def get(self, uuid, **kwargs): try: role = roles.get_metadata(uuid) all_perms = permissions.list_metadata() except DataRequestException as e: return render_template(self.template, errors=e.errors) else: # get the permissions already granted to the role role_perms = list(role['permissions'].keys()) # remove any permissions not in the user's organization. Users # cannot add permissions from outside their org to a role inside it # but may be able to read metadata of those permissions. all_perms = self.filter_by_org(all_perms, 'organization') # Remove any permissions that already exist on the role. all_perms = [ perm for perm in all_perms if perm['permission_id'] not in role_perms ] self.set_template_args() return render_template(self.template, role=role, table_data=all_perms, **self.template_args, **kwargs)
def post(self, uuid): form_data = request.form user_email = form_data.get('user_email', '') redirect_url = session.pop('redirect_link', url_for('admin.role_view', uuid=uuid)) try: users.add_role_by_email(user_email, uuid) except DataRequestException as e: if e.status_code == 500: self.flash_api_errors(e.errors) else: # flash a message that grant failed flash( 'Failed to grant role. Confirm with the user that they ' 'are registered and affiliated with an SFA organization.', 'error') try: role = roles.get_metadata(uuid) except DataRequestException as e: # User could not read the role, flash a 404 self.flash_api_errors(e.errors) role = None # Refresh the page if the role failed, so the user can try again. self.set_template_args(role, redirect_url) return render_template(self.template, form_data=form_data, **self.template_args) # flash success message and redirect flash('Role granted successfully', 'message') return redirect(redirect_url)
def get(self, uuid): try: role = roles.get_metadata(uuid) except DataRequestException as e: return render_template(self.template, errors=e.errors) else: self.set_template_args(role) return render_template(self.template, uuid=role['role_id'], **self.template_args)
def get(self, uuid, **kwargs): # This view displays either a table of permissions granted to the role # or users that were granted the role based on the `table` query param. role_table = request.args.get('table', 'permissions') try: role = roles.get_metadata(uuid) permission_list = permissions.list_metadata() except DataRequestException as e: return render_template(self.template, errors=e.errors) else: self.set_template_args(role, permission_list, role_table) return render_template(self.template, **kwargs, **self.template_args)
def get(self, uuid, permission_id, **kwargs): """Confirmation view for removing permission from a role """ try: role = roles.get_metadata(uuid) permission = permissions.get_metadata(permission_id) except DataRequestException as e: return render_template(self.template, errors=e.errors) self.set_template_args() return render_template(self.template, role=role, perm=permission, **kwargs, **self.template_args)
def get(self, uuid, **kwargs): try: role = roles.get_metadata(uuid) except DataRequestException as e: self.flash_api_errors(e.errors) role = None # Set the redirect link, to send users back to the correct page. They # may have ended up here from the permission or users listing of the # role, which only differ by the table query argument. redirect_link = request.headers.get('Referer', url_for('admin.roles')) session['redirect_link'] = redirect_link self.set_template_args(role, redirect_link) return render_template(self.template, **kwargs, **self.template_args)
def get(self, uuid): role = roles.get_metadata(uuid).json() if 'errors' in role: role = None else: permission_list = permissions.list_metadata().json() permission_map = { perm['permission_id']: perm for perm in permission_list } role['permissions'] = { k: { 'added_to_role': v, **permission_map[k] } for k, v in role['permissions'].items() if k in permission_map } return render_template('forms/admin/role.html', role=role, **self.template_args())
def get(self, uuid, role_id, **kwargs): """Confirmation view for removing a role from a user """ # set a redirect link, because we can be directed here # from a role or user page. redirect_link = request.headers.get('Referer', url_for('admin.roles')) try: user = users.get_metadata(uuid) except DataRequestException: # Check if the user is readable. For roles shared outside # an org this may not be true, but we still need to pass # user_id to the template for building urls and display. user = {'user_id': uuid} try: role = roles.get_metadata(role_id) except DataRequestException as e: self.flash_api_errors(e.errors) return redirect(redirect_link) session['redirect_link'] = redirect_link self.set_template_args(user, role, redirect_link) return render_template(self.template, **kwargs, **self.template_args)