1
|
|
|
""" |
2
|
|
|
byceps.blueprints.admin.authorization.views |
3
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
4
|
|
|
|
5
|
|
|
:Copyright: 2006-2021 Jochen Kupperschmidt |
6
|
|
|
:License: Revised BSD (see `LICENSE` file for details) |
7
|
|
|
""" |
8
|
|
|
|
9
|
1 |
|
from flask import abort |
10
|
|
|
|
11
|
1 |
|
from ....services.authorization import service as authorization_service |
12
|
1 |
|
from ....services.user import service as user_service |
13
|
1 |
|
from ....util.authorization import permission_registry |
14
|
1 |
|
from ....util.framework.blueprint import create_blueprint |
15
|
1 |
|
from ....util.framework.templating import templated |
16
|
1 |
|
from ....util.views import permission_required |
17
|
|
|
|
18
|
|
|
|
19
|
1 |
|
blueprint = create_blueprint('authorization_admin', __name__) |
20
|
|
|
|
21
|
|
|
|
22
|
1 |
|
@blueprint.get('/permissions') |
23
|
1 |
|
@permission_required('role.view') |
24
|
1 |
|
@templated |
25
|
|
|
def permission_index(): |
26
|
|
|
"""List permissions.""" |
27
|
1 |
|
all_permissions = permission_registry.get_registered_permissions() |
28
|
|
|
|
29
|
1 |
|
role_ids_by_permission_id = ( |
30
|
|
|
authorization_service.get_assigned_roles_for_permissions() |
31
|
|
|
) |
32
|
|
|
|
33
|
1 |
|
permissions_and_roles = [ |
34
|
|
|
(permission, role_ids_by_permission_id.get(permission.id, frozenset())) |
35
|
|
|
for permission in all_permissions |
36
|
|
|
] |
37
|
|
|
|
38
|
1 |
|
return {'permissions_and_roles': permissions_and_roles} |
39
|
|
|
|
40
|
|
|
|
41
|
1 |
|
@blueprint.get('/roles') |
42
|
1 |
|
@permission_required('role.view') |
43
|
1 |
|
@templated |
44
|
|
|
def role_index(): |
45
|
|
|
"""List roles.""" |
46
|
1 |
|
roles = authorization_service.get_all_roles_with_titles() |
47
|
|
|
|
48
|
1 |
|
user_ids = {user.id for role in roles for user in role.users} |
49
|
1 |
|
users = user_service.get_users(user_ids, include_avatars=True) |
50
|
1 |
|
users_by_id = user_service.index_users_by_id(users) |
51
|
|
|
|
52
|
1 |
|
return { |
53
|
|
|
'roles': roles, |
54
|
|
|
'users_by_id': users_by_id, |
55
|
|
|
} |
56
|
|
|
|
57
|
|
|
|
58
|
1 |
|
@blueprint.get('/roles/<role_id>') |
59
|
1 |
|
@permission_required('role.view') |
60
|
1 |
|
@templated |
61
|
|
|
def role_view(role_id): |
62
|
|
|
"""View role details.""" |
63
|
1 |
|
role = authorization_service.find_role(role_id) |
64
|
|
|
|
65
|
1 |
|
if role is None: |
66
|
|
|
abort(404) |
67
|
|
|
|
68
|
1 |
|
all_permissions = permission_registry.get_registered_permissions() |
69
|
|
|
|
70
|
1 |
|
role_permission_ids = authorization_service.get_permission_ids_for_role( |
71
|
|
|
role.id |
72
|
|
|
) |
73
|
|
|
|
74
|
1 |
|
permissions = { |
75
|
|
|
permission |
76
|
|
|
for permission in all_permissions |
77
|
|
|
if permission.id in role_permission_ids |
78
|
|
|
} |
79
|
|
|
|
80
|
1 |
|
user_ids = authorization_service.find_user_ids_for_role(role.id) |
81
|
1 |
|
users = user_service.get_users(user_ids, include_avatars=True) |
82
|
|
|
|
83
|
1 |
|
return { |
84
|
|
|
'role': role, |
85
|
|
|
'permissions': permissions, |
86
|
|
|
'users': users, |
87
|
|
|
} |
88
|
|
|
|