def permission_user_new(client):
if client.user:
available_perms = Permission.query.filter(
db.or_(Permission.allusers == True,
Permission.user == g.user)).order_by('name').all()
form = UserPermissionAssignForm()
elif client.org:
available_perms = Permission.query.filter(
db.or_(Permission.allusers == True,
Permission.org == client.org)).order_by('name').all()
form = TeamPermissionAssignForm()
form.org = client.org
form.team_id.choices = [(team.userid, team.title)
for team in client.org.teams]
else:
abort(403) # This should never happen. Clients always have an owner.
form.perms.choices = [(ap.name, u"%s – %s" % (ap.name, ap.title))
for ap in available_perms]
if form.validate_on_submit():
perms = set()
if client.user:
permassign = UserClientPermissions.query.filter_by(
user=form.user, client=client).first()
if permassign:
perms.update(permassign.access_permissions.split(u' '))
else:
permassign = UserClientPermissions(user=form.user,
client=client)
db.session.add(permassign)
else:
permassign = TeamClientPermissions.query.filter_by(
team=form.team, client=client).first()
if permassign:
perms.update(permassign.access_permissions.split(u' '))
else:
permassign = TeamClientPermissions(team=form.team,
client=client)
db.session.add(permassign)
perms.update(form.perms.data)
permassign.access_permissions = u' '.join(sorted(perms))
db.session.commit()
if client.user:
flash(
"Permissions have been assigned to user %s" %
form.user.pickername, 'success')
else:
flash(
"Permissions have been assigned to team '%s'" %
permassign.team.pickername, 'success')
return render_redirect(url_for('client_info', key=client.key),
code=303)
return render_form(form=form,
title="Assign permissions",
formid="perm_assign",
submit="Assign permissions",
ajax=True)
def permission_user_new(key):
client = Client.query.filter_by(key=key).first_or_404()
if not client.owner_is(g.user):
abort(403)
if client.user:
available_perms = Permission.query.filter(db.or_(
Permission.allusers == True,
Permission.user == g.user)).order_by('name').all()
form = UserPermissionAssignForm()
elif client.org:
available_perms = Permission.query.filter(db.or_(
Permission.allusers == True,
Permission.org == client.org)).order_by('name').all()
form = TeamPermissionAssignForm()
form.org = client.org
form.team_id.choices = [(team.userid, team.title) for team in client.org.teams]
else:
abort(403) # This should never happen. Clients always have an owner.
form.perms.choices = [(ap.name, u"%s – %s" % (ap.name, ap.title)) for ap in available_perms]
if form.validate_on_submit():
perms = set()
if client.user:
permassign = UserClientPermissions.query.filter_by(user=form.user, client=client).first()
if permassign:
perms.update(permassign.permissions.split(u' '))
else:
permassign = UserClientPermissions(user=form.user, client=client)
db.session.add(permassign)
else:
permassign = TeamClientPermissions.query.filter_by(team=form.team, client=client).first()
if permassign:
perms.update(permassign.permissions.split(u' '))
else:
permassign = TeamClientPermissions(team=form.team, client=client)
db.session.add(permassign)
perms.update(form.perms.data)
permassign.permissions = u' '.join(sorted(perms))
db.session.commit()
if client.user:
flash("Permissions have been assigned to user %s" % form.user.pickername, "info")
else:
flash("Permissions have been assigned to team '%s'" % permassign.team.pickername, "info")
return render_redirect(url_for('client_info', key=key), code=303)
return render_form(form=form, title="Assign permissions", formid="perm_assign", submit="Assign permissions", ajax=True)
def permission_user_edit(key, userid):
client = Client.query.filter_by(key=key).first()
if not client:
abort(404)
if client.user != g.user:
abort(403)
user = User.query.filter_by(userid=userid).first()
if not user:
abort(404)
available_perms = Permission.query.filter(Permission.allusers == True or Permission.user == g.user).order_by('name').all()
permassign = UserClientPermissions.query.filter_by(user=user, client=client).first()
form = UserPermissionEditForm()
form.perms.choices = [(ap.name, u"%s – %s" % (ap.name, ap.title)) for ap in available_perms]
if request.method == 'GET':
if permassign:
form.perms.data = permassign.permissions.split(u' ')
if form.validate_on_submit():
form.perms.data.sort()
perms = u' '.join(form.perms.data)
if not perms:
# No permissions specified. Delete this assignment
if permassign:
db.session.delete(permassign)
elif not permassign:
permassign = UserClientPermissions(user=user, client=client)
permassign.permissions = perms
db.session.add(permassign)
else:
permassign.permissions = perms
db.session.commit()
if perms:
flash("Permissions have been updated for user %s" % user.displayname(), "info")
else:
flash("All permissions have been revoked for user %s" % user.displayname(), "info")
return render_redirect(url_for('client_info', key=key), code=303)
return render_form(form=form, title="Edit permissions", formid="perm_edit", submit="Save changes", ajax=True)
