def authz(self):
def action_save_form(users):
# The permissions grid has been saved
# which is a grid of checkboxes named user$role
rpi = request.params.items()
# The grid passes us a list of the users/roles that were displayed
submitted = [a for (a, b) in rpi if (b == u'submitted')]
# and also those which were checked
checked = [a for (a, b) in rpi if (b == u'on')]
# from which we can deduce true/false for each user/role
# combination that was displayed in the form
table_dict = {}
for a in submitted:
table_dict[a] = False
for a in checked:
table_dict[a] = True
# now we'll split up the user$role strings to make a dictionary
# from (user,role) to True/False, which tells us what we need to
# do.
new_user_role_dict = {}
for (ur, val) in table_dict.items():
u, r = ur.split('$')
new_user_role_dict[(u, r)] = val
# we get the current user/role assignments
# and make a dictionary of them
current_uors = model.Session.query(model.SystemRole).all()
current_users_roles = [(uor.user.name, uor.role)
for uor in current_uors
if uor.user]
current_user_role_dict = {}
for (u, r) in current_users_roles:
current_user_role_dict[(u, r)] = True
# and now we can loop through our dictionary of desired states
# checking whether a change needs to be made, and if so making it
# WORRY: Here it seems that we have to check whether someone is
# already assigned a role, in order to avoid assigning it twice,
# or attempting to delete it when it doesn't exist. Otherwise
# problems occur. However this doesn't affect the index page,
# which would seem to be prone to suffer the same effect. Why
# the difference?
for ((u, r), val) in new_user_role_dict.items():
if val:
if not ((u, r) in current_user_role_dict):
model.add_user_to_role(
model.User.by_name(u), r,
model.System())
else:
if ((u, r) in current_user_role_dict):
model.remove_user_from_role(
model.User.by_name(u), r,
model.System())
# finally commit the change to the database
model.Session.commit()
h.flash_success(_("Changes Saved"))
if ('save' in request.POST):
action_save_form('users')
def action_add_form(users):
# The user is attempting to set new roles for a named user
new_user = request.params.get('new_user_name')
# this is the list of roles whose boxes were ticked
checked_roles = [a for (a, b) in request.params.items()
if (b == u'on')]
# this is the list of all the roles that were in the submitted
# form
submitted_roles = [a for (a, b) in request.params.items()
if (b == u'submitted')]
# from this we can make a dictionary of the desired states
# i.e. true for the ticked boxes, false for the unticked
desired_roles = {}
for r in submitted_roles:
desired_roles[r] = False
for r in checked_roles:
desired_roles[r] = True
# again, in order to avoid either creating a role twice or
# deleting one which is non-existent, we need to get the users'
# current roles (if any)
current_uors = model.Session.query(model.SystemRole).all()
current_roles = [uor.role for uor in current_uors
if (uor.user and uor.user.name == new_user)]
user_object = model.User.by_name(new_user)
if user_object is None:
# The submitted user does not exist. Bail with flash
# message
h.flash_error(_('unknown user:'******'add' in request.POST:
action_add_form('users')
# =================
# Display the page
# Find out all the possible roles. For the system object that's just
# all of them.
possible_roles = Role.get_all()
# get the list of users who have roles on the System, with their roles
uors = model.Session.query(model.SystemRole).all()
# uniquify and sort
users = sorted(list(set([uor.user.name for uor in uors if uor.user])))
users_roles = [(uor.user.name, uor.role) for uor in uors if uor.user]
user_role_dict = {}
for u in users:
for r in possible_roles:
if (u, r) in users_roles:
user_role_dict[(u, r)] = True
else:
user_role_dict[(u, r)] = False
# pass these variables to the template for rendering
c.roles = possible_roles
c.users = users
c.user_role_dict = user_role_dict
return base.render('admin/authz.html')
def authz(self):
def action_save_form(users):
# The permissions grid has been saved
# which is a grid of checkboxes named user$role
rpi = request.params.items()
# The grid passes us a list of the users/roles that were displayed
submitted = [a for (a, b) in rpi if (b == u'submitted')]
# and also those which were checked
checked = [a for (a, b) in rpi if (b == u'on')]
# from which we can deduce true/false for each user/role
# combination that was displayed in the form
table_dict = {}
for a in submitted:
table_dict[a] = False
for a in checked:
table_dict[a] = True
# now we'll split up the user$role strings to make a dictionary
# from (user,role) to True/False, which tells us what we need to
# do.
new_user_role_dict = {}
for (ur, val) in table_dict.items():
u, r = ur.split('$')
new_user_role_dict[(u, r)] = val
# we get the current user/role assignments
# and make a dictionary of them
current_uors = model.Session.query(model.SystemRole).all()
current_users_roles = [(uor.user.name, uor.role)
for uor in current_uors if uor.user]
current_user_role_dict = {}
for (u, r) in current_users_roles:
current_user_role_dict[(u, r)] = True
# and now we can loop through our dictionary of desired states
# checking whether a change needs to be made, and if so making it
# WORRY: Here it seems that we have to check whether someone is
# already assigned a role, in order to avoid assigning it twice,
# or attempting to delete it when it doesn't exist. Otherwise
# problems occur. However this doesn't affect the index page,
# which would seem to be prone to suffer the same effect. Why
# the difference?
for ((u, r), val) in new_user_role_dict.items():
if val:
if not ((u, r) in current_user_role_dict):
model.add_user_to_role(model.User.by_name(u), r,
model.System())
else:
if ((u, r) in current_user_role_dict):
model.remove_user_from_role(model.User.by_name(u), r,
model.System())
# finally commit the change to the database
model.Session.commit()
h.flash_success(_("Changes Saved"))
if ('save' in request.POST):
action_save_form('users')
def action_add_form(users):
# The user is attempting to set new roles for a named user
new_user = request.params.get('new_user_name')
# this is the list of roles whose boxes were ticked
checked_roles = [
a for (a, b) in request.params.items() if (b == u'on')
]
# this is the list of all the roles that were in the submitted
# form
submitted_roles = [
a for (a, b) in request.params.items() if (b == u'submitted')
]
# from this we can make a dictionary of the desired states
# i.e. true for the ticked boxes, false for the unticked
desired_roles = {}
for r in submitted_roles:
desired_roles[r] = False
for r in checked_roles:
desired_roles[r] = True
# again, in order to avoid either creating a role twice or
# deleting one which is non-existent, we need to get the users'
# current roles (if any)
current_uors = model.Session.query(model.SystemRole).all()
current_roles = [
uor.role for uor in current_uors
if (uor.user and uor.user.name == new_user)
]
user_object = model.User.by_name(new_user)
if user_object is None:
# The submitted user does not exist. Bail with flash
# message
h.flash_error(_('unknown user:'******'add' in request.POST:
action_add_form('users')
# =================
# Display the page
# Find out all the possible roles. For the system object that's just
# all of them.
possible_roles = Role.get_all()
# get the list of users who have roles on the System, with their roles
uors = model.Session.query(model.SystemRole).all()
# uniquify and sort
users = sorted(list(set([uor.user.name for uor in uors if uor.user])))
users_roles = [(uor.user.name, uor.role) for uor in uors if uor.user]
user_role_dict = {}
for u in users:
for r in possible_roles:
if (u, r) in users_roles:
user_role_dict[(u, r)] = True
else:
user_role_dict[(u, r)] = False
# pass these variables to the template for rendering
c.roles = possible_roles
c.users = users
c.user_role_dict = user_role_dict
return base.render('admin/authz.html')
from pylons import config
import ckan.lib.base as base
import ckan.lib.helpers as h
import ckan.lib.app_globals as app_globals
import ckan.authz
import ckan.lib.authztool
import ckan.model as model
import ckan.logic
import ckan.new_authz
from ckan.model.authz import Role
roles = Role.get_all()
role_tuples = [(x, x) for x in roles]
c = base.c
request = base.request
_ = base._
def get_sysadmins():
q = model.Session.query(model.User).filter(model.User.sysadmin==True)
return q.all()
class AdminController(base.BaseController):
def __before__(self, action, **params):
super(AdminController, self).__before__(action, **params)
context = {'model': model,
'user': c.user}
if not ckan.new_authz.is_authorized('sysadmin', context, {})['success']:
from pylons import config
import ckan.lib.base as base
import ckan.lib.helpers as h
import ckan.lib.app_globals as app_globals
import ckan.lib.authztool
import ckan.model as model
import ckan.logic
import ckan.new_authz
from ckan.model.authz import Role
roles = Role.get_all()
role_tuples = [(x, x) for x in roles]
c = base.c
request = base.request
_ = base._
def get_sysadmins():
q = model.Session.query(model.User).filter(model.User.sysadmin == True)
return q.all()
class AdminController(base.BaseController):
def __before__(self, action, **params):
super(AdminController, self).__before__(action, **params)
context = {'model': model, 'user': c.user}
if not ckan.new_authz.is_authorized('sysadmin', context,
{})['success']:
base.abort(401, _('Need to be system administrator to administer'))