manager: remove role permission views (#77410) #59
|
@ -23,7 +23,6 @@ from io import StringIO
|
|||
|
||||
from django import forms
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.core.exceptions import ValidationError
|
||||
from django.core.validators import validate_slug
|
||||
from django.urls import reverse
|
||||
|
@ -33,7 +32,7 @@ from django.utils.translation import pgettext
|
|||
from django_select2.forms import HeavySelect2Widget
|
||||
|
||||
from authentic2 import app_settings as a2_app_settings
|
||||
from authentic2.a2_rbac.models import Operation, OrganizationalUnit, Permission, Role
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Role
|
||||
from authentic2.a2_rbac.utils import generate_slug, get_default_ou
|
||||
from authentic2.custom_user.backends import DjangoRBACBackend
|
||||
from authentic2.forms.fields import (
|
||||
|
@ -144,16 +143,6 @@ class ChooseUserAuthorizationsForm(CssClass, forms.Form):
|
|||
authorization = fields.ChooseUserAuthorizationsField()
|
||||
|
||||
|
||||
class ChoosePermissionForm(CssClass, forms.Form):
|
||||
operation = forms.ModelChoiceField(required=False, label=_('Operation'), queryset=Operation.objects)
|
||||
ou = forms.ModelChoiceField(
|
||||
label=_('Organizational unit'), queryset=OrganizationalUnit.objects, required=False
|
||||
)
|
||||
target = forms.ModelChoiceField(label=_('Target object'), required=False, queryset=ContentType.objects)
|
||||
action = forms.CharField(initial='add', required=False, widget=forms.HiddenInput)
|
||||
permission = forms.ModelChoiceField(queryset=Permission.objects, required=False, widget=forms.HiddenInput)
|
||||
|
||||
|
||||
class UserEditForm(LimitQuerysetFormMixin, CssClass, BaseUserForm):
|
||||
css_class = "user-form"
|
||||
form_id = "id_user_edit_form"
|
||||
|
|
|
@ -343,62 +343,6 @@ class RoleDeleteView(RoleViewMixin, views.BaseDeleteView):
|
|||
delete = RoleDeleteView.as_view()
|
||||
|
||||
|
||||
class RolePermissionsView(RoleViewMixin, views.BaseSubTableView):
|
||||
template_name = 'authentic2/manager/role_permissions.html'
|
||||
table_class = tables.PermissionTable
|
||||
form_class = forms.ChoosePermissionForm
|
||||
success_url = '.'
|
||||
permissions = ['a2_rbac.admin_permission']
|
||||
title = _('Permissions')
|
||||
|
||||
def get_table_queryset(self):
|
||||
return self.object.permissions.all()
|
||||
|
||||
def form_valid(self, form):
|
||||
if self.can_change:
|
||||
operation = form.cleaned_data.get('operation')
|
||||
ou = form.cleaned_data.get('ou')
|
||||
target = form.cleaned_data.get('target')
|
||||
action = form.cleaned_data.get('action')
|
||||
if action == 'add' and operation and target:
|
||||
perm, dummy = Permission.objects.get_or_create(
|
||||
operation=operation,
|
||||
ou=ou,
|
||||
target_ct=ContentType.objects.get_for_model(target),
|
||||
target_id=target.pk,
|
||||
)
|
||||
self.object.permissions.add(perm)
|
||||
hooks.call_hooks(
|
||||
'event',
|
||||
name='manager-add-permission',
|
||||
user=self.request.user,
|
||||
role=self.object,
|
||||
permission=perm,
|
||||
)
|
||||
elif action == 'remove':
|
||||
try:
|
||||
permission_id = int(self.request.POST.get('permission', ''))
|
||||
perm = Permission.objects.get(id=permission_id)
|
||||
except (ValueError, Permission.DoesNotExist):
|
||||
pass
|
||||
else:
|
||||
if self.object.permissions.filter(id=permission_id).exists():
|
||||
self.object.permissions.remove(perm)
|
||||
hooks.call_hooks(
|
||||
'event',
|
||||
name='manager-remove-permission',
|
||||
user=self.request.user,
|
||||
role=self.object,
|
||||
permission=perm,
|
||||
)
|
||||
else:
|
||||
messages.warning(self.request, _('You are not authorized'))
|
||||
return super().form_valid(form)
|
||||
|
||||
|
||||
permissions = RolePermissionsView.as_view()
|
||||
|
||||
|
||||
class RoleMembersExportView(views.ExportMixin, RoleMembersView):
|
||||
resource_class = resources.UserResource
|
||||
permissions = ['a2_rbac.view_role']
|
||||
|
|
|
@ -24,7 +24,7 @@ from django.utils.translation import gettext_lazy as _
|
|||
from django.utils.translation import gettext_noop
|
||||
from django_tables2.utils import A
|
||||
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Permission, Role
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit, Role
|
||||
from authentic2.middleware import StoreRequestMiddleware
|
||||
from authentic2.models import Service
|
||||
from authentic2_idp_oidc.models import OIDCAuthorization
|
||||
|
@ -186,18 +186,6 @@ class RoleTable(Table):
|
|||
order_by = ('name',)
|
||||
|
||||
|
||||
class PermissionTable(Table):
|
||||
operation = tables.Column()
|
||||
scope = tables.Column()
|
||||
target = tables.Column()
|
||||
|
||||
class Meta(Table.Meta):
|
||||
model = Permission
|
||||
attrs = {'class': 'main', 'id': 'role-table'}
|
||||
fields = ('operation', 'scope', 'target')
|
||||
empty_text = _('None')
|
||||
|
||||
|
||||
class OUTable(Table):
|
||||
name = tables.LinkColumn(
|
||||
viewname='a2-manager-ou-detail',
|
||||
|
|
|
@ -38,9 +38,6 @@
|
|||
{% else %}
|
||||
<li><a class="disabled" title="{% trans "This role is technical, you cannot delete it." %}" href="#">{% trans "Delete" %}</a></li>
|
||||
{% endif %}
|
||||
{% if perms.a2_rbac.admin_permission %}
|
||||
<li><a href="{% url "a2-manager-role-permissions" pk=object.pk %}">{% trans "Permissions" %}</a></li>
|
||||
{% endif %}
|
||||
<li><a href="{% url "a2-manager-role-journal" pk=object.pk %}">{% trans "Journal" %}</a></li>
|
||||
{% if view.can_manage_members %}
|
||||
<li><a href="{% url "a2-manager-role-children" pk=object.pk %}">{% trans "Add a role as a member" %}</a></li>
|
||||
|
|
|
@ -1,36 +0,0 @@
|
|||
{% extends "authentic2/manager/role_common.html" %}
|
||||
{% load i18n static django_tables2 %}
|
||||
|
||||
{% block page-title %}{% trans "Permissions" %} | {{ block.super }}{% endblock %}
|
||||
|
||||
{% block breadcrumb %}
|
||||
{{ block.super }}
|
||||
<a href="..">{{ object }}</a>
|
||||
<a href="#">{% trans "Permissions" %}</a>
|
||||
{% endblock %}
|
||||
|
||||
{% block appbar %}
|
||||
{{ block.super }}
|
||||
<span class="actions">
|
||||
{% if view.can_delete %}
|
||||
<a rel="popup" href="{% url "a2-manager-role-delete" pk=object.pk %}">{% trans "Delete" %}</a>
|
||||
{% endif %}
|
||||
{% if view.can_change and not object.is_internal %}
|
||||
<a href="{% url "a2-manager-role-edit" pk=object.pk %}">{% trans "Edit" %}</a>
|
||||
{% endif %}
|
||||
<a href="{% url "a2-manager-role-members" pk=object.pk %}">{% trans "Members" %}</a>
|
||||
</span>
|
||||
{% endblock %}
|
||||
|
||||
{% block main %}
|
||||
<div class="role-info">
|
||||
{% render_table table "authentic2/manager/role_permissions_table.html" %}
|
||||
</div>
|
||||
{% if perms.a2_rbac.change_role %}
|
||||
<form method="post" id="add-role-permission">
|
||||
{% csrf_token %}
|
||||
{{ form }}
|
||||
<button>{% trans "Add" %}</button>
|
||||
</form>
|
||||
{% endif %}
|
||||
{% endblock %}
|
|
@ -1,10 +0,0 @@
|
|||
{% extends "authentic2/manager/table.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
|
||||
{% block table.head.last.column %}
|
||||
<th></th>
|
||||
{% endblock %}
|
||||
{% block table.tbody.last.column %}
|
||||
<td class="remove-icon-column">{% if table.context.view.can_change %}<a class="js-remove-object" href="#" data-pk-arg="permission"><span class="icon-remove-sign"></span></a>{% endif %}</td>
|
||||
{% endblock %}
|
|
@ -154,7 +154,6 @@ urlpatterns = required(
|
|||
),
|
||||
path('roles/<int:pk>/delete/', role_views.delete, name='a2-manager-role-delete'),
|
||||
path('roles/<int:pk>/edit/', role_views.edit, name='a2-manager-role-edit'),
|
||||
path('roles/<int:pk>/permissions/', role_views.permissions, name='a2-manager-role-permissions'),
|
||||
path('roles/<int:pk>/journal/', role_views.journal, name='a2-manager-role-journal'),
|
||||
re_path(
|
||||
r'^roles/(?P<pk>\d+)/user-or-role-select2.json$',
|
||||
|
|
Loading…
Reference in New Issue