def permission_create(request):
_ = get_localizer(request)
permission_model = PermissionModel(request.db_session)
factory = FormFactory(_)
PermissionCreateForm = factory.make_permission_create_form()
form = PermissionCreateForm(request.params)
if request.method == 'POST':
check_csrf_token(request)
validate_result = form.validate()
permission_name = request.params['permission_name']
description = request.params['description']
by_name = permission_model.get_by_name(permission_name)
if by_name is not None:
msg = _(u'Permission name %s already exists') % permission_name
form.permission_name.errors.append(msg)
validate_result = False
if validate_result:
with transaction.manager:
permission_model.create(
permission_name=permission_name,
description=description,
)
msg = _(u"Permission ${permission_name} has been created",
mapping=dict(permission_name=permission_name))
request.add_flash(msg, 'success')
return HTTPFound(location=request.route_url('admin.permission_list'))
return dict(form=form)
def setUp(self):
super(TestAdminView, self).setUp()
from ez2pay.models.user import UserModel
from ez2pay.models.group import GroupModel
from ez2pay.models.permission import PermissionModel
user_model = UserModel(self.testapp.session)
group_model = GroupModel(self.testapp.session)
permission_model = PermissionModel(self.testapp.session)
with transaction.manager:
user_model.create(
user_name='tester',
display_name='tester',
password='******',
email='*****@*****.**'
)
admin_id = user_model.create(
user_name='admin',
display_name='admin',
password='******',
email='*****@*****.**'
)
group_id = group_model.create(
group_name='admin',
display_name='admin',
)
permission_id = permission_model.create(
permission_name='admin',
description='admin'
)
group_model.update_permissions(group_id, [permission_id])
user_model.update_groups(admin_id, [group_id])
def permission_edit(request):
_ = get_localizer(request)
permission_model = PermissionModel(request.db_session)
permission_name = request.matchdict['permission_name']
permission = permission_model.get_by_name(permission_name)
if permission is None:
msg = _(u'Permission %s does not exist') % permission_name
return HTTPNotFound(msg)
factory = FormFactory(_)
PermissionEditForm = factory.make_permission_edit_form()
form = PermissionEditForm(request.params, permission)
if request.method == 'POST':
check_csrf_token(request)
validate_result = form.validate()
permission_name = request.params['permission_name']
description = request.params['description']
by_name = permission_model.get_by_name(permission_name)
if (
by_name is not None and
permission_name != permission.permission_name
):
msg = _(u'Permission name %s already exists') % permission_name
form.permission_name.errors.append(msg)
validate_result = False
if validate_result:
with transaction.manager:
permission_model.update_permission(
permission_id=permission.permission_id,
permission_name=permission_name,
description=description,
)
msg = _(u"Permission ${permission_name} has been updated",
mapping=dict(permission_name=permission_name))
request.add_flash(msg, 'success')
url = request.route_url('admin.permission_edit',
permission_name=permission_name)
return HTTPFound(location=url)
return dict(form=form, permission=permission)
def group_create(request):
_ = get_localizer(request)
group_model = GroupModel(request.db_session)
permission_model = PermissionModel(request.db_session)
factory = FormFactory(_)
GroupCreateForm = factory.make_group_create_form()
form = GroupCreateForm(request.params)
permissions = permission_model.get_list()
form.permissions.choices = [
(str(p.permission_id), p.permission_name)
for p in permissions
]
if request.method == 'POST':
check_csrf_token(request)
validate_result = form.validate()
group_name = request.params['group_name']
display_name = request.params['display_name']
permissions = request.params.getall('permissions')
by_name = group_model.get_by_name(group_name)
if by_name is not None:
msg = _(u'Group name %s already exists') % group_name
form.group_name.errors.append(msg)
validate_result = False
if validate_result:
with transaction.manager:
group_id = group_model.create(
group_name=group_name,
display_name=display_name,
)
group_model.update_permissions(
group_id=group_id,
permission_ids=permissions,
)
msg = _(u"Group ${group_name} has been created",
mapping=dict(group_name=group_name))
request.add_flash(msg, 'success')
return HTTPFound(location=request.route_url('admin.group_list'))
return dict(form=form)
def permission_list(request):
permission_model = PermissionModel(request.db_session)
permissions = permission_model.get_list()
return dict(permissions=permissions)
