def user_permissions(request, id, user_id=None):
"""
Ajax call to update a user's permissions
@param id: id of Group
"""
editor = request.user
group = get_object_or_404(Group, id=id)
if not (editor.is_superuser or editor.has_perm('admin', group)):
return HttpResponseForbidden('You do not have sufficient privileges')
if request.method == 'POST':
form = ObjectPermissionForm(Group, request.POST)
if form.is_valid():
form.update_perms()
user = form.cleaned_data['user']
# send signal
view_edit_user.send(sender=editor, user=user, obj=group)
# return html to replace existing user row
url = reverse('group-permissions', args=[id])
return render_to_response(
"object_permissions/muddle/group/user_row.html", {
'object': group,
'user_detail': user,
'url': url
},
context_instance=RequestContext(request))
# error in form return ajax response
content = json.dumps(form.errors)
return HttpResponse(content, mimetype='application/json')
# render a form for an existing user only
form_user = get_object_or_404(User, id=user_id)
data = {
'permissions': get_user_perms(form_user, group),
'obj': group,
'user': user_id
}
form = ObjectPermissionForm(Group, data)
return render_to_response(
"object_permissions/permissions/form.html", {
'form': form,
'obj': group,
'user_id': user_id,
'url': reverse('group-permissions', args=[group.id])
},
context_instance=RequestContext(request))
def user_permissions(request, id, user_id=None):
"""
Ajax call to update a user's permissions
@param id: id of Group
"""
editor = request.user
group = get_object_or_404(Group, id=id)
if not (editor.is_superuser or editor.has_perm("admin", group)):
return HttpResponseForbidden("You do not have sufficient privileges")
if request.method == "POST":
form = ObjectPermissionForm(Group, request.POST)
if form.is_valid():
form.update_perms()
user = form.cleaned_data["user"]
# send signal
view_edit_user.send(sender=editor, user=user, obj=group)
# return html to replace existing user row
url = reverse("group-permissions", args=[id])
return render_to_response(
"object_permissions/permissions/user_row.html",
{"object": group, "user_detail": user, "url": url},
context_instance=RequestContext(request),
)
# error in form return ajax response
content = json.dumps(form.errors)
return HttpResponse(content, mimetype="application/json")
# render a form for an existing user only
form_user = get_object_or_404(User, id=user_id)
data = {"permissions": get_user_perms(form_user, group), "obj": group, "user": user_id}
form = ObjectPermissionForm(Group, data)
return render_to_response(
"object_permissions/permissions/form.html",
{"form": form, "obj": group, "user_id": user_id, "url": reverse("group-permissions", args=[group.id])},
context_instance=RequestContext(request),
)
def user_permissions(request, id, user_id=None):
"""
Ajax call to update a user's permissions
@param id: id of Group
"""
editor = request.user
group = get_object_or_404(Group, id=id)
if not (editor.is_superuser or editor.has_perm('admin', group)):
return HttpResponseForbidden('You do not have sufficient privileges')
if request.method == 'POST':
form = ObjectPermissionForm(Group, request.POST)
if form.is_valid():
form.update_perms()
user = form.cleaned_data['user']
# send signal
view_edit_user.send(sender=editor, user=user, obj=group)
# return html to replace existing user row
url = reverse('group-permissions', args=[id])
return render_to_response(
"object_permissions/muddle/group/user_row.html",
{'object':group, 'user_detail':user, 'url':url},
context_instance=RequestContext(request))
# error in form return ajax response
content = json.dumps(form.errors)
return HttpResponse(content, mimetype='application/json')
# render a form for an existing user only
form_user = get_object_or_404(User, id=user_id)
data = {'permissions':get_user_perms(form_user, group),
'obj':group, 'user':user_id}
form = ObjectPermissionForm(Group, data)
return render_to_response("object_permissions/permissions/form.html",
{'form':form, 'obj':group, 'user_id':user_id,
'url':reverse('group-permissions', args=[group.id])},
context_instance=RequestContext(request))
def view_obj_permissions(request, class_name, obj_id=None,
user_id=None, group_id=None,
row_template='object_permissions/permissions/object_row.html'):
"""
Generic view for editing permissions on an object when the user is already.
Known. This is an admin only view since it is impossible to know the
permission scheme for the apps that are registering properties.
"""
if not request.user.is_superuser:
return HttpResponseForbidden('You are not authorized to view this page')
try:
cls = get_class(class_name)
except KeyError:
return HttpResponseNotFound('Class type does not exist')
if request.method == 'POST':
form = ObjectPermissionFormNewUsers(cls, request.POST)
if form.is_valid():
data = form.cleaned_data
form_user = form.cleaned_data['user']
group = form.cleaned_data['group']
edited_user = form_user if form_user else group
if form.update_perms():
# send correct signal based on new or edited user
if data['new']:
view_add_user.send(sender=cls,
editor=request.user,
user=edited_user, obj=data['obj'])
else:
view_edit_user.send(sender=cls,
editor=request.user,
user=edited_user, obj=data['obj'])
# return html to replace existing user row
return render_to_response(row_template,
{'class_name':class_name, 'obj':data['obj'], 'persona':edited_user})
else:
# no permissions, send ajax response to remove object
view_remove_user.send(sender=cls,
editor=request.user, user=edited_user,
obj=data['obj'])
id = '"%s_%s"' % (class_name, obj_id)
return HttpResponse(id, mimetype='application/json')
# error in form return ajax response
content = json.dumps(form.errors)
return HttpResponse(content, mimetype='application/json')
# GET - create form for editing and return as html
if obj_id:
obj = get_object_or_404(cls, pk=obj_id)
data = {'obj':obj}
if user_id:
form_user = get_object_or_404(User, id=user_id)
data['user'] = user_id
data['permissions'] = get_user_perms(form_user, obj, False)
url = reverse('user-edit-permissions',
args=(user_id, class_name, obj_id))
elif group_id:
group = get_object_or_404(Group, id=group_id)
data['group'] = group_id
data['permissions'] = get_group_perms(group, obj)
url = reverse('group-edit-permissions',
args=(group_id, class_name, obj_id))
else:
obj = None
if user_id:
get_object_or_404(User, id=user_id)
data={'user':user_id}
url = reverse('user-add-permissions',
args=(user_id, class_name))
elif group_id:
get_object_or_404(Group, id=group_id)
data={'group':group_id}
url = reverse('group-add-permissions',
args=(group_id, class_name))
form = ObjectPermissionFormNewUsers(cls, data)
return render_to_response('object_permissions/permissions/form.html',
{'form':form, 'obj':obj, 'user_id':user_id, 'group_id':group_id,
'url':url},
context_instance=RequestContext(request))
def view_permissions(request, obj, url, user_id=None, group_id=None,
user_template='object_permissions/permissions/user_row.html',
group_template='object_permissions/permissions/group_row.html'
):
"""
Update a User or Group permissions on an object. This is a generic view
intended to be used for editing permissions on any object. It must be
configured with a model and url. It may also be customized by adding custom
templates or changing the pk field.
@param obj: object permissions are being set on
@param url: name of url being edited
@param user_id: ID of User being edited
@param group_id: ID of Group being edited
@param user_template: template used to render user rows
@param group_template: template used to render group rows
"""
if request.method == 'POST':
form = ObjectPermissionFormNewUsers(obj.__class__, request.POST)
if form.is_valid():
data = form.cleaned_data
form_user = form.cleaned_data['user']
group = form.cleaned_data['group']
edited_user = form_user if form_user else group
if form.update_perms():
# send correct signal based on new or edited user
if data['new']:
view_add_user.send(sender=obj.__class__,
editor=request.user,
user=edited_user, obj=obj)
else:
view_edit_user.send(sender=obj.__class__,
editor=request.user,
user=edited_user, obj=obj)
# return html to replace existing user row
if form_user:
return render_to_response(user_template,
{'object':obj, 'user_detail':form_user, 'url':url},
context_instance=RequestContext(request))
else:
return render_to_response(group_template,
{'object':obj, 'group':group, 'url':url},
context_instance=RequestContext(request))
else:
# no permissions, send ajax response to remove user
view_remove_user.send(sender=obj.__class__,
editor=request.user, user=edited_user,
obj=obj)
id = ('"user_%d"' if form_user else '"group_%d"')%edited_user.pk
return HttpResponse(id, mimetype='application/json')
# error in form return ajax response
content = json.dumps(form.errors)
return HttpResponse(content, mimetype='application/json')
if user_id:
form_user = get_object_or_404(User, id=user_id)
data = {'permissions':get_user_perms(form_user, obj, False),
'user':user_id, 'obj':obj}
elif group_id:
group = get_object_or_404(Group, id=group_id)
data = {'permissions':get_group_perms(group, obj),
'group':group_id, 'obj':obj}
else:
data = {}
form = ObjectPermissionFormNewUsers(obj.__class__, data)
return render_to_response('object_permissions/permissions/form.html',
{'form':form, 'obj':obj, 'user_id':user_id,
'group_id':group_id, 'url':url},
context_instance=RequestContext(request))
def view_obj_permissions(
request,
class_name,
obj_id=None,
user_id=None,
group_id=None,
row_template='object_permissions/permissions/object_row.html'):
"""
Generic view for editing permissions on an object when the user is already.
Known. This is an admin only view since it is impossible to know the
permission scheme for the apps that are registering properties.
"""
if not request.user.is_superuser:
return HttpResponseForbidden(
'You are not authorized to view this page')
try:
cls = get_class(class_name)
except KeyError:
return HttpResponseNotFound('Class type does not exist')
if request.method == 'POST':
form = ObjectPermissionFormNewUsers(cls, request.POST)
if form.is_valid():
data = form.cleaned_data
form_user = form.cleaned_data['user']
group = form.cleaned_data['group']
edited_user = form_user if form_user else group
if form.update_perms():
# send correct signal based on new or edited user
if data['new']:
view_add_user.send(sender=cls,
editor=request.user,
user=edited_user,
obj=data['obj'])
else:
view_edit_user.send(sender=cls,
editor=request.user,
user=edited_user,
obj=data['obj'])
# return html to replace existing user row
return render_to_response(
row_template, {
'class_name': class_name,
'obj': data['obj'],
'persona': edited_user
})
else:
# no permissions, send ajax response to remove object
view_remove_user.send(sender=cls,
editor=request.user,
user=edited_user,
obj=data['obj'])
id = '"%s_%s"' % (class_name, obj_id)
return HttpResponse(id, mimetype='application/json')
# error in form return ajax response
content = json.dumps(form.errors)
return HttpResponse(content, mimetype='application/json')
# GET - create form for editing and return as html
if obj_id:
obj = get_object_or_404(cls, pk=obj_id)
data = {'obj': obj}
if user_id:
form_user = get_object_or_404(User, id=user_id)
data['user'] = user_id
data['permissions'] = get_user_perms(form_user, obj, False)
url = reverse('user-edit-permissions',
args=(user_id, class_name, obj_id))
elif group_id:
group = get_object_or_404(Group, id=group_id)
data['group'] = group_id
data['permissions'] = get_group_perms(group, obj)
url = reverse('group-edit-permissions',
args=(group_id, class_name, obj_id))
else:
obj = None
if user_id:
get_object_or_404(User, id=user_id)
data = {'user': user_id}
url = reverse('user-add-permissions', args=(user_id, class_name))
elif group_id:
get_object_or_404(Group, id=group_id)
data = {'group': group_id}
url = reverse('group-add-permissions', args=(group_id, class_name))
form = ObjectPermissionFormNewUsers(cls, data)
return render_to_response('object_permissions/permissions/form.html', {
'form': form,
'obj': obj,
'user_id': user_id,
'group_id': group_id,
'url': url
},
context_instance=RequestContext(request))
def view_permissions(
request,
obj,
url,
user_id=None,
group_id=None,
user_template='object_permissions/permissions/user_row.html',
group_template='object_permissions/permissions/group_row.html'):
"""
Update a User or Group permissions on an object. This is a generic view
intended to be used for editing permissions on any object. It must be
configured with a model and url. It may also be customized by adding custom
templates or changing the pk field.
@param obj: object permissions are being set on
@param url: name of url being edited
@param user_id: ID of User being edited
@param group_id: ID of Group being edited
@param user_template: template used to render user rows
@param group_template: template used to render group rows
"""
if request.method == 'POST':
form = ObjectPermissionFormNewUsers(obj.__class__, request.POST)
if form.is_valid():
data = form.cleaned_data
form_user = form.cleaned_data['user']
group = form.cleaned_data['group']
edited_user = form_user if form_user else group
if form.update_perms():
# send correct signal based on new or edited user
if data['new']:
view_add_user.send(sender=obj.__class__,
editor=request.user,
user=edited_user,
obj=obj)
else:
view_edit_user.send(sender=obj.__class__,
editor=request.user,
user=edited_user,
obj=obj)
# return html to replace existing user row
if form_user:
return render_to_response(
user_template, {
'object': obj,
'user_detail': form_user,
'url': url
},
context_instance=RequestContext(request))
else:
return render_to_response(
group_template, {
'object': obj,
'group': group,
'url': url
},
context_instance=RequestContext(request))
else:
# no permissions, send ajax response to remove user
view_remove_user.send(sender=obj.__class__,
editor=request.user,
user=edited_user,
obj=obj)
id = ('"user_%d"'
if form_user else '"group_%d"') % edited_user.pk
return HttpResponse(id, mimetype='application/json')
# error in form return ajax response
content = json.dumps(form.errors)
return HttpResponse(content, mimetype='application/json')
if user_id:
form_user = get_object_or_404(User, id=user_id)
data = {
'permissions': get_user_perms(form_user, obj, False),
'user': user_id,
'obj': obj
}
elif group_id:
group = get_object_or_404(Group, id=group_id)
data = {
'permissions': get_group_perms(group, obj),
'group': group_id,
'obj': obj
}
else:
data = {}
form = ObjectPermissionFormNewUsers(obj.__class__, data)
return render_to_response('object_permissions/permissions/form.html', {
'form': form,
'obj': obj,
'user_id': user_id,
'group_id': group_id,
'url': url
},
context_instance=RequestContext(request))