From b6a2d32b12525afba6928a57a25924d795754204 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Mon, 17 Jun 2024 13:55:57 -0500 Subject: Create a new resource role. --- gn2/wqflask/oauth2/resources.py | 48 +++++++++++++++++++++++++ gn2/wqflask/templates/oauth2/create-role.html | 38 +++++++++++++------- gn2/wqflask/templates/oauth2/view-resource.html | 5 +++ 3 files changed, 78 insertions(+), 13 deletions(-) (limited to 'gn2/wqflask') diff --git a/gn2/wqflask/oauth2/resources.py b/gn2/wqflask/oauth2/resources.py index 7a705856..cf600b51 100644 --- a/gn2/wqflask/oauth2/resources.py +++ b/gn2/wqflask/oauth2/resources.py @@ -397,3 +397,51 @@ def unassign_privilege_from_resource_role(resource_id: UUID, role_id: UUID): f"auth/resource/view/{resource_id}").either( with_flash_error(returnto), __fetch_resource_role__) + + +@resources.route("//roles/create-role", + methods=["GET", "POST"]) +@require_oauth2 +def create_resource_role(resource_id: UUID): + """Create new role for the resource.""" + def __render__(**kwargs): + return render_ui("oauth2/create-role.html", **kwargs) + + def __fetch_resource_roles__(resource): + return oauth2_get(f"auth/resource/{resource_id}/roles").either( + lambda error: __render__(resource_role_error=error), + lambda roles: {"resource": resource, "roles": roles}) + + if request.method == "GET": + return oauth2_get(f"auth/resource/view/{resource_id}").map( + __fetch_resource_roles__).either( + lambda error: __render__(resource_error=error), + lambda kwargs: __render__(**kwargs)) + + formdata = request.form + privileges = formdata.getlist("privileges[]") + if not bool(privileges): + flash( + "You must provide at least one privilege for creation of the new " + "role.", + "alert-danger") + return redirect(url_for("oauth2.resource.create_resource_role", + resource_id=resource_id)) + + def __handle_error__(error): + flash_error(process_error(error)) + return redirect(url_for( + "oauth2.resource.create_resource_role", resource_id=resource_id)) + + def __handle_success__(success): + flash("Role successfully created.", "alert-success") + return redirect(url_for( + "oauth2.resource.view_resource", resource_id=resource_id)) + + return oauth2_post( + f"auth/resource/{resource_id}/roles/create", + json={ + "role_name": formdata["role_name"], + "privileges": privileges + }).either( + __handle_error__, __handle_success__) diff --git a/gn2/wqflask/templates/oauth2/create-role.html b/gn2/wqflask/templates/oauth2/create-role.html index f2bff7b4..198eacdd 100644 --- a/gn2/wqflask/templates/oauth2/create-role.html +++ b/gn2/wqflask/templates/oauth2/create-role.html @@ -7,31 +7,43 @@ {{profile_nav("roles", user_privileges)}}

Create Role

- {{flash_me()}} +

Create a new role to act on resource "{{resource.resource_name}}"

{%if group_privileges_error is defined%} {{display_error("Group Privileges", group_privileges_error)}} {%else%} - {%if "group:role:create-role" in user_privileges%} -
- Create Group Role + {%if "resource:role:create-role" in (user_privileges|map(attribute="privilege_id")) %} + + create resource role + + {{flash_me()}} +
- +
+ + {{resource.resource_name|replace(" ", "_")}}:: + + +
+ + The name of the role will have the resource's name appended. +
- {%for priv in group_privileges%} + {%for priv in user_privileges%}
-
{%endfor%} diff --git a/gn2/wqflask/templates/oauth2/view-resource.html b/gn2/wqflask/templates/oauth2/view-resource.html index 25cac6ff..cfc769c4 100644 --- a/gn2/wqflask/templates/oauth2/view-resource.html +++ b/gn2/wqflask/templates/oauth2/view-resource.html @@ -246,6 +246,11 @@ {%endfor%} +
+ New Role
-- cgit v1.2.3