def group_list(request, on=None):
"""View a list of groups; doesn't show groups which are not visible to the
user making the request. Note that both the group name and the organization
are needed to specify the group uniquely.
@param request An HttpRequest
@param on The name of the organization for which to show groups"""
# The name of the template to view the list through
tn = 'vns/groups.html'
if on is not None:
# Get the organization from the database
try:
org = db.Organization.objects.get(name=on)
except db.Organization.DoesNotExist:
messages.error(request, "No such organization: %s" % on)
return HttpResponseRedirect('/organizations/')
# Get a list of groups
groups = list(db.Group.objects.filter)
else:
# on is None - we want all groups
groups = list(db.Group.objects.all())
# Filter the list so that we only see groups we're allowed to
pred = lambda g: permissions.allowed_group_access_use(request.user, g)
groups = filter(pred, groups)
# Give the groups to a template to display
return direct_to_template(request, tn, {'groups':groups})
def group_access_check(request, callee, action, **kwargs):
"""Checks that the user can access the functions they're trying to, and
if they can calls callee.
@param request An HTTP request
@param callee Gives the Callable to call
@param action One of "add", "change", "use", "delete", describing the
permissions needed
@param gid The ID of the group in question; not used for
action = "add"
@exception ValueError If an action is unrecognised
@exception KeyError If an option is missing
@return HttpResponse"""
def denied():
"""Generate an error message and redirect if we try do something to a
group we're not allowed to"""
messages.error(request, "Either this group doesn't exist or you don't "
"have permission to %s it." % action)
return HttpResponseRedirect('/login/')
def denied_add():
"""Generate an error message and redirect if we try to create a group
and are not allowed to"""
messages.error(request, "You don't have permission to create groups.")
return HttpResponseRedirect('/login/')
# If we're trying to add a group, don't need to get the group itself
if action == "add":
if permissions.allowed_group_access_create(request.user):
return callee(request)
else:
return denied_add()
else:
# Try getting the group - if it doesn't exist, show the same message
# as for permission denied. If we don't have org / group name
# arguments, django will show an internal error, which is what we want.
gn = kwargs['gn']
on = kwargs['on']
try :
group = db.Group.objects.get(org__name=on, name=gn)
except db.Group.DoesNotExist:
return denied()
if action == "use":
if permissions.allowed_group_access_use(request.user, group):
return callee(request, group=group, **kwargs)
else:
return denied()
elif action == "change":
if permissions.allowed_group_access_change(request.user, group):
return callee(request, group=group, **kwargs)
else:
return denied()
elif action == "delete":
if permissions.allowed_group_access_delete(request.user, group):
return callee(request, group=group, **kwargs)
else:
return denied()
else:
raise ValueError("Unknown action: %s" % options["action"])
