aboutsummaryrefslogtreecommitdiff
path: root/wqflask
diff options
context:
space:
mode:
Diffstat (limited to 'wqflask')
-rw-r--r--wqflask/wqflask/oauth2/groups.py68
-rw-r--r--wqflask/wqflask/templates/oauth2/view-group-role.html56
2 files changed, 118 insertions, 6 deletions
diff --git a/wqflask/wqflask/oauth2/groups.py b/wqflask/wqflask/oauth2/groups.py
index 2effaae8..551c0640 100644
--- a/wqflask/wqflask/oauth2/groups.py
+++ b/wqflask/wqflask/oauth2/groups.py
@@ -137,14 +137,70 @@ def reject_join_request():
@require_oauth2
def group_role(group_role_id: uuid.UUID):
"""View the details of a particular role."""
- def __role_error__(error):
+ def __render_error(**kwargs):
+ return render_template("oauth2/view-group-role.html", **kwargs)
+
+ def __gprivs_success__(role, group_privileges):
return render_template(
- "oauth2/view-group-role.html",
- group_role_error=process_error(error))
+ "oauth2/view-group-role.html", group_role=role,
+ group_privileges=tuple(
+ priv for priv in group_privileges
+ if priv not in role["role"]["privileges"]))
def __role_success__(role):
- return render_template(
- "oauth2/view-group-role.html", group_role=role)
+ return oauth2_get("oauth2/group/privileges").either(
+ lambda err: __render_error__(
+ group_role=group_role,
+ group_privileges_error=process_error(err)),
+ lambda privileges: __gprivs_success__(role, privileges))
return oauth2_get(f"oauth2/group/role/{group_role_id}").either(
- __role_error__, __role_success__)
+ lambda err: __render_error__(group_role_error=process_error(err)),
+ __role_success__)
+
+def add_delete_privilege_to_role(
+ group_role_id: uuid.UUID, direction: str) -> Response:
+ """Add/delete a privilege to/from a role depending on `direction`."""
+ assert direction in ("ADD", "DELETE")
+ def __render__():
+ return redirect(url_for(
+ "oauth2.group.group_role", group_role_id=group_role_id))
+
+ def __error__(error):
+ err = process_error(error)
+ flash(f"{err['error']}: {err['error_description']}", "alert-danger")
+ return __render__()
+
+ def __success__(success):
+ flash(success["description"], "alert-success")
+ return __render__()
+ try:
+ form = request.form
+ privilege_id = form.get("privilege_id")
+ assert bool(privilege_id), "Privilege to add must be provided"
+ uris = {
+ "ADD": f"oauth2/group/role/{group_role_id}/privilege/add",
+ "DELETE": f"oauth2/group/role/{group_role_id}/privilege/delete"
+ }
+ return oauth2_post(
+ uris[direction],
+ data={
+ "group_role_id": group_role_id,
+ "privilege_id": privilege_id
+ }).either(__error__, __success__)
+ except AssertionError as aerr:
+ flash(aerr.args[0], "alert-danger")
+ return redirect(url_for(
+ "oauth2.group.group_role", group_role_id=group_role_id))
+
+@groups.route("/role/<uuid:group_role_id>/privilege/add", methods=["POST"])
+@require_oauth2
+def add_privilege_to_role(group_role_id: uuid.UUID):
+ """Add a privilege to a group role."""
+ return add_delete_privilege_to_role(group_role_id, "ADD")
+
+@groups.route("/role/<uuid:group_role_id>/privilege/delete", methods=["POST"])
+@require_oauth2
+def delete_privilege_from_role(group_role_id: uuid.UUID):
+ """Delete a privilege from a group role."""
+ return add_delete_privilege_to_role(group_role_id, "DELETE")
diff --git a/wqflask/wqflask/templates/oauth2/view-group-role.html b/wqflask/wqflask/templates/oauth2/view-group-role.html
index ca45fc4c..873eb0ee 100644
--- a/wqflask/wqflask/templates/oauth2/view-group-role.html
+++ b/wqflask/wqflask/templates/oauth2/view-group-role.html
@@ -11,6 +11,7 @@
<div class="container-fluid">
<div class="row">
+ <h3>Role Details</h3>
{%if group_role_error is defined%}
{{display_error("Group Role", group_role_error)}}
{%else%}
@@ -20,6 +21,7 @@
<tr>
<th>Privilege</th>
<th>Description</th>
+ <th>Action</th>
</tr>
</thead>
<tbody>
@@ -27,6 +29,17 @@
<tr>
<td>{{privilege.privilege_id}}</td>
<td>{{privilege.privilege_description}}</td>
+ <td>
+ <form action="{{url_for(
+ 'oauth2.group.delete_privilege_from_role',
+ group_role_id=group_role.group_role_id)}}"
+ method="POST">
+ <input type="hidden" name="privilege_id"
+ value="{{privilege.privilege_id}}" />
+ <input type="submit" class="btn btn-danger"
+ value="Remove" />
+ </form>
+ </td>
</tr>
{%endfor%}
</tbody>
@@ -34,6 +47,49 @@
{%endif%}
</div>
+ <div class="row">
+ <h3>Other Privileges</h3>
+ <table class="table">
+ <caption>Other Privileges not Assigned to this Role</caption>
+ <thead>
+ <tr>
+ <th>Privilege</th>
+ <th>Description</th>
+ <th>Action</th>
+ </tr>
+ </thead>
+
+ <tbody>
+ {%for priv in group_privileges%}
+ <tr>
+ <td>{{priv.privilege_id}}</td>
+ <td>{{priv.privilege_description}}</td>
+ <td>
+ <form action="{{url_for(
+ 'oauth2.group.add_privilege_to_role',
+ group_role_id=group_role.group_role_id)}}"
+ method="POST">
+ <input type="hidden" name="privilege_id"
+ value="{{priv.privilege_id}}" />
+ <input type="submit" class="btn btn-warning"
+ value="Add to Role" />
+ </form>
+ </td>
+ </tr>
+ {%else%}
+ <tr>
+ <td colspan="3">
+ <span class="glyphicon glyphicon-info-sign text-info">
+ </span>
+ &nbsp;
+ <span class="text-info">All privileges assigned!</span>
+ </td>
+ </tr>
+ {%endfor%}
+ </tbody>
+ </table>
+ </div>
+
</div>
</div>