def change(self, user_id, new_role):
# FIXME CHECK RIGHTS
user_id = int(user_id)
new_role_id = int(new_role)
role_api = RoleApi(tg.tmpl_context.current_user)
role = role_api.get_one(user_id, tg.tmpl_context.workspace_id)
if tmpl_context.current_user.profile.id < Group.TIM_ADMIN and tmpl_context.current_user.user_id == user_id:
tg.flash(_('You can\'t change your own role'), CST.STATUS_ERROR)
tg.redirect(
self.parent_controller.url(tg.tmpl_context.workspace_id))
if new_role_id not in role_api.ALL_ROLE_VALUES:
tg.flash(_('Unknown role'), CST.STATUS_ERROR)
tg.redirect(
self.parent_controller.url(tg.tmpl_context.workspace_id))
return
if new_role_id == role.role:
tg.flash(_('No change found.'), CST.STATUS_ERROR)
tg.redirect(
self.parent_controller.url(tg.tmpl_context.workspace_id))
return
role.role = new_role_id
role_api.save(role)
tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id))
def _add_user_with_role(self, user_id: int, role_id: int, with_notif: bool, flash_msg_template)-> UserRoleInWorkspace:
user_api = UserApi(tg.tmpl_context.current_user)
user = user_api.get_one(user_id)
role_api = RoleApi(tg.tmpl_context.current_user)
role = role_api.create_one(user, tg.tmpl_context.workspace, role_id, with_notif)
tg.flash(flash_msg_template.format(
role.user.get_display_name(),
tg.tmpl_context.workspace.label,
role.role_as_label()), CST.STATUS_OK)
tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id))
def _add_user_with_role(self, user_id: int, role_id: int, with_notif: bool, flash_msg_template)-> UserRoleInWorkspace:
user_api = UserApi(tg.tmpl_context.current_user)
user = user_api.get_one(user_id)
role_api = RoleApi(tg.tmpl_context.current_user)
role = role_api.create_one(user, tg.tmpl_context.workspace, role_id, with_notif)
tg.flash(flash_msg_template.format(
role.user.get_display_name(),
tg.tmpl_context.workspace.label,
role.role_as_label()), CST.STATUS_OK)
tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id))
def test_get_notifiable_roles(self):
admin = DBSession.query(User) \
.filter(User.email == '*****@*****.**').one()
wapi = WorkspaceApi(admin)
w = wapi.create_workspace(label='workspace w', save_now=True)
uapi = UserApi(admin)
u = uapi.create_user(email='[email protected]', save_now=True)
eq_([], wapi.get_notifiable_roles(workspace=w))
rapi = RoleApi(u)
r = rapi.create_one(u, w, UserRoleInWorkspace.READER, with_notif='on')
eq_([r, ], wapi.get_notifiable_roles(workspace=w))
u.is_active = False
eq_([], wapi.get_notifiable_roles(workspace=w))
def test_get_notifiable_roles(self):
admin = DBSession.query(User) \
.filter(User.email == '*****@*****.**').one()
wapi = WorkspaceApi(admin)
w = wapi.create_workspace(label='workspace w', save_now=True)
uapi = UserApi(admin)
u = uapi.create_user(email='[email protected]', save_now=True)
eq_([], wapi.get_notifiable_roles(workspace=w))
rapi = RoleApi(u)
r = rapi.create_one(u, w, UserRoleInWorkspace.READER, with_notif=True)
eq_([r, ], wapi.get_notifiable_roles(workspace=w))
u.is_active = False
eq_([], wapi.get_notifiable_roles(workspace=w))
def create_workspace(
self,
label: str = '',
description: str = '',
calendar_enabled: bool = False,
save_now: bool = False,
) -> Workspace:
if not label:
label = self.generate_label()
workspace = Workspace()
workspace.label = label
workspace.description = description
workspace.calendar_enabled = calendar_enabled
# By default, we force the current user to be the workspace manager
# And to receive email notifications
role = RoleApi(self._user).create_one(
self._user,
workspace,
UserRoleInWorkspace.WORKSPACE_MANAGER,
with_notif=True)
DBSession.add(workspace)
DBSession.add(role)
if save_now:
DBSession.flush()
if calendar_enabled:
self.ensure_calendar_exist(workspace)
else:
self.disable_calendar(workspace)
return workspace
def post_delete(self, user_id):
user_id = int(user_id)
role_api = RoleApi(tg.tmpl_context.current_user)
role = role_api.get_one(user_id, tg.tmpl_context.workspace_id)
username = role.user.get_display_name()
undo_url = self.url(user_id, 'undelete', dict(old_role=role.role))
if tmpl_context.current_user.profile.id<Group.TIM_ADMIN and tmpl_context.current_user.user_id==user_id:
tg.flash(_('You can\'t remove yourself from this workgroup'), CST.STATUS_ERROR)
tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id))
role_api.delete_one(user_id, tg.tmpl_context.workspace_id, True)
tg.flash(_('User {} removed. You can <a class="alert-link" href="{}">restore it</a>').format(username, undo_url), CST.STATUS_OK, no_escape=True)
tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id))
def post_delete(self, user_id):
user_id = int(user_id)
role_api = RoleApi(tg.tmpl_context.current_user)
role = role_api.get_one(user_id, tg.tmpl_context.workspace_id)
username = role.user.get_display_name()
undo_url = self.url(user_id, 'undelete', dict(old_role=role.role))
if tmpl_context.current_user.profile.id<Group.TIM_ADMIN and tmpl_context.current_user.user_id==user_id:
tg.flash(_('You can\'t remove yourself from this workgroup'), CST.STATUS_ERROR)
tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id))
role_api.delete_one(user_id, tg.tmpl_context.workspace_id, True)
tg.flash(_('User {} removed. You can <a class="alert-link" href="{}">restore it</a>').format(username, undo_url), CST.STATUS_OK, no_escape=True)
tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id))
def get_one(self, workspace_id):
user = tmpl_context.current_user
workspace_api_controller = WorkspaceApi(user)
role_api = RoleApi(tg.tmpl_context.current_user)
user_api = UserApi(tg.tmpl_context.current_user)
workspace = workspace_api_controller.get_one(workspace_id)
role_list = role_api.get_roles_for_select_field()
user_list = user_api.get_all()
current_user_content = Context(CTX.CURRENT_USER).toDict(user)
dictified_workspace = Context(CTX.ADMIN_WORKSPACE).toDict(workspace, 'workspace')
fake_api_content = DictLikeClass(role_types=role_list, users=user_list, current_user=current_user_content)
fake_api = Context(CTX.ADMIN_WORKSPACE).toDict(fake_api_content)
return dict(result = dictified_workspace, fake_api = fake_api)
def get_one(self, workspace_id):
user = tmpl_context.current_user
workspace_api_controller = WorkspaceApi(user)
role_api = RoleApi(tg.tmpl_context.current_user)
user_api = UserApi(tg.tmpl_context.current_user)
workspace = workspace_api_controller.get_one(workspace_id)
role_list = role_api.get_roles_for_select_field()
user_list = user_api.get_all()
current_user_content = Context(CTX.CURRENT_USER).toDict(user)
dictified_workspace = Context(CTX.ADMIN_WORKSPACE).toDict(workspace, 'workspace')
fake_api_content = DictLikeClass(role_types=role_list, users=user_list, current_user=current_user_content)
fake_api = Context(CTX.ADMIN_WORKSPACE).toDict(fake_api_content)
return dict(result = dictified_workspace, fake_api = fake_api)
def get_one(self, user_id):
current_user = tmpl_context.current_user
api = UserApi(current_user)
# role_api = RoleApi(tg.tmpl_context.current_user)
# user_api = UserApi(tg.tmpl_context.current_user)
user = api.get_one(user_id) # FIXME
role_api = RoleApi(tg.tmpl_context.current_user)
role_list = role_api.get_roles_for_select_field()
dictified_user = Context(CTX.ADMIN_USER).toDict(user, 'user')
current_user_content = Context(CTX.CURRENT_USER).toDict(tmpl_context.current_user)
fake_api_content = DictLikeClass(current_user=current_user_content,
role_types=role_list)
fake_api = Context(CTX.ADMIN_USER).toDict(fake_api_content)
return DictLikeClass(result=dictified_user, fake_api=fake_api)
def get_one(self, user_id):
current_user = tmpl_context.current_user
api = UserApi(current_user )
# role_api = RoleApi(tg.tmpl_context.current_user)
# user_api = UserApi(tg.tmpl_context.current_user)
user = api.get_one(user_id) # FIXME
role_api = RoleApi(tg.tmpl_context.current_user)
role_list = role_api.get_roles_for_select_field()
dictified_user = Context(CTX.ADMIN_USER).toDict(user, 'user')
current_user_content = Context(CTX.CURRENT_USER).toDict(tmpl_context.current_user)
fake_api_content = DictLikeClass(current_user=current_user_content,
role_types=role_list)
fake_api = Context(CTX.ADMIN_USER).toDict(fake_api_content)
return DictLikeClass(result = dictified_user, fake_api=fake_api)
def get_viewable_members_for_role(role: int, members: [dict]) -> [dict]:
"""
Return given users list with viewable members by given role.
:param role: One of tracim.model.data.UserRoleInWorkspace roles
:param members: list of workspace members. Where member object own "role"
property containing tracim.model.data.UserRoleInWorkspace role.
:return: filtered member list
"""
viewable_users = []
for member in members:
if RoleApi.role_can_read_member_role(reader_role=role,
tested_role=member.role):
viewable_users.append(member)
return viewable_users
def change(self, user_id, new_role):
# FIXME CHECK RIGHTS
user_id = int(user_id)
new_role_id = int(new_role)
role_api = RoleApi(tg.tmpl_context.current_user)
role = role_api.get_one(user_id, tg.tmpl_context.workspace_id)
if tmpl_context.current_user.profile.id<Group.TIM_ADMIN and tmpl_context.current_user.user_id==user_id:
tg.flash(_('You can\'t change your own role'), CST.STATUS_ERROR)
tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id))
if new_role_id not in role_api.ALL_ROLE_VALUES:
tg.flash(_('Unknown role'), CST.STATUS_ERROR)
tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id))
return
if new_role_id==role.role:
tg.flash(_('No change found.'), CST.STATUS_ERROR)
tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id))
return
role.role = new_role_id
role_api.save(role)
tg.redirect(self.parent_controller.url(tg.tmpl_context.workspace_id))
def get_viewable_members_for_role(role: int, members: [dict]) -> [dict]:
"""
Return given users list with viewable members by given role.
:param role: One of tracim.model.data.UserRoleInWorkspace roles
:param members: list of workspace members. Where member object own "role"
property containing tracim.model.data.UserRoleInWorkspace role.
:return: filtered member list
"""
viewable_users = []
for member in members:
if RoleApi.role_can_read_member_role(
reader_role=role,
tested_role=member.role
):
viewable_users.append(member)
return viewable_users
def create_workspace(self,
label: str,
description: str = '',
save_now: bool = False) -> Workspace:
workspace = Workspace()
workspace.label = label
workspace.description = description
# By default, we force the current user to be the workspace manager
# And to receive email notifications
role = RoleApi(self._user).create_one(
self._user,
workspace,
UserRoleInWorkspace.WORKSPACE_MANAGER,
with_notif=True)
DBSession.add(workspace)
DBSession.add(role)
if save_now:
DBSession.flush()
return workspace
def test_unit__get_all_manageable(self):
admin = DBSession.query(User) \
.filter(User.email == '*****@*****.**').one()
uapi = UserApi(admin)
# Checks a case without workspaces.
wapi = WorkspaceApi(current_user=admin)
eq_([], wapi.get_all_manageable())
# Checks an admin gets all workspaces.
w4 = wapi.create_workspace(label='w4')
w3 = wapi.create_workspace(label='w3')
w2 = wapi.create_workspace(label='w2')
w1 = wapi.create_workspace(label='w1')
eq_([w1, w2, w3, w4], wapi.get_all_manageable())
# Checks a regular user gets none workspace.
gapi = GroupApi(None)
u = uapi.create_user('[email protected]', [gapi.get_one(Group.TIM_USER)], True)
wapi = WorkspaceApi(current_user=u)
rapi = RoleApi(current_user=u)
off = 'off'
rapi.create_one(u, w4, UserRoleInWorkspace.READER, off)
rapi.create_one(u, w3, UserRoleInWorkspace.CONTRIBUTOR, off)
rapi.create_one(u, w2, UserRoleInWorkspace.CONTENT_MANAGER, off)
rapi.create_one(u, w1, UserRoleInWorkspace.WORKSPACE_MANAGER, off)
eq_([], wapi.get_all_manageable())
# Checks a manager gets only its own workspaces.
u.groups.append(gapi.get_one(Group.TIM_MANAGER))
rapi.delete_one(u.user_id, w2.workspace_id)
rapi.create_one(u, w2, UserRoleInWorkspace.WORKSPACE_MANAGER, off)
eq_([w1, w2], wapi.get_all_manageable())
def insert(self):
admin = self._session.query(model.User) \
.filter(model.User.email == '*****@*****.**') \
.one()
bob = self._session.query(model.User) \
.filter(model.User.email == '*****@*****.**') \
.one()
workspace_api = WorkspaceApi(admin)
content_api = ContentApi(admin)
role_api = RoleApi(admin)
# Workspaces
w1 = workspace_api.create_workspace('w1', save_now=True)
w2 = workspace_api.create_workspace('w2', save_now=True)
w3 = workspace_api.create_workspace('w3', save_now=True)
# Workspaces roles
role_api.create_one(
user=bob,
workspace=w1,
role_level=UserRoleInWorkspace.CONTENT_MANAGER,
with_notif=False,
)
role_api.create_one(
user=bob,
workspace=w2,
role_level=UserRoleInWorkspace.CONTENT_MANAGER,
with_notif=False,
)
w1f1 = content_api.create(
content_type=ContentType.Folder,
workspace=w1,
label='w1f1',
do_save=True,
)
w1f2 = content_api.create(
content_type=ContentType.Folder,
workspace=w1,
label='w1f2',
do_save=True,
)
# Folders
w2f1 = content_api.create(
content_type=ContentType.Folder,
workspace=w2,
label='w1f1',
do_save=True,
)
w2f2 = content_api.create(
content_type=ContentType.Folder,
workspace=w2,
label='w2f2',
do_save=True,
)
w3f1 = content_api.create(
content_type=ContentType.Folder,
workspace=w3,
label='w3f3',
do_save=True,
)
# Pages, threads, ..
w1f1p1 = content_api.create(
content_type=ContentType.Page,
workspace=w1,
parent=w1f1,
label='w1f1p1',
do_save=True,
)
w1f1t1 = content_api.create(
content_type=ContentType.Thread,
workspace=w1,
parent=w1f1,
label='w1f1t1',
do_save=False,
)
w1f1t1.description = 'w1f1t1 description'
self._session.add(w1f1t1)
w1f1d1 = content_api.create(
content_type=ContentType.File,
workspace=w1,
parent=w1f1,
label='w1f1d1',
do_save=False,
)
w1f1d1.file_extension = '.txt'
w1f1d1.file_content = b'w1f1d1 content'
self._session.add(w1f1d1)
w2f1p1 = content_api.create(
content_type=ContentType.Page,
workspace=w2,
parent=w2f1,
label='w2f1p1',
do_save=True,
)
self._session.flush()
def insert(self):
admin = self._session.query(model.User) \
.filter(model.User.email == '*****@*****.**') \
.one()
bob = self._session.query(model.User) \
.filter(model.User.email == '*****@*****.**') \
.one()
admin_workspace_api = WorkspaceApi(admin)
bob_workspace_api = WorkspaceApi(bob)
content_api = ContentApi(admin)
role_api = RoleApi(admin)
# Workspaces
w1 = admin_workspace_api.create_workspace('w1', save_now=True)
w2 = bob_workspace_api.create_workspace('w2', save_now=True)
w3 = admin_workspace_api.create_workspace('w3', save_now=True)
# Workspaces roles
role_api.create_one(
user=bob,
workspace=w1,
role_level=UserRoleInWorkspace.CONTENT_MANAGER,
with_notif=False,
)
# Folders
w1f1 = content_api.create(
content_type=ContentType.Folder,
workspace=w1,
label='w1f1',
do_save=True,
)
w1f2 = content_api.create(
content_type=ContentType.Folder,
workspace=w1,
label='w1f2',
do_save=True,
)
w2f1 = content_api.create(
content_type=ContentType.Folder,
workspace=w2,
label='w2f1',
do_save=True,
)
w2f2 = content_api.create(
content_type=ContentType.Folder,
workspace=w2,
label='w2f2',
do_save=True,
)
w3f1 = content_api.create(
content_type=ContentType.Folder,
workspace=w3,
label='w3f3',
do_save=True,
)
# Pages, threads, ..
w1f1p1 = content_api.create(
content_type=ContentType.Page,
workspace=w1,
parent=w1f1,
label='w1f1p1',
do_save=True,
)
w1f1t1 = content_api.create(
content_type=ContentType.Thread,
workspace=w1,
parent=w1f1,
label='w1f1t1',
do_save=False,
)
w1f1t1.description = 'w1f1t1 description'
self._session.add(w1f1t1)
w1f1d1_txt = content_api.create(
content_type=ContentType.File,
workspace=w1,
parent=w1f1,
label='w1f1d1',
do_save=False,
)
w1f1d1_txt.file_extension = '.txt'
w1f1d1_txt.depot_file = FileIntent(
b'w1f1d1 content',
'w1f1d1.txt',
'text/plain',
)
self._session.add(w1f1d1_txt)
w1f1d2_html = content_api.create(
content_type=ContentType.File,
workspace=w1,
parent=w1f1,
label='w1f1d2',
do_save=False,
)
w1f1d2_html.file_extension = '.html'
w1f1d2_html.depot_file = FileIntent(
b'<p>w1f1d2 content</p>',
'w1f1d2.html',
'text/html',
)
self._session.add(w1f1d2_html)
w1f1f1 = content_api.create(
content_type=ContentType.Folder,
workspace=w1,
label='w1f1f1',
parent=w1f1,
do_save=True,
)
w2f1p1 = content_api.create(
content_type=ContentType.Page,
workspace=w2,
parent=w2f1,
label='w2f1p1',
do_save=True,
)
self._session.flush()
def test_unit__get_all_manageable(self):
admin = DBSession.query(User) \
.filter(User.email == '*****@*****.**').one()
uapi = UserApi(admin)
# Checks a case without workspaces.
wapi = WorkspaceApi(current_user=admin)
eq_([], wapi.get_all_manageable())
# Checks an admin gets all workspaces.
w4 = wapi.create_workspace(label='w4')
w3 = wapi.create_workspace(label='w3')
w2 = wapi.create_workspace(label='w2')
w1 = wapi.create_workspace(label='w1')
eq_([w1, w2, w3, w4], wapi.get_all_manageable())
# Checks a regular user gets none workspace.
gapi = GroupApi(None)
u = uapi.create_user('[email protected]', [gapi.get_one(Group.TIM_USER)], True)
wapi = WorkspaceApi(current_user=u)
rapi = RoleApi(current_user=u)
rapi.create_one(u, w4, UserRoleInWorkspace.READER, False)
rapi.create_one(u, w3, UserRoleInWorkspace.CONTRIBUTOR, False)
rapi.create_one(u, w2, UserRoleInWorkspace.CONTENT_MANAGER, False)
rapi.create_one(u, w1, UserRoleInWorkspace.WORKSPACE_MANAGER, False)
eq_([], wapi.get_all_manageable())
# Checks a manager gets only its own workspaces.
u.groups.append(gapi.get_one(Group.TIM_MANAGER))
rapi.delete_one(u.user_id, w2.workspace_id)
rapi.create_one(u, w2, UserRoleInWorkspace.WORKSPACE_MANAGER, False)
eq_([w1, w2], wapi.get_all_manageable())
