Example #1
0
    def authz(self):
        def action_save_form(users):
            # The permissions grid has been saved
            # which is a grid of checkboxes named user$role
            rpi = request.params.items()

            # The grid passes us a list of the users/roles that were displayed
            submitted = [a for (a, b) in rpi if (b == u'submitted')]
            # and also those which were checked
            checked = [a for (a, b) in rpi if (b == u'on')]

            # from which we can deduce true/false for each user/role
            # combination that was displayed in the form
            table_dict = {}
            for a in submitted:
                table_dict[a] = False
            for a in checked:
                table_dict[a] = True

            # now we'll split up the user$role strings to make a dictionary
            # from (user,role) to True/False, which tells us what we need to
            # do.
            new_user_role_dict = {}
            for (ur, val) in table_dict.items():
                u, r = ur.split('$')
                new_user_role_dict[(u, r)] = val

            # we get the current user/role assignments
            # and make a dictionary of them
            current_uors = model.Session.query(model.SystemRole).all()
            current_users_roles = [(uor.user.name, uor.role)
                                   for uor in current_uors
                                   if uor.user]

            current_user_role_dict = {}
            for (u, r) in current_users_roles:
                current_user_role_dict[(u, r)] = True

            # and now we can loop through our dictionary of desired states
            # checking whether a change needs to be made, and if so making it

            # WORRY: Here it seems that we have to check whether someone is
            # already assigned a role, in order to avoid assigning it twice,
            # or attempting to delete it when it doesn't exist. Otherwise
            # problems occur. However this doesn't affect the index page,
            # which would seem to be prone to suffer the same effect. Why
            # the difference?


            for ((u, r), val) in new_user_role_dict.items():
                if val:
                    if not ((u, r) in current_user_role_dict):
                        model.add_user_to_role(
                            model.User.by_name(u), r,
                            model.System())
                else:
                    if ((u, r) in current_user_role_dict):
                        model.remove_user_from_role(
                            model.User.by_name(u), r,
                            model.System())

            # finally commit the change to the database
            model.Session.commit()
            h.flash_success(_("Changes Saved"))

        if ('save' in request.POST):
            action_save_form('users')

        def action_add_form(users):
            # The user is attempting to set new roles for a named user
            new_user = request.params.get('new_user_name')
            # this is the list of roles whose boxes were ticked
            checked_roles = [a for (a, b) in request.params.items()
                             if (b == u'on')]
            # this is the list of all the roles that were in the submitted
            # form
            submitted_roles = [a for (a, b) in request.params.items()
                               if (b == u'submitted')]

            # from this we can make a dictionary of the desired states
            # i.e. true for the ticked boxes, false for the unticked
            desired_roles = {}
            for r in submitted_roles:
                desired_roles[r] = False
            for r in checked_roles:
                desired_roles[r] = True

            # again, in order to avoid either creating a role twice or
            # deleting one which is non-existent, we need to get the users'
            # current roles (if any)

            current_uors = model.Session.query(model.SystemRole).all()


            current_roles = [uor.role for uor in current_uors
                             if (uor.user and uor.user.name == new_user)]
            user_object = model.User.by_name(new_user)
            if user_object is None:
                # The submitted user does not exist. Bail with flash
                # message
                h.flash_error(_('unknown user:'******'add' in request.POST:
            action_add_form('users')

        # =================
        # Display the page
        # Find out all the possible roles. For the system object that's just
        # all of them.
        possible_roles = Role.get_all()

        # get the list of users who have roles on the System, with their roles
        uors = model.Session.query(model.SystemRole).all()
        # uniquify and sort
        users = sorted(list(set([uor.user.name for uor in uors if uor.user])))

        users_roles = [(uor.user.name, uor.role) for uor in uors if uor.user]
        user_role_dict = {}
        for u in users:
            for r in possible_roles:
                if (u, r) in users_roles:
                    user_role_dict[(u, r)] = True
                else:
                    user_role_dict[(u, r)] = False


        # pass these variables to the template for rendering
        c.roles = possible_roles
        c.users = users
        c.user_role_dict = user_role_dict

        return base.render('admin/authz.html')
Example #2
0
    def authz(self):
        def action_save_form(users):
            # The permissions grid has been saved
            # which is a grid of checkboxes named user$role
            rpi = request.params.items()

            # The grid passes us a list of the users/roles that were displayed
            submitted = [a for (a, b) in rpi if (b == u'submitted')]
            # and also those which were checked
            checked = [a for (a, b) in rpi if (b == u'on')]

            # from which we can deduce true/false for each user/role
            # combination that was displayed in the form
            table_dict = {}
            for a in submitted:
                table_dict[a] = False
            for a in checked:
                table_dict[a] = True

            # now we'll split up the user$role strings to make a dictionary
            # from (user,role) to True/False, which tells us what we need to
            # do.
            new_user_role_dict = {}
            for (ur, val) in table_dict.items():
                u, r = ur.split('$')
                new_user_role_dict[(u, r)] = val

            # we get the current user/role assignments
            # and make a dictionary of them
            current_uors = model.Session.query(model.SystemRole).all()
            current_users_roles = [(uor.user.name, uor.role)
                                   for uor in current_uors if uor.user]

            current_user_role_dict = {}
            for (u, r) in current_users_roles:
                current_user_role_dict[(u, r)] = True

            # and now we can loop through our dictionary of desired states
            # checking whether a change needs to be made, and if so making it

            # WORRY: Here it seems that we have to check whether someone is
            # already assigned a role, in order to avoid assigning it twice,
            # or attempting to delete it when it doesn't exist. Otherwise
            # problems occur. However this doesn't affect the index page,
            # which would seem to be prone to suffer the same effect. Why
            # the difference?

            for ((u, r), val) in new_user_role_dict.items():
                if val:
                    if not ((u, r) in current_user_role_dict):
                        model.add_user_to_role(model.User.by_name(u), r,
                                               model.System())
                else:
                    if ((u, r) in current_user_role_dict):
                        model.remove_user_from_role(model.User.by_name(u), r,
                                                    model.System())

            # finally commit the change to the database
            model.Session.commit()
            h.flash_success(_("Changes Saved"))

        if ('save' in request.POST):
            action_save_form('users')

        def action_add_form(users):
            # The user is attempting to set new roles for a named user
            new_user = request.params.get('new_user_name')
            # this is the list of roles whose boxes were ticked
            checked_roles = [
                a for (a, b) in request.params.items() if (b == u'on')
            ]
            # this is the list of all the roles that were in the submitted
            # form
            submitted_roles = [
                a for (a, b) in request.params.items() if (b == u'submitted')
            ]

            # from this we can make a dictionary of the desired states
            # i.e. true for the ticked boxes, false for the unticked
            desired_roles = {}
            for r in submitted_roles:
                desired_roles[r] = False
            for r in checked_roles:
                desired_roles[r] = True

            # again, in order to avoid either creating a role twice or
            # deleting one which is non-existent, we need to get the users'
            # current roles (if any)

            current_uors = model.Session.query(model.SystemRole).all()

            current_roles = [
                uor.role for uor in current_uors
                if (uor.user and uor.user.name == new_user)
            ]
            user_object = model.User.by_name(new_user)
            if user_object is None:
                # The submitted user does not exist. Bail with flash
                # message
                h.flash_error(_('unknown user:'******'add' in request.POST:
            action_add_form('users')

        # =================
        # Display the page
        # Find out all the possible roles. For the system object that's just
        # all of them.
        possible_roles = Role.get_all()

        # get the list of users who have roles on the System, with their roles
        uors = model.Session.query(model.SystemRole).all()
        # uniquify and sort
        users = sorted(list(set([uor.user.name for uor in uors if uor.user])))

        users_roles = [(uor.user.name, uor.role) for uor in uors if uor.user]
        user_role_dict = {}
        for u in users:
            for r in possible_roles:
                if (u, r) in users_roles:
                    user_role_dict[(u, r)] = True
                else:
                    user_role_dict[(u, r)] = False

        # pass these variables to the template for rendering
        c.roles = possible_roles
        c.users = users
        c.user_role_dict = user_role_dict

        return base.render('admin/authz.html')
Example #3
0
from pylons import config

import ckan.lib.base as base
import ckan.lib.helpers as h
import ckan.lib.app_globals as app_globals
import ckan.authz
import ckan.lib.authztool
import ckan.model as model
import ckan.logic
import ckan.new_authz

from ckan.model.authz import Role
roles = Role.get_all()
role_tuples = [(x, x) for x in roles]


c = base.c
request = base.request
_ = base._

def get_sysadmins():
    q = model.Session.query(model.User).filter(model.User.sysadmin==True)
    return q.all()


class AdminController(base.BaseController):
    def __before__(self, action, **params):
        super(AdminController, self).__before__(action, **params)
        context = {'model': model,
                   'user': c.user}
        if not ckan.new_authz.is_authorized('sysadmin', context, {})['success']:
Example #4
0
from pylons import config

import ckan.lib.base as base
import ckan.lib.helpers as h
import ckan.lib.app_globals as app_globals
import ckan.lib.authztool
import ckan.model as model
import ckan.logic
import ckan.new_authz

from ckan.model.authz import Role
roles = Role.get_all()
role_tuples = [(x, x) for x in roles]

c = base.c
request = base.request
_ = base._


def get_sysadmins():
    q = model.Session.query(model.User).filter(model.User.sysadmin == True)
    return q.all()


class AdminController(base.BaseController):
    def __before__(self, action, **params):
        super(AdminController, self).__before__(action, **params)
        context = {'model': model, 'user': c.user}
        if not ckan.new_authz.is_authorized('sysadmin', context,
                                            {})['success']:
            base.abort(401, _('Need to be system administrator to administer'))