def group_view(request, group, **kwargs):
"""View a list of users in a group. Does not show users that are not
visible to the user making the request.
@param request An HttpRequest
@oaram group The group to view
@return HttpResponse"""
tn='vns/group_view.html'
if not request.user.is_authenticated():
return HttpResponseRedirect('/login/')
# Find the user profiles in this group which the user is allowed to see
try:
users = permissions.get_allowed_users(request.user)
users = users.filter(user__vns_groups=group, retired=False)
except User.DoesNotExist:
messages.info(request, "There are no users in group %s which you "
"can view." % gn)
return HttpResponseRedirect("/%s/groups/" % request.user.org.name)
# Find the user profiles which this user is allowed to delete
l = lambda up: permissions.allowed_user_access_delete(request.user, up.user)
deletable_users = filter(l, list(users))
# Switch to a template to print them out
return direct_to_template(request, tn, {'users':users,
'group':group,
'deletable_users':deletable_users})
def group_delete(request, group, **kwargs):
"""Deletes all the users in a group that the user can delete.
@param request An HTTP request
@param group The group to delete
@return HttpResponse"""
# Make sure this is a POST request
if request.method != 'POST':
return direct_to_template(request, 'vns/confirm.html',
{'title':'Delete group %s from %s' % (group.name, group.org.name),
'button':'Delete %s' % group.name,
'url':'/org/%s/%s/delete' % (group.org.name, group.name)})
# Get all users in the group
try:
users = User.objects.filter(vns_groups=group)
except User.DoesNotExist:
group.delete()
messages.error(request, "There are no users in this group")
return HttpResponseRedirect('/')
# Do permission checking and mark the users as retired if
# the permission check passes
no_perms = False
has_deleted = False
for u in users:
if permissions.allowed_user_access_delete(request.user, u):
up = u.get_profile()
up.retired=True
up.save()
has_deleted = True
# Delete any topologies this user owns
topos = db.Topology.objects.filter(owner=u)
for t in topos:
je = db.JournalTopologyDelete()
je.topology = t
je.save()
else:
no_perms = True
# If the group is empty, delete it
if not no_perms:
group.delete()
# Display a message indicating eny errors or success
if no_perms and not has_deleted:
messages.error(request, "Could not delete users because of permissions.")
elif no_perms and has_deleted:
messages.info(request, "Some users could not be deleted because of permissions. Other users have been deleted.")
else:
messages.success(request, "Successfully deleted group %s" % group.name)
return HttpResponseRedirect('/')
def org_users(request, org, on):
tn = 'vns/org_users.html'
# Get a list of visible users from this organization
users = list(permissions.get_allowed_users(request.user).filter(org=org, retired=False))
users.sort(db.UserProfile.cmp_pos_order)
# Get a list of users which this user can delete
l = lambda up: permissions.allowed_user_access_delete(request.user, up.user)
deletable_users = filter(l, list(users))
return direct_to_template(request, tn, {'org':org,
'users':users,
'deletable_users':deletable_users})
def user_access_check(request, callee, action, **kwargs):
"""Checks that the user can access the functions they're trying to, and
if they can calls callee"""
"""Check that the user is allowed access, and if they are call the given
Callable.
@param request An HTTP request
@param callee Gives the Callable to call
@param action One of "add", "change", "use", "delete", describing the
permissions needed
@param user_id The ID of the user in question; not used for
action = "add"
@exception ValueError If an action is unrecognised
@exception KeyError If an option is missing"""
def denied():
"""Generate an error message and redirect if we try do something to a
template we're not allowed to"""
messages.error(request, "Either this user doesn't exist or you don't "
"have permission to %s it." % action)
return HttpResponseRedirect('/')
def denied_add():
"""Generate an error message and redirect if we try to create a template
and are not allowed to"""
messages.error(request, "You don't have permission to create users.")
return HttpResponseRedirect('/')
# If we're trying to add a template, don't need to get the template itself
if action == "add":
if permissions.allowed_user_access_create(request.user):
return callee(request)
else:
return denied_add()
else:
# Try getting the template - if it doesn't exist, show the same message
# as for permission denied
user_name = kwargs["un"]
try :
user = User.objects.get(username=user_name)
except User.DoesNotExist:
return denied()
if action == "use":
if permissions.allowed_user_access_use(request.user, user):
return callee(request, user.get_profile())
else:
return denied()
elif action == "change":
if permissions.allowed_user_access_change(request.user, user):
return callee(request, user.get_profile())
else:
return denied()
elif action == "delete":
if permissions.allowed_user_access_delete(request.user, user):
return callee(request, user.get_profile())
else:
return denied()
else:
raise ValueError("Unknown action: %s" % options["action"])
