diff options
author | Leif Johansson <leifj@sunet.se> | 2011-06-14 17:47:31 +0200 |
---|---|---|
committer | Leif Johansson <leifj@sunet.se> | 2011-06-14 17:47:31 +0200 |
commit | c1f586f093e6ab3a37df1d3ea3e2f9c0185f9f62 (patch) | |
tree | d88281ac60aee52ffa3e645a0701d19ce107ad5f | |
parent | 2b21584289cee6d7c5eb89fb26accfe9ad90c4d1 (diff) |
support for editing policy acls
-rw-r--r-- | coip/apps/name/models.py | 32 | ||||
-rw-r--r-- | coip/apps/name/views.py | 11 | ||||
-rw-r--r-- | templates/apps/name/acls.html | 30 |
3 files changed, 58 insertions, 15 deletions
diff --git a/coip/apps/name/models.py b/coip/apps/name/models.py index d8c089e..d7da547 100644 --- a/coip/apps/name/models.py +++ b/coip/apps/name/models.py @@ -123,10 +123,15 @@ class Name(models.Model): self.delete() def copyacl(self,name): - for ace in name.lsacl(): + found_ace = False + for ace in name.lspacl(): + found_ace = True self.setacl(ace.dst,ace.data) - + if not found_ace: + for ace in name.lsacl(): + self.setacl(ace.dst,ace.data) + def link(self,dst,type,data): if not self.has_link(dst,NameLink.part_of,data): link = NameLink(src=self,dst=dst,type=type,data=data) @@ -142,15 +147,18 @@ class Name(models.Model): def has_link(self,dst,type,data): return NameLink.objects.filter(src=self,dst=dst,type=type,data=data).count() > 0 - def setacl(self,name,perm): - (link,created) = NameLink.objects.get_or_create(src=self,dst=name,type=NameLink.access_control) + def setacl(self,name,perm,type=0): + (link,created) = NameLink.objects.get_or_create(src=self,dst=name,type=type) if not (link.data and link.data == perm): link.data = perm link.save() + + def setpacl(self,name,perm): + return self.setacl(name, perm, NameLink.access_control_policy) - def rmacl(self,name,perm): + def rmacl(self,name,perm,type=0): try: - link = NameLink.objects.get(src=self,dst=name,type=NameLink.access_control) + link = NameLink.objects.get(src=self,dst=name,type=type) save = False for p in perm: link.data = link.data.replace(p,'') @@ -163,8 +171,14 @@ class Name(models.Model): except ObjectDoesNotExist: pass - def lsacl(self): - return NameLink.objects.filter(src=self,type=NameLink.access_control) + def rmpacl(self,name,perm): + return self.rmacl(name,perm,NameLink.access_control_policy) + + def lspacl(self): + return self.lsacl(NameLink.access_control_policy) + + def lsacl(self,type=0): + return NameLink.objects.filter(src=self,type=type) def add_partof(self,part): self.link(part,NameLink.part_of,None) @@ -204,7 +218,7 @@ class NameLink(models.Model): access_control = 0 part_of = 1 - child_access_control = 2 + access_control_policy = 2 def __unicode__(self): return "%s -> %s [%s %s]" % (self.src,self.dst,self.type,self.data) diff --git a/coip/apps/name/views.py b/coip/apps/name/views.py index 1fb38e8..7be7501 100644 --- a/coip/apps/name/views.py +++ b/coip/apps/name/views.py @@ -89,6 +89,8 @@ def edit(request,id): return respond_to(request,{'text/html': 'apps/name/edit.html'},{'form': form,'name': name,'formtitle': 'Modify %s' % name.shortname(),'submitname': 'Update'}) +# Access Control + @login_required def lsacl(request,id,type=NameLink.access_control): name = get_object_or_404(Name,pk=id) @@ -98,7 +100,7 @@ def lsacl(request,id,type=NameLink.access_control): return respond_to(request, {'text/html': 'apps/name/acls.html'}, - {'name': name, 'acl': name.lsacl()}) + {'name': name, 'acl': name.lsacl(type), 'type': type, 'ispacl': type == NameLink.access_control_policy}) @login_required def addacl(request,id,type=NameLink.access_control): @@ -116,7 +118,7 @@ def addacl(request,id,type=NameLink.access_control): if not p: p = [] perms = "".join(p) - (link,created) = NameLink.objects.get_or_create(src=name,dst=dst,type=NameLink.access_control) + (link,created) = NameLink.objects.get_or_create(src=name,dst=dst,type=type) link.data = perms link.save() return HttpResponseRedirect("/name/%s/acl/%s" % (id,type)) @@ -156,6 +158,7 @@ def show_root(request): {'text/html': 'apps/name/name.html'}, {'name': None, 'memberships': None, 'edit': False}) +@login_required def show(request,name): if not name: raise Http404() @@ -175,7 +178,7 @@ def show(request,name): 'memberships':memberships, 'invitations':invitations}) - +@login_required def user_groups(request,username): user = get_object_or_404(User,username=username) return json_response([link.src.summary() for link in NameLink.objects.filter(dst__memberships__user=user,type=NameLink.access_control,data__contains='i').all()]) @@ -215,7 +218,7 @@ def _tree(request,id=None,includeroot=False): if request.GET.has_key('depth'): depth = request.GET['depth'] t = traverse(name,_tree_node,request.user,depth,includeroot) - logging.debug(t) + #logging.debug(t) return json_response(t) @login_required diff --git a/templates/apps/name/acls.html b/templates/apps/name/acls.html index 28a8f1c..e1becbb 100644 --- a/templates/apps/name/acls.html +++ b/templates/apps/name/acls.html @@ -8,7 +8,33 @@ }); {% endblock %} {% block content %} -<h1>Permissions on {{name.short}}</h1> + +{% if type == "2" %} +<h2>Access Control Policy</h2> +<div class="ui-widget" style="margin-bottom: 20px;"> + <div class="ui-state-highlight ui-corner-all" style="padding: 0 .7em;"> + <p><span class="ui-icon ui-icon-alert" style="float: left; margin-right: .3em;"></span> + <strong>WARNING</strong> The entries below represents <strong>access control policy</strong> for {{name.short}}. Access + control policy is the default access control used when creating new groups below this group. Changes + will only affect <strong>newly created groups</strong> below this group. Only change this if you know + what you are doing.</p> + <p class="button"><a href="/name/{{name.id}}/acl/0">Switch to Normal Access Control View</a></p> + </div> +</div> +{% else %} +<h2>Access Control</h2> +<div class="ui-widget" style="margin-bottom: 20px;"> + <div class="ui-state-default ui-corner-all" style="padding: 0 .7em;"> + <p><span class="ui-icon ui-icon-info" style="float: left; margin-right: .3em;"></span> + The entries below represents access control for {{name.short}}. Only change this if you know + what you are doing. If you <em>really, really, really</em> know what you are doing you may also + <a style="text-decoration: underline;" href="/name/{{name.id}}/acl/2">switch to access control policy view</a> + and change the default access control for groups created below this group.</p> + </div> +</div> + +{% endif %} + <div id="acl" style="margin-bottom: 20px;"> {% for ace in acl %} <div id="{{ace.id}}"> @@ -25,7 +51,7 @@ {% endfor %} </div> <ul class="ilist"> - <li class="button"><a href="/name/{{name.id}}/acl/0/add">Add Permission</a></li> + <li class="button"><a href="/name/{{name.id}}/acl/{{type}}/add">Add Permission</a></li> {% if name %} <li class="button right"><input type="button" onClick="document.location='{{name.url}}'" value="Cancel"/></li> {% endif %} |