[ckan-changes] commit/ckan: 4 new changesets
Bitbucket
commits-noreply at bitbucket.org
Thu Aug 25 20:12:46 UTC 2011
4 new changesets in ckan:
http://bitbucket.org/okfn/ckan/changeset/0a58aee2e505/
changeset: 0a58aee2e505
branch: feature-1074-authz-wui
user: rgrp
date: 2011-08-25 16:44:41
summary: [merge,from-default][xl]: re-opening this branch and merging from default first.
affected #: 342 files (3.8 MB)
Diff too large to display.
http://bitbucket.org/okfn/ckan/changeset/18a5b48bbee6/
changeset: 18a5b48bbee6
branch: feature-1074-authz-wui
user: rgrp
date: 2011-08-25 22:10:15
summary: [controllers,lib/base][m]: (refs #1074) refactor to move common code for authz pages for objects (package, group, authz group) to lib/base.py thereby closing this ticket (finally!).
affected #: 4 files (34.6 KB)
--- a/ckan/controllers/authorization_group.py Thu Aug 25 15:44:41 2011 +0100
+++ b/ckan/controllers/authorization_group.py Thu Aug 25 21:10:15 2011 +0100
@@ -153,207 +153,23 @@
c.authz_editable = self.authorizer.am_authorized(c, model.Action.EDIT_PERMISSIONS,
authorization_group)
-
if not c.authz_editable:
abort(401, gettext('User %r not authorized to edit %s authorizations') % (c.user, id))
- #see package.py for comments
- def get_userobjectroles():
- authorization_group = model.AuthorizationGroup.by_name(id)
- uors = model.Session.query(model.AuthorizationGroupRole).join('authorization_group').filter_by(name=authorization_group.name).all()
- return uors
+ current_uors = self._get_userobjectroles(id)
+ self._handle_update_of_authz(current_uors, authorization_group)
- def action_save_form(users_or_authz_groups):
- # The permissions grid has been saved
- # which is a grid of checkboxes named user$role
- rpi = request.params.items()
+ # get the roles again as may have changed
+ user_object_roles = self._get_userobjectroles(id)
+ self._prepare_authz_info_for_render(user_object_roles)
+ return render('authorization_group/authz.html')
- # The grid passes us a list of the users/roles that were displayed
- submitted = [ a for (a,b) in rpi if (b == u'submitted')]
- # and also those which were checked
- checked = [ a for (a,b) in rpi if (b == u'on')]
- # from which we can deduce true/false for each user/role combination
- # that was displayed in the form
- table_dict={}
- for a in submitted:
- table_dict[a]=False
- for a in checked:
- table_dict[a]=True
+ def _get_userobjectroles(self, authzgroup_id):
+ authorization_group = model.AuthorizationGroup.by_name(authzgroup_id)
+ uors = model.Session.query(model.AuthorizationGroupRole).join('authorization_group').filter_by(name=authorization_group.name).all()
+ return uors
- # now we'll split up the user$role strings to make a dictionary from
- # (user,role) to True/False, which tells us what we need to do.
- new_user_role_dict={}
- for (ur,val) in table_dict.items():
- u,r = ur.split('$')
- new_user_role_dict[(u,r)] = val
-
- # we get the current user/role assignments
- # and make a dictionary of them
- current_uors = get_userobjectroles()
-
- if users_or_authz_groups=='users':
- current_users_roles = [( uor.user.name, uor.role) for uor in current_uors if uor.user]
- elif users_or_authz_groups=='authz_groups':
- current_users_roles = [( uor.authorized_group.name, uor.role) for uor in current_uors if uor.authorized_group]
- else:
- assert False, "shouldn't be here"
-
- current_user_role_dict={}
- for (u,r) in current_users_roles:
- current_user_role_dict[(u,r)]=True
-
- # and now we can loop through our dictionary of desired states
- # checking whether a change needs to be made, and if so making it
-
- # Here we check whether someone is already assigned a role, in order
- # to avoid assigning it twice, or attempting to delete it when it
- # doesn't exist. Otherwise problems can occur.
- if users_or_authz_groups=='users':
- for ((u,r), val) in new_user_role_dict.items():
- if val:
- if not ((u,r) in current_user_role_dict):
- model.add_user_to_role(model.User.by_name(u),r,authorization_group)
- else:
- if ((u,r) in current_user_role_dict):
- model.remove_user_from_role(model.User.by_name(u),r,authorization_group)
- elif users_or_authz_groups=='authz_groups':
- for ((u,r), val) in new_user_role_dict.items():
- if val:
- if not ((u,r) in current_user_role_dict):
- model.add_authorization_group_to_role(model.AuthorizationGroup.by_name(u),r,authorization_group)
- else:
- if ((u,r) in current_user_role_dict):
- model.remove_authorization_group_from_role(model.AuthorizationGroup.by_name(u),r,authorization_group)
- else:
- assert False, "shouldn't be here"
-
- # finally commit the change to the database
- model.repo.commit_and_remove()
- h.flash_success("Changes Saved")
-
-
-
- def action_add_form(users_or_authz_groups):
- # The user is attempting to set new roles for a named user
- new_user = request.params.get('new_user_name')
- # this is the list of roles whose boxes were ticked
- checked_roles = [ a for (a,b) in request.params.items() if (b == u'on')]
- # this is the list of all the roles that were in the submitted form
- submitted_roles = [ a for (a,b) in request.params.items() if (b == u'submitted')]
-
- # from this we can make a dictionary of the desired states
- # i.e. true for the ticked boxes, false for the unticked
- desired_roles = {}
- for r in submitted_roles:
- desired_roles[r]=False
- for r in checked_roles:
- desired_roles[r]=True
-
- # again, in order to avoid either creating a role twice or deleting one which is
- # non-existent, we need to get the users' current roles (if any)
-
- current_uors = get_userobjectroles()
-
- if users_or_authz_groups=='users':
- current_roles = [uor.role for uor in current_uors if ( uor.user and uor.user.name == new_user )]
- user_object = model.User.by_name(new_user)
- if user_object==None:
- # The submitted user does not exist. Bail with flash message
- h.flash_error('unknown user:' + str (new_user))
- else:
- # Whenever our desired state is different from our current state, change it.
- for (r,val) in desired_roles.items():
- if val:
- if (r not in current_roles):
- model.add_user_to_role(user_object, r, authorization_group)
- else:
- if (r in current_roles):
- model.remove_user_from_role(user_object, r, authorization_group)
- h.flash_success("User Added")
-
- elif users_or_authz_groups=='authz_groups':
- current_roles = [uor.role for uor in current_uors if ( uor.authorized_group and uor.authorized_group.name == new_user )]
- user_object = model.AuthorizationGroup.by_name(new_user)
- if user_object==None:
- # The submitted user does not exist. Bail with flash message
- h.flash_error('unknown authorization group:' + str (new_user))
- else:
- # Whenever our desired state is different from our current state, change it.
- for (r,val) in desired_roles.items():
- if val:
- if (r not in current_roles):
- model.add_authorization_group_to_role(user_object, r, authorization_group)
- else:
- if (r in current_roles):
- model.remove_authorization_group_from_role(user_object, r, authorization_group)
- h.flash_success("Authorization Group Added")
-
- else:
- assert False, "shouldn't be here"
-
- # and finally commit all these changes to the database
- model.repo.commit_and_remove()
-
-
- # In the event of a post request, work out which of the four possible actions
- # is to be done, and do it before displaying the page
- if 'add' in request.POST:
- action_add_form('users')
-
- if 'authz_add' in request.POST:
- action_add_form('authz_groups')
-
- if 'save' in request.POST:
- action_save_form('users')
-
- if 'authz_save' in request.POST:
- action_save_form('authz_groups')
-
- # =================
- # Display the page
-
- # Find out all the possible roles. At the moment, any role can be
- # associated with any object, so that's easy:
- possible_roles = model.Role.get_all()
-
- # get the list of users who have roles on this object, with their roles
- uors = get_userobjectroles()
-
- # uniquify and sort
- users = sorted(list(set([uor.user.name for uor in uors if uor.user])))
- authz_groups = sorted(list(set([uor.authorized_group.name for uor in uors if uor.authorized_group])))
-
- # make a dictionary from (user, role) to True, False
- users_roles = [( uor.user.name, uor.role) for uor in uors if uor.user]
- user_role_dict={}
- for u in users:
- for r in possible_roles:
- if (u,r) in users_roles:
- user_role_dict[(u,r)]=True
- else:
- user_role_dict[(u,r)]=False
-
- # and similarly make a dictionary from (authz_group, role) to True, False
- authz_groups_roles = [( uor.authorized_group.name, uor.role) for uor in uors if uor.authorized_group]
- authz_groups_role_dict={}
- for u in authz_groups:
- for r in possible_roles:
- if (u,r) in authz_groups_roles:
- authz_groups_role_dict[(u,r)]=True
- else:
- authz_groups_role_dict[(u,r)]=False
-
- # pass these variables to the template for rendering
- c.roles = possible_roles
-
- c.users = users
- c.user_role_dict = user_role_dict
-
- c.authz_groups = authz_groups
- c.authz_groups_role_dict = authz_groups_role_dict
-
- return render('authorization_group/authz.html')
def _render_edit_form(self, fs):
# errors arrive in c.error and fs.errors
--- a/ckan/controllers/group.py Thu Aug 25 15:44:41 2011 +0100
+++ b/ckan/controllers/group.py Thu Aug 25 21:10:15 2011 +0100
@@ -208,208 +208,23 @@
c.authz_editable = True
except NotAuthorized:
c.authz_editable = False
-
if not c.authz_editable:
abort(401, gettext('User %r not authorized to edit %s authorizations') % (c.user, id))
- #see package.py for comments
- def get_userobjectroles():
- group = model.Group.get(id)
- uors = model.Session.query(model.GroupRole).join('group').filter_by(name=group.name).all()
- return uors
+ current_uors = self._get_userobjectroles(id)
+ self._handle_update_of_authz(current_uors, group)
- def action_save_form(users_or_authz_groups):
- # The permissions grid has been saved
- # which is a grid of checkboxes named user$role
- rpi = request.params.items()
+ # get the roles again as may have changed
+ user_object_roles = self._get_userobjectroles(id)
+ self._prepare_authz_info_for_render(user_object_roles)
+ return render('group/authz.html')
- # The grid passes us a list of the users/roles that were displayed
- submitted = [ a for (a,b) in rpi if (b == u'submitted')]
- # and also those which were checked
- checked = [ a for (a,b) in rpi if (b == u'on')]
- # from which we can deduce true/false for each user/role combination
- # that was displayed in the form
- table_dict={}
- for a in submitted:
- table_dict[a]=False
- for a in checked:
- table_dict[a]=True
+ def _get_userobjectroles(self, group_id):
+ group = model.Group.get(group_id)
+ uors = model.Session.query(model.GroupRole).join('group').filter_by(name=group.name).all()
+ return uors
- # now we'll split up the user$role strings to make a dictionary from
- # (user,role) to True/False, which tells us what we need to do.
- new_user_role_dict={}
- for (ur,val) in table_dict.items():
- u,r = ur.split('$')
- new_user_role_dict[(u,r)] = val
-
- # we get the current user/role assignments
- # and make a dictionary of them
- current_uors = get_userobjectroles()
-
- if users_or_authz_groups=='users':
- current_users_roles = [( uor.user.name, uor.role) for uor in current_uors if uor.user]
- elif users_or_authz_groups=='authz_groups':
- current_users_roles = [( uor.authorized_group.name, uor.role) for uor in current_uors if uor.authorized_group]
- else:
- assert False, "shouldn't be here"
-
- current_user_role_dict={}
- for (u,r) in current_users_roles:
- current_user_role_dict[(u,r)]=True
-
- # and now we can loop through our dictionary of desired states
- # checking whether a change needs to be made, and if so making it
-
- # Here we check whether someone is already assigned a role, in order
- # to avoid assigning it twice, or attempting to delete it when it
- # doesn't exist. Otherwise problems can occur.
- if users_or_authz_groups=='users':
- for ((u,r), val) in new_user_role_dict.items():
- if val:
- if not ((u,r) in current_user_role_dict):
- model.add_user_to_role(model.User.by_name(u),r,group)
- else:
- if ((u,r) in current_user_role_dict):
- model.remove_user_from_role(model.User.by_name(u),r,group)
- elif users_or_authz_groups=='authz_groups':
- for ((u,r), val) in new_user_role_dict.items():
- if val:
- if not ((u,r) in current_user_role_dict):
- model.add_authorization_group_to_role(model.AuthorizationGroup.by_name(u),r,group)
- else:
- if ((u,r) in current_user_role_dict):
- model.remove_authorization_group_from_role(model.AuthorizationGroup.by_name(u),r,group)
- else:
- assert False, "shouldn't be here"
-
-
- # finally commit the change to the database
- model.repo.commit_and_remove()
- h.flash_success("Changes Saved")
-
-
-
- def action_add_form(users_or_authz_groups):
- # The user is attempting to set new roles for a named user
- new_user = request.params.get('new_user_name')
- # this is the list of roles whose boxes were ticked
- checked_roles = [ a for (a,b) in request.params.items() if (b == u'on')]
- # this is the list of all the roles that were in the submitted form
- submitted_roles = [ a for (a,b) in request.params.items() if (b == u'submitted')]
-
- # from this we can make a dictionary of the desired states
- # i.e. true for the ticked boxes, false for the unticked
- desired_roles = {}
- for r in submitted_roles:
- desired_roles[r]=False
- for r in checked_roles:
- desired_roles[r]=True
-
- # again, in order to avoid either creating a role twice or deleting one which is
- # non-existent, we need to get the users' current roles (if any)
-
- current_uors = get_userobjectroles()
-
- if users_or_authz_groups=='users':
- current_roles = [uor.role for uor in current_uors if ( uor.user and uor.user.name == new_user )]
- user_object = model.User.by_name(new_user)
- if user_object==None:
- # The submitted user does not exist. Bail with flash message
- h.flash_error('unknown user:' + str (new_user))
- else:
- # Whenever our desired state is different from our current state, change it.
- for (r,val) in desired_roles.items():
- if val:
- if (r not in current_roles):
- model.add_user_to_role(user_object, r, group)
- else:
- if (r in current_roles):
- model.remove_user_from_role(user_object, r, group)
- h.flash_success("User Added")
-
- elif users_or_authz_groups=='authz_groups':
- current_roles = [uor.role for uor in current_uors if ( uor.authorized_group and uor.authorized_group.name == new_user )]
- user_object = model.AuthorizationGroup.by_name(new_user)
- if user_object==None:
- # The submitted user does not exist. Bail with flash message
- h.flash_error('unknown authorization group:' + str (new_user))
- else:
- # Whenever our desired state is different from our current state, change it.
- for (r,val) in desired_roles.items():
- if val:
- if (r not in current_roles):
- model.add_authorization_group_to_role(user_object, r, group)
- else:
- if (r in current_roles):
- model.remove_authorization_group_from_role(user_object, r, group)
- h.flash_success("Authorization Group Added")
-
- else:
- assert False, "shouldn't be here"
-
- # and finally commit all these changes to the database
- model.repo.commit_and_remove()
-
-
- # In the event of a post request, work out which of the four possible actions
- # is to be done, and do it before displaying the page
- if 'add' in request.POST:
- action_add_form('users')
-
- if 'authz_add' in request.POST:
- action_add_form('authz_groups')
-
- if 'save' in request.POST:
- action_save_form('users')
-
- if 'authz_save' in request.POST:
- action_save_form('authz_groups')
-
- # =================
- # Display the page
-
- # Find out all the possible roles. At the moment, any role can be
- # associated with any object, so that's easy:
- possible_roles = model.Role.get_all()
-
- # get the list of users who have roles on this object, with their roles
- uors = get_userobjectroles()
-
- # uniquify and sort
- users = sorted(list(set([uor.user.name for uor in uors if uor.user])))
- authz_groups = sorted(list(set([uor.authorized_group.name for uor in uors if uor.authorized_group])))
-
- # make a dictionary from (user, role) to True, False
- users_roles = [( uor.user.name, uor.role) for uor in uors if uor.user]
- user_role_dict={}
- for u in users:
- for r in possible_roles:
- if (u,r) in users_roles:
- user_role_dict[(u,r)]=True
- else:
- user_role_dict[(u,r)]=False
-
- # and similarly make a dictionary from (authz_group, role) to True, False
- authz_groups_roles = [( uor.authorized_group.name, uor.role) for uor in uors if uor.authorized_group]
- authz_groups_role_dict={}
- for u in authz_groups:
- for r in possible_roles:
- if (u,r) in authz_groups_roles:
- authz_groups_role_dict[(u,r)]=True
- else:
- authz_groups_role_dict[(u,r)]=False
-
- # pass these variables to the template for rendering
- c.roles = possible_roles
-
- c.users = users
- c.user_role_dict = user_role_dict
-
- c.authz_groups = authz_groups
- c.authz_groups_role_dict = authz_groups_role_dict
-
- return render('group/authz.html')
def history(self, id):
if 'diff' in request.params or 'selected1' in request.params:
--- a/ckan/controllers/package.py Thu Aug 25 15:44:41 2011 +0100
+++ b/ckan/controllers/package.py Thu Aug 25 21:10:15 2011 +0100
@@ -550,221 +550,23 @@
c.authz_editable = True
except NotAuthorized:
c.authz_editable = False
-
if not c.authz_editable:
abort(401, gettext('User %r not authorized to edit %s authorizations') % (c.user, id))
- # Three different ways of getting the list of userobjectroles for this package.
- # They all take a frighteningly long time to retrieve
- # the data, but I can't tell how they'll scale. On a large dataset it might
- # be worth working out which is quickest, so I've made a function for
- # ease of changing the query.
- def get_userobjectroles():
- # we already have a pkg variable in scope, but I found while testing
- # that it occasionally mysteriously loses its value! Redefine it
- # here.
- pkg = model.Package.get(id)
+ current_uors = self._get_userobjectroles(id)
+ self._handle_update_of_authz(current_uors, pkg)
- # dread's suggestion for 'get all userobjectroles for this package':
- uors = model.Session.query(model.PackageRole).join('package').filter_by(name=pkg.name).all()
- # rgrp's version:
- # uors = model.Session.query(model.PackageRole).filter_by(package=pkg)
- # get them all and filter in python:
- # uors = [uor for uor in model.Session.query(model.PackageRole).all() if uor.package==pkg]
- return uors
+ # get the roles again as may have changed
+ user_object_roles = self._get_userobjectroles(id)
+ self._prepare_authz_info_for_render(user_object_roles)
+ return render('package/authz.html')
- def action_save_form(users_or_authz_groups):
- # The permissions grid has been saved
- # which is a grid of checkboxes named user$role
- rpi = request.params.items()
- # The grid passes us a list of the users/roles that were displayed
- submitted = [ a for (a,b) in rpi if (b == u'submitted')]
- # and also those which were checked
- checked = [ a for (a,b) in rpi if (b == u'on')]
+ def _get_userobjectroles(self, pkg_id):
+ pkg = model.Package.get(pkg_id)
+ uors = model.Session.query(model.PackageRole).join('package').filter_by(name=pkg.name).all()
+ return uors
- # from which we can deduce true/false for each user/role combination
- # that was displayed in the form
- table_dict={}
- for a in submitted:
- table_dict[a]=False
- for a in checked:
- table_dict[a]=True
-
- # now we'll split up the user$role strings to make a dictionary from
- # (user,role) to True/False, which tells us what we need to do.
- new_user_role_dict={}
- for (ur,val) in table_dict.items():
- u,r = ur.split('$')
- new_user_role_dict[(u,r)] = val
-
- # we get the current user/role assignments
- # and make a dictionary of them
- current_uors = get_userobjectroles()
-
- if users_or_authz_groups=='users':
- current_users_roles = [( uor.user.name, uor.role) for uor in current_uors if uor.user]
- elif users_or_authz_groups=='authz_groups':
- current_users_roles = [( uor.authorized_group.name, uor.role) for uor in current_uors if uor.authorized_group]
- else:
- assert False, "shouldn't be here"
-
- current_user_role_dict={}
- for (u,r) in current_users_roles:
- current_user_role_dict[(u,r)]=True
-
- # and now we can loop through our dictionary of desired states
- # checking whether a change needs to be made, and if so making it
-
- # Here we check whether someone is already assigned a role, in order
- # to avoid assigning it twice, or attempting to delete it when it
- # doesn't exist. Otherwise problems can occur.
- if users_or_authz_groups=='users':
- for ((u,r), val) in new_user_role_dict.items():
- if val:
- if not ((u,r) in current_user_role_dict):
- model.add_user_to_role(model.User.by_name(u),r,pkg)
- else:
- if ((u,r) in current_user_role_dict):
- model.remove_user_from_role(model.User.by_name(u),r,pkg)
- elif users_or_authz_groups=='authz_groups':
- for ((u,r), val) in new_user_role_dict.items():
- if val:
- if not ((u,r) in current_user_role_dict):
- model.add_authorization_group_to_role(model.AuthorizationGroup.by_name(u),r,pkg)
- else:
- if ((u,r) in current_user_role_dict):
- model.remove_authorization_group_from_role(model.AuthorizationGroup.by_name(u),r,pkg)
- else:
- assert False, "shouldn't be here"
-
-
- # finally commit the change to the database
- model.repo.commit_and_remove()
- h.flash_success("Changes Saved")
-
-
-
- def action_add_form(users_or_authz_groups):
- # The user is attempting to set new roles for a named user
- new_user = request.params.get('new_user_name')
- # this is the list of roles whose boxes were ticked
- checked_roles = [ a for (a,b) in request.params.items() if (b == u'on')]
- # this is the list of all the roles that were in the submitted form
- submitted_roles = [ a for (a,b) in request.params.items() if (b == u'submitted')]
-
- # from this we can make a dictionary of the desired states
- # i.e. true for the ticked boxes, false for the unticked
- desired_roles = {}
- for r in submitted_roles:
- desired_roles[r]=False
- for r in checked_roles:
- desired_roles[r]=True
-
- # again, in order to avoid either creating a role twice or deleting one which is
- # non-existent, we need to get the users' current roles (if any)
-
- current_uors = get_userobjectroles()
-
- if users_or_authz_groups=='users':
- current_roles = [uor.role for uor in current_uors if ( uor.user and uor.user.name == new_user )]
- user_object = model.User.by_name(new_user)
- if user_object==None:
- # The submitted user does not exist. Bail with flash message
- h.flash_error('unknown user:' + str (new_user))
- else:
- # Whenever our desired state is different from our current state, change it.
- for (r,val) in desired_roles.items():
- if val:
- if (r not in current_roles):
- model.add_user_to_role(user_object, r, pkg)
- else:
- if (r in current_roles):
- model.remove_user_from_role(user_object, r, pkg)
- h.flash_success("User Added")
-
- elif users_or_authz_groups=='authz_groups':
- current_roles = [uor.role for uor in current_uors if ( uor.authorized_group and uor.authorized_group.name == new_user )]
- user_object = model.AuthorizationGroup.by_name(new_user)
- if user_object==None:
- # The submitted user does not exist. Bail with flash message
- h.flash_error('unknown authorization group:' + str (new_user))
- else:
- # Whenever our desired state is different from our current state, change it.
- for (r,val) in desired_roles.items():
- if val:
- if (r not in current_roles):
- model.add_authorization_group_to_role(user_object, r, pkg)
- else:
- if (r in current_roles):
- model.remove_authorization_group_from_role(user_object, r, pkg)
- h.flash_success("Authorization Group Added")
-
- else:
- assert False, "shouldn't be here"
-
- # and finally commit all these changes to the database
- model.repo.commit_and_remove()
-
-
- # In the event of a post request, work out which of the four possible actions
- # is to be done, and do it before displaying the page
- if 'add' in request.POST:
- action_add_form('users')
-
- if 'authz_add' in request.POST:
- action_add_form('authz_groups')
-
- if 'save' in request.POST:
- action_save_form('users')
-
- if 'authz_save' in request.POST:
- action_save_form('authz_groups')
-
- # =================
- # Display the page
-
- # Find out all the possible roles. At the moment, any role can be
- # associated with any object, so that's easy:
- possible_roles = model.Role.get_all()
-
- # get the list of users who have roles on this object, with their roles
- uors = get_userobjectroles()
-
- # uniquify and sort
- users = sorted(list(set([uor.user.name for uor in uors if uor.user])))
- authz_groups = sorted(list(set([uor.authorized_group.name for uor in uors if uor.authorized_group])))
-
- # make a dictionary from (user, role) to True, False
- users_roles = [( uor.user.name, uor.role) for uor in uors if uor.user]
- user_role_dict={}
- for u in users:
- for r in possible_roles:
- if (u,r) in users_roles:
- user_role_dict[(u,r)]=True
- else:
- user_role_dict[(u,r)]=False
-
- # and similarly make a dictionary from (authz_group, role) to True, False
- authz_groups_roles = [( uor.authorized_group.name, uor.role) for uor in uors if uor.authorized_group]
- authz_groups_role_dict={}
- for u in authz_groups:
- for r in possible_roles:
- if (u,r) in authz_groups_roles:
- authz_groups_role_dict[(u,r)]=True
- else:
- authz_groups_role_dict[(u,r)]=False
-
- # pass these variables to the template for rendering
- c.roles = possible_roles
-
- c.users = users
- c.user_role_dict = user_role_dict
-
- c.authz_groups = authz_groups
- c.authz_groups_role_dict = authz_groups_role_dict
-
- return render('package/authz.html')
def autocomplete(self):
q = unicode(request.params.get('q', ''))
--- a/ckan/lib/base.py Thu Aug 25 15:44:41 2011 +0100
+++ b/ckan/lib/base.py Thu Aug 25 21:10:15 2011 +0100
@@ -275,6 +275,195 @@
)
return fieldset
+ def _handle_update_of_authz(self, current_uors, domain_object):
+ # In the event of a post request, work out which of the four possible actions
+ # is to be done, and do it before displaying the page
+ if 'add' in request.POST:
+ self._add_user_object_role('users', current_uors, domain_object)
+
+ if 'authz_add' in request.POST:
+ self._add_user_object_role('authz_groups', current_uors, domain_object)
+
+ if 'save' in request.POST:
+ self._update_user_object_roles('users', current_uors, domain_object)
+
+ if 'authz_save' in request.POST:
+ self._update_user_object_roles('authz_groups', current_uors, domain_object)
+
+ def _prepare_authz_info_for_render(self, user_object_roles):
+ # =================
+ # Display the page
+
+ # Find out all the possible roles. At the moment, any role can be
+ # associated with any object, so that's easy:
+ possible_roles = model.Role.get_all()
+
+
+ # uniquify and sort
+ users = sorted(list(set([uor.user.name for uor in user_object_roles if uor.user])))
+ authz_groups = sorted(list(set([uor.authorized_group.name for uor in user_object_roles if uor.authorized_group])))
+
+ # make a dictionary from (user, role) to True, False
+ users_roles = [( uor.user.name, uor.role) for uor in user_object_roles if uor.user]
+ user_role_dict={}
+ for u in users:
+ for r in possible_roles:
+ if (u,r) in users_roles:
+ user_role_dict[(u,r)]=True
+ else:
+ user_role_dict[(u,r)]=False
+
+ # and similarly make a dictionary from (authz_group, role) to True, False
+ authz_groups_roles = [( uor.authorized_group.name, uor.role) for uor in user_object_roles if uor.authorized_group]
+ authz_groups_role_dict={}
+ for u in authz_groups:
+ for r in possible_roles:
+ if (u,r) in authz_groups_roles:
+ authz_groups_role_dict[(u,r)]=True
+ else:
+ authz_groups_role_dict[(u,r)]=False
+
+ c.roles = possible_roles
+ c.users = users
+ c.user_role_dict = user_role_dict
+ c.authz_groups = authz_groups
+ c.authz_groups_role_dict = authz_groups_role_dict
+
+ def _update_user_object_roles(self, users_or_authz_groups, current_uors, domain_object):
+ '''Update user object roles for this object.
+
+ :param domain_object: the domain object for whom we are adding the user
+ object role.
+ '''
+ # The permissions grid has been saved
+ # which is a grid of checkboxes named user$role
+ rpi = request.params.items()
+
+ # The grid passes us a list of the users/roles that were displayed
+ submitted = [ a for (a,b) in rpi if (b == u'submitted')]
+ # and also those which were checked
+ checked = [ a for (a,b) in rpi if (b == u'on')]
+
+ # from which we can deduce true/false for each user/role combination
+ # that was displayed in the form
+ table_dict={}
+ for a in submitted:
+ table_dict[a]=False
+ for a in checked:
+ table_dict[a]=True
+
+ # now we'll split up the user$role strings to make a dictionary from
+ # (user,role) to True/False, which tells us what we need to do.
+ new_user_role_dict={}
+ for (ur,val) in table_dict.items():
+ u,r = ur.split('$')
+ new_user_role_dict[(u,r)] = val
+
+ if users_or_authz_groups=='users':
+ current_users_roles = [( uor.user.name, uor.role) for uor in current_uors if uor.user]
+ elif users_or_authz_groups=='authz_groups':
+ current_users_roles = [( uor.authorized_group.name, uor.role) for uor in current_uors if uor.authorized_group]
+ else:
+ assert False, "shouldn't be here"
+
+ current_user_role_dict={}
+ for (u,r) in current_users_roles:
+ current_user_role_dict[(u,r)]=True
+
+ # and now we can loop through our dictionary of desired states
+ # checking whether a change needs to be made, and if so making it
+
+ # Here we check whether someone is already assigned a role, in order
+ # to avoid assigning it twice, or attempting to delete it when it
+ # doesn't exist. Otherwise problems can occur.
+ if users_or_authz_groups=='users':
+ for ((u,r), val) in new_user_role_dict.items():
+ if val:
+ if not ((u,r) in current_user_role_dict):
+ model.add_user_to_role(model.User.by_name(u),r,domain_object)
+ else:
+ if ((u,r) in current_user_role_dict):
+ model.remove_user_from_role(model.User.by_name(u),r,domain_object)
+ elif users_or_authz_groups=='authz_groups':
+ for ((u,r), val) in new_user_role_dict.items():
+ if val:
+ if not ((u,r) in current_user_role_dict):
+ model.add_authorization_group_to_role(model.AuthorizationGroup.by_name(u),r,domain_object)
+ else:
+ if ((u,r) in current_user_role_dict):
+ model.remove_authorization_group_from_role(model.AuthorizationGroup.by_name(u),r,domain_object)
+ else:
+ assert False, "shouldn't be here"
+
+ # finally commit the change to the database
+ model.repo.commit_and_remove()
+ h.flash_success("Changes Saved")
+
+ # TODO: this repeats much of _update_user_object_roles
+ def _add_user_object_role(self, users_or_authz_groups, current_uors, domain_object):
+ '''
+ current_uors: in order to avoid either creating a role twice or deleting one which is
+ non-existent, we need to get the users' current roles (if any)
+ '''
+ # The user is attempting to set new roles for a named user
+ new_user = request.params.get('new_user_name')
+ # this is the list of roles whose boxes were ticked
+ checked_roles = [ a for (a,b) in request.params.items() if (b == u'on')]
+ # this is the list of all the roles that were in the submitted form
+ submitted_roles = [ a for (a,b) in request.params.items() if (b == u'submitted')]
+
+ # from this we can make a dictionary of the desired states
+ # i.e. true for the ticked boxes, false for the unticked
+ desired_roles = {}
+ for r in submitted_roles:
+ desired_roles[r]=False
+ for r in checked_roles:
+ desired_roles[r]=True
+
+ if users_or_authz_groups=='users':
+ current_roles = [uor.role for uor in current_uors if ( uor.user and uor.user.name == new_user )]
+ user_object = model.User.by_name(new_user)
+ if user_object==None:
+ # The submitted user does not exist. Bail with flash message
+ h.flash_error('unknown user:' + str (new_user))
+ else:
+ # Whenever our desired state is different from our current state, change it.
+ for (r,val) in desired_roles.items():
+ if val:
+ if (r not in current_roles):
+ model.add_user_to_role(user_object, r,
+ domain_object)
+ else:
+ if (r in current_roles):
+ model.remove_user_from_role(user_object, r,
+ domain_object)
+ h.flash_success("User Added")
+
+ elif users_or_authz_groups=='authz_groups':
+ current_roles = [uor.role for uor in current_uors if ( uor.authorized_group and uor.authorized_group.name == new_user )]
+ user_object = model.AuthorizationGroup.by_name(new_user)
+ if user_object==None:
+ # The submitted user does not exist. Bail with flash message
+ h.flash_error('unknown authorization group:' + str (new_user))
+ else:
+ # Whenever our desired state is different from our current state, change it.
+ for (r,val) in desired_roles.items():
+ if val:
+ if (r not in current_roles):
+ model.add_authorization_group_to_role(user_object,
+ r, domain_object)
+ else:
+ if (r in current_roles):
+ model.remove_authorization_group_from_role(user_object,
+ r, domain_object)
+ h.flash_success("Authorization Group Added")
+
+ else:
+ assert False, "shouldn't be here"
+
+ # and finally commit all these changes to the database
+ model.repo.commit_and_remove()
+
# Include the '_' function in the public names
__all__ = [__name for __name in locals().keys() if not __name.startswith('_') \
http://bitbucket.org/okfn/ckan/changeset/7fbbffe89315/
changeset: 7fbbffe89315
user: rgrp
date: 2011-08-25 22:11:39
summary: [merge,from-branch][s]: no problem merge from just closed branch (feature-1074-authz-wui).
affected #: 4 files (34.6 KB)
--- a/ckan/controllers/authorization_group.py Wed Aug 24 18:43:51 2011 +0100
+++ b/ckan/controllers/authorization_group.py Thu Aug 25 21:11:39 2011 +0100
@@ -153,207 +153,23 @@
c.authz_editable = self.authorizer.am_authorized(c, model.Action.EDIT_PERMISSIONS,
authorization_group)
-
if not c.authz_editable:
abort(401, gettext('User %r not authorized to edit %s authorizations') % (c.user, id))
- #see package.py for comments
- def get_userobjectroles():
- authorization_group = model.AuthorizationGroup.by_name(id)
- uors = model.Session.query(model.AuthorizationGroupRole).join('authorization_group').filter_by(name=authorization_group.name).all()
- return uors
+ current_uors = self._get_userobjectroles(id)
+ self._handle_update_of_authz(current_uors, authorization_group)
- def action_save_form(users_or_authz_groups):
- # The permissions grid has been saved
- # which is a grid of checkboxes named user$role
- rpi = request.params.items()
+ # get the roles again as may have changed
+ user_object_roles = self._get_userobjectroles(id)
+ self._prepare_authz_info_for_render(user_object_roles)
+ return render('authorization_group/authz.html')
- # The grid passes us a list of the users/roles that were displayed
- submitted = [ a for (a,b) in rpi if (b == u'submitted')]
- # and also those which were checked
- checked = [ a for (a,b) in rpi if (b == u'on')]
- # from which we can deduce true/false for each user/role combination
- # that was displayed in the form
- table_dict={}
- for a in submitted:
- table_dict[a]=False
- for a in checked:
- table_dict[a]=True
+ def _get_userobjectroles(self, authzgroup_id):
+ authorization_group = model.AuthorizationGroup.by_name(authzgroup_id)
+ uors = model.Session.query(model.AuthorizationGroupRole).join('authorization_group').filter_by(name=authorization_group.name).all()
+ return uors
- # now we'll split up the user$role strings to make a dictionary from
- # (user,role) to True/False, which tells us what we need to do.
- new_user_role_dict={}
- for (ur,val) in table_dict.items():
- u,r = ur.split('$')
- new_user_role_dict[(u,r)] = val
-
- # we get the current user/role assignments
- # and make a dictionary of them
- current_uors = get_userobjectroles()
-
- if users_or_authz_groups=='users':
- current_users_roles = [( uor.user.name, uor.role) for uor in current_uors if uor.user]
- elif users_or_authz_groups=='authz_groups':
- current_users_roles = [( uor.authorized_group.name, uor.role) for uor in current_uors if uor.authorized_group]
- else:
- assert False, "shouldn't be here"
-
- current_user_role_dict={}
- for (u,r) in current_users_roles:
- current_user_role_dict[(u,r)]=True
-
- # and now we can loop through our dictionary of desired states
- # checking whether a change needs to be made, and if so making it
-
- # Here we check whether someone is already assigned a role, in order
- # to avoid assigning it twice, or attempting to delete it when it
- # doesn't exist. Otherwise problems can occur.
- if users_or_authz_groups=='users':
- for ((u,r), val) in new_user_role_dict.items():
- if val:
- if not ((u,r) in current_user_role_dict):
- model.add_user_to_role(model.User.by_name(u),r,authorization_group)
- else:
- if ((u,r) in current_user_role_dict):
- model.remove_user_from_role(model.User.by_name(u),r,authorization_group)
- elif users_or_authz_groups=='authz_groups':
- for ((u,r), val) in new_user_role_dict.items():
- if val:
- if not ((u,r) in current_user_role_dict):
- model.add_authorization_group_to_role(model.AuthorizationGroup.by_name(u),r,authorization_group)
- else:
- if ((u,r) in current_user_role_dict):
- model.remove_authorization_group_from_role(model.AuthorizationGroup.by_name(u),r,authorization_group)
- else:
- assert False, "shouldn't be here"
-
- # finally commit the change to the database
- model.repo.commit_and_remove()
- h.flash_success("Changes Saved")
-
-
-
- def action_add_form(users_or_authz_groups):
- # The user is attempting to set new roles for a named user
- new_user = request.params.get('new_user_name')
- # this is the list of roles whose boxes were ticked
- checked_roles = [ a for (a,b) in request.params.items() if (b == u'on')]
- # this is the list of all the roles that were in the submitted form
- submitted_roles = [ a for (a,b) in request.params.items() if (b == u'submitted')]
-
- # from this we can make a dictionary of the desired states
- # i.e. true for the ticked boxes, false for the unticked
- desired_roles = {}
- for r in submitted_roles:
- desired_roles[r]=False
- for r in checked_roles:
- desired_roles[r]=True
-
- # again, in order to avoid either creating a role twice or deleting one which is
- # non-existent, we need to get the users' current roles (if any)
-
- current_uors = get_userobjectroles()
-
- if users_or_authz_groups=='users':
- current_roles = [uor.role for uor in current_uors if ( uor.user and uor.user.name == new_user )]
- user_object = model.User.by_name(new_user)
- if user_object==None:
- # The submitted user does not exist. Bail with flash message
- h.flash_error('unknown user:' + str (new_user))
- else:
- # Whenever our desired state is different from our current state, change it.
- for (r,val) in desired_roles.items():
- if val:
- if (r not in current_roles):
- model.add_user_to_role(user_object, r, authorization_group)
- else:
- if (r in current_roles):
- model.remove_user_from_role(user_object, r, authorization_group)
- h.flash_success("User Added")
-
- elif users_or_authz_groups=='authz_groups':
- current_roles = [uor.role for uor in current_uors if ( uor.authorized_group and uor.authorized_group.name == new_user )]
- user_object = model.AuthorizationGroup.by_name(new_user)
- if user_object==None:
- # The submitted user does not exist. Bail with flash message
- h.flash_error('unknown authorization group:' + str (new_user))
- else:
- # Whenever our desired state is different from our current state, change it.
- for (r,val) in desired_roles.items():
- if val:
- if (r not in current_roles):
- model.add_authorization_group_to_role(user_object, r, authorization_group)
- else:
- if (r in current_roles):
- model.remove_authorization_group_from_role(user_object, r, authorization_group)
- h.flash_success("Authorization Group Added")
-
- else:
- assert False, "shouldn't be here"
-
- # and finally commit all these changes to the database
- model.repo.commit_and_remove()
-
-
- # In the event of a post request, work out which of the four possible actions
- # is to be done, and do it before displaying the page
- if 'add' in request.POST:
- action_add_form('users')
-
- if 'authz_add' in request.POST:
- action_add_form('authz_groups')
-
- if 'save' in request.POST:
- action_save_form('users')
-
- if 'authz_save' in request.POST:
- action_save_form('authz_groups')
-
- # =================
- # Display the page
-
- # Find out all the possible roles. At the moment, any role can be
- # associated with any object, so that's easy:
- possible_roles = model.Role.get_all()
-
- # get the list of users who have roles on this object, with their roles
- uors = get_userobjectroles()
-
- # uniquify and sort
- users = sorted(list(set([uor.user.name for uor in uors if uor.user])))
- authz_groups = sorted(list(set([uor.authorized_group.name for uor in uors if uor.authorized_group])))
-
- # make a dictionary from (user, role) to True, False
- users_roles = [( uor.user.name, uor.role) for uor in uors if uor.user]
- user_role_dict={}
- for u in users:
- for r in possible_roles:
- if (u,r) in users_roles:
- user_role_dict[(u,r)]=True
- else:
- user_role_dict[(u,r)]=False
-
- # and similarly make a dictionary from (authz_group, role) to True, False
- authz_groups_roles = [( uor.authorized_group.name, uor.role) for uor in uors if uor.authorized_group]
- authz_groups_role_dict={}
- for u in authz_groups:
- for r in possible_roles:
- if (u,r) in authz_groups_roles:
- authz_groups_role_dict[(u,r)]=True
- else:
- authz_groups_role_dict[(u,r)]=False
-
- # pass these variables to the template for rendering
- c.roles = possible_roles
-
- c.users = users
- c.user_role_dict = user_role_dict
-
- c.authz_groups = authz_groups
- c.authz_groups_role_dict = authz_groups_role_dict
-
- return render('authorization_group/authz.html')
def _render_edit_form(self, fs):
# errors arrive in c.error and fs.errors
--- a/ckan/controllers/group.py Wed Aug 24 18:43:51 2011 +0100
+++ b/ckan/controllers/group.py Thu Aug 25 21:11:39 2011 +0100
@@ -208,208 +208,23 @@
c.authz_editable = True
except NotAuthorized:
c.authz_editable = False
-
if not c.authz_editable:
abort(401, gettext('User %r not authorized to edit %s authorizations') % (c.user, id))
- #see package.py for comments
- def get_userobjectroles():
- group = model.Group.get(id)
- uors = model.Session.query(model.GroupRole).join('group').filter_by(name=group.name).all()
- return uors
+ current_uors = self._get_userobjectroles(id)
+ self._handle_update_of_authz(current_uors, group)
- def action_save_form(users_or_authz_groups):
- # The permissions grid has been saved
- # which is a grid of checkboxes named user$role
- rpi = request.params.items()
+ # get the roles again as may have changed
+ user_object_roles = self._get_userobjectroles(id)
+ self._prepare_authz_info_for_render(user_object_roles)
+ return render('group/authz.html')
- # The grid passes us a list of the users/roles that were displayed
- submitted = [ a for (a,b) in rpi if (b == u'submitted')]
- # and also those which were checked
- checked = [ a for (a,b) in rpi if (b == u'on')]
- # from which we can deduce true/false for each user/role combination
- # that was displayed in the form
- table_dict={}
- for a in submitted:
- table_dict[a]=False
- for a in checked:
- table_dict[a]=True
+ def _get_userobjectroles(self, group_id):
+ group = model.Group.get(group_id)
+ uors = model.Session.query(model.GroupRole).join('group').filter_by(name=group.name).all()
+ return uors
- # now we'll split up the user$role strings to make a dictionary from
- # (user,role) to True/False, which tells us what we need to do.
- new_user_role_dict={}
- for (ur,val) in table_dict.items():
- u,r = ur.split('$')
- new_user_role_dict[(u,r)] = val
-
- # we get the current user/role assignments
- # and make a dictionary of them
- current_uors = get_userobjectroles()
-
- if users_or_authz_groups=='users':
- current_users_roles = [( uor.user.name, uor.role) for uor in current_uors if uor.user]
- elif users_or_authz_groups=='authz_groups':
- current_users_roles = [( uor.authorized_group.name, uor.role) for uor in current_uors if uor.authorized_group]
- else:
- assert False, "shouldn't be here"
-
- current_user_role_dict={}
- for (u,r) in current_users_roles:
- current_user_role_dict[(u,r)]=True
-
- # and now we can loop through our dictionary of desired states
- # checking whether a change needs to be made, and if so making it
-
- # Here we check whether someone is already assigned a role, in order
- # to avoid assigning it twice, or attempting to delete it when it
- # doesn't exist. Otherwise problems can occur.
- if users_or_authz_groups=='users':
- for ((u,r), val) in new_user_role_dict.items():
- if val:
- if not ((u,r) in current_user_role_dict):
- model.add_user_to_role(model.User.by_name(u),r,group)
- else:
- if ((u,r) in current_user_role_dict):
- model.remove_user_from_role(model.User.by_name(u),r,group)
- elif users_or_authz_groups=='authz_groups':
- for ((u,r), val) in new_user_role_dict.items():
- if val:
- if not ((u,r) in current_user_role_dict):
- model.add_authorization_group_to_role(model.AuthorizationGroup.by_name(u),r,group)
- else:
- if ((u,r) in current_user_role_dict):
- model.remove_authorization_group_from_role(model.AuthorizationGroup.by_name(u),r,group)
- else:
- assert False, "shouldn't be here"
-
-
- # finally commit the change to the database
- model.repo.commit_and_remove()
- h.flash_success("Changes Saved")
-
-
-
- def action_add_form(users_or_authz_groups):
- # The user is attempting to set new roles for a named user
- new_user = request.params.get('new_user_name')
- # this is the list of roles whose boxes were ticked
- checked_roles = [ a for (a,b) in request.params.items() if (b == u'on')]
- # this is the list of all the roles that were in the submitted form
- submitted_roles = [ a for (a,b) in request.params.items() if (b == u'submitted')]
-
- # from this we can make a dictionary of the desired states
- # i.e. true for the ticked boxes, false for the unticked
- desired_roles = {}
- for r in submitted_roles:
- desired_roles[r]=False
- for r in checked_roles:
- desired_roles[r]=True
-
- # again, in order to avoid either creating a role twice or deleting one which is
- # non-existent, we need to get the users' current roles (if any)
-
- current_uors = get_userobjectroles()
-
- if users_or_authz_groups=='users':
- current_roles = [uor.role for uor in current_uors if ( uor.user and uor.user.name == new_user )]
- user_object = model.User.by_name(new_user)
- if user_object==None:
- # The submitted user does not exist. Bail with flash message
- h.flash_error('unknown user:' + str (new_user))
- else:
- # Whenever our desired state is different from our current state, change it.
- for (r,val) in desired_roles.items():
- if val:
- if (r not in current_roles):
- model.add_user_to_role(user_object, r, group)
- else:
- if (r in current_roles):
- model.remove_user_from_role(user_object, r, group)
- h.flash_success("User Added")
-
- elif users_or_authz_groups=='authz_groups':
- current_roles = [uor.role for uor in current_uors if ( uor.authorized_group and uor.authorized_group.name == new_user )]
- user_object = model.AuthorizationGroup.by_name(new_user)
- if user_object==None:
- # The submitted user does not exist. Bail with flash message
- h.flash_error('unknown authorization group:' + str (new_user))
- else:
- # Whenever our desired state is different from our current state, change it.
- for (r,val) in desired_roles.items():
- if val:
- if (r not in current_roles):
- model.add_authorization_group_to_role(user_object, r, group)
- else:
- if (r in current_roles):
- model.remove_authorization_group_from_role(user_object, r, group)
- h.flash_success("Authorization Group Added")
-
- else:
- assert False, "shouldn't be here"
-
- # and finally commit all these changes to the database
- model.repo.commit_and_remove()
-
-
- # In the event of a post request, work out which of the four possible actions
- # is to be done, and do it before displaying the page
- if 'add' in request.POST:
- action_add_form('users')
-
- if 'authz_add' in request.POST:
- action_add_form('authz_groups')
-
- if 'save' in request.POST:
- action_save_form('users')
-
- if 'authz_save' in request.POST:
- action_save_form('authz_groups')
-
- # =================
- # Display the page
-
- # Find out all the possible roles. At the moment, any role can be
- # associated with any object, so that's easy:
- possible_roles = model.Role.get_all()
-
- # get the list of users who have roles on this object, with their roles
- uors = get_userobjectroles()
-
- # uniquify and sort
- users = sorted(list(set([uor.user.name for uor in uors if uor.user])))
- authz_groups = sorted(list(set([uor.authorized_group.name for uor in uors if uor.authorized_group])))
-
- # make a dictionary from (user, role) to True, False
- users_roles = [( uor.user.name, uor.role) for uor in uors if uor.user]
- user_role_dict={}
- for u in users:
- for r in possible_roles:
- if (u,r) in users_roles:
- user_role_dict[(u,r)]=True
- else:
- user_role_dict[(u,r)]=False
-
- # and similarly make a dictionary from (authz_group, role) to True, False
- authz_groups_roles = [( uor.authorized_group.name, uor.role) for uor in uors if uor.authorized_group]
- authz_groups_role_dict={}
- for u in authz_groups:
- for r in possible_roles:
- if (u,r) in authz_groups_roles:
- authz_groups_role_dict[(u,r)]=True
- else:
- authz_groups_role_dict[(u,r)]=False
-
- # pass these variables to the template for rendering
- c.roles = possible_roles
-
- c.users = users
- c.user_role_dict = user_role_dict
-
- c.authz_groups = authz_groups
- c.authz_groups_role_dict = authz_groups_role_dict
-
- return render('group/authz.html')
def history(self, id):
if 'diff' in request.params or 'selected1' in request.params:
--- a/ckan/controllers/package.py Wed Aug 24 18:43:51 2011 +0100
+++ b/ckan/controllers/package.py Thu Aug 25 21:11:39 2011 +0100
@@ -550,221 +550,23 @@
c.authz_editable = True
except NotAuthorized:
c.authz_editable = False
-
if not c.authz_editable:
abort(401, gettext('User %r not authorized to edit %s authorizations') % (c.user, id))
- # Three different ways of getting the list of userobjectroles for this package.
- # They all take a frighteningly long time to retrieve
- # the data, but I can't tell how they'll scale. On a large dataset it might
- # be worth working out which is quickest, so I've made a function for
- # ease of changing the query.
- def get_userobjectroles():
- # we already have a pkg variable in scope, but I found while testing
- # that it occasionally mysteriously loses its value! Redefine it
- # here.
- pkg = model.Package.get(id)
+ current_uors = self._get_userobjectroles(id)
+ self._handle_update_of_authz(current_uors, pkg)
- # dread's suggestion for 'get all userobjectroles for this package':
- uors = model.Session.query(model.PackageRole).join('package').filter_by(name=pkg.name).all()
- # rgrp's version:
- # uors = model.Session.query(model.PackageRole).filter_by(package=pkg)
- # get them all and filter in python:
- # uors = [uor for uor in model.Session.query(model.PackageRole).all() if uor.package==pkg]
- return uors
+ # get the roles again as may have changed
+ user_object_roles = self._get_userobjectroles(id)
+ self._prepare_authz_info_for_render(user_object_roles)
+ return render('package/authz.html')
- def action_save_form(users_or_authz_groups):
- # The permissions grid has been saved
- # which is a grid of checkboxes named user$role
- rpi = request.params.items()
- # The grid passes us a list of the users/roles that were displayed
- submitted = [ a for (a,b) in rpi if (b == u'submitted')]
- # and also those which were checked
- checked = [ a for (a,b) in rpi if (b == u'on')]
+ def _get_userobjectroles(self, pkg_id):
+ pkg = model.Package.get(pkg_id)
+ uors = model.Session.query(model.PackageRole).join('package').filter_by(name=pkg.name).all()
+ return uors
- # from which we can deduce true/false for each user/role combination
- # that was displayed in the form
- table_dict={}
- for a in submitted:
- table_dict[a]=False
- for a in checked:
- table_dict[a]=True
-
- # now we'll split up the user$role strings to make a dictionary from
- # (user,role) to True/False, which tells us what we need to do.
- new_user_role_dict={}
- for (ur,val) in table_dict.items():
- u,r = ur.split('$')
- new_user_role_dict[(u,r)] = val
-
- # we get the current user/role assignments
- # and make a dictionary of them
- current_uors = get_userobjectroles()
-
- if users_or_authz_groups=='users':
- current_users_roles = [( uor.user.name, uor.role) for uor in current_uors if uor.user]
- elif users_or_authz_groups=='authz_groups':
- current_users_roles = [( uor.authorized_group.name, uor.role) for uor in current_uors if uor.authorized_group]
- else:
- assert False, "shouldn't be here"
-
- current_user_role_dict={}
- for (u,r) in current_users_roles:
- current_user_role_dict[(u,r)]=True
-
- # and now we can loop through our dictionary of desired states
- # checking whether a change needs to be made, and if so making it
-
- # Here we check whether someone is already assigned a role, in order
- # to avoid assigning it twice, or attempting to delete it when it
- # doesn't exist. Otherwise problems can occur.
- if users_or_authz_groups=='users':
- for ((u,r), val) in new_user_role_dict.items():
- if val:
- if not ((u,r) in current_user_role_dict):
- model.add_user_to_role(model.User.by_name(u),r,pkg)
- else:
- if ((u,r) in current_user_role_dict):
- model.remove_user_from_role(model.User.by_name(u),r,pkg)
- elif users_or_authz_groups=='authz_groups':
- for ((u,r), val) in new_user_role_dict.items():
- if val:
- if not ((u,r) in current_user_role_dict):
- model.add_authorization_group_to_role(model.AuthorizationGroup.by_name(u),r,pkg)
- else:
- if ((u,r) in current_user_role_dict):
- model.remove_authorization_group_from_role(model.AuthorizationGroup.by_name(u),r,pkg)
- else:
- assert False, "shouldn't be here"
-
-
- # finally commit the change to the database
- model.repo.commit_and_remove()
- h.flash_success("Changes Saved")
-
-
-
- def action_add_form(users_or_authz_groups):
- # The user is attempting to set new roles for a named user
- new_user = request.params.get('new_user_name')
- # this is the list of roles whose boxes were ticked
- checked_roles = [ a for (a,b) in request.params.items() if (b == u'on')]
- # this is the list of all the roles that were in the submitted form
- submitted_roles = [ a for (a,b) in request.params.items() if (b == u'submitted')]
-
- # from this we can make a dictionary of the desired states
- # i.e. true for the ticked boxes, false for the unticked
- desired_roles = {}
- for r in submitted_roles:
- desired_roles[r]=False
- for r in checked_roles:
- desired_roles[r]=True
-
- # again, in order to avoid either creating a role twice or deleting one which is
- # non-existent, we need to get the users' current roles (if any)
-
- current_uors = get_userobjectroles()
-
- if users_or_authz_groups=='users':
- current_roles = [uor.role for uor in current_uors if ( uor.user and uor.user.name == new_user )]
- user_object = model.User.by_name(new_user)
- if user_object==None:
- # The submitted user does not exist. Bail with flash message
- h.flash_error('unknown user:' + str (new_user))
- else:
- # Whenever our desired state is different from our current state, change it.
- for (r,val) in desired_roles.items():
- if val:
- if (r not in current_roles):
- model.add_user_to_role(user_object, r, pkg)
- else:
- if (r in current_roles):
- model.remove_user_from_role(user_object, r, pkg)
- h.flash_success("User Added")
-
- elif users_or_authz_groups=='authz_groups':
- current_roles = [uor.role for uor in current_uors if ( uor.authorized_group and uor.authorized_group.name == new_user )]
- user_object = model.AuthorizationGroup.by_name(new_user)
- if user_object==None:
- # The submitted user does not exist. Bail with flash message
- h.flash_error('unknown authorization group:' + str (new_user))
- else:
- # Whenever our desired state is different from our current state, change it.
- for (r,val) in desired_roles.items():
- if val:
- if (r not in current_roles):
- model.add_authorization_group_to_role(user_object, r, pkg)
- else:
- if (r in current_roles):
- model.remove_authorization_group_from_role(user_object, r, pkg)
- h.flash_success("Authorization Group Added")
-
- else:
- assert False, "shouldn't be here"
-
- # and finally commit all these changes to the database
- model.repo.commit_and_remove()
-
-
- # In the event of a post request, work out which of the four possible actions
- # is to be done, and do it before displaying the page
- if 'add' in request.POST:
- action_add_form('users')
-
- if 'authz_add' in request.POST:
- action_add_form('authz_groups')
-
- if 'save' in request.POST:
- action_save_form('users')
-
- if 'authz_save' in request.POST:
- action_save_form('authz_groups')
-
- # =================
- # Display the page
-
- # Find out all the possible roles. At the moment, any role can be
- # associated with any object, so that's easy:
- possible_roles = model.Role.get_all()
-
- # get the list of users who have roles on this object, with their roles
- uors = get_userobjectroles()
-
- # uniquify and sort
- users = sorted(list(set([uor.user.name for uor in uors if uor.user])))
- authz_groups = sorted(list(set([uor.authorized_group.name for uor in uors if uor.authorized_group])))
-
- # make a dictionary from (user, role) to True, False
- users_roles = [( uor.user.name, uor.role) for uor in uors if uor.user]
- user_role_dict={}
- for u in users:
- for r in possible_roles:
- if (u,r) in users_roles:
- user_role_dict[(u,r)]=True
- else:
- user_role_dict[(u,r)]=False
-
- # and similarly make a dictionary from (authz_group, role) to True, False
- authz_groups_roles = [( uor.authorized_group.name, uor.role) for uor in uors if uor.authorized_group]
- authz_groups_role_dict={}
- for u in authz_groups:
- for r in possible_roles:
- if (u,r) in authz_groups_roles:
- authz_groups_role_dict[(u,r)]=True
- else:
- authz_groups_role_dict[(u,r)]=False
-
- # pass these variables to the template for rendering
- c.roles = possible_roles
-
- c.users = users
- c.user_role_dict = user_role_dict
-
- c.authz_groups = authz_groups
- c.authz_groups_role_dict = authz_groups_role_dict
-
- return render('package/authz.html')
def autocomplete(self):
q = unicode(request.params.get('q', ''))
--- a/ckan/lib/base.py Wed Aug 24 18:43:51 2011 +0100
+++ b/ckan/lib/base.py Thu Aug 25 21:11:39 2011 +0100
@@ -275,6 +275,195 @@
)
return fieldset
+ def _handle_update_of_authz(self, current_uors, domain_object):
+ # In the event of a post request, work out which of the four possible actions
+ # is to be done, and do it before displaying the page
+ if 'add' in request.POST:
+ self._add_user_object_role('users', current_uors, domain_object)
+
+ if 'authz_add' in request.POST:
+ self._add_user_object_role('authz_groups', current_uors, domain_object)
+
+ if 'save' in request.POST:
+ self._update_user_object_roles('users', current_uors, domain_object)
+
+ if 'authz_save' in request.POST:
+ self._update_user_object_roles('authz_groups', current_uors, domain_object)
+
+ def _prepare_authz_info_for_render(self, user_object_roles):
+ # =================
+ # Display the page
+
+ # Find out all the possible roles. At the moment, any role can be
+ # associated with any object, so that's easy:
+ possible_roles = model.Role.get_all()
+
+
+ # uniquify and sort
+ users = sorted(list(set([uor.user.name for uor in user_object_roles if uor.user])))
+ authz_groups = sorted(list(set([uor.authorized_group.name for uor in user_object_roles if uor.authorized_group])))
+
+ # make a dictionary from (user, role) to True, False
+ users_roles = [( uor.user.name, uor.role) for uor in user_object_roles if uor.user]
+ user_role_dict={}
+ for u in users:
+ for r in possible_roles:
+ if (u,r) in users_roles:
+ user_role_dict[(u,r)]=True
+ else:
+ user_role_dict[(u,r)]=False
+
+ # and similarly make a dictionary from (authz_group, role) to True, False
+ authz_groups_roles = [( uor.authorized_group.name, uor.role) for uor in user_object_roles if uor.authorized_group]
+ authz_groups_role_dict={}
+ for u in authz_groups:
+ for r in possible_roles:
+ if (u,r) in authz_groups_roles:
+ authz_groups_role_dict[(u,r)]=True
+ else:
+ authz_groups_role_dict[(u,r)]=False
+
+ c.roles = possible_roles
+ c.users = users
+ c.user_role_dict = user_role_dict
+ c.authz_groups = authz_groups
+ c.authz_groups_role_dict = authz_groups_role_dict
+
+ def _update_user_object_roles(self, users_or_authz_groups, current_uors, domain_object):
+ '''Update user object roles for this object.
+
+ :param domain_object: the domain object for whom we are adding the user
+ object role.
+ '''
+ # The permissions grid has been saved
+ # which is a grid of checkboxes named user$role
+ rpi = request.params.items()
+
+ # The grid passes us a list of the users/roles that were displayed
+ submitted = [ a for (a,b) in rpi if (b == u'submitted')]
+ # and also those which were checked
+ checked = [ a for (a,b) in rpi if (b == u'on')]
+
+ # from which we can deduce true/false for each user/role combination
+ # that was displayed in the form
+ table_dict={}
+ for a in submitted:
+ table_dict[a]=False
+ for a in checked:
+ table_dict[a]=True
+
+ # now we'll split up the user$role strings to make a dictionary from
+ # (user,role) to True/False, which tells us what we need to do.
+ new_user_role_dict={}
+ for (ur,val) in table_dict.items():
+ u,r = ur.split('$')
+ new_user_role_dict[(u,r)] = val
+
+ if users_or_authz_groups=='users':
+ current_users_roles = [( uor.user.name, uor.role) for uor in current_uors if uor.user]
+ elif users_or_authz_groups=='authz_groups':
+ current_users_roles = [( uor.authorized_group.name, uor.role) for uor in current_uors if uor.authorized_group]
+ else:
+ assert False, "shouldn't be here"
+
+ current_user_role_dict={}
+ for (u,r) in current_users_roles:
+ current_user_role_dict[(u,r)]=True
+
+ # and now we can loop through our dictionary of desired states
+ # checking whether a change needs to be made, and if so making it
+
+ # Here we check whether someone is already assigned a role, in order
+ # to avoid assigning it twice, or attempting to delete it when it
+ # doesn't exist. Otherwise problems can occur.
+ if users_or_authz_groups=='users':
+ for ((u,r), val) in new_user_role_dict.items():
+ if val:
+ if not ((u,r) in current_user_role_dict):
+ model.add_user_to_role(model.User.by_name(u),r,domain_object)
+ else:
+ if ((u,r) in current_user_role_dict):
+ model.remove_user_from_role(model.User.by_name(u),r,domain_object)
+ elif users_or_authz_groups=='authz_groups':
+ for ((u,r), val) in new_user_role_dict.items():
+ if val:
+ if not ((u,r) in current_user_role_dict):
+ model.add_authorization_group_to_role(model.AuthorizationGroup.by_name(u),r,domain_object)
+ else:
+ if ((u,r) in current_user_role_dict):
+ model.remove_authorization_group_from_role(model.AuthorizationGroup.by_name(u),r,domain_object)
+ else:
+ assert False, "shouldn't be here"
+
+ # finally commit the change to the database
+ model.repo.commit_and_remove()
+ h.flash_success("Changes Saved")
+
+ # TODO: this repeats much of _update_user_object_roles
+ def _add_user_object_role(self, users_or_authz_groups, current_uors, domain_object):
+ '''
+ current_uors: in order to avoid either creating a role twice or deleting one which is
+ non-existent, we need to get the users' current roles (if any)
+ '''
+ # The user is attempting to set new roles for a named user
+ new_user = request.params.get('new_user_name')
+ # this is the list of roles whose boxes were ticked
+ checked_roles = [ a for (a,b) in request.params.items() if (b == u'on')]
+ # this is the list of all the roles that were in the submitted form
+ submitted_roles = [ a for (a,b) in request.params.items() if (b == u'submitted')]
+
+ # from this we can make a dictionary of the desired states
+ # i.e. true for the ticked boxes, false for the unticked
+ desired_roles = {}
+ for r in submitted_roles:
+ desired_roles[r]=False
+ for r in checked_roles:
+ desired_roles[r]=True
+
+ if users_or_authz_groups=='users':
+ current_roles = [uor.role for uor in current_uors if ( uor.user and uor.user.name == new_user )]
+ user_object = model.User.by_name(new_user)
+ if user_object==None:
+ # The submitted user does not exist. Bail with flash message
+ h.flash_error('unknown user:' + str (new_user))
+ else:
+ # Whenever our desired state is different from our current state, change it.
+ for (r,val) in desired_roles.items():
+ if val:
+ if (r not in current_roles):
+ model.add_user_to_role(user_object, r,
+ domain_object)
+ else:
+ if (r in current_roles):
+ model.remove_user_from_role(user_object, r,
+ domain_object)
+ h.flash_success("User Added")
+
+ elif users_or_authz_groups=='authz_groups':
+ current_roles = [uor.role for uor in current_uors if ( uor.authorized_group and uor.authorized_group.name == new_user )]
+ user_object = model.AuthorizationGroup.by_name(new_user)
+ if user_object==None:
+ # The submitted user does not exist. Bail with flash message
+ h.flash_error('unknown authorization group:' + str (new_user))
+ else:
+ # Whenever our desired state is different from our current state, change it.
+ for (r,val) in desired_roles.items():
+ if val:
+ if (r not in current_roles):
+ model.add_authorization_group_to_role(user_object,
+ r, domain_object)
+ else:
+ if (r in current_roles):
+ model.remove_authorization_group_from_role(user_object,
+ r, domain_object)
+ h.flash_success("Authorization Group Added")
+
+ else:
+ assert False, "shouldn't be here"
+
+ # and finally commit all these changes to the database
+ model.repo.commit_and_remove()
+
# Include the '_' function in the public names
__all__ = [__name for __name in locals().keys() if not __name.startswith('_') \
http://bitbucket.org/okfn/ckan/changeset/2f87ed532734/
changeset: 2f87ed532734
user: rgrp
date: 2011-08-25 22:12:34
summary: [merge,in-default][s]: trivial merge from upstream.
affected #: 4 files (1.4 KB)
--- a/ckan/controllers/error.py Thu Aug 25 21:11:39 2011 +0100
+++ b/ckan/controllers/error.py Thu Aug 25 21:12:34 2011 +0100
@@ -25,6 +25,10 @@
"""Render the error document"""
original_request = request.environ.get('pylons.original_request')
original_response = request.environ.get('pylons.original_response')
+ # When a request (e.g. from a web-bot) is direct, not a redirect
+ # from a page. #1176
+ if not original_response:
+ return 'There is no error.'
# Bypass error template for API operations.
if original_request and original_request.path.startswith('/api'):
return original_response.body
--- a/ckan/controllers/home.py Thu Aug 25 21:11:39 2011 +0100
+++ b/ckan/controllers/home.py Thu Aug 25 21:12:34 2011 +0100
@@ -3,6 +3,7 @@
from pylons import cache, config
from genshi.template import NewTextTemplate
+import sqlalchemy.exc
from ckan.authz import Authorizer
from ckan.logic import NotAuthorized
@@ -26,6 +27,18 @@
check_access('site_read',context)
except NotAuthorized:
abort(401, _('Not authorized to see this page'))
+ except (sqlalchemy.exc.ProgrammingError,
+ sqlalchemy.exc.OperationalError), e:
+ # postgres and sqlite errors for missing tables
+ msg = str(e)
+ if ('relation' in msg and 'does not exist' in msg) or \
+ ('no such table' in msg) :
+ # table missing, major database problem
+ abort(503, _('This site is currently off-line. Database is not initialised.'))
+ # TODO: send an email to the admin person (#1285)
+ else:
+ raise
+
@staticmethod
def _home_cache_key(latest_revision_id=None):
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ckan/tests/functional/test_error.py Thu Aug 25 21:12:34 2011 +0100
@@ -0,0 +1,7 @@
+from base import FunctionalTestCase
+
+class TestError(FunctionalTestCase):
+ def test_without_redirect(self):
+ # this is what a web bot might do
+ res = self.app.get('/error/document')
+ assert 'There is no error.' in str(res), str(res)
--- a/ckan/tests/functional/test_home.py Thu Aug 25 21:11:39 2011 +0100
+++ b/ckan/tests/functional/test_home.py Thu Aug 25 21:12:34 2011 +0100
@@ -137,3 +137,18 @@
offset = url_for('home')
res = self.app.get(offset)
res = res.click('English')
+
+class TestDatabaseNotInitialised(TestController):
+ @classmethod
+ def setup_class(cls):
+ PylonsTestCase.setup_class()
+ model.repo.clean_db()
+
+ @classmethod
+ def teardown_class(self):
+ model.repo.rebuild_db()
+
+ def test_home_page(self):
+ offset = url_for('home')
+ res = self.app.get(offset, status=503)
+ assert 'This site is currently off-line. Database is not initialised.' in res
Repository URL: https://bitbucket.org/okfn/ckan/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
More information about the ckan-changes
mailing list