created_by) owner_desk = application.getUserDesk(user=owner) owner_desk_items = owner_desk.item_list owner_desk_items.append(item_id) owner_desk.update_record(item_list=owner_desk_items) # remove desk from org org = db(db.organization.desks.contains(desk.id)).select().first() desk_list = org.desks desk_list.remove(desk.id) org.update_record(desks=desk_list) # delete the desk from db. del db.desk[desk.id] # cleanup context session.desk_id = None # go to org view redirect(URL('org', 'view', args=[org.id])) return locals()
def index(): """ Show notifications for the current user """ tbl = db.notification query = (tbl.id > 0) query &= (tbl.to_user == auth.user.id) def p_seen_rpr(v, r): if v: return I(_class="fa fa-envelope-open-o") return I(_class="fa fa-envelope") tbl.seen.represent = p_seen_rpr if request.args(0) == 'view': tbl.seen.readable = False tbl.message_content.represent = lambda v, r: XML(v) msg = tbl(request.args(2)) msg.update_record(seen=True) tbl.from_user.represent = lambda v, r: db.auth_user(v).email grid = SQLFORM.grid( query, fields=[tbl.subject, tbl.from_user, tbl.seen, tbl.msg_date], paginate=10, showbuttontext=False, editable=False, csv=False, maxtextlengths={'notification.subject': 100}, create=False, searchable=False, orderby=[~tbl.msg_date], formstyle='bootstrap', ) return dict(grid=grid)
def users(): desk = db.desk(request.args(0)) session.desk_id = desk.id org = db.organization(session.org_id) if request.args(1): my_user = db.auth_user(request.args(1)) fld_read_desk = Field('read_desk', 'boolean') fld_read_desk.label = T("Read '%s' content", (desk.name, )) fld_read_desk.comment = T( "Allow the user read only access to the desk item list.") fld_read_desk.default = auth.has_permission('read', db.desk, desk.id, my_user.id) fld_update_items = Field('update_items', 'boolean') fld_update_items.label = T("Read/Update items in '%s'", (desk.name, )) fld_update_items.comment = T( "Allow the user make modifications to the items in the desk.") fld_update_items.default = auth.has_permission('update_items', db.desk, desk.id, my_user.id) fld_push_items = Field('push_items', 'boolean') fld_push_items.label = T("Push items into '%s'", (desk.name, )) fld_push_items.comment = T( """Allow the user move items into the desk.""") fld_push_items.default = auth.has_permission('push_items', db.desk, desk.id, my_user.id) fld_update_desk = Field('update_desk', 'boolean') fld_update_desk.label = T("Update/Manage '%s'", (desk.name, )) fld_update_desk.comment = T(""" Allow the user to manage/administrate this desk. Use with caution. """) fld_update_desk.default = auth.has_permission('update', db.desk, desk.id, my_user.id) form = SQLFORM.factory(fld_read_desk, fld_update_items, fld_push_items, fld_update_desk, table_name='desk_perms') if form.process().accepted: if form.vars.read_desk: # give perm auth.add_permission(auth.user_group(my_user.id), 'read', db.desk, desk.id) else: auth.del_permission(auth.user_group(my_user.id), 'read', db.desk, desk.id) if form.vars.update_items: # give perm auth.add_permission(auth.user_group(my_user.id), 'update_items', db.desk, desk.id) else: auth.del_permission(auth.user_group(my_user.id), 'update_items', db.desk, desk.id) if form.vars.push_items: # give perm auth.add_permission(auth.user_group(my_user.id), 'push_items', db.desk, desk.id) else: auth.del_permission(auth.user_group(my_user.id), 'push_items', db.desk, desk.id) if form.vars.update_desk: # give perm auth.add_permission(auth.user_group(my_user.id), 'update_desk', db.desk, desk.id) else: auth.del_permission(auth.user_group(my_user.id), 'update_desk', db.desk, desk.id) redirect(URL('desk', 'users', args=[desk.id])) response.view = "desk/user_perms.html" else: # select user view query = (db.auth_user.id > 0) query &= (db.auth_user.id.belongs(org.users)) my_users = db(query).select() return locals()