def permission_create(request): _ = get_localizer(request) permission_model = PermissionModel(request.db_session) factory = FormFactory(_) PermissionCreateForm = factory.make_permission_create_form() form = PermissionCreateForm(request.params) if request.method == 'POST': check_csrf_token(request) validate_result = form.validate() permission_name = request.params['permission_name'] description = request.params['description'] by_name = permission_model.get_by_name(permission_name) if by_name is not None: msg = _(u'Permission name %s already exists') % permission_name form.permission_name.errors.append(msg) validate_result = False if validate_result: with transaction.manager: permission_model.create( permission_name=permission_name, description=description, ) msg = _(u"Permission ${permission_name} has been created", mapping=dict(permission_name=permission_name)) request.add_flash(msg, 'success') return HTTPFound(location=request.route_url('admin.permission_list')) return dict(form=form)
def setUp(self): super(TestAdminView, self).setUp() from ez2pay.models.user import UserModel from ez2pay.models.group import GroupModel from ez2pay.models.permission import PermissionModel user_model = UserModel(self.testapp.session) group_model = GroupModel(self.testapp.session) permission_model = PermissionModel(self.testapp.session) with transaction.manager: user_model.create( user_name='tester', display_name='tester', password='******', email='*****@*****.**' ) admin_id = user_model.create( user_name='admin', display_name='admin', password='******', email='*****@*****.**' ) group_id = group_model.create( group_name='admin', display_name='admin', ) permission_id = permission_model.create( permission_name='admin', description='admin' ) group_model.update_permissions(group_id, [permission_id]) user_model.update_groups(admin_id, [group_id])
def permission_edit(request): _ = get_localizer(request) permission_model = PermissionModel(request.db_session) permission_name = request.matchdict['permission_name'] permission = permission_model.get_by_name(permission_name) if permission is None: msg = _(u'Permission %s does not exist') % permission_name return HTTPNotFound(msg) factory = FormFactory(_) PermissionEditForm = factory.make_permission_edit_form() form = PermissionEditForm(request.params, permission) if request.method == 'POST': check_csrf_token(request) validate_result = form.validate() permission_name = request.params['permission_name'] description = request.params['description'] by_name = permission_model.get_by_name(permission_name) if ( by_name is not None and permission_name != permission.permission_name ): msg = _(u'Permission name %s already exists') % permission_name form.permission_name.errors.append(msg) validate_result = False if validate_result: with transaction.manager: permission_model.update_permission( permission_id=permission.permission_id, permission_name=permission_name, description=description, ) msg = _(u"Permission ${permission_name} has been updated", mapping=dict(permission_name=permission_name)) request.add_flash(msg, 'success') url = request.route_url('admin.permission_edit', permission_name=permission_name) return HTTPFound(location=url) return dict(form=form, permission=permission)
def group_create(request): _ = get_localizer(request) group_model = GroupModel(request.db_session) permission_model = PermissionModel(request.db_session) factory = FormFactory(_) GroupCreateForm = factory.make_group_create_form() form = GroupCreateForm(request.params) permissions = permission_model.get_list() form.permissions.choices = [ (str(p.permission_id), p.permission_name) for p in permissions ] if request.method == 'POST': check_csrf_token(request) validate_result = form.validate() group_name = request.params['group_name'] display_name = request.params['display_name'] permissions = request.params.getall('permissions') by_name = group_model.get_by_name(group_name) if by_name is not None: msg = _(u'Group name %s already exists') % group_name form.group_name.errors.append(msg) validate_result = False if validate_result: with transaction.manager: group_id = group_model.create( group_name=group_name, display_name=display_name, ) group_model.update_permissions( group_id=group_id, permission_ids=permissions, ) msg = _(u"Group ${group_name} has been created", mapping=dict(group_name=group_name)) request.add_flash(msg, 'success') return HTTPFound(location=request.route_url('admin.group_list')) return dict(form=form)
def permission_list(request): permission_model = PermissionModel(request.db_session) permissions = permission_model.get_list() return dict(permissions=permissions)