aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gn2/wqflask/oauth2/resources.py56
-rw-r--r--gn2/wqflask/templates/oauth2/confirm-resource-role-unassign-privilege.html34
-rw-r--r--gn2/wqflask/templates/oauth2/view-resource-role.html7
3 files changed, 93 insertions, 4 deletions
diff --git a/gn2/wqflask/oauth2/resources.py b/gn2/wqflask/oauth2/resources.py
index 34b11235..9ca057ab 100644
--- a/gn2/wqflask/oauth2/resources.py
+++ b/gn2/wqflask/oauth2/resources.py
@@ -7,8 +7,12 @@ from . import client
from .ui import render_ui as _render_ui
from .checks import require_oauth2
from .client import oauth2_get, oauth2_post
-from .request_utils import (
- flash_error, flash_success, request_error, process_error)
+from .request_utils import (flash_error,
+ flash_success,
+ request_error,
+ process_error,
+ with_flash_error,
+ with_flash_success)
resources = Blueprint("resource", __name__)
@@ -331,3 +335,51 @@ def view_resource_role(resource_id: UUID, role_id: UUID):
lambda error: __render_template__(
resource_error=process_error(error)),
lambda resource: __fetch_resource_role__(resource=resource))
+
+@resources.route("/<uuid:resource_id>/role/<uuid:role_id>/unassign-privilege",
+ methods=["GET", "POST"])
+@require_oauth2
+def unassign_privilege_from_resource_role(resource_id: UUID, role_id: UUID):
+ """Remove a privilege from a resource role."""
+ form = request.form
+ returnto = redirect(url_for("oauth2.resource.view_resource_role",
+ resource_id=resource_id,
+ role_id=role_id))
+ privilege_id = (request.args.get("privilege_id")
+ or form.get("privilege_id"))
+ if not privilege_id:
+ flash("You need to specify a privilege to unassign.", "alert-danger")
+ return returnto
+
+ if request.method=="POST" and form.get("confirm") == "Unassign":
+ return oauth2_post(
+ f"auth/resource/{resource_id}/role/{role_id}/unassign-privilege",
+ json={
+ "privilege_id": form["privilege_id"]
+ }).either(with_flash_error(returnto), with_flash_success(returnto))
+
+ if form.get("confirm") == "Cancel":
+ flash("Cancelled the operation to unassign the privilege.",
+ "alert-info")
+ return returnto
+
+ def __fetch_privilege__(resource, role):
+ return oauth2_get(
+ f"auth/privileges/{privilege_id}/view").either(
+ with_flash_error(returnto),
+ lambda privilege: render_ui(
+ "oauth2/confirm-resource-role-unassign-privilege.html",
+ resource=resource,
+ role=role,
+ privilege=privilege))
+
+ def __fetch_resource_role__(resource):
+ return oauth2_get(
+ f"auth/resource/{resource_id}/role/{role_id}").either(
+ with_flash_error(returnto),
+ lambda role: __fetch_privilege__(resource, role))
+
+ return oauth2_get(
+ f"auth/resource/view/{resource_id}").either(
+ with_flash_error(returnto),
+ __fetch_resource_role__)
diff --git a/gn2/wqflask/templates/oauth2/confirm-resource-role-unassign-privilege.html b/gn2/wqflask/templates/oauth2/confirm-resource-role-unassign-privilege.html
new file mode 100644
index 00000000..988cf3b4
--- /dev/null
+++ b/gn2/wqflask/templates/oauth2/confirm-resource-role-unassign-privilege.html
@@ -0,0 +1,34 @@
+{%extends "base.html"%}
+{%from "oauth2/profile_nav.html" import profile_nav%}
+{%from "oauth2/display_error.html" import display_error%}
+{%block title%}View User{%endblock%}
+{%block content%}
+<div class="container">
+ {{profile_nav(uipages, user_privileges)}}
+ {{flash_me()}}
+
+ <form id="frm_confirm_resource_role_unassign_privilege"
+ method="POST"
+ action="{{url_for('oauth2.resource.unassign_privilege_from_resource_role',
+ resource_id=resource.resource_id,
+ role_id=role.role_id)}}">
+ <p>
+ Are you sure you want to unassign the privilege to
+ '{{privilege.privilege_description}}' from the role '{{role.role_name}}'
+ on resource '{{resource.resource_name}}'?</p>
+ <input type="hidden"
+ name="privilege_id"
+ value="{{privilege.privilege_id}}" />
+
+ <input type="submit"
+ name="confirm"
+ value="Cancel"
+ class="btn btn-success" />
+
+ <input type="submit"
+ name="confirm"
+ value="Unassign"
+ class="btn btn-danger" />
+ </form>
+</div>
+{%endblock%}
diff --git a/gn2/wqflask/templates/oauth2/view-resource-role.html b/gn2/wqflask/templates/oauth2/view-resource-role.html
index 05df41d6..a1aa8676 100644
--- a/gn2/wqflask/templates/oauth2/view-resource-role.html
+++ b/gn2/wqflask/templates/oauth2/view-resource-role.html
@@ -5,8 +5,10 @@
{%block content%}
{%macro unassign_button(resource_id, role_id, privilege_id)%}
-<form method="POST"
- action="#"
+<form method="GET"
+ action="{{url_for('oauth2.resource.unassign_privilege_from_resource_role',
+ resource_id=resource_id,
+ role_id=role_id)}}"
id="frm_unlink_privilege_{{privilege_id}}">
<input type="hidden" name="resource_id" value="{{resource_id}}" />
<input type="hidden" name="role_id" value="{{role_id}}" />
@@ -17,6 +19,7 @@
<div class="container">
{{profile_nav(uipages, user_privileges)}}
+ {{flash_me()}}
{%if resource_error is defined%}
{{display_error("Resource", resource_error)}}
{%else%}