def action(self) -> ActionResult:
if not transactions.check_transaction():
return redirect(self.mode_url())
if request.var("_delete"):
delid = request.get_ascii_input_mandatory("_delete")
if delid not in self._roles:
raise MKUserError(None, _("This role does not exist."))
if transactions.transaction_valid() and self._roles[delid].get("builtin"):
raise MKUserError(None, _("You cannot delete the builtin roles!"))
users = userdb.load_users()
for user in users.values():
if delid in user["roles"]:
raise MKUserError(
None,
_("You cannot delete roles, that are still in use (%s)!") % delid,
)
self._rename_user_role(delid, None) # Remove from existing users
del self._roles[delid]
self._save_roles()
_changes.add_change(
"edit-roles", _("Deleted role '%s'") % delid, sites=get_login_sites()
)
elif request.var("_clone"):
cloneid = request.get_ascii_input_mandatory("_clone")
try:
cloned_role = self._roles[cloneid]
except KeyError:
raise MKUserError(None, _("This role does not exist."))
newid = cloneid
while newid in self._roles:
newid += "x"
new_role = {}
new_role.update(cloned_role)
new_alias = new_role["alias"]
while not groups.is_alias_used("roles", newid, new_alias)[0]:
new_alias += _(" (copy)")
new_role["alias"] = new_alias
if cloned_role.get("builtin"):
new_role["builtin"] = False
new_role["basedon"] = cloneid
self._roles[newid] = new_role
self._save_roles()
_changes.add_change(
"edit-roles", _("Created new role '%s'") % newid, sites=get_login_sites()
)
return redirect(self.mode_url())
def _validate(self, value):
super()._validate(value)
# Empty String because validation works for non-timeperiod alias & time period name is
# verified separately
_new_entry, _ = is_alias_used("timeperiods", "", value)
if self._should_exist and _new_entry:
self.fail("should_exist", name=value)
elif not self._should_exist and not _new_entry:
self.fail("should_not_exist", name=value)
def action(self) -> ActionResult:
if html.form_submitted("search"):
return None
alias = request.get_str_input_mandatory("alias")
unique, info = groups.is_alias_used("roles", self._role_id, alias)
if not unique:
assert info is not None
raise MKUserError("alias", info)
new_id = request.get_ascii_input_mandatory("id")
if not new_id:
raise MKUserError("id", "You have to provide a ID.")
if not re.match("^[-a-z0-9A-Z_]*$", new_id):
raise MKUserError(
"id", _("Invalid role ID. Only the characters a-z, A-Z, 0-9, _ and - are allowed.")
)
if new_id != self._role_id:
if new_id in self._roles:
raise MKUserError("id", _("The ID is already used by another role"))
self._role["alias"] = alias
# based on
if not self._role.get("builtin"):
basedon = request.get_ascii_input_mandatory("basedon")
if basedon not in builtin_role_ids:
raise MKUserError(
"basedon", _("Invalid valid for based on. Must be id of builtin rule.")
)
self._role["basedon"] = basedon
# Permissions
permissions = self._role["permissions"]
for var_name, value in request.itervars(prefix="perm_"):
try:
perm = permission_registry[var_name[5:]]
except KeyError:
continue
if value == "yes":
permissions[perm.name] = True
elif value == "no":
permissions[perm.name] = False
elif value == "default":
try:
del permissions[perm.name]
except KeyError:
pass # Already at defaults
if self._role_id != new_id:
self._roles[new_id] = self._role
del self._roles[self._role_id]
self._rename_user_role(self._role_id, new_id)
self._save_roles()
_changes.add_change(
"edit-roles", _("Modified user role '%s'") % new_id, sites=get_login_sites()
)
return redirect(mode_url("roles"))
def _validate_alias(self, name, alias, varprefix):
unique, message = groups.is_alias_used("timeperiods", name, alias)
if not unique:
assert message is not None
raise MKUserError(varprefix, message)