From 662e9fd85eca97c4fb65a7a3733c5c088c530ea2 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Mon, 10 Jun 2024 15:56:47 -0500 Subject: Unassign privilege from resource role. --- gn2/wqflask/oauth2/resources.py | 56 +++++++++++++++++++++- .../confirm-resource-role-unassign-privilege.html | 34 +++++++++++++ .../templates/oauth2/view-resource-role.html | 7 ++- 3 files changed, 93 insertions(+), 4 deletions(-) create mode 100644 gn2/wqflask/templates/oauth2/confirm-resource-role-unassign-privilege.html (limited to 'gn2/wqflask') diff --git a/gn2/wqflask/oauth2/resources.py b/gn2/wqflask/oauth2/resources.py index 34b11235..9ca057ab 100644 --- a/gn2/wqflask/oauth2/resources.py +++ b/gn2/wqflask/oauth2/resources.py @@ -7,8 +7,12 @@ from . import client from .ui import render_ui as _render_ui from .checks import require_oauth2 from .client import oauth2_get, oauth2_post -from .request_utils import ( - flash_error, flash_success, request_error, process_error) +from .request_utils import (flash_error, + flash_success, + request_error, + process_error, + with_flash_error, + with_flash_success) resources = Blueprint("resource", __name__) @@ -331,3 +335,51 @@ def view_resource_role(resource_id: UUID, role_id: UUID): lambda error: __render_template__( resource_error=process_error(error)), lambda resource: __fetch_resource_role__(resource=resource)) + +@resources.route("//role//unassign-privilege", + methods=["GET", "POST"]) +@require_oauth2 +def unassign_privilege_from_resource_role(resource_id: UUID, role_id: UUID): + """Remove a privilege from a resource role.""" + form = request.form + returnto = redirect(url_for("oauth2.resource.view_resource_role", + resource_id=resource_id, + role_id=role_id)) + privilege_id = (request.args.get("privilege_id") + or form.get("privilege_id")) + if not privilege_id: + flash("You need to specify a privilege to unassign.", "alert-danger") + return returnto + + if request.method=="POST" and form.get("confirm") == "Unassign": + return oauth2_post( + f"auth/resource/{resource_id}/role/{role_id}/unassign-privilege", + json={ + "privilege_id": form["privilege_id"] + }).either(with_flash_error(returnto), with_flash_success(returnto)) + + if form.get("confirm") == "Cancel": + flash("Cancelled the operation to unassign the privilege.", + "alert-info") + return returnto + + def __fetch_privilege__(resource, role): + return oauth2_get( + f"auth/privileges/{privilege_id}/view").either( + with_flash_error(returnto), + lambda privilege: render_ui( + "oauth2/confirm-resource-role-unassign-privilege.html", + resource=resource, + role=role, + privilege=privilege)) + + def __fetch_resource_role__(resource): + return oauth2_get( + f"auth/resource/{resource_id}/role/{role_id}").either( + with_flash_error(returnto), + lambda role: __fetch_privilege__(resource, role)) + + return oauth2_get( + f"auth/resource/view/{resource_id}").either( + with_flash_error(returnto), + __fetch_resource_role__) diff --git a/gn2/wqflask/templates/oauth2/confirm-resource-role-unassign-privilege.html b/gn2/wqflask/templates/oauth2/confirm-resource-role-unassign-privilege.html new file mode 100644 index 00000000..988cf3b4 --- /dev/null +++ b/gn2/wqflask/templates/oauth2/confirm-resource-role-unassign-privilege.html @@ -0,0 +1,34 @@ +{%extends "base.html"%} +{%from "oauth2/profile_nav.html" import profile_nav%} +{%from "oauth2/display_error.html" import display_error%} +{%block title%}View User{%endblock%} +{%block content%} +
+ {{profile_nav(uipages, user_privileges)}} + {{flash_me()}} + +
+

+ Are you sure you want to unassign the privilege to + '{{privilege.privilege_description}}' from the role '{{role.role_name}}' + on resource '{{resource.resource_name}}'?

+ + + + + +
+
+{%endblock%} diff --git a/gn2/wqflask/templates/oauth2/view-resource-role.html b/gn2/wqflask/templates/oauth2/view-resource-role.html index 05df41d6..a1aa8676 100644 --- a/gn2/wqflask/templates/oauth2/view-resource-role.html +++ b/gn2/wqflask/templates/oauth2/view-resource-role.html @@ -5,8 +5,10 @@ {%block content%} {%macro unassign_button(resource_id, role_id, privilege_id)%} -