def action(self) -> ActionResult: if not transactions.check_transaction(): return redirect(self.mode_url()) if request.var("_delete"): delid = request.get_ascii_input_mandatory("_delete") if delid not in self._roles: raise MKUserError(None, _("This role does not exist.")) if transactions.transaction_valid() and self._roles[delid].get( "builtin"): raise MKUserError(None, _("You cannot delete the builtin roles!")) users = userdb.load_users() for user in users.values(): if delid in user["roles"]: raise MKUserError( None, _("You cannot delete roles, that are still in use (%s)!" ) % delid, ) self._rename_user_role(delid, None) # Remove from existing users del self._roles[delid] self._save_roles() watolib.add_change("edit-roles", _("Deleted role '%s'") % delid, sites=get_login_sites()) elif request.var("_clone"): cloneid = request.get_ascii_input_mandatory("_clone") try: cloned_role = self._roles[cloneid] except KeyError: raise MKUserError(None, _("This role does not exist.")) newid = cloneid while newid in self._roles: newid += "x" new_role = {} new_role.update(cloned_role) new_alias = new_role["alias"] while not watolib.is_alias_used("roles", newid, new_alias)[0]: new_alias += _(" (copy)") new_role["alias"] = new_alias if cloned_role.get("builtin"): new_role["builtin"] = False new_role["basedon"] = cloneid self._roles[newid] = new_role self._save_roles() watolib.add_change("edit-roles", _("Created new role '%s'") % newid, sites=get_login_sites()) return redirect(self.mode_url())
def action(self) -> ActionResult: if html.form_submitted("search"): return None alias = request.get_unicode_input_mandatory("alias") unique, info = watolib.is_alias_used("roles", self._role_id, alias) if not unique: assert info is not None raise MKUserError("alias", info) new_id = request.get_ascii_input_mandatory("id") if not new_id: raise MKUserError("id", "You have to provide a ID.") if not re.match("^[-a-z0-9A-Z_]*$", new_id): raise MKUserError( "id", _("Invalid role ID. Only the characters a-z, A-Z, 0-9, _ and - are allowed." )) if new_id != self._role_id: if new_id in self._roles: raise MKUserError("id", _("The ID is already used by another role")) self._role["alias"] = alias # based on if not self._role.get("builtin"): basedon = request.get_ascii_input_mandatory("basedon") if basedon not in builtin_role_ids: raise MKUserError( "basedon", _("Invalid valid for based on. Must be id of builtin rule." )) self._role["basedon"] = basedon # Permissions permissions = self._role["permissions"] for var_name, value in request.itervars(prefix="perm_"): try: perm = permission_registry[var_name[5:]] except KeyError: continue if value == "yes": permissions[perm.name] = True elif value == "no": permissions[perm.name] = False elif value == "default": try: del permissions[perm.name] except KeyError: pass # Already at defaults if self._role_id != new_id: self._roles[new_id] = self._role del self._roles[self._role_id] self._rename_user_role(self._role_id, new_id) self._save_roles() watolib.add_change("edit-roles", _("Modified user role '%s'") % new_id, sites=get_login_sites()) return redirect(mode_url("roles"))
def _add_change(self, action_name, text): add_change(action_name, text, domains=[watolib.ConfigDomainGUI], sites=get_login_sites())