示例#1
0
文件: views_group.py 项目: smbz/vns
def group_view(request, group, **kwargs):
    """View a list of users in a group.  Does not show users that are not
    visible to the user making the request.
    @param request  An HttpRequest
    @oaram group  The group to view
    @return HttpResponse"""

    tn='vns/group_view.html'

    if not request.user.is_authenticated():
        return HttpResponseRedirect('/login/')

    # Find the user profiles in this group which the user is allowed to see
    try:
        users = permissions.get_allowed_users(request.user)
        users = users.filter(user__vns_groups=group, retired=False)
    except User.DoesNotExist:
        messages.info(request, "There are no users in group %s which you "
                       "can view." % gn)
        return HttpResponseRedirect("/%s/groups/" % request.user.org.name)

    # Find the user profiles which this user is allowed to delete
    l = lambda up: permissions.allowed_user_access_delete(request.user, up.user)
    deletable_users = filter(l, list(users))

    # Switch to a template to print them out
    return direct_to_template(request, tn, {'users':users,
                                            'group':group,
                                            'deletable_users':deletable_users})
示例#2
0
文件: views_group.py 项目: smbz/vns
def group_delete(request, group, **kwargs):
    """Deletes all the users in a group that the user can delete.
    @param request  An HTTP request
    @param group  The group to delete
    @return HttpResponse"""

    # Make sure this is a POST request
    if request.method != 'POST':
        return direct_to_template(request, 'vns/confirm.html',
                                  {'title':'Delete group %s from %s' % (group.name, group.org.name),
                                   'button':'Delete %s' % group.name,
                                   'url':'/org/%s/%s/delete' % (group.org.name, group.name)})

    # Get all users in the group
    try:
        users = User.objects.filter(vns_groups=group)
    except User.DoesNotExist:
        group.delete()
        messages.error(request, "There are no users in this group")
        return HttpResponseRedirect('/')

    # Do permission checking and mark the users as retired if
    # the permission check passes
    no_perms = False
    has_deleted = False
    for u in users:
        if permissions.allowed_user_access_delete(request.user, u):
            up = u.get_profile()
            up.retired=True
            up.save()
            has_deleted = True

            # Delete any topologies this user owns
            topos = db.Topology.objects.filter(owner=u)
            for t in topos:
                je = db.JournalTopologyDelete()
                je.topology = t
                je.save()
        else:
            no_perms = True

    # If the group is empty, delete it
    if not no_perms:
        group.delete()
    
    # Display a message indicating eny errors or success
    if no_perms and not has_deleted:
        messages.error(request, "Could not delete users because of permissions.")
    elif no_perms and has_deleted:
        messages.info(request, "Some users could not be deleted because of permissions.  Other users have been deleted.")
    else:
        messages.success(request, "Successfully deleted group %s" % group.name)

    return HttpResponseRedirect('/')
示例#3
0
文件: views_org.py 项目: smbz/vns
def org_users(request, org, on):
    tn = 'vns/org_users.html'

    # Get a list of visible users from this organization
    users = list(permissions.get_allowed_users(request.user).filter(org=org, retired=False))
    users.sort(db.UserProfile.cmp_pos_order)

    # Get a list of users which this user can delete
    l = lambda up: permissions.allowed_user_access_delete(request.user, up.user)
    deletable_users = filter(l, list(users))

    return direct_to_template(request, tn, {'org':org,
                                            'users':users,
                                            'deletable_users':deletable_users})
示例#4
0
文件: views_user.py 项目: smbz/vns
def user_access_check(request, callee, action, **kwargs):
    """Checks that the user can access the functions they're trying to, and
    if they can calls callee"""
    """Check that the user is allowed access, and if they are call the given
    Callable.
    @param request  An HTTP request
    @param callee  Gives the Callable to call
    @param action  One of "add", "change", "use", "delete", describing the
    permissions needed
    @param user_id  The ID of the user in question; not used for
    action = "add"
    @exception ValueError  If an action is unrecognised
    @exception KeyError  If an option is missing"""

    def denied():
        """Generate an error message and redirect if we try do something to a
        template we're not allowed to"""
        messages.error(request, "Either this user doesn't exist or you don't "
                                "have permission to %s it." % action)
        return HttpResponseRedirect('/')

    def denied_add():
        """Generate an error message and redirect if we try to create a template
        and are not allowed to"""
        messages.error(request, "You don't have permission to create users.")
        return HttpResponseRedirect('/')
    
    # If we're trying to add a template, don't need to get the template itself
    if action == "add":
        if permissions.allowed_user_access_create(request.user):
            return callee(request)
        else:
            return denied_add()

    else:

        # Try getting the template - if it doesn't exist, show the same message
        # as for permission denied
        user_name = kwargs["un"]
        try :
            user = User.objects.get(username=user_name)
        except User.DoesNotExist:
            return denied()

        if action == "use":
            if permissions.allowed_user_access_use(request.user, user):
                return callee(request, user.get_profile())
            else:
                return denied()
        elif action == "change":
            if permissions.allowed_user_access_change(request.user, user):
                return callee(request, user.get_profile())
            else:
                return denied()
        elif action == "delete":
            if permissions.allowed_user_access_delete(request.user, user):
                return callee(request, user.get_profile())
            else:
                return denied()
        else:
            raise ValueError("Unknown action: %s" % options["action"])
示例#5
0
文件: models.py 项目: smbz/vns
 def can_delete_user(self, up):
     return permissions.allowed_user_access_delete(self.user, up.user)