def _query_add_permission_filter(query, request, clazz):
modul = get_item_modul(request, clazz)
is_admin = False
is_allowed = True
for role in request.user.roles:
if role.name == "admin":
is_admin = True
break
for permission in role.permissions:
if permission.mid != modul.id or permission.name.lower() != "read":
continue
elif permission.admin or role.admin:
is_admin = True
break
else:
is_allowed = True
if is_admin:
# User is allowd to read all items
return query
elif is_allowed:
# User is not allowd to read items based on the uid and groups
usergroups = [g.id for g in request.user.groups]
query = query.filter(
or_(clazz.uid == request.user.id, clazz.gid.in_(usergroups)))
return query
else:
# User is not allowd to read anything
return None
def build_breadcrumbs(request, sitetree):
"""Will return a list of breadcrumbs based on the current request
and the given sitetree.
:request: Current request
:sitetree: dictionary of the sitetree
:returns: List of breadcrumbs.
"""
# Only build the sitemap if the modul is part of the sitemap and an
# item is actually selected
from ringo.views.request import get_item_from_request
pip = request.path_info_peek()
if pip in sitetree:
if request.matchdict:
item = get_item_from_request(request)
path = walk_site_tree(sitetree, pip, item, request)
request.session["breadcrumbs"] = path
request.session.save()
else:
if request.path.find("create") > -1:
item = get_item_from_request(request)
modul = get_item_modul(request, item)
path = request.session.get("breadcrumbs", [])
return list(reversed(path)) + [(modul.get_label(), None)]
# Reset the breadcrumbs for any other url. This means the
# breadcrumbs are reseted every time the user calls an
# overview page e.g. As the overview pages are usually the
# entry point for a new working proccess the previous
# context is lost so the breadcrumbs are.
request.session["breadcrumbs"] = []
return []
else:
request.session["breadcrumbs"] = []
return []
path = list(reversed(path))
if path:
path[-1] = (path[-1][0], None)
return path
def build_breadcrumbs(request, sitetree):
"""Will return a list of breadcrumbs based on the current request
and the given sitetree.
:request: Current request
:sitetree: dictionary of the sitetree
:returns: List of breadcrumbs.
"""
# Only build the sitemap if the modul is part of the sitemap and an
# item is actually selected
from ringo.views.request import get_item_from_request
pip = request.path_info_peek()
if pip in sitetree:
if request.matchdict:
item = get_item_from_request(request)
path = walk_site_tree(sitetree, pip, item, request)
request.session["breadcrumbs"] = path
request.session.save()
else:
if request.path.find("create") > -1:
item = get_item_from_request(request)
modul = get_item_modul(request, item)
path = request.session.get("breadcrumbs", [])
return list(reversed(path)) + [(modul.get_label(), None)]
# Reset the breadcrumbs for any other url. This means the
# breadcrumbs are reseted every time the user calls an
# overview page e.g. As the overview pages are usually the
# entry point for a new working proccess the previous
# context is lost so the breadcrumbs are.
request.session["breadcrumbs"] = []
return []
else:
request.session["breadcrumbs"] = []
return []
path = list(reversed(path))
if path:
path[-1] = (path[-1][0], None)
return path
def bundle_(request):
clazz = request.context.__model__
module = get_item_modul(request, clazz)
_ = request.translate
# Handle bundle params. If the request has the bundle_action param
# the request is the intial request for a bundled action. In this
# case we can delete all previous selected and stored item ids in
# the session.
params = request.params.mixed()
if params.get('bundle_action'):
request.session['%s.bundle.action' %
clazz] = params.get('bundle_action')
try:
del request.session['%s.bundle.items' % clazz]
except KeyError:
pass
request.session['%s.bundle.items' % clazz] = params.get('id', [])
bundle_action = request.session.get('%s.bundle.action' % clazz)
ids = request.session.get('%s.bundle.items' % clazz)
# Check if the user selected at least one item. If not show an
# dialog informing that the selection is empty.
if not ids:
title = _("Empty selection")
body = _("You have not selected any item in the list. "
"Click 'OK' to return to the overview.")
renderer = WarningDialogRenderer(request, title, body)
rvalue = {}
rvalue['dialog'] = literal(renderer.render(url=request.referrer))
return rvalue
# If the user only selects one single item it is not a list. So
# convert it to a list with one item.
if not isinstance(ids, list):
ids = [ids]
factory = clazz.get_item_factory()
items = []
ignored_items = []
for id in ids:
# Check if the user is allowed to call the requested action on
# the loaded item. If so append it the the bundle, if not ignore
# it.
item = factory.load(id)
if has_permission(bundle_action.lower(), item, request):
items.append(item)
else:
ignored_items.append(item)
# After checking the permissions the list of items might be empty.
# If so show a warning to the user to inform him that the selected
# action is not applicable.
if not items:
title = _("${action} not applicable",
mapping={"action": bundle_action})
body = _(
"After checking the permissions no items remain "
"for which an '${action}' can be performed. "
"(${num} items were filtered out.)",
mapping={
"action": bundle_action,
"num": len(ignored_items)
})
renderer = WarningDialogRenderer(request, title, body)
rvalue = {}
rvalue['dialog'] = literal(renderer.render(url=request.referrer))
return rvalue
handler = get_bundle_action_handler(_bundle_request_handlers,
bundle_action.lower(), module.name)
return handler(request, items, None)
def bundle_(request):
clazz = request.context.__model__
module = get_item_modul(request, clazz)
handle_history(request)
handle_params(request)
_ = request.translate
# Handle bundle params. If the request has the bundle_action param
# the request is the intial request for a bundled action. In this
# case we can delete all previous selected and stored item ids in
# the session.
params = request.params.mixed()
if params.get('bundle_action'):
request.session['%s.bundle.action' % clazz] = params.get('bundle_action')
try:
del request.session['%s.bundle.items' % clazz]
except KeyError:
pass
request.session['%s.bundle.items' % clazz] = params.get('id', [])
bundle_action = request.session.get('%s.bundle.action' % clazz)
ids = request.session.get('%s.bundle.items' % clazz)
# Check if the user selected at least one item. If not show an
# dialog informing that the selection is empty.
if not ids:
title = _("Empty selection")
body = _("You have not selected any item in the list. "
"Click 'OK' to return to the overview.")
renderer = WarningDialogRenderer(request, title, body)
rvalue = {}
rvalue['dialog'] = literal(renderer.render(url=request.referrer))
return rvalue
# If the user only selects one single item it is not a list. So
# convert it to a list with one item.
if not isinstance(ids, list):
ids = [ids]
factory = clazz.get_item_factory()
items = []
ignored_items = []
for id in ids:
# Check if the user is allowed to call the requested action on
# the loaded item. If so append it the the bundle, if not ignore
# it.
item = factory.load(id)
if has_permission(bundle_action.lower(), item, request):
items.append(item)
else:
ignored_items.append(item)
# After checking the permissions the list of items might be empty.
# If so show a warning to the user to inform him that the selected
# action is not applicable.
if not items:
title = _("${action} not applicable",
mapping={"action": bundle_action})
body = _("After checking the permissions no items remain "
"for which an '${action}' can be performed. "
"(${num} items were filtered out.)",
mapping={"action": bundle_action,
"num": len(ignored_items)})
renderer = WarningDialogRenderer(request, title, body)
rvalue = {}
rvalue['dialog'] = literal(renderer.render(url=request.referrer))
return rvalue
handler = get_bundle_action_handler(_bundle_request_handlers,
bundle_action.lower(),
module.name)
return handler(request, items, None)
