From 8d25673a2256e1fb0a45d62e582865bcfd84ec35 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 10 Jun 2024 12:34:12 -0500
Subject: Implement "Resource Role Page"

Show the page, providing all UI elements necessary, even if the
elements themselves are not active.
---
 gn2/wqflask/oauth2/resources.py                    | 35 ++++++++
 .../templates/oauth2/view-resource-role.html       | 98 ++++++++++++++++++++++
 gn2/wqflask/templates/oauth2/view-resource.html    |  6 +-
 3 files changed, 138 insertions(+), 1 deletion(-)
 create mode 100644 gn2/wqflask/templates/oauth2/view-resource-role.html
diff --git a/gn2/wqflask/oauth2/resources.py b/gn2/wqflask/oauth2/resources.py
index 42fdae37..70b49375 100644
--- a/gn2/wqflask/oauth2/resources.py
+++ b/gn2/wqflask/oauth2/resources.py
@@ -296,3 +296,38 @@ def edit_resource(resource_id: uuid.UUID):
 def delete_resource(resource_id: uuid.UUID):
     """Delete the given resource."""
     return "WOULD DELETE THE GIVEN RESOURCE"
+
+@resources.route("/<uuid:resource_id>/role/<uuid:role_id>", methods=["GET"])
+@require_oauth2
+def view_resource_role(resource_id: uuid.UUID, role_id: uuid.UUID):
+    """View resource role page."""
+    def __render_template__(**kwargs):
+        return render_ui("oauth2/view-resource-role.html", **kwargs)
+
+    def __fetch_all_roles__(resource, role):
+        return oauth2_get(f"auth/resource/{resource_id}/roles").either(
+            lambda error: __render_template__(
+                all_roles_error=process_error(error)),
+            lambda all_roles: __render_template__(
+                resource=resource,
+                role=role,
+                unassigned_privileges=[
+                    priv for role in all_roles
+                    for priv in role["privileges"]
+                    if priv not in role["privileges"]
+                ]))
+
+    def __fetch_resource_role__(resource):
+        return oauth2_get(
+        f"auth/resource/{resource_id}/role/{role_id}").either(
+            lambda error: __render_template__(
+                resource=resource,
+                role_id=role_id,
+                role_error=process_error(error)),
+            lambda role: __fetch_all_roles__(resource, role))
+
+    return oauth2_get(
+        f"auth/resource/view/{resource_id}").either(
+            lambda error: __render_template__(
+                resource_error=process_error(error)),
+            lambda resource: __fetch_resource_role__(resource=resource))
diff --git a/gn2/wqflask/templates/oauth2/view-resource-role.html b/gn2/wqflask/templates/oauth2/view-resource-role.html
new file mode 100644
index 00000000..05df41d6
--- /dev/null
+++ b/gn2/wqflask/templates/oauth2/view-resource-role.html
@@ -0,0 +1,98 @@
+{%extends "base.html"%}
+{%from "oauth2/profile_nav.html" import profile_nav%}
+{%from "oauth2/display_error.html" import display_error%}
+{%block title%}View User{%endblock%}
+{%block content%}
+
+{%macro unassign_button(resource_id, role_id, privilege_id)%}
+<form method="POST"
+      action="#"
+      id="frm_unlink_privilege_{{privilege_id}}">
+  <input type="hidden" name="resource_id" value="{{resource_id}}" />
+  <input type="hidden" name="role_id" value="{{role_id}}" />
+  <input type="hidden" name="privilege_id" value="{{privilege_id}}" />
+  <input type="submit" value="Unassign" class="btn btn-danger" />
+</form>
+{%endmacro%}
+
+<div class="container">
+  {{profile_nav(uipages, user_privileges)}}
+  {%if resource_error is defined%}
+  {{display_error("Resource", resource_error)}}
+  {%else%}
+  <h3>Role for Resource '{{resource.resource_name}}'</h3>
+  {%if role_error is defined%}
+  {{display_error("Role", role_error)}}
+  {%else%}
+  <table class="table">
+    <caption>Role '{{role.role_name}}' for resource '{{resource.resource_name}}'</caption>
+    <thead>
+      <tr>
+        <th>Role Name</th>
+        <th>Privilege</th>
+        <th>Action</th>
+      </tr>
+    </thead>
+
+    <tbody>
+      {%for priv in role.privileges%}
+      {%if loop.index0 == 0%}
+      <tr>
+        <td rowspan="{{role.privileges | length}}"
+            style="text-align: center;vertical-align: middle;">
+          {{role.role_name}}</td>
+        <td>{{priv.privilege_description}}</td>
+        <td>{{unassign_button(resource.resource_id, role.role_id, priv.privilege_id)}}</td>
+      </tr>
+      {%else%}
+      <tr>
+        <td>{{priv.privilege_description}}</td>
+        <td>{{unassign_button(resource.resource_id, role.role_id, priv.privilege_id)}}</td>
+      </tr>
+      {%endif%}
+      {%else%}
+      <tr>
+        <td colspan="3">
+          <p class="text-info">
+            <strong>{{title}}</strong>:
+            <span class="glyphicon glyphicon-info-sign text-info"></span>
+            &nbsp;
+            This role has no privileges.
+          </p>
+        </td>
+      </tr>
+      {%endfor%}
+    </tbody>
+  </table>
+
+  <form id="frm_assign_privileges" method="POST" action="#">
+    <input type="hidden" name="resource_id" value="{{resource_id}}" />
+    <input type="hidden" name="role_id" value="{{role_id}}" />
+    {%if unassigned_privileges | length == 0%}
+    <p class="text-info">
+      <strong>{{title}}</strong>:
+      <span class="glyphicon glyphicon-info-sign text-info"></span>
+      &nbsp;
+      There are no more privileges left to assign.
+    </p>
+    {%else%}
+    <fieldset>
+      <legend>Select privileges to assign to this role</legend>
+      {%for priv in unassigned_privileges%}
+      <div class="checkbox">
+        <label for="rdo_{{priv.privilege_id}}">
+          <input type="checkbox" value="{{priv.privilege_id}}" />
+          {{priv.privilege_description}}
+        </label>
+      </div>
+      {%endfor%}
+    </fieldset>
+
+    <input type="submit" class="btn btn-primary" value="Assign" />
+    {%endif%}
+  </form>
+  {%endif%}
+  {%endif%}
+</div>
+
+{%endblock%}
diff --git a/gn2/wqflask/templates/oauth2/view-resource.html b/gn2/wqflask/templates/oauth2/view-resource.html
index 451bfbd7..25cac6ff 100644
--- a/gn2/wqflask/templates/oauth2/view-resource.html
+++ b/gn2/wqflask/templates/oauth2/view-resource.html
@@ -237,7 +237,11 @@
       <h3>Available Resource Roles</h3>
       <div class="resource_roles">
         {%for role in resource_roles%}
-        <a class="pill" href="#" title="Role page for role named '{{role.role_name}}'">
+        <a class="pill"
+           href="{{url_for('oauth2.resource.view_resource_role',
+                 resource_id=resource.resource_id,
+                 role_id=role.role_id)}}"
+           title="Role page for role named '{{role.role_name}}'">
           {{role.role_name}}
         </a>
         {%endfor%}
-- 
cgit v1.2.3


Role Name	Privilege	Action
+ {{role.role_name}}	{{priv.privilege_description}}	{{unassign_button(resource.resource_id, role.role_id, priv.privilege_id)}}
{{priv.privilege_description}}	{{unassign_button(resource.resource_id, role.role_id, priv.privilege_id)}}
+ + {{title}}: + + + This role has no privileges. + +