3 files changed, 78 insertions, 13 deletions

diff --git a/gn2/wqflask/oauth2/resources.py b/gn2/wqflask/oauth2/resources.py
index 7a705856..cf600b51 100644
--- a/gn2/wqflask/oauth2/resources.py
+++ b/gn2/wqflask/oauth2/resources.py
@@ -397,3 +397,51 @@ def unassign_privilege_from_resource_role(resource_id: UUID, role_id: UUID):
         f"auth/resource/view/{resource_id}").either(
             with_flash_error(returnto),
             __fetch_resource_role__)
+
+
+@resources.route("/<uuid:resource_id>/roles/create-role",
+                 methods=["GET", "POST"])
+@require_oauth2
+def create_resource_role(resource_id: UUID):
+    """Create new role for the resource."""
+    def __render__(**kwargs):
+        return render_ui("oauth2/create-role.html", **kwargs)
+
+    def __fetch_resource_roles__(resource):
+        return oauth2_get(f"auth/resource/{resource_id}/roles").either(
+            lambda error: __render__(resource_role_error=error),
+            lambda roles: {"resource": resource, "roles": roles})
+
+    if request.method == "GET":
+        return oauth2_get(f"auth/resource/view/{resource_id}").map(
+            __fetch_resource_roles__).either(
+            lambda error: __render__(resource_error=error),
+            lambda kwargs: __render__(**kwargs))
+
+    formdata = request.form
+    privileges = formdata.getlist("privileges[]")
+    if not bool(privileges):
+        flash(
+            "You must provide at least one privilege for creation of the new "
+            "role.",
+            "alert-danger")
+        return redirect(url_for("oauth2.resource.create_resource_role",
+                                resource_id=resource_id))
+
+    def __handle_error__(error):
+        flash_error(process_error(error))
+        return redirect(url_for(
+            "oauth2.resource.create_resource_role", resource_id=resource_id))
+
+    def __handle_success__(success):
+        flash("Role successfully created.", "alert-success")
+        return redirect(url_for(
+            "oauth2.resource.view_resource", resource_id=resource_id))
+
+    return oauth2_post(
+        f"auth/resource/{resource_id}/roles/create",
+        json={
+            "role_name": formdata["role_name"],
+            "privileges": privileges
+        }).either(
+            __handle_error__, __handle_success__)
diff --git a/gn2/wqflask/templates/oauth2/create-role.html b/gn2/wqflask/templates/oauth2/create-role.html
index f2bff7b4..198eacdd 100644
--- a/gn2/wqflask/templates/oauth2/create-role.html
+++ b/gn2/wqflask/templates/oauth2/create-role.html
@@ -7,31 +7,43 @@
   {{profile_nav("roles", user_privileges)}}
   <h3>Create Role</h3>
 
-  {{flash_me()}}
+  <p>Create a new role to act on resource "{{resource.resource_name}}"</p>
 
   {%if group_privileges_error is defined%}
   {{display_error("Group Privileges", group_privileges_error)}}
   {%else%}
-  {%if "group:role:create-role" in user_privileges%}
-  <form method="POST" action="{{url_for('oauth2.role.create_role')}}">
-    <legend>Create Group Role</legend>
+  {%if "resource:role:create-role" in (user_privileges|map(attribute="privilege_id")) %}
+  <form method="POST" action="{{url_for('oauth2.resource.create_resource_role',
+                              resource_id=resource.resource_id)}}">
+    <legend>create resource role</legend>
+
+    {{flash_me()}}
+
     <div class="form-group">
       <label for="role_name" class="form-label">Name</label>
-      <input type="text" id="role_name" name="role_name" required="required"
-	     class="form-control"
-	     {%if prev_role_name is defined and prev_role_name is not none%}
-	     value="{{prev_role_name}}"
-	     {%endif%} />
+      <div class="input-group">
+        <span class="input-group-addon">
+          {{resource.resource_name|replace(" ", "_")}}::
+        </span>
+        <input type="text" id="role_name" name="role_name" required="required"
+	       class="form-control"
+	       {%if prev_role_name is defined and prev_role_name is not none%}
+	       value="{{prev_role_name}}"
+	       {%endif%} />
+      </div>
+      <span class="form-text text-muted">
+        The name of the role will have the resource's name appended.
+      </span>
     </div>
     <label class="form-label">Privileges</label>
-    {%for priv in group_privileges%}
+    {%for priv in user_privileges%}
     <div class="checkbox">
-      <label for="chk:{{priv.privilege_id}}">
-	<input type="checkbox" id="chk:{{priv.privilege_id}}"
+      <label for="chk-{{priv.privilege_id}}">
+	<input type="checkbox" id="chk-{{priv.privilege_id}}"
 	       name="privileges[]" value={{priv.privilege_id}} />
 	<span style="text-transform: capitalize;">
 	  {{priv.privilege_description}}
-	</span> ({{priv.privilege_id}})
+	</span>
       </label>
     </div>
     {%endfor%}
diff --git a/gn2/wqflask/templates/oauth2/view-resource.html b/gn2/wqflask/templates/oauth2/view-resource.html
index 25cac6ff..cfc769c4 100644
--- a/gn2/wqflask/templates/oauth2/view-resource.html
+++ b/gn2/wqflask/templates/oauth2/view-resource.html
@@ -246,6 +246,11 @@
         </a>
         {%endfor%}
       </div>
+      <hr />
+      <a title="create a new role for this resource"
+         href="{{url_for('oauth2.resource.create_resource_role',
+               resource_id=resource.resource_id)}}"
+         class="btn btn-info">New Role</a>
     </div>
 
     <div class="row">