def user_permissions(request, id, user_id=None): """ Ajax call to update a user's permissions @param id: id of Group """ editor = request.user group = get_object_or_404(Group, id=id) if not (editor.is_superuser or editor.has_perm('admin', group)): return HttpResponseForbidden('You do not have sufficient privileges') if request.method == 'POST': form = ObjectPermissionForm(Group, request.POST) if form.is_valid(): form.update_perms() user = form.cleaned_data['user'] # send signal view_edit_user.send(sender=editor, user=user, obj=group) # return html to replace existing user row url = reverse('group-permissions', args=[id]) return render_to_response( "object_permissions/muddle/group/user_row.html", { 'object': group, 'user_detail': user, 'url': url }, context_instance=RequestContext(request)) # error in form return ajax response content = json.dumps(form.errors) return HttpResponse(content, mimetype='application/json') # render a form for an existing user only form_user = get_object_or_404(User, id=user_id) data = { 'permissions': get_user_perms(form_user, group), 'obj': group, 'user': user_id } form = ObjectPermissionForm(Group, data) return render_to_response( "object_permissions/permissions/form.html", { 'form': form, 'obj': group, 'user_id': user_id, 'url': reverse('group-permissions', args=[group.id]) }, context_instance=RequestContext(request))
def user_permissions(request, id, user_id=None): """ Ajax call to update a user's permissions @param id: id of Group """ editor = request.user group = get_object_or_404(Group, id=id) if not (editor.is_superuser or editor.has_perm("admin", group)): return HttpResponseForbidden("You do not have sufficient privileges") if request.method == "POST": form = ObjectPermissionForm(Group, request.POST) if form.is_valid(): form.update_perms() user = form.cleaned_data["user"] # send signal view_edit_user.send(sender=editor, user=user, obj=group) # return html to replace existing user row url = reverse("group-permissions", args=[id]) return render_to_response( "object_permissions/permissions/user_row.html", {"object": group, "user_detail": user, "url": url}, context_instance=RequestContext(request), ) # error in form return ajax response content = json.dumps(form.errors) return HttpResponse(content, mimetype="application/json") # render a form for an existing user only form_user = get_object_or_404(User, id=user_id) data = {"permissions": get_user_perms(form_user, group), "obj": group, "user": user_id} form = ObjectPermissionForm(Group, data) return render_to_response( "object_permissions/permissions/form.html", {"form": form, "obj": group, "user_id": user_id, "url": reverse("group-permissions", args=[group.id])}, context_instance=RequestContext(request), )
def user_permissions(request, id, user_id=None): """ Ajax call to update a user's permissions @param id: id of Group """ editor = request.user group = get_object_or_404(Group, id=id) if not (editor.is_superuser or editor.has_perm('admin', group)): return HttpResponseForbidden('You do not have sufficient privileges') if request.method == 'POST': form = ObjectPermissionForm(Group, request.POST) if form.is_valid(): form.update_perms() user = form.cleaned_data['user'] # send signal view_edit_user.send(sender=editor, user=user, obj=group) # return html to replace existing user row url = reverse('group-permissions', args=[id]) return render_to_response( "object_permissions/muddle/group/user_row.html", {'object':group, 'user_detail':user, 'url':url}, context_instance=RequestContext(request)) # error in form return ajax response content = json.dumps(form.errors) return HttpResponse(content, mimetype='application/json') # render a form for an existing user only form_user = get_object_or_404(User, id=user_id) data = {'permissions':get_user_perms(form_user, group), 'obj':group, 'user':user_id} form = ObjectPermissionForm(Group, data) return render_to_response("object_permissions/permissions/form.html", {'form':form, 'obj':group, 'user_id':user_id, 'url':reverse('group-permissions', args=[group.id])}, context_instance=RequestContext(request))
def view_obj_permissions(request, class_name, obj_id=None, user_id=None, group_id=None, row_template='object_permissions/permissions/object_row.html'): """ Generic view for editing permissions on an object when the user is already. Known. This is an admin only view since it is impossible to know the permission scheme for the apps that are registering properties. """ if not request.user.is_superuser: return HttpResponseForbidden('You are not authorized to view this page') try: cls = get_class(class_name) except KeyError: return HttpResponseNotFound('Class type does not exist') if request.method == 'POST': form = ObjectPermissionFormNewUsers(cls, request.POST) if form.is_valid(): data = form.cleaned_data form_user = form.cleaned_data['user'] group = form.cleaned_data['group'] edited_user = form_user if form_user else group if form.update_perms(): # send correct signal based on new or edited user if data['new']: view_add_user.send(sender=cls, editor=request.user, user=edited_user, obj=data['obj']) else: view_edit_user.send(sender=cls, editor=request.user, user=edited_user, obj=data['obj']) # return html to replace existing user row return render_to_response(row_template, {'class_name':class_name, 'obj':data['obj'], 'persona':edited_user}) else: # no permissions, send ajax response to remove object view_remove_user.send(sender=cls, editor=request.user, user=edited_user, obj=data['obj']) id = '"%s_%s"' % (class_name, obj_id) return HttpResponse(id, mimetype='application/json') # error in form return ajax response content = json.dumps(form.errors) return HttpResponse(content, mimetype='application/json') # GET - create form for editing and return as html if obj_id: obj = get_object_or_404(cls, pk=obj_id) data = {'obj':obj} if user_id: form_user = get_object_or_404(User, id=user_id) data['user'] = user_id data['permissions'] = get_user_perms(form_user, obj, False) url = reverse('user-edit-permissions', args=(user_id, class_name, obj_id)) elif group_id: group = get_object_or_404(Group, id=group_id) data['group'] = group_id data['permissions'] = get_group_perms(group, obj) url = reverse('group-edit-permissions', args=(group_id, class_name, obj_id)) else: obj = None if user_id: get_object_or_404(User, id=user_id) data={'user':user_id} url = reverse('user-add-permissions', args=(user_id, class_name)) elif group_id: get_object_or_404(Group, id=group_id) data={'group':group_id} url = reverse('group-add-permissions', args=(group_id, class_name)) form = ObjectPermissionFormNewUsers(cls, data) return render_to_response('object_permissions/permissions/form.html', {'form':form, 'obj':obj, 'user_id':user_id, 'group_id':group_id, 'url':url}, context_instance=RequestContext(request))
def view_permissions(request, obj, url, user_id=None, group_id=None, user_template='object_permissions/permissions/user_row.html', group_template='object_permissions/permissions/group_row.html' ): """ Update a User or Group permissions on an object. This is a generic view intended to be used for editing permissions on any object. It must be configured with a model and url. It may also be customized by adding custom templates or changing the pk field. @param obj: object permissions are being set on @param url: name of url being edited @param user_id: ID of User being edited @param group_id: ID of Group being edited @param user_template: template used to render user rows @param group_template: template used to render group rows """ if request.method == 'POST': form = ObjectPermissionFormNewUsers(obj.__class__, request.POST) if form.is_valid(): data = form.cleaned_data form_user = form.cleaned_data['user'] group = form.cleaned_data['group'] edited_user = form_user if form_user else group if form.update_perms(): # send correct signal based on new or edited user if data['new']: view_add_user.send(sender=obj.__class__, editor=request.user, user=edited_user, obj=obj) else: view_edit_user.send(sender=obj.__class__, editor=request.user, user=edited_user, obj=obj) # return html to replace existing user row if form_user: return render_to_response(user_template, {'object':obj, 'user_detail':form_user, 'url':url}, context_instance=RequestContext(request)) else: return render_to_response(group_template, {'object':obj, 'group':group, 'url':url}, context_instance=RequestContext(request)) else: # no permissions, send ajax response to remove user view_remove_user.send(sender=obj.__class__, editor=request.user, user=edited_user, obj=obj) id = ('"user_%d"' if form_user else '"group_%d"')%edited_user.pk return HttpResponse(id, mimetype='application/json') # error in form return ajax response content = json.dumps(form.errors) return HttpResponse(content, mimetype='application/json') if user_id: form_user = get_object_or_404(User, id=user_id) data = {'permissions':get_user_perms(form_user, obj, False), 'user':user_id, 'obj':obj} elif group_id: group = get_object_or_404(Group, id=group_id) data = {'permissions':get_group_perms(group, obj), 'group':group_id, 'obj':obj} else: data = {} form = ObjectPermissionFormNewUsers(obj.__class__, data) return render_to_response('object_permissions/permissions/form.html', {'form':form, 'obj':obj, 'user_id':user_id, 'group_id':group_id, 'url':url}, context_instance=RequestContext(request))
def view_obj_permissions( request, class_name, obj_id=None, user_id=None, group_id=None, row_template='object_permissions/permissions/object_row.html'): """ Generic view for editing permissions on an object when the user is already. Known. This is an admin only view since it is impossible to know the permission scheme for the apps that are registering properties. """ if not request.user.is_superuser: return HttpResponseForbidden( 'You are not authorized to view this page') try: cls = get_class(class_name) except KeyError: return HttpResponseNotFound('Class type does not exist') if request.method == 'POST': form = ObjectPermissionFormNewUsers(cls, request.POST) if form.is_valid(): data = form.cleaned_data form_user = form.cleaned_data['user'] group = form.cleaned_data['group'] edited_user = form_user if form_user else group if form.update_perms(): # send correct signal based on new or edited user if data['new']: view_add_user.send(sender=cls, editor=request.user, user=edited_user, obj=data['obj']) else: view_edit_user.send(sender=cls, editor=request.user, user=edited_user, obj=data['obj']) # return html to replace existing user row return render_to_response( row_template, { 'class_name': class_name, 'obj': data['obj'], 'persona': edited_user }) else: # no permissions, send ajax response to remove object view_remove_user.send(sender=cls, editor=request.user, user=edited_user, obj=data['obj']) id = '"%s_%s"' % (class_name, obj_id) return HttpResponse(id, mimetype='application/json') # error in form return ajax response content = json.dumps(form.errors) return HttpResponse(content, mimetype='application/json') # GET - create form for editing and return as html if obj_id: obj = get_object_or_404(cls, pk=obj_id) data = {'obj': obj} if user_id: form_user = get_object_or_404(User, id=user_id) data['user'] = user_id data['permissions'] = get_user_perms(form_user, obj, False) url = reverse('user-edit-permissions', args=(user_id, class_name, obj_id)) elif group_id: group = get_object_or_404(Group, id=group_id) data['group'] = group_id data['permissions'] = get_group_perms(group, obj) url = reverse('group-edit-permissions', args=(group_id, class_name, obj_id)) else: obj = None if user_id: get_object_or_404(User, id=user_id) data = {'user': user_id} url = reverse('user-add-permissions', args=(user_id, class_name)) elif group_id: get_object_or_404(Group, id=group_id) data = {'group': group_id} url = reverse('group-add-permissions', args=(group_id, class_name)) form = ObjectPermissionFormNewUsers(cls, data) return render_to_response('object_permissions/permissions/form.html', { 'form': form, 'obj': obj, 'user_id': user_id, 'group_id': group_id, 'url': url }, context_instance=RequestContext(request))
def view_permissions( request, obj, url, user_id=None, group_id=None, user_template='object_permissions/permissions/user_row.html', group_template='object_permissions/permissions/group_row.html'): """ Update a User or Group permissions on an object. This is a generic view intended to be used for editing permissions on any object. It must be configured with a model and url. It may also be customized by adding custom templates or changing the pk field. @param obj: object permissions are being set on @param url: name of url being edited @param user_id: ID of User being edited @param group_id: ID of Group being edited @param user_template: template used to render user rows @param group_template: template used to render group rows """ if request.method == 'POST': form = ObjectPermissionFormNewUsers(obj.__class__, request.POST) if form.is_valid(): data = form.cleaned_data form_user = form.cleaned_data['user'] group = form.cleaned_data['group'] edited_user = form_user if form_user else group if form.update_perms(): # send correct signal based on new or edited user if data['new']: view_add_user.send(sender=obj.__class__, editor=request.user, user=edited_user, obj=obj) else: view_edit_user.send(sender=obj.__class__, editor=request.user, user=edited_user, obj=obj) # return html to replace existing user row if form_user: return render_to_response( user_template, { 'object': obj, 'user_detail': form_user, 'url': url }, context_instance=RequestContext(request)) else: return render_to_response( group_template, { 'object': obj, 'group': group, 'url': url }, context_instance=RequestContext(request)) else: # no permissions, send ajax response to remove user view_remove_user.send(sender=obj.__class__, editor=request.user, user=edited_user, obj=obj) id = ('"user_%d"' if form_user else '"group_%d"') % edited_user.pk return HttpResponse(id, mimetype='application/json') # error in form return ajax response content = json.dumps(form.errors) return HttpResponse(content, mimetype='application/json') if user_id: form_user = get_object_or_404(User, id=user_id) data = { 'permissions': get_user_perms(form_user, obj, False), 'user': user_id, 'obj': obj } elif group_id: group = get_object_or_404(Group, id=group_id) data = { 'permissions': get_group_perms(group, obj), 'group': group_id, 'obj': obj } else: data = {} form = ObjectPermissionFormNewUsers(obj.__class__, data) return render_to_response('object_permissions/permissions/form.html', { 'form': form, 'obj': obj, 'user_id': user_id, 'group_id': group_id, 'url': url }, context_instance=RequestContext(request))