Exemple #1
0
def home():
    if session['logged_in']:
        all_permissions = read_user_permissions()
        for permission in all_permissions:
            session[permission] = True
        return render_template('home.html')
    else:
        return redirect(url_for('login'))
Exemple #2
0
def modify_role():
    if session['logged_in'] and ('Read roles' in session or 'Edit roles' in session):
        if request.form['submit'] == 'delete':
            role_id = request.form['roleid']
            q_session = Session()
            # Retrieve the role name for logging
            role = q_session.query(
                Roles
            ).filter_by(
                id=role_id
            ).first()
            rolename = role.name
            # Delete the role
            roles = q_session.query(
                Roles
            ).filter_by(
                id=role_id
            ).delete()
            # delete permissions associated with the role
            permissions = q_session.query(
                RolesPermissions
            ).filter(
                RolesPermissions.role_id == role_id
            ).delete()
            # delete user role map for the said role
            user_roles = q_session.query(
                UserRoles
            ).filter(
                UserRoles.user_role_id == role_id
            ).delete()
            q_session.commit()
            msg = str(datetime.datetime.now()) + ': Deleted role ' + rolename + ' by ' + current_user.email
            app.logger.info(msg)
        if request.form['submit'] == 'save':
            role_id = request.form['roleid']
            rolename = request.form['rolename']
            q_session = Session()

            # delete all existing permissions for this role
            permissions = q_session.query(
                RolesPermissions
            ).filter(
                RolesPermissions.role_id == role_id
            ).delete()
            q_session.commit()
            permissionslist = request.form.getlist('rolepermissions')

            # get system wide permissions
            all_permissions = all_permission_names()

            # find permissions to remove from session
            permissions_to_remove_from_session = list(set(all_permissions).difference(set(read_user_permissions())))

            # remove the permissions from session
            for permission_to_remove in permissions_to_remove_from_session:
                session.pop(permission_to_remove, None)

            # set all new permissions in session
            permission_names = q_session.query(
                Permissions.name
            ).filter(
                Permissions.id.in_(permissionslist)
            ).all()

            for each_permission in permission_names:
                session[each_permission[0]] = True

            # add new role permissions
            for permission in permissionslist:
                record = RolesPermissions(role_id=role_id, permissions_id=permission)
                q_session.add(record)
                q_session.commit()
            msg = str(datetime.datetime.now()) + ': Modified role ' + rolename + ' by ' + current_user.email
            app.logger.info(msg)
        return redirect(url_for('.list_roles'))
    else:
        session['no-access'] = True
        session['tried'] = 'Roles'
        return redirect(url_for('login'))