diff options
| -rw-r--r-- | wqflask/wqflask/oauth2/groups.py | 68 | ||||
| -rw-r--r-- | wqflask/wqflask/templates/oauth2/view-group-role.html | 56 |
2 files changed, 118 insertions, 6 deletions
diff --git a/wqflask/wqflask/oauth2/groups.py b/wqflask/wqflask/oauth2/groups.py index 2effaae8..551c0640 100644 --- a/wqflask/wqflask/oauth2/groups.py +++ b/wqflask/wqflask/oauth2/groups.py @@ -137,14 +137,70 @@ def reject_join_request(): @require_oauth2 def group_role(group_role_id: uuid.UUID): """View the details of a particular role.""" - def __role_error__(error): + def __render_error(**kwargs): + return render_template("oauth2/view-group-role.html", **kwargs) + + def __gprivs_success__(role, group_privileges): return render_template( - "oauth2/view-group-role.html", - group_role_error=process_error(error)) + "oauth2/view-group-role.html", group_role=role, + group_privileges=tuple( + priv for priv in group_privileges + if priv not in role["role"]["privileges"])) def __role_success__(role): - return render_template( - "oauth2/view-group-role.html", group_role=role) + return oauth2_get("oauth2/group/privileges").either( + lambda err: __render_error__( + group_role=group_role, + group_privileges_error=process_error(err)), + lambda privileges: __gprivs_success__(role, privileges)) return oauth2_get(f"oauth2/group/role/{group_role_id}").either( - __role_error__, __role_success__) + lambda err: __render_error__(group_role_error=process_error(err)), + __role_success__) + +def add_delete_privilege_to_role( + group_role_id: uuid.UUID, direction: str) -> Response: + """Add/delete a privilege to/from a role depending on `direction`.""" + assert direction in ("ADD", "DELETE") + def __render__(): + return redirect(url_for( + "oauth2.group.group_role", group_role_id=group_role_id)) + + def __error__(error): + err = process_error(error) + flash(f"{err['error']}: {err['error_description']}", "alert-danger") + return __render__() + + def __success__(success): + flash(success["description"], "alert-success") + return __render__() + try: + form = request.form + privilege_id = form.get("privilege_id") + assert bool(privilege_id), "Privilege to add must be provided" + uris = { + "ADD": f"oauth2/group/role/{group_role_id}/privilege/add", + "DELETE": f"oauth2/group/role/{group_role_id}/privilege/delete" + } + return oauth2_post( + uris[direction], + data={ + "group_role_id": group_role_id, + "privilege_id": privilege_id + }).either(__error__, __success__) + except AssertionError as aerr: + flash(aerr.args[0], "alert-danger") + return redirect(url_for( + "oauth2.group.group_role", group_role_id=group_role_id)) + +@groups.route("/role/<uuid:group_role_id>/privilege/add", methods=["POST"]) +@require_oauth2 +def add_privilege_to_role(group_role_id: uuid.UUID): + """Add a privilege to a group role.""" + return add_delete_privilege_to_role(group_role_id, "ADD") + +@groups.route("/role/<uuid:group_role_id>/privilege/delete", methods=["POST"]) +@require_oauth2 +def delete_privilege_from_role(group_role_id: uuid.UUID): + """Delete a privilege from a group role.""" + return add_delete_privilege_to_role(group_role_id, "DELETE") diff --git a/wqflask/wqflask/templates/oauth2/view-group-role.html b/wqflask/wqflask/templates/oauth2/view-group-role.html index ca45fc4c..873eb0ee 100644 --- a/wqflask/wqflask/templates/oauth2/view-group-role.html +++ b/wqflask/wqflask/templates/oauth2/view-group-role.html @@ -11,6 +11,7 @@ <div class="container-fluid"> <div class="row"> + <h3>Role Details</h3> {%if group_role_error is defined%} {{display_error("Group Role", group_role_error)}} {%else%} @@ -20,6 +21,7 @@ <tr> <th>Privilege</th> <th>Description</th> + <th>Action</th> </tr> </thead> <tbody> @@ -27,6 +29,17 @@ <tr> <td>{{privilege.privilege_id}}</td> <td>{{privilege.privilege_description}}</td> + <td> + <form action="{{url_for( + 'oauth2.group.delete_privilege_from_role', + group_role_id=group_role.group_role_id)}}" + method="POST"> + <input type="hidden" name="privilege_id" + value="{{privilege.privilege_id}}" /> + <input type="submit" class="btn btn-danger" + value="Remove" /> + </form> + </td> </tr> {%endfor%} </tbody> @@ -34,6 +47,49 @@ {%endif%} </div> + <div class="row"> + <h3>Other Privileges</h3> + <table class="table"> + <caption>Other Privileges not Assigned to this Role</caption> + <thead> + <tr> + <th>Privilege</th> + <th>Description</th> + <th>Action</th> + </tr> + </thead> + + <tbody> + {%for priv in group_privileges%} + <tr> + <td>{{priv.privilege_id}}</td> + <td>{{priv.privilege_description}}</td> + <td> + <form action="{{url_for( + 'oauth2.group.add_privilege_to_role', + group_role_id=group_role.group_role_id)}}" + method="POST"> + <input type="hidden" name="privilege_id" + value="{{priv.privilege_id}}" /> + <input type="submit" class="btn btn-warning" + value="Add to Role" /> + </form> + </td> + </tr> + {%else%} + <tr> + <td colspan="3"> + <span class="glyphicon glyphicon-info-sign text-info"> + </span> + + <span class="text-info">All privileges assigned!</span> + </td> + </tr> + {%endfor%} + </tbody> + </table> + </div> + </div> </div> |