class UsersPermissionsAPI(object):
def __init__(self, request):
self.request = request
self.shared = UsersShared(request)
@view_config(request_method="POST")
def post(self):
json_body = self.request.unsafe_json_body
user = self.shared.user_get(self.request.matchdict["object_id"])
self.shared.permission_post(user, json_body["perm_name"])
return True
@view_config(request_method="DELETE")
def delete(self):
user = self.shared.user_get(self.request.matchdict["object_id"])
permission = self.shared.permission_get(user, self.request.GET.get("perm_name"))
self.shared.permission_delete(user, permission)
return True
class UsersPermissionsAPI(object):
def __init__(self, request):
self.request = request
self.shared = UsersShared(request)
@view_config(request_method="POST")
def post(self):
json_body = self.request.unsafe_json_body
user = self.shared.user_get(self.request.matchdict['object_id'])
self.shared.permission_post(user, json_body['perm_name'])
return True
@view_config(request_method="DELETE")
def delete(self):
user = self.shared.user_get(self.request.matchdict['object_id'])
permission = self.shared.permission_get(
user, self.request.GET.get('perm_name'))
self.shared.permission_delete(user, permission)
return True
class AdminUserRelationsView(BaseView):
"""
Handles operations on group properties
"""
def __init__(self, request):
super(AdminUserRelationsView, self).__init__(request)
self.shared = UsersShared(request)
@view_config(
renderer='testscaffold:templates/admin/users/edit.jinja2',
match_param=['object=users', 'relation=permissions', 'verb=POST'])
def permission_post(self):
request = self.request
user = self.shared.user_get(request.matchdict['object_id'])
user_form = UserAdminUpdateForm(request.POST,
obj=user,
context={
'request': request,
'modified_obj': user
})
permission_form = DirectPermissionForm(request.POST,
context={'request': request})
permissions_grid = UserPermissionsGrid(user.permissions,
request=request,
user=user)
if request.method == "POST" and permission_form.validate():
permission_name = permission_form.perm_name.data
self.shared.permission_post(user, permission_name)
url = request.route_url('admin_object',
object='users',
object_id=user.id,
verb='GET')
return pyramid.httpexceptions.HTTPFound(location=url)
return {
'user': user,
'user_form': user_form,
'permission_form': permission_form,
'permissions_grid': permissions_grid
}
@view_config(
renderer='testscaffold:templates/admin/relation_remove.jinja2',
match_param=('object=users', 'relation=permissions', 'verb=DELETE'),
request_method="GET")
@view_config(
renderer='testscaffold:templates/admin/relation_remove.jinja2',
match_param=('object=users', 'relation=permissions', 'verb=DELETE'),
request_method="POST")
def permission_delete(self):
request = self.request
user = self.shared.user_get(request.matchdict['object_id'])
permission = self.shared.permission_get(user,
request.GET.get('perm_name'))
back_url = request.route_url('admin_object',
object='users',
object_id=user.id,
verb='GET')
if request.method == "POST":
self.shared.permission_delete(user, permission)
return pyramid.httpexceptions.HTTPFound(location=back_url)
return {
"parent_obj": user,
"member_obj": permission,
"confirm_url": request.current_route_url(),
"back_url": back_url
}
class AdminUserRelationsView(BaseView):
"""
Handles operations on group properties
"""
def __init__(self, request):
super(AdminUserRelationsView, self).__init__(request)
self.shared = UsersShared(request)
@view_config(
renderer="testscaffold:templates/admin/users/edit.jinja2",
match_param=["object=users", "relation=permissions", "verb=POST"],
)
def permission_post(self):
request = self.request
user = self.shared.user_get(request.matchdict["object_id"])
user_form = UserAdminUpdateForm(
request.POST, obj=user, context={"request": request, "modified_obj": user}
)
permission_form = DirectPermissionForm(
request.POST, context={"request": request}
)
permissions_grid = UserPermissionsGrid(
UserService.permissions(user), request=request, user=user
)
if request.method == "POST" and permission_form.validate():
permission_name = permission_form.perm_name.data
self.shared.permission_post(user, permission_name)
url = request.route_url(
"admin_object", object="users", object_id=user.id, verb="GET"
)
return pyramid.httpexceptions.HTTPFound(location=url)
return {
"user": user,
"user_form": user_form,
"permission_form": permission_form,
"permissions_grid": permissions_grid,
}
@view_config(
renderer="testscaffold:templates/admin/relation_remove.jinja2",
match_param=("object=users", "relation=permissions", "verb=DELETE"),
request_method="GET",
)
@view_config(
renderer="testscaffold:templates/admin/relation_remove.jinja2",
match_param=("object=users", "relation=permissions", "verb=DELETE"),
request_method="POST",
)
def permission_delete(self):
request = self.request
user = self.shared.user_get(request.matchdict["object_id"])
permission = self.shared.permission_get(user, request.GET.get("perm_name"))
back_url = request.route_url(
"admin_object", object="users", object_id=user.id, verb="GET"
)
if request.method == "POST":
self.shared.permission_delete(user, permission)
return pyramid.httpexceptions.HTTPFound(location=back_url)
return {
"parent_obj": user,
"member_obj": permission,
"confirm_url": request.current_route_url(),
"back_url": back_url,
}