def get(self, uuid, **kwargs):
try:
role = roles.get_metadata(uuid)
all_perms = permissions.list_metadata()
except DataRequestException as e:
return render_template(self.template, errors=e.errors)
else:
# get the permissions already granted to the role
role_perms = list(role['permissions'].keys())
# remove any permissions not in the user's organization. Users
# cannot add permissions from outside their org to a role inside it
# but may be able to read metadata of those permissions.
all_perms = self.filter_by_org(all_perms, 'organization')
# Remove any permissions that already exist on the role.
all_perms = [
perm for perm in all_perms
if perm['permission_id'] not in role_perms
]
self.set_template_args()
return render_template(self.template,
role=role,
table_data=all_perms,
**self.template_args,
**kwargs)
def post(self, uuid):
form_data = request.form
user_email = form_data.get('user_email', '')
redirect_url = session.pop('redirect_link',
url_for('admin.role_view', uuid=uuid))
try:
users.add_role_by_email(user_email, uuid)
except DataRequestException as e:
if e.status_code == 500:
self.flash_api_errors(e.errors)
else:
# flash a message that grant failed
flash(
'Failed to grant role. Confirm with the user that they '
'are registered and affiliated with an SFA organization.',
'error')
try:
role = roles.get_metadata(uuid)
except DataRequestException as e:
# User could not read the role, flash a 404
self.flash_api_errors(e.errors)
role = None
# Refresh the page if the role failed, so the user can try again.
self.set_template_args(role, redirect_url)
return render_template(self.template,
form_data=form_data,
**self.template_args)
# flash success message and redirect
flash('Role granted successfully', 'message')
return redirect(redirect_url)
def get(self, uuid):
try:
role = roles.get_metadata(uuid)
except DataRequestException as e:
return render_template(self.template, errors=e.errors)
else:
self.set_template_args(role)
return render_template(self.template,
uuid=role['role_id'],
**self.template_args)
def get(self, uuid, **kwargs):
# This view displays either a table of permissions granted to the role
# or users that were granted the role based on the `table` query param.
role_table = request.args.get('table', 'permissions')
try:
role = roles.get_metadata(uuid)
permission_list = permissions.list_metadata()
except DataRequestException as e:
return render_template(self.template, errors=e.errors)
else:
self.set_template_args(role, permission_list, role_table)
return render_template(self.template, **kwargs, **self.template_args)
def get(self, uuid, permission_id, **kwargs):
"""Confirmation view for removing permission from a role
"""
try:
role = roles.get_metadata(uuid)
permission = permissions.get_metadata(permission_id)
except DataRequestException as e:
return render_template(self.template, errors=e.errors)
self.set_template_args()
return render_template(self.template,
role=role,
perm=permission,
**kwargs,
**self.template_args)
def get(self, uuid, **kwargs):
try:
role = roles.get_metadata(uuid)
except DataRequestException as e:
self.flash_api_errors(e.errors)
role = None
# Set the redirect link, to send users back to the correct page. They
# may have ended up here from the permission or users listing of the
# role, which only differ by the table query argument.
redirect_link = request.headers.get('Referer', url_for('admin.roles'))
session['redirect_link'] = redirect_link
self.set_template_args(role, redirect_link)
return render_template(self.template, **kwargs, **self.template_args)
def get(self, uuid):
role = roles.get_metadata(uuid).json()
if 'errors' in role:
role = None
else:
permission_list = permissions.list_metadata().json()
permission_map = {
perm['permission_id']: perm
for perm in permission_list
}
role['permissions'] = {
k: {
'added_to_role': v,
**permission_map[k]
}
for k, v in role['permissions'].items() if k in permission_map
}
return render_template('forms/admin/role.html',
role=role,
**self.template_args())
def get(self, uuid, role_id, **kwargs):
"""Confirmation view for removing a role from a user
"""
# set a redirect link, because we can be directed here
# from a role or user page.
redirect_link = request.headers.get('Referer', url_for('admin.roles'))
try:
user = users.get_metadata(uuid)
except DataRequestException:
# Check if the user is readable. For roles shared outside
# an org this may not be true, but we still need to pass
# user_id to the template for building urls and display.
user = {'user_id': uuid}
try:
role = roles.get_metadata(role_id)
except DataRequestException as e:
self.flash_api_errors(e.errors)
return redirect(redirect_link)
session['redirect_link'] = redirect_link
self.set_template_args(user, role, redirect_link)
return render_template(self.template, **kwargs, **self.template_args)
