aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gn2/wqflask/oauth2/resources.py48
-rw-r--r--gn2/wqflask/templates/oauth2/create-role.html38
-rw-r--r--gn2/wqflask/templates/oauth2/view-resource.html5
3 files changed, 78 insertions, 13 deletions
diff --git a/gn2/wqflask/oauth2/resources.py b/gn2/wqflask/oauth2/resources.py
index 7a705856..cf600b51 100644
--- a/gn2/wqflask/oauth2/resources.py
+++ b/gn2/wqflask/oauth2/resources.py
@@ -397,3 +397,51 @@ def unassign_privilege_from_resource_role(resource_id: UUID, role_id: UUID):
f"auth/resource/view/{resource_id}").either(
with_flash_error(returnto),
__fetch_resource_role__)
+
+
+@resources.route("/<uuid:resource_id>/roles/create-role",
+ methods=["GET", "POST"])
+@require_oauth2
+def create_resource_role(resource_id: UUID):
+ """Create new role for the resource."""
+ def __render__(**kwargs):
+ return render_ui("oauth2/create-role.html", **kwargs)
+
+ def __fetch_resource_roles__(resource):
+ return oauth2_get(f"auth/resource/{resource_id}/roles").either(
+ lambda error: __render__(resource_role_error=error),
+ lambda roles: {"resource": resource, "roles": roles})
+
+ if request.method == "GET":
+ return oauth2_get(f"auth/resource/view/{resource_id}").map(
+ __fetch_resource_roles__).either(
+ lambda error: __render__(resource_error=error),
+ lambda kwargs: __render__(**kwargs))
+
+ formdata = request.form
+ privileges = formdata.getlist("privileges[]")
+ if not bool(privileges):
+ flash(
+ "You must provide at least one privilege for creation of the new "
+ "role.",
+ "alert-danger")
+ return redirect(url_for("oauth2.resource.create_resource_role",
+ resource_id=resource_id))
+
+ def __handle_error__(error):
+ flash_error(process_error(error))
+ return redirect(url_for(
+ "oauth2.resource.create_resource_role", resource_id=resource_id))
+
+ def __handle_success__(success):
+ flash("Role successfully created.", "alert-success")
+ return redirect(url_for(
+ "oauth2.resource.view_resource", resource_id=resource_id))
+
+ return oauth2_post(
+ f"auth/resource/{resource_id}/roles/create",
+ json={
+ "role_name": formdata["role_name"],
+ "privileges": privileges
+ }).either(
+ __handle_error__, __handle_success__)
diff --git a/gn2/wqflask/templates/oauth2/create-role.html b/gn2/wqflask/templates/oauth2/create-role.html
index f2bff7b4..198eacdd 100644
--- a/gn2/wqflask/templates/oauth2/create-role.html
+++ b/gn2/wqflask/templates/oauth2/create-role.html
@@ -7,31 +7,43 @@
{{profile_nav("roles", user_privileges)}}
<h3>Create Role</h3>
- {{flash_me()}}
+ <p>Create a new role to act on resource "{{resource.resource_name}}"</p>
{%if group_privileges_error is defined%}
{{display_error("Group Privileges", group_privileges_error)}}
{%else%}
- {%if "group:role:create-role" in user_privileges%}
- <form method="POST" action="{{url_for('oauth2.role.create_role')}}">
- <legend>Create Group Role</legend>
+ {%if "resource:role:create-role" in (user_privileges|map(attribute="privilege_id")) %}
+ <form method="POST" action="{{url_for('oauth2.resource.create_resource_role',
+ resource_id=resource.resource_id)}}">
+ <legend>create resource role</legend>
+
+ {{flash_me()}}
+
<div class="form-group">
<label for="role_name" class="form-label">Name</label>
- <input type="text" id="role_name" name="role_name" required="required"
- class="form-control"
- {%if prev_role_name is defined and prev_role_name is not none%}
- value="{{prev_role_name}}"
- {%endif%} />
+ <div class="input-group">
+ <span class="input-group-addon">
+ {{resource.resource_name|replace(" ", "_")}}::
+ </span>
+ <input type="text" id="role_name" name="role_name" required="required"
+ class="form-control"
+ {%if prev_role_name is defined and prev_role_name is not none%}
+ value="{{prev_role_name}}"
+ {%endif%} />
+ </div>
+ <span class="form-text text-muted">
+ The name of the role will have the resource's name appended.
+ </span>
</div>
<label class="form-label">Privileges</label>
- {%for priv in group_privileges%}
+ {%for priv in user_privileges%}
<div class="checkbox">
- <label for="chk:{{priv.privilege_id}}">
- <input type="checkbox" id="chk:{{priv.privilege_id}}"
+ <label for="chk-{{priv.privilege_id}}">
+ <input type="checkbox" id="chk-{{priv.privilege_id}}"
name="privileges[]" value={{priv.privilege_id}} />
<span style="text-transform: capitalize;">
{{priv.privilege_description}}
- </span> ({{priv.privilege_id}})
+ </span>
</label>
</div>
{%endfor%}
diff --git a/gn2/wqflask/templates/oauth2/view-resource.html b/gn2/wqflask/templates/oauth2/view-resource.html
index 25cac6ff..cfc769c4 100644
--- a/gn2/wqflask/templates/oauth2/view-resource.html
+++ b/gn2/wqflask/templates/oauth2/view-resource.html
@@ -246,6 +246,11 @@
</a>
{%endfor%}
</div>
+ <hr />
+ <a title="create a new role for this resource"
+ href="{{url_for('oauth2.resource.create_resource_role',
+ resource_id=resource.resource_id)}}"
+ class="btn btn-info">New Role</a>
</div>
<div class="row">