def action_add_form(users_or_authz_groups):
# The user is attempting to set new roles for a named user
new_user = request.params.get('new_user_name')
# this is the list of roles whose boxes were ticked
checked_roles = [ a for (a,b) in request.params.items() if (b == u'on')]
# this is the list of all the roles that were in the submitted form
submitted_roles = [ a for (a,b) in request.params.items() if (b == u'submitted')]
# from this we can make a dictionary of the desired states
# i.e. true for the ticked boxes, false for the unticked
desired_roles = {}
for r in submitted_roles:
desired_roles[r]=False
for r in checked_roles:
desired_roles[r]=True
# again, in order to avoid either creating a role twice or deleting one which is
# non-existent, we need to get the users' current roles (if any)
current_uors = get_userobjectroles()
if users_or_authz_groups=='users':
current_roles = [uor.role for uor in current_uors if ( uor.user and uor.user.name == new_user )]
user_object = model.User.by_name(new_user)
if user_object==None:
# The submitted user does not exist. Bail with flash message
h.flash_error('unknown user:'******'authz_groups':
current_roles = [uor.role for uor in current_uors if ( uor.authorized_group and uor.authorized_group.name == new_user )]
user_object = model.AuthorizationGroup.by_name(new_user)
if user_object==None:
# The submitted user does not exist. Bail with flash message
h.flash_error('unknown authorization group:' + str (new_user))
else:
# Whenever our desired state is different from our current state, change it.
for (r,val) in desired_roles.items():
if val:
if (r not in current_roles):
model.add_authorization_group_to_role(user_object, r, pkg)
else:
if (r in current_roles):
model.remove_authorization_group_from_role(user_object, r, pkg)
h.flash_success("Authorization Group Added")
else:
assert False, "shouldn't be here"
# and finally commit all these changes to the database
model.repo.commit_and_remove()
def action_add_form(users_or_authz_groups):
# The user is attempting to set new roles for a named user
new_user = request.params.get('new_user_name')
# this is the list of roles whose boxes were ticked
checked_roles = [ a for (a,b) in request.params.items() if (b == u'on')]
# this is the list of all the roles that were in the submitted form
submitted_roles = [ a for (a,b) in request.params.items() if (b == u'submitted')]
# from this we can make a dictionary of the desired states
# i.e. true for the ticked boxes, false for the unticked
desired_roles = {}
for r in submitted_roles:
desired_roles[r]=False
for r in checked_roles:
desired_roles[r]=True
# again, in order to avoid either creating a role twice or deleting one which is
# non-existent, we need to get the users' current roles (if any)
current_uors = get_userobjectroles()
if users_or_authz_groups=='users':
current_roles = [uor.role for uor in current_uors if ( uor.user and uor.user.name == new_user )]
user_object = model.User.by_name(new_user)
if user_object==None:
# The submitted user does not exist. Bail with flash message
h.flash_error('unknown user:'******'authz_groups':
current_roles = [uor.role for uor in current_uors if ( uor.authorized_group and uor.authorized_group.name == new_user )]
user_object = model.AuthorizationGroup.by_name(new_user)
if user_object==None:
# The submitted user does not exist. Bail with flash message
h.flash_error('unknown authorization group:' + str (new_user))
else:
# Whenever our desired state is different from our current state, change it.
for (r,val) in desired_roles.items():
if val:
if (r not in current_roles):
model.add_authorization_group_to_role(user_object, r, group)
else:
if (r in current_roles):
model.remove_authorization_group_from_role(user_object, r, group)
h.flash_success("Authorization Group Added")
else:
assert False, "shouldn't be here"
# and finally commit all these changes to the database
model.repo.commit_and_remove()
def action_save_form(users_or_authz_groups):
# The permissions grid has been saved
# which is a grid of checkboxes named user$role
rpi = request.params.items()
# The grid passes us a list of the users/roles that were displayed
submitted = [ a for (a,b) in rpi if (b == u'submitted')]
# and also those which were checked
checked = [ a for (a,b) in rpi if (b == u'on')]
# from which we can deduce true/false for each user/role combination
# that was displayed in the form
table_dict={}
for a in submitted:
table_dict[a]=False
for a in checked:
table_dict[a]=True
# now we'll split up the user$role strings to make a dictionary from
# (user,role) to True/False, which tells us what we need to do.
new_user_role_dict={}
for (ur,val) in table_dict.items():
u,r = ur.split('$')
new_user_role_dict[(u,r)] = val
# we get the current user/role assignments
# and make a dictionary of them
current_uors = get_userobjectroles()
if users_or_authz_groups=='users':
current_users_roles = [( uor.user.name, uor.role) for uor in current_uors if uor.user]
elif users_or_authz_groups=='authz_groups':
current_users_roles = [( uor.authorized_group.name, uor.role) for uor in current_uors if uor.authorized_group]
else:
assert False, "shouldn't be here"
current_user_role_dict={}
for (u,r) in current_users_roles:
current_user_role_dict[(u,r)]=True
# and now we can loop through our dictionary of desired states
# checking whether a change needs to be made, and if so making it
# Here we check whether someone is already assigned a role, in order
# to avoid assigning it twice, or attempting to delete it when it
# doesn't exist. Otherwise problems can occur.
if users_or_authz_groups=='users':
for ((u,r), val) in new_user_role_dict.items():
if val:
if not ((u,r) in current_user_role_dict):
model.add_user_to_role(model.User.by_name(u),r,pkg)
else:
if ((u,r) in current_user_role_dict):
model.remove_user_from_role(model.User.by_name(u),r,pkg)
elif users_or_authz_groups=='authz_groups':
for ((u,r), val) in new_user_role_dict.items():
if val:
if not ((u,r) in current_user_role_dict):
model.add_authorization_group_to_role(model.AuthorizationGroup.by_name(u),r,pkg)
else:
if ((u,r) in current_user_role_dict):
model.remove_authorization_group_from_role(model.AuthorizationGroup.by_name(u),r,pkg)
else:
assert False, "shouldn't be here"
# finally commit the change to the database
model.repo.commit_and_remove()
h.flash_success("Changes Saved")
def action_save_form(users_or_authz_groups):
# The permissions grid has been saved
# which is a grid of checkboxes named user$role
rpi = request.params.items()
# The grid passes us a list of the users/roles that were displayed
submitted = [ a for (a,b) in rpi if (b == u'submitted')]
# and also those which were checked
checked = [ a for (a,b) in rpi if (b == u'on')]
# from which we can deduce true/false for each user/role combination
# that was displayed in the form
table_dict={}
for a in submitted:
table_dict[a]=False
for a in checked:
table_dict[a]=True
# now we'll split up the user$role strings to make a dictionary from
# (user,role) to True/False, which tells us what we need to do.
new_user_role_dict={}
for (ur,val) in table_dict.items():
u,r = ur.split('$')
new_user_role_dict[(u,r)] = val
# we get the current user/role assignments
# and make a dictionary of them
current_uors = get_userobjectroles()
if users_or_authz_groups=='users':
current_users_roles = [( uor.user.name, uor.role) for uor in current_uors if uor.user]
elif users_or_authz_groups=='authz_groups':
current_users_roles = [( uor.authorized_group.name, uor.role) for uor in current_uors if uor.authorized_group]
else:
assert False, "shouldn't be here"
current_user_role_dict={}
for (u,r) in current_users_roles:
current_user_role_dict[(u,r)]=True
# and now we can loop through our dictionary of desired states
# checking whether a change needs to be made, and if so making it
# Here we check whether someone is already assigned a role, in order
# to avoid assigning it twice, or attempting to delete it when it
# doesn't exist. Otherwise problems can occur.
if users_or_authz_groups=='users':
for ((u,r), val) in new_user_role_dict.items():
if val:
if not ((u,r) in current_user_role_dict):
model.add_user_to_role(model.User.by_name(u),r,group)
else:
if ((u,r) in current_user_role_dict):
model.remove_user_from_role(model.User.by_name(u),r,group)
elif users_or_authz_groups=='authz_groups':
for ((u,r), val) in new_user_role_dict.items():
if val:
if not ((u,r) in current_user_role_dict):
model.add_authorization_group_to_role(model.AuthorizationGroup.by_name(u),r,group)
else:
if ((u,r) in current_user_role_dict):
model.remove_authorization_group_from_role(model.AuthorizationGroup.by_name(u),r,group)
else:
assert False, "shouldn't be here"
# finally commit the change to the database
model.repo.commit_and_remove()
h.flash_success("Changes Saved")