support for editing policy acls

author: Leif Johansson <leifj@sunet.se> 2011-06-14 17:47:31 +0200
committer: Leif Johansson <leifj@sunet.se> 2011-06-14 17:47:31 +0200
commit: c1f586f093e6ab3a37df1d3ea3e2f9c0185f9f62 (patch)
tree: d88281ac60aee52ffa3e645a0701d19ce107ad5f
parent: 2b21584289cee6d7c5eb89fb26accfe9ad90c4d1 (diff)
3 files changed, 58 insertions, 15 deletions
diff --git a/coip/apps/name/models.py b/coip/apps/name/models.py
index d8c089e..d7da547 100644
--- a/coip/apps/name/models.py
+++ b/coip/apps/name/models.py
@@ -123,10 +123,15 @@ class Name(models.Model):
         self.delete()
     
     def copyacl(self,name):
-        for ace in name.lsacl():
+        found_ace = False
+        for ace in name.lspacl():
+            found_ace = True
             self.setacl(ace.dst,ace.data)
             
-    
+        if not found_ace:
+            for ace in name.lsacl():
+                self.setacl(ace.dst,ace.data)
+            
     def link(self,dst,type,data):
         if not self.has_link(dst,NameLink.part_of,data):
             link = NameLink(src=self,dst=dst,type=type,data=data)
@@ -142,15 +147,18 @@ class Name(models.Model):
     def has_link(self,dst,type,data):
         return NameLink.objects.filter(src=self,dst=dst,type=type,data=data).count() > 0
 
-    def setacl(self,name,perm):
-        (link,created) = NameLink.objects.get_or_create(src=self,dst=name,type=NameLink.access_control)
+    def setacl(self,name,perm,type=0):
+        (link,created) = NameLink.objects.get_or_create(src=self,dst=name,type=type)
         if not (link.data and link.data == perm):
             link.data = perm
             link.save()
+            
+    def setpacl(self,name,perm):
+        return self.setacl(name, perm, NameLink.access_control_policy)
         
-    def rmacl(self,name,perm):
+    def rmacl(self,name,perm,type=0):
         try:
-            link = NameLink.objects.get(src=self,dst=name,type=NameLink.access_control)
+            link = NameLink.objects.get(src=self,dst=name,type=type)
             save = False
             for p in perm:
                 link.data = link.data.replace(p,'')
@@ -163,8 +171,14 @@ class Name(models.Model):
         except ObjectDoesNotExist:
             pass
         
-    def lsacl(self):
-        return NameLink.objects.filter(src=self,type=NameLink.access_control)
+    def rmpacl(self,name,perm):
+        return self.rmacl(name,perm,NameLink.access_control_policy)
+       
+    def lspacl(self):
+        return self.lsacl(NameLink.access_control_policy)
+    
+    def lsacl(self,type=0):
+        return NameLink.objects.filter(src=self,type=type)
         
     def add_partof(self,part):
         self.link(part,NameLink.part_of,None)
@@ -204,7 +218,7 @@ class NameLink(models.Model):
     
     access_control = 0
     part_of = 1
-    child_access_control = 2
+    access_control_policy = 2
     
     def __unicode__(self):
         return "%s -> %s [%s %s]" % (self.src,self.dst,self.type,self.data)
diff --git a/coip/apps/name/views.py b/coip/apps/name/views.py
index 1fb38e8..7be7501 100644
--- a/coip/apps/name/views.py
+++ b/coip/apps/name/views.py
@@ -89,6 +89,8 @@ def edit(request,id):
     return respond_to(request,{'text/html': 'apps/name/edit.html'},{'form': form,'name': name,'formtitle': 'Modify %s' % name.shortname(),'submitname': 'Update'})
             
 
+# Access Control
+
 @login_required
 def lsacl(request,id,type=NameLink.access_control):
     name = get_object_or_404(Name,pk=id)
@@ -98,7 +100,7 @@ def lsacl(request,id,type=NameLink.access_control):
 
     return respond_to(request,
                       {'text/html': 'apps/name/acls.html'},
-                      {'name': name, 'acl': name.lsacl()})
+                      {'name': name, 'acl': name.lsacl(type), 'type': type, 'ispacl': type == NameLink.access_control_policy})
 
 @login_required
 def addacl(request,id,type=NameLink.access_control):
@@ -116,7 +118,7 @@ def addacl(request,id,type=NameLink.access_control):
             if not p:
                 p = []
             perms = "".join(p)
-            (link,created) = NameLink.objects.get_or_create(src=name,dst=dst,type=NameLink.access_control)
+            (link,created) = NameLink.objects.get_or_create(src=name,dst=dst,type=type)
             link.data = perms
             link.save()
             return HttpResponseRedirect("/name/%s/acl/%s" % (id,type))
@@ -156,6 +158,7 @@ def show_root(request):
                       {'text/html': 'apps/name/name.html'}, 
                       {'name': None, 'memberships': None, 'edit': False})
 
+@login_required
 def show(request,name):
     if not name:
         raise Http404()
@@ -175,7 +178,7 @@ def show(request,name):
                        'memberships':memberships,
                        'invitations':invitations})
 
-
+@login_required
 def user_groups(request,username):
     user = get_object_or_404(User,username=username)
     return json_response([link.src.summary() for link in NameLink.objects.filter(dst__memberships__user=user,type=NameLink.access_control,data__contains='i').all()])
@@ -215,7 +218,7 @@ def _tree(request,id=None,includeroot=False):
     if request.GET.has_key('depth'):
         depth = request.GET['depth']
     t = traverse(name,_tree_node,request.user,depth,includeroot)
-    logging.debug(t)
+    #logging.debug(t)
     return json_response(t)
 
 @login_required
diff --git a/templates/apps/name/acls.html b/templates/apps/name/acls.html
index 28a8f1c..e1becbb 100644
--- a/templates/apps/name/acls.html
+++ b/templates/apps/name/acls.html
@@ -8,7 +8,33 @@
    	});
 {% endblock %}
 {% block content %}
-<h1>Permissions on {{name.short}}</h1>
+
+{% if type == "2" %}
+<h2>Access Control Policy</h2>
+<div class="ui-widget" style="margin-bottom: 20px;">
+	<div class="ui-state-highlight ui-corner-all" style="padding: 0 .7em;"> 
+		<p><span class="ui-icon ui-icon-alert" style="float: left; margin-right: .3em;"></span> 
+		<strong>WARNING</strong> The entries below represents <strong>access control policy</strong> for {{name.short}}. Access
+		control policy is the default access control used when creating new groups below this group. Changes
+		will only affect <strong>newly created groups</strong> below this group. Only change this if you know
+		what you are doing.</p>
+		<p class="button"><a href="/name/{{name.id}}/acl/0">Switch to Normal Access Control View</a></p>
+	</div>
+</div>
+{% else %}
+<h2>Access Control</h2>
+<div class="ui-widget" style="margin-bottom: 20px;">
+	<div class="ui-state-default ui-corner-all" style="padding: 0 .7em;"> 
+		<p><span class="ui-icon ui-icon-info" style="float: left; margin-right: .3em;"></span> 
+		The entries below represents access control for {{name.short}}. Only change this if you know
+		what you are doing. If you <em>really, really, really</em> know what you are doing you may also 
+		<a style="text-decoration: underline;" href="/name/{{name.id}}/acl/2">switch to access control policy view</a>
+		and change the default access control for groups created below this group.</p>
+	</div>
+</div>
+
+{% endif %}
+
 <div id="acl" style="margin-bottom: 20px;">
 {% for ace in acl %}
 	<div id="{{ace.id}}">
@@ -25,7 +51,7 @@
 {% endfor %}
 </div>
    <ul class="ilist">
-      <li class="button"><a href="/name/{{name.id}}/acl/0/add">Add Permission</a></li>
+      <li class="button"><a href="/name/{{name.id}}/acl/{{type}}/add">Add Permission</a></li>
       {% if name %}
       <li class="button right"><input type="button" onClick="document.location='{{name.url}}'" value="Cancel"/></li>
 	  {% endif %}
author	Leif Johansson <leifj@sunet.se>	2011-06-14 17:47:31 +0200
committer	Leif Johansson <leifj@sunet.se>	2011-06-14 17:47:31 +0200
commit	c1f586f093e6ab3a37df1d3ea3e2f9c0185f9f62 (patch)
tree	d88281ac60aee52ffa3e645a0701d19ce107ad5f
parent	2b21584289cee6d7c5eb89fb26accfe9ad90c4d1 (diff)