def handle(self, *args, **options):
verbose = options.get("verbose", True)
permissions = args
## Check if there are any assignments, optionally skip those?
## if the state is published, fix view perm XXX
## (or even better: properly define and consult workflow)
for m in models.get_models(include_auto_created=True):
if not issubclass(m, Content) or not type_registry.get(m.get_name()):
continue
for c in m.objects.all():
s = c.spoke()
wf = s.workflow()
state = c.state
wfassignment = wf.permission_assignment.get(state)
for permission in map(auth.Permission, permissions):
classassignment = getattr(s, "permission_assignment", {}).get(permission)
if not classassignment:
continue
assignments = RolePermission.assignments(c).filter(permission=permission)
if assignments.count() == 0:
if verbose:
print c.title, s, "has no assignment for", permission
for role in classassignment:
RolePermission.assign(c, role, permission).save()
if wfassignment and wfassignment.get(permission):
s.update_perms(c, {permission: wfassignment[permission]})
def auth(self, handler, request, action):
##
## If post, handle/reset perm changes
if request.method == "POST":
existing = RolePermission.assignments(self.instance)
assignments = request.POST.getlist('assignment')
for e in existing:
if "{0}/{1}".format(e.permission, e.role) not in assignments:
e.delete()
for assignment in assignments:
perm, role = assignment.split('/', 1)
RolePermission.assign(self.instance, Role(role),
Permission(perm)).save()
ctx = {'spoke':self}
roles = Role.all()
permissions = []
## order roles, permissions (alphabetically?)
for perm in Permission.all():
d = dict(perm=perm, roles=[])
perms_per_role = RolePermission.assignments(
self.instance).filter(
permission=perm.id,
).values_list('role', flat=True)
r = []
for role in roles:
r.append(dict(role=role, checked=role.id in perms_per_role))
d['roles'] = r
permissions.append(d)
ctx['roles'] = roles
ctx['permissions'] = permissions
return handler.template("wheelcms_axle/edit_permissions.html", **ctx)
def update_perms(instance, permdict):
for permission, roles in permdict.iteritems():
RolePermission.clear(instance, permission)
for role in roles:
RolePermission.assign(instance, role, permission).save()
def assign_perms(instance, permdict):
""" invoked by a signal handler upon creation: Set initial
permissions """
for permission, roles in permdict.iteritems():
for role in roles:
RolePermission.assign(instance, role, permission).save()
