Esempio n. 1
0
def review_page(request, action_class, **kwargs):
	access = Access(request)
	allowable = access.allowable(action_class)
	if allowable is False:
		simple = action_class.readable()
		raise HTTPForbidden("You don't have sufficient permissions to review %s requests" % simple)

	serial_field = 'SERIAL'

	answer = ''
	POST = request.POST
	if serial_field in POST and (EXIT[0] in POST or EXIT[1] in POST):
		serial = POST[serial_field]
		action = DBSession.query(action_class).filter(Action.serial == serial).first()
		if action is None:
			raise HTTPNotFound('Invalid serial number')
		if action not in allowable:
			raise HTTPForbidden('Action not available for processing')
		if EXIT[0] in POST and EXIT[1] in POST:
			raise ValueError('Both "%s" and "%s" specified in form' % EXIT)
		choice = EXIT[1] if EXIT[1] in POST else EXIT[0]
		caps = [c for c in allowable[action] if c.access_type == choice]
		try:
			answer = access.perform_with_one(action, caps)
		except HTTPException as e:
			answer = e.detail
		else:
			del allowable[action]

	forms = []
	form_params = dict(serial_field=serial_field)
	button_options = {EXIT[0]:'Allow', EXIT[1]:'Deny'}
	for action, caps in allowable.iteritems():
		render_template, render_params = action.render('pending')
		form_params['info'] = HTML(render(render_template, render_params, request))
		form_params['serial'] = action.serial
		form_params['credentials'] = offer_creds(request, caps)
		choices = set((c.access_type for c in caps))
		form_params['buttons'] = ((c, button_options[c]) for c in choices)
		forms.append(HTML(render(FORM_TEMPLATE, form_params, request)))
	if not forms:
		forms.append('No requests are available for processing')
	
	return dict(forms=forms, answer=HTML(answer), **kwargs)
Esempio n. 2
0
def check_page(request, action_class, **kwargs):
    serial, serial_field, form_field = "", "SERIAL", "FORM"
    anon = form_field not in request.POST

    answer = ""
    if serial_field in request.POST:
        serial = request.POST[serial_field]
        res = __check(action_class, serial)
        if isinstance(res, HTTPException):
            if anon:
                raise res
            answer = res.detail
        else:
            answer = render(res[0], res[1], request)
            if anon:
                return rendered

    params = dict(serial=serial, serial_field=serial_field, form_field=form_field)
    form = render(TEMPLATE, params)

    return dict(form=HTML(form), answer=HTML(answer), **kwargs)
Esempio n. 3
0
def revoke_page(request, action_class, **kwargs):
	access = Access(request)
	revocable = access.revocable(action_class)
	if revocable is False:
		simple = action_class.readable()
		raise HTTPForbidden("You don't have sufficient permissions to revoke %s requests" % simple)

	serial_field = 'SERIAL'

	answer = ''
	POST = request.POST
	if serial_field in POST:
		serial = POST[serial_field]
		action = DBSession.query(action_class).filter(Action.serial == serial).first()
		if action is None:
			raise HTTPNotFound('Invalid serial number')
		if action not in revocable:
			raise HTTPForbidden('Action not available for revocation')
		try:
			answer = access.perform_with_one(action, revocable[action])
		except HTTPException as e:
			answer = e.detail
		else:
			del revocable[action]

	forms = []
	form_params = dict(serial_field=serial_field, button='Revoke')
	button_options = {EXIT[0]:'Allow', EXIT[1]:'Deny'}
	for action, caps in revocable.iteritems():
		render_template, render_params = action.render('approved')
		form_params['info'] = HTML(render(render_template, render_params, request))
		form_params['serial'] = action.serial
		form_params['credentials'] = offer_creds(request, caps)
		forms.append(HTML(render(FORM_TEMPLATE, form_params, request)))
	if not forms:
		forms.append('No requests are available for revocation')
	
	return dict(forms=forms, answer=HTML(answer), **kwargs)