def _query_add_permission_filter(query, request, clazz): modul = get_item_modul(request, clazz) is_admin = False is_allowed = True for role in request.user.roles: if role.name == "admin": is_admin = True break for permission in role.permissions: if permission.mid != modul.id or permission.name.lower() != "read": continue elif permission.admin or role.admin: is_admin = True break else: is_allowed = True if is_admin: # User is allowd to read all items return query elif is_allowed: # User is not allowd to read items based on the uid and groups usergroups = [g.id for g in request.user.groups] query = query.filter( or_(clazz.uid == request.user.id, clazz.gid.in_(usergroups))) return query else: # User is not allowd to read anything return None
def build_breadcrumbs(request, sitetree): """Will return a list of breadcrumbs based on the current request and the given sitetree. :request: Current request :sitetree: dictionary of the sitetree :returns: List of breadcrumbs. """ # Only build the sitemap if the modul is part of the sitemap and an # item is actually selected from ringo.views.request import get_item_from_request pip = request.path_info_peek() if pip in sitetree: if request.matchdict: item = get_item_from_request(request) path = walk_site_tree(sitetree, pip, item, request) request.session["breadcrumbs"] = path request.session.save() else: if request.path.find("create") > -1: item = get_item_from_request(request) modul = get_item_modul(request, item) path = request.session.get("breadcrumbs", []) return list(reversed(path)) + [(modul.get_label(), None)] # Reset the breadcrumbs for any other url. This means the # breadcrumbs are reseted every time the user calls an # overview page e.g. As the overview pages are usually the # entry point for a new working proccess the previous # context is lost so the breadcrumbs are. request.session["breadcrumbs"] = [] return [] else: request.session["breadcrumbs"] = [] return [] path = list(reversed(path)) if path: path[-1] = (path[-1][0], None) return path
def build_breadcrumbs(request, sitetree): """Will return a list of breadcrumbs based on the current request and the given sitetree. :request: Current request :sitetree: dictionary of the sitetree :returns: List of breadcrumbs. """ # Only build the sitemap if the modul is part of the sitemap and an # item is actually selected from ringo.views.request import get_item_from_request pip = request.path_info_peek() if pip in sitetree: if request.matchdict: item = get_item_from_request(request) path = walk_site_tree(sitetree, pip, item, request) request.session["breadcrumbs"] = path request.session.save() else: if request.path.find("create") > -1: item = get_item_from_request(request) modul = get_item_modul(request, item) path = request.session.get("breadcrumbs", []) return list(reversed(path)) + [(modul.get_label(), None)] # Reset the breadcrumbs for any other url. This means the # breadcrumbs are reseted every time the user calls an # overview page e.g. As the overview pages are usually the # entry point for a new working proccess the previous # context is lost so the breadcrumbs are. request.session["breadcrumbs"] = [] return [] else: request.session["breadcrumbs"] = [] return [] path = list(reversed(path)) if path: path[-1] = (path[-1][0], None) return path
def bundle_(request): clazz = request.context.__model__ module = get_item_modul(request, clazz) _ = request.translate # Handle bundle params. If the request has the bundle_action param # the request is the intial request for a bundled action. In this # case we can delete all previous selected and stored item ids in # the session. params = request.params.mixed() if params.get('bundle_action'): request.session['%s.bundle.action' % clazz] = params.get('bundle_action') try: del request.session['%s.bundle.items' % clazz] except KeyError: pass request.session['%s.bundle.items' % clazz] = params.get('id', []) bundle_action = request.session.get('%s.bundle.action' % clazz) ids = request.session.get('%s.bundle.items' % clazz) # Check if the user selected at least one item. If not show an # dialog informing that the selection is empty. if not ids: title = _("Empty selection") body = _("You have not selected any item in the list. " "Click 'OK' to return to the overview.") renderer = WarningDialogRenderer(request, title, body) rvalue = {} rvalue['dialog'] = literal(renderer.render(url=request.referrer)) return rvalue # If the user only selects one single item it is not a list. So # convert it to a list with one item. if not isinstance(ids, list): ids = [ids] factory = clazz.get_item_factory() items = [] ignored_items = [] for id in ids: # Check if the user is allowed to call the requested action on # the loaded item. If so append it the the bundle, if not ignore # it. item = factory.load(id) if has_permission(bundle_action.lower(), item, request): items.append(item) else: ignored_items.append(item) # After checking the permissions the list of items might be empty. # If so show a warning to the user to inform him that the selected # action is not applicable. if not items: title = _("${action} not applicable", mapping={"action": bundle_action}) body = _( "After checking the permissions no items remain " "for which an '${action}' can be performed. " "(${num} items were filtered out.)", mapping={ "action": bundle_action, "num": len(ignored_items) }) renderer = WarningDialogRenderer(request, title, body) rvalue = {} rvalue['dialog'] = literal(renderer.render(url=request.referrer)) return rvalue handler = get_bundle_action_handler(_bundle_request_handlers, bundle_action.lower(), module.name) return handler(request, items, None)
def bundle_(request): clazz = request.context.__model__ module = get_item_modul(request, clazz) handle_history(request) handle_params(request) _ = request.translate # Handle bundle params. If the request has the bundle_action param # the request is the intial request for a bundled action. In this # case we can delete all previous selected and stored item ids in # the session. params = request.params.mixed() if params.get('bundle_action'): request.session['%s.bundle.action' % clazz] = params.get('bundle_action') try: del request.session['%s.bundle.items' % clazz] except KeyError: pass request.session['%s.bundle.items' % clazz] = params.get('id', []) bundle_action = request.session.get('%s.bundle.action' % clazz) ids = request.session.get('%s.bundle.items' % clazz) # Check if the user selected at least one item. If not show an # dialog informing that the selection is empty. if not ids: title = _("Empty selection") body = _("You have not selected any item in the list. " "Click 'OK' to return to the overview.") renderer = WarningDialogRenderer(request, title, body) rvalue = {} rvalue['dialog'] = literal(renderer.render(url=request.referrer)) return rvalue # If the user only selects one single item it is not a list. So # convert it to a list with one item. if not isinstance(ids, list): ids = [ids] factory = clazz.get_item_factory() items = [] ignored_items = [] for id in ids: # Check if the user is allowed to call the requested action on # the loaded item. If so append it the the bundle, if not ignore # it. item = factory.load(id) if has_permission(bundle_action.lower(), item, request): items.append(item) else: ignored_items.append(item) # After checking the permissions the list of items might be empty. # If so show a warning to the user to inform him that the selected # action is not applicable. if not items: title = _("${action} not applicable", mapping={"action": bundle_action}) body = _("After checking the permissions no items remain " "for which an '${action}' can be performed. " "(${num} items were filtered out.)", mapping={"action": bundle_action, "num": len(ignored_items)}) renderer = WarningDialogRenderer(request, title, body) rvalue = {} rvalue['dialog'] = literal(renderer.render(url=request.referrer)) return rvalue handler = get_bundle_action_handler(_bundle_request_handlers, bundle_action.lower(), module.name) return handler(request, items, None)