From f6aefe82ad1eb1163cdaadf598dc2cebe91569b4 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Fri, 3 Mar 2023 10:51:15 +0300 Subject: oauth2: enable creation and listing of group roles. --- wqflask/wqflask/oauth2/roles.py | 76 +++++++++++++++++++++-- wqflask/wqflask/templates/oauth2/create-role.html | 46 ++++++++++++++ wqflask/wqflask/templates/oauth2/list_roles.html | 58 ++++++++++++++++- 3 files changed, 174 insertions(+), 6 deletions(-) create mode 100644 wqflask/wqflask/templates/oauth2/create-role.html diff --git a/wqflask/wqflask/oauth2/roles.py b/wqflask/wqflask/oauth2/roles.py index 0b181264..c9493a1e 100644 --- a/wqflask/wqflask/oauth2/roles.py +++ b/wqflask/wqflask/oauth2/roles.py @@ -1,22 +1,38 @@ """Handle role endpoints""" import uuid -from flask import Blueprint, render_template +from flask import flash, request, url_for, redirect, Blueprint, render_template from .checks import require_oauth2 from .client import oauth2_get, oauth2_post -from .request_utils import request_error +from .request_utils import request_error, process_error roles = Blueprint("role", __name__) @roles.route("/user", methods=["GET"]) @require_oauth2 def user_roles(): - def __success__(roles): - return render_template("oauth2/list_roles.html", roles=roles) + def __grerror__(roles, user_privileges, error): + return render_template( + "oauth2/list_roles.html", roles=roles, + user_privileges=user_privileges, + group_roles_error=process_error(error)) + + def __grsuccess__(roles, user_privileges, group_roles): + return render_template( + "oauth2/list_roles.html", roles=roles, + user_privileges=user_privileges, group_roles=group_roles) + + def __role_success__(roles): + uprivs = tuple( + privilege["privilege_id"] for role in roles + for privilege in role["privileges"]) + return oauth2_get("oauth2/group/roles").either( + lambda err: __grerror__(roles, uprivs, err), + lambda groles: __grsuccess__(roles, uprivs, groles)) return oauth2_get("oauth2/user/roles").either( - request_error, __success__) + request_error, __role_success__) @roles.route("/role/", methods=["GET"]) @require_oauth2 @@ -26,3 +42,53 @@ def role(role_id: uuid.UUID): return oauth2_get(f"oauth2/role/view/{role_id}").either( request_error, __success__) + +@roles.route("/create", methods=["GET", "POST"]) +@require_oauth2 +def create_role(): + """Create a new role.""" + def __roles_error__(error): + return render_template( + "oauth2/create-role.html", roles_error=process_error(error)) + + def __gprivs_error__(roles, error): + return render_template( + "oauth2/create-role.html", roles=roles, + group_privileges_error=process_error(error)) + + def __success__(roles, gprivs): + uprivs = tuple( + privilege["privilege_id"] for role in roles + for privilege in role["privileges"]) + return render_template( + "oauth2/create-role.html", roles=roles, user_privileges=uprivs, + group_privileges=gprivs, + prev_role_name=request.args.get("role_name")) + + def __fetch_gprivs__(roles): + return oauth2_get("oauth2/group/privileges").either( + lambda err: __gprivs_error__(roles, err), + lambda gprivs: __success__(roles, gprivs)) + + if request.method == "GET": + return oauth2_get("oauth2/user/roles").either( + __roles_error__, __fetch_gprivs__) + + form = request.form + role_name = form.get("role_name") + privileges = form.getlist("privileges[]") + if len(privileges) == 0: + flash("You must assign at least one privilege to the role", + "alert-danger") + return redirect(url_for( + "oauth2.role.create_role", role_name=role_name)) + def __create_error__(error): + err = process_error(error) + flash(f"{err['error']}: {err['error_description']}", + "alert-danger") + return redirect(url_for("oauth2.role.create_role")) + def __create_success__(*args): + flash("Role created successfully.", "alert-success") + return redirect(url_for("oauth2.role.user_roles")) + return oauth2_post("oauth2/group/role/create",data=form).either( + __create_error__,__create_success__) diff --git a/wqflask/wqflask/templates/oauth2/create-role.html b/wqflask/wqflask/templates/oauth2/create-role.html new file mode 100644 index 00000000..f2bff7b4 --- /dev/null +++ b/wqflask/wqflask/templates/oauth2/create-role.html @@ -0,0 +1,46 @@ +{%extends "base.html"%} +{%from "oauth2/profile_nav.html" import profile_nav%} +{%from "oauth2/display_error.html" import display_error%} +{%block title%}View User{%endblock%} +{%block content%} +
+ {{profile_nav("roles", user_privileges)}} +

Create Role

+ + {{flash_me()}} + + {%if group_privileges_error is defined%} + {{display_error("Group Privileges", group_privileges_error)}} + {%else%} + {%if "group:role:create-role" in user_privileges%} +
+ Create Group Role +
+ + +
+ + {%for priv in group_privileges%} +
+ +
+ {%endfor%} + + +
+ {%else%} + {{display_error("Privilege", {"error":"PrivilegeError", "error_description": "You do not have sufficient privileges to create a new role."})}} + {%endif%} + {%endif%} +
+{%endblock%} diff --git a/wqflask/wqflask/templates/oauth2/list_roles.html b/wqflask/wqflask/templates/oauth2/list_roles.html index 028d0a17..7d9c4ac2 100644 --- a/wqflask/wqflask/templates/oauth2/list_roles.html +++ b/wqflask/wqflask/templates/oauth2/list_roles.html @@ -1,15 +1,17 @@ {%extends "base.html"%} {%from "oauth2/profile_nav.html" import profile_nav%} +{%from "oauth2/display_error.html" import display_error%} {%block title%}View User{%endblock%} {%block content%}
- {{profile_nav("roles")}} + {{profile_nav("roles", user_privileges)}}

Roles

{{flash_me()}}
+

Your System-Level Roles

    {%for role in roles %}
  • @@ -25,6 +27,60 @@
+
+

Group-Wide Roles

+ + {%if "group:role:create-role" in user_privileges%} + New Group Role + {%endif%} + + {%if group_roles_error is defined%} + {{display_error("Group Roles", group_role_error)}} + {%else%} + + + + + + + + + + {%for grole in group_roles%} + + + + + + {%else%} + + + + {%endfor%} + +
Group Roles
Role NameActions
{{grole.role.role_name}} + + View + + + + Edit + +
+ + +   + No group roles found +
+ {%endif%} +
+
-- cgit v1.2.3