From c828e7797976a649a1601abee225b19e3e7e19fa Mon Sep 17 00:00:00 2001 From: Siddharth Kurella Date: Sun, 3 Sep 2017 00:08:31 -0700 Subject: [PATCH 1/8] Add permission viewer page First part of permission manager system. Add page to view current office permission and current user permissions. Also shows current offices with no permissions and current users with no permissions. TODO: have each entry link to an edit page for that user --- ruddock/__init__.py | 2 + ruddock/auth_utils.py | 3 + ruddock/modules/perm_mgr/__init__.py | 5 ++ ruddock/modules/perm_mgr/helpers.py | 88 +++++++++++++++++++ ruddock/modules/perm_mgr/routes.py | 21 +++++ .../modules/perm_mgr/templates/perm_list.html | 70 +++++++++++++++ ruddock/resources.py | 2 + 7 files changed, 191 insertions(+) create mode 100644 ruddock/modules/perm_mgr/__init__.py create mode 100644 ruddock/modules/perm_mgr/helpers.py create mode 100644 ruddock/modules/perm_mgr/routes.py create mode 100644 ruddock/modules/perm_mgr/templates/perm_list.html diff --git a/ruddock/__init__.py b/ruddock/__init__.py index ceee4f5..03d2e26 100644 --- a/ruddock/__init__.py +++ b/ruddock/__init__.py @@ -20,6 +20,7 @@ from ruddock.modules import budget from ruddock.modules import government from ruddock.modules import hassle +from ruddock.modules import perm_mgr from ruddock.modules import rotation from ruddock.modules import users @@ -34,6 +35,7 @@ app.register_blueprint(budget.blueprint, url_prefix="/budget") app.register_blueprint(government.blueprint, url_prefix="/government") app.register_blueprint(hassle.blueprint, url_prefix="/hassle") +app.register_blueprint(perm_mgr.blueprint, url_prefix="/perm_mgr") app.register_blueprint(rotation.blueprint, url_prefix="/rotation") app.register_blueprint(users.blueprint, url_prefix="/users") diff --git a/ruddock/auth_utils.py b/ruddock/auth_utils.py index f4b9b09..8ba4861 100644 --- a/ruddock/auth_utils.py +++ b/ruddock/auth_utils.py @@ -371,4 +371,7 @@ def generate_admin_links(): if check_permission(Permissions.BUDGET): links.append(AdminLink('Budget', flask.url_for('budget.route_portal', _external=True))) + if check_permission(Permissions.PERMISSION_MANAGER): + links.append(AdminLink('Permission manager', + flask.url_for('perm_mgr.show_permissions', _external=True))) return links diff --git a/ruddock/modules/perm_mgr/__init__.py b/ruddock/modules/perm_mgr/__init__.py new file mode 100644 index 0000000..e6dc536 --- /dev/null +++ b/ruddock/modules/perm_mgr/__init__.py @@ -0,0 +1,5 @@ +import flask +blueprint = flask.Blueprint('perm_mgr', __name__, + template_folder='templates', static_folder='static') + +import ruddock.modules.perm_mgr.routes diff --git a/ruddock/modules/perm_mgr/helpers.py b/ruddock/modules/perm_mgr/helpers.py new file mode 100644 index 0000000..c915080 --- /dev/null +++ b/ruddock/modules/perm_mgr/helpers.py @@ -0,0 +1,88 @@ +import flask +import sqlalchemy +from ruddock.resources import Permissions + +def fetch_office_permissions(): + """Returns the office name and permissions of all active offices. + Returns the permissions of all offices that have permissions, + plus the permissions of all active offices (which may be none).""" + query = sqlalchemy.text(""" + SELECT GROUP_CONCAT(permission_id) AS permissions, + office_name, office_id, office_order + FROM office_permissions + NATURAL RIGHT JOIN offices + WHERE is_active=TRUE + GROUP BY office_id + + UNION + + SELECT GROUP_CONCAT(permission_id) AS permissions, + office_name, office_id, office_order + FROM office_permissions + NATURAL JOIN offices + GROUP BY office_id + + ORDER BY + CASE + WHEN permissions IS NULL + THEN 1 + ELSE 0 + END, + permissions ASC, + office_order ASC + """) + + return flask.g.db.execute(query).fetchall() + +def fetch_user_permissions(): + """Returns the user's name and permissions of all users. + Returns the permissions of all users who have permissions, + and the permissions of all current members (which may be none)""" + query = sqlalchemy.text(""" + SELECT GROUP_CONCAT(permission_id) AS permissions, name, user_id + FROM user_permissions + NATURAL RIGHT JOIN members_current + NATURAL JOIN members_extra + GROUP BY user_id + + UNION + + SELECT GROUP_CONCAT(permission_id) AS permissions, name, user_id + FROM user_permissions + NATURAL JOIN members_extra + GROUP BY user_id + + ORDER BY + CASE + WHEN permissions IS NULL + THEN 1 + ELSE 0 + END, + permissions ASC, + name ASC + """) + + return flask.g.db.execute(query).fetchall() + +def decode_perm_string(string, sep=","): + "Decodes a `sep`-separated string of permissions." + if string is None: + return ["None"] + elif type(string) is int: + return get_perm_name(string) + elif type(string) is not str: + raise TypeError("decode_perm_string takes int or str only, received " + + str(type(string))) + return [get_perm_name(int(x)) for x in string.split(sep)] + +def get_perm_name(id): + """Returns the permission name corresponding to the given ID.""" + if id is None: + return "None" + perm_name = ""; + try: + perm_name = Permissions(id).name.title().replace("_", " ") + except ValueError: + # id is not a valid permission + perm_name = "Invalid permission" + return perm_name diff --git a/ruddock/modules/perm_mgr/routes.py b/ruddock/modules/perm_mgr/routes.py new file mode 100644 index 0000000..eac3dab --- /dev/null +++ b/ruddock/modules/perm_mgr/routes.py @@ -0,0 +1,21 @@ +import json +import flask + +import datetime + +from ruddock.resources import Permissions +from ruddock.decorators import login_required +from ruddock.modules.perm_mgr import blueprint, helpers + +@blueprint.route('/') +@login_required(Permissions.PERMISSION_MANAGER) +def show_permissions(): + """Displays a list of permissions for current users and offices.""" + office_perms = [{"name": x["office_name"], + "perms": helpers.decode_perm_string(x['permissions'])} + for x in helpers.fetch_office_permissions()] + user_perms = [{"name": x["name"], + "perms": helpers.decode_perm_string(x['permissions'])} + for x in helpers.fetch_user_permissions()] + return flask.render_template('perm_list.html', office_perms=office_perms, + user_perms=user_perms) diff --git a/ruddock/modules/perm_mgr/templates/perm_list.html b/ruddock/modules/perm_mgr/templates/perm_list.html new file mode 100644 index 0000000..5a5f351 --- /dev/null +++ b/ruddock/modules/perm_mgr/templates/perm_list.html @@ -0,0 +1,70 @@ +{% extends "layout.html" %} + +{% block head %} + +{% endblock head %} + +{% block body %} +
+ {% if office_perms %} +
+

Office Permissions

+ Click an office to edit its permissions. + + + + + + + + + + + {% for r in office_perms %} + + + + + {% endfor %} + + +
NamePermissions
{{ r["name"] }}{{ ", ".join(r["perms"]) }}
+
+ {% endif %} + + {% if user_perms %} +
+

User Permissions

+ Click a user to edit their permissions. + + + + + + + + + + + {% for r in user_perms %} + + + + + {% endfor %} + + +
NamePermissions
{{ r["name"] }}{{ ", ".join(r["perms"]) }}
+
+ {% endif %} +
+ +{% endblock body %} diff --git a/ruddock/resources.py b/ruddock/resources.py index 8435c3b..2ae42b0 100644 --- a/ruddock/resources.py +++ b/ruddock/resources.py @@ -25,6 +25,8 @@ class Permissions(enum.IntEnum): BUDGET = 6 # See birthday list BIRTHDAYS = 7 + # Manage office and user permissions + PERMISSION_MANAGER = 8 # Enum for search modes. class MemberSearchMode(enum.IntEnum): From 186926478eecc6ab99d1261827779a5a48cdf7dd Mon Sep 17 00:00:00 2001 From: Siddharth Kurella Date: Wed, 20 Sep 2017 14:39:30 -0700 Subject: [PATCH 2/8] Add clickable links to permission manager view Clicking the name of the office or user will lead to a page to edit permissions. TODO: implement edit page. --- ruddock/modules/perm_mgr/routes.py | 17 +++++++++++++++-- .../modules/perm_mgr/templates/perm_list.html | 4 ++-- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/ruddock/modules/perm_mgr/routes.py b/ruddock/modules/perm_mgr/routes.py index eac3dab..a1b55e3 100644 --- a/ruddock/modules/perm_mgr/routes.py +++ b/ruddock/modules/perm_mgr/routes.py @@ -12,10 +12,23 @@ def show_permissions(): """Displays a list of permissions for current users and offices.""" office_perms = [{"name": x["office_name"], - "perms": helpers.decode_perm_string(x['permissions'])} + "perms": helpers.decode_perm_string(x['permissions']), + "id": x["office_id"]} for x in helpers.fetch_office_permissions()] user_perms = [{"name": x["name"], - "perms": helpers.decode_perm_string(x['permissions'])} + "perms": helpers.decode_perm_string(x['permissions']), + "id": x["user_id"]} for x in helpers.fetch_user_permissions()] return flask.render_template('perm_list.html', office_perms=office_perms, user_perms=user_perms) + +@blueprint.route('/edit_user/') +@login_required(Permissions.PERMISSION_MANAGER) +def edit_user_permissions(user_id): + pass + +@blueprint.route('/edit_office/') +@login_required(Permissions.PERMISSION_MANAGER) +def edit_office_permissions(office_id): + pass + diff --git a/ruddock/modules/perm_mgr/templates/perm_list.html b/ruddock/modules/perm_mgr/templates/perm_list.html index 5a5f351..ae0229c 100644 --- a/ruddock/modules/perm_mgr/templates/perm_list.html +++ b/ruddock/modules/perm_mgr/templates/perm_list.html @@ -30,7 +30,7 @@

Office Permissions

{% for r in office_perms %} - {{ r["name"] }} + {{ r["name"] }} {{ ", ".join(r["perms"]) }} {% endfor %} @@ -56,7 +56,7 @@

User Permissions

{% for r in user_perms %} - {{ r["name"] }} + {{ r["name"] }} {{ ", ".join(r["perms"]) }} {% endfor %} From d10c83e4be09b19944bac8e628e228403a92f3b7 Mon Sep 17 00:00:00 2001 From: Siddharth Kurella Date: Wed, 21 Mar 2018 14:51:05 -0400 Subject: [PATCH 3/8] Add edit office perms frontend --- ruddock/modules/perm_mgr/helpers.py | 37 +++++++++++++- ruddock/modules/perm_mgr/routes.py | 31 +++++++++++- .../perm_mgr/templates/edit_office.html | 48 +++++++++++++++++++ 3 files changed, 114 insertions(+), 2 deletions(-) create mode 100644 ruddock/modules/perm_mgr/templates/edit_office.html diff --git a/ruddock/modules/perm_mgr/helpers.py b/ruddock/modules/perm_mgr/helpers.py index c915080..6a41dce 100644 --- a/ruddock/modules/perm_mgr/helpers.py +++ b/ruddock/modules/perm_mgr/helpers.py @@ -34,6 +34,22 @@ def fetch_office_permissions(): return flask.g.db.execute(query).fetchall() +def fetch_specific_office_permissions(office_id): + """Returns the office name and permissions of the specified office. + May be none.""" + if type(office_id) is not int: + raise TypeError("Must pass office id number to fetch office permissions.") + query = sqlalchemy.text(""" + SELECT GROUP_CONCAT(permission_id) AS permissions, + office_name, office_id + FROM office_permissions + NATURAL JOIN offices + WHERE office_id = :id + GROUP BY office_id + """) + + return flask.g.db.execute(query, id=office_id).fetchone() + def fetch_user_permissions(): """Returns the user's name and permissions of all users. Returns the permissions of all users who have permissions, @@ -65,7 +81,7 @@ def fetch_user_permissions(): return flask.g.db.execute(query).fetchall() def decode_perm_string(string, sep=","): - "Decodes a `sep`-separated string of permissions." + """Decodes a `sep`-separated string of permissions.""" if string is None: return ["None"] elif type(string) is int: @@ -75,6 +91,18 @@ def decode_perm_string(string, sep=","): + str(type(string))) return [get_perm_name(int(x)) for x in string.split(sep)] +def decode_perm_string_with_id(string, sep=","): + """Decodes a `sep`-separated string of permissions into a dictionary + of ID and name.""" + if string is None: + return [{"name": "None", "id": 0}] + elif type(string) is int: + return {"name": get_perm_name(string), "id": string} + elif type(string) is not str: + raise TypeError("decode_perm_string takes int or str only, received " + + str(type(string))) + return [{"name": get_perm_name(int(x)), "id": x} for x in string.split(sep)] + def get_perm_name(id): """Returns the permission name corresponding to the given ID.""" if id is None: @@ -86,3 +114,10 @@ def get_perm_name(id): # id is not a valid permission perm_name = "Invalid permission" return perm_name + +def get_all_perms(): + """Gets a list of all permissions possible to assign.""" + x = [] + for p in Permissions: + x.append({"name": get_perm_name(p.value), "id": p.value}) + return x diff --git a/ruddock/modules/perm_mgr/routes.py b/ruddock/modules/perm_mgr/routes.py index a1b55e3..c36d38e 100644 --- a/ruddock/modules/perm_mgr/routes.py +++ b/ruddock/modules/perm_mgr/routes.py @@ -30,5 +30,34 @@ def edit_user_permissions(user_id): @blueprint.route('/edit_office/') @login_required(Permissions.PERMISSION_MANAGER) def edit_office_permissions(office_id): - pass + x = helpers.fetch_specific_office_permissions(office_id) + office_perms = {"name": x["office_name"], + "perms": helpers.decode_perm_string_with_id(x['permissions']), + "id": x["office_id"]} + all_perms = helpers.get_all_perms() + return flask.render_template('edit_office.html', info=office_perms, + all_perms=all_perms) +@blueprint.route('/delete_user_perm/', methods=["POST"]) +@login_required(Permissions.PERMISSION_MANAGER) +def delete_user_perm(user_id): + perm_id = flask.request.form.get("perm_id") + return flask.redirect(flask.url_for("perm_mgr.edit_user", user_id=user_id)) + +@blueprint.route('/delete_office_perm/', methods=["POST"]) +@login_required(Permissions.PERMISSION_MANAGER) +def delete_office_perm(office_id): + perm_id = flask.request.form.get("perm_id") + return flask.redirect(flask.url_for("perm_mgr.edit_office", office_id=office_id)) + +@blueprint.route('/add_user_perm/', methods=["POST"]) +@login_required(Permissions.PERMISSION_MANAGER) +def add_user_perm(user_id): + perm_id = flask.request.form.get("perm_id") + return flask.redirect(flask.url_for("perm_mgr.edit_user", user_id=user_id)) + +@blueprint.route('/add_office_perm/', methods=["POST"]) +@login_required(Permissions.PERMISSION_MANAGER) +def add_office_perm(office_id): + perm_id = flask.request.form.get("perm_id") + return flask.redirect(flask.url_for("perm_mgr.edit_office", office_id=office_id)) diff --git a/ruddock/modules/perm_mgr/templates/edit_office.html b/ruddock/modules/perm_mgr/templates/edit_office.html new file mode 100644 index 0000000..cd31ba1 --- /dev/null +++ b/ruddock/modules/perm_mgr/templates/edit_office.html @@ -0,0 +1,48 @@ +{% extends "layout.html" %} + +{% block body %} +
+ {# Name and subtitle #} +

{{ info["name"] }}

+

+ Editing office permissions. +

+ +
+ + + + + + + + + {% for perm in info["perms"] %} + + + + + + + + {% endfor %} + + + + + + + +
PermissionsActions
{{ perm["name"] }} + +
Add: + + + +
+
+{% endblock body %} From 1eda963f68f5debe8a373ebfce0d4da18d176de8 Mon Sep 17 00:00:00 2001 From: Siddharth Kurella Date: Thu, 22 Mar 2018 03:14:46 -0400 Subject: [PATCH 4/8] Remove extant perms from add dropdown --- ruddock/modules/perm_mgr/helpers.py | 2 +- ruddock/modules/perm_mgr/routes.py | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ruddock/modules/perm_mgr/helpers.py b/ruddock/modules/perm_mgr/helpers.py index 6a41dce..8ef986d 100644 --- a/ruddock/modules/perm_mgr/helpers.py +++ b/ruddock/modules/perm_mgr/helpers.py @@ -119,5 +119,5 @@ def get_all_perms(): """Gets a list of all permissions possible to assign.""" x = [] for p in Permissions: - x.append({"name": get_perm_name(p.value), "id": p.value}) + x.append({"name": get_perm_name(p.value), "id": str(p.value)}) return x diff --git a/ruddock/modules/perm_mgr/routes.py b/ruddock/modules/perm_mgr/routes.py index c36d38e..310bb9b 100644 --- a/ruddock/modules/perm_mgr/routes.py +++ b/ruddock/modules/perm_mgr/routes.py @@ -35,8 +35,9 @@ def edit_office_permissions(office_id): "perms": helpers.decode_perm_string_with_id(x['permissions']), "id": x["office_id"]} all_perms = helpers.get_all_perms() + diff_perms = [p for p in all_perms if not any(p["id"] == o["id"] for o in office_perms["perms"])] return flask.render_template('edit_office.html', info=office_perms, - all_perms=all_perms) + all_perms=diff_perms) @blueprint.route('/delete_user_perm/', methods=["POST"]) @login_required(Permissions.PERMISSION_MANAGER) From e06f07cbe4d5b550d0b452e61a61e0733f6f8e1d Mon Sep 17 00:00:00 2001 From: Siddharth Kurella Date: Thu, 22 Mar 2018 03:31:31 -0400 Subject: [PATCH 5/8] Add delete/insert perms for offices --- ruddock/modules/perm_mgr/helpers.py | 26 +++++++++++++++++++++++++- ruddock/modules/perm_mgr/routes.py | 10 ++++++---- 2 files changed, 31 insertions(+), 5 deletions(-) diff --git a/ruddock/modules/perm_mgr/helpers.py b/ruddock/modules/perm_mgr/helpers.py index 8ef986d..9e29896 100644 --- a/ruddock/modules/perm_mgr/helpers.py +++ b/ruddock/modules/perm_mgr/helpers.py @@ -47,9 +47,33 @@ def fetch_specific_office_permissions(office_id): WHERE office_id = :id GROUP BY office_id """) - return flask.g.db.execute(query, id=office_id).fetchone() +def delete_office_permission(office_id, perm_id): + """Deletes the specified permission from the office.""" + if type(perm_id) is str or type(perm_id) is unicode: + perm_id = int(perm_id) + if type(office_id) is not int or type(perm_id) is not int: + raise TypeError("Must pass office id number and permission id to fetch office permissions.") + query = sqlalchemy.text(""" + DELETE FROM office_permissions + WHERE office_id = :o_id + AND permission_id = :p_id + """) + return flask.g.db.execute(query, o_id=office_id, p_id=perm_id) + +def insert_office_permission(office_id, perm_id): + """Inserts the specified permission for the office.""" + if type(perm_id) is str or type(perm_id) is unicode: + perm_id = int(perm_id) + if type(office_id) is not int or type(perm_id) is not int: + raise TypeError("Must pass office id number and permission id to fetch office permissions.") + query = sqlalchemy.text(""" + INSERT INTO office_permissions VALUES (:o_id, :p_id) + """) + return flask.g.db.execute(query, o_id=office_id, p_id=perm_id) + + def fetch_user_permissions(): """Returns the user's name and permissions of all users. Returns the permissions of all users who have permissions, diff --git a/ruddock/modules/perm_mgr/routes.py b/ruddock/modules/perm_mgr/routes.py index 310bb9b..32d2d04 100644 --- a/ruddock/modules/perm_mgr/routes.py +++ b/ruddock/modules/perm_mgr/routes.py @@ -43,22 +43,24 @@ def edit_office_permissions(office_id): @login_required(Permissions.PERMISSION_MANAGER) def delete_user_perm(user_id): perm_id = flask.request.form.get("perm_id") - return flask.redirect(flask.url_for("perm_mgr.edit_user", user_id=user_id)) + return flask.redirect(flask.url_for("perm_mgr.edit_user_permissions", user_id=user_id)) @blueprint.route('/delete_office_perm/', methods=["POST"]) @login_required(Permissions.PERMISSION_MANAGER) def delete_office_perm(office_id): perm_id = flask.request.form.get("perm_id") - return flask.redirect(flask.url_for("perm_mgr.edit_office", office_id=office_id)) + helpers.delete_office_permission(office_id, perm_id) + return flask.redirect(flask.url_for("perm_mgr.edit_office_permissions", office_id=office_id)) @blueprint.route('/add_user_perm/', methods=["POST"]) @login_required(Permissions.PERMISSION_MANAGER) def add_user_perm(user_id): perm_id = flask.request.form.get("perm_id") - return flask.redirect(flask.url_for("perm_mgr.edit_user", user_id=user_id)) + return flask.redirect(flask.url_for("perm_mgr.edit_user_permissions", user_id=user_id)) @blueprint.route('/add_office_perm/', methods=["POST"]) @login_required(Permissions.PERMISSION_MANAGER) def add_office_perm(office_id): perm_id = flask.request.form.get("perm_id") - return flask.redirect(flask.url_for("perm_mgr.edit_office", office_id=office_id)) + helpers.insert_office_permission(office_id, perm_id) + return flask.redirect(flask.url_for("perm_mgr.edit_office_permissions", office_id=office_id)) From 82578fd9c7906dbb278054deb0051a690523d5ba Mon Sep 17 00:00:00 2001 From: Siddharth Kurella Date: Thu, 22 Mar 2018 03:57:16 -0400 Subject: [PATCH 6/8] Add add/remove perms for users --- ruddock/modules/perm_mgr/helpers.py | 38 +++++++++++++++ ruddock/modules/perm_mgr/routes.py | 11 ++++- .../modules/perm_mgr/templates/edit_user.html | 48 +++++++++++++++++++ 3 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 ruddock/modules/perm_mgr/templates/edit_user.html diff --git a/ruddock/modules/perm_mgr/helpers.py b/ruddock/modules/perm_mgr/helpers.py index 9e29896..f810731 100644 --- a/ruddock/modules/perm_mgr/helpers.py +++ b/ruddock/modules/perm_mgr/helpers.py @@ -104,6 +104,44 @@ def fetch_user_permissions(): return flask.g.db.execute(query).fetchall() +def fetch_specific_user_permissions(user_id): + """Returns the name and permissions of the specified user. + May be none.""" + if type(user_id) is not int: + raise TypeError("Must pass user id number to fetch user permissions.") + query = sqlalchemy.text(""" + SELECT GROUP_CONCAT(permission_id) AS permissions, name, user_id + FROM user_permissions + NATURAL JOIN members_extra + WHERE user_id = :id + GROUP BY user_id + """) + return flask.g.db.execute(query, id=user_id).fetchone() + +def delete_user_permission(user_id, perm_id): + """Deletes the specified permission from the user.""" + if type(perm_id) is str or type(perm_id) is unicode: + perm_id = int(perm_id) + if type(user_id) is not int or type(perm_id) is not int: + raise TypeError("Must pass user id number and permission id to fetch user permissions.") + query = sqlalchemy.text(""" + DELETE FROM user_permissions + WHERE user_id = :o_id + AND permission_id = :p_id + """) + return flask.g.db.execute(query, o_id=user_id, p_id=perm_id) + +def insert_user_permission(user_id, perm_id): + """Inserts the specified permission for the user.""" + if type(perm_id) is str or type(perm_id) is unicode: + perm_id = int(perm_id) + if type(user_id) is not int or type(perm_id) is not int: + raise TypeError("Must pass user id number and permission id to fetch user permissions.") + query = sqlalchemy.text(""" + INSERT INTO user_permissions VALUES (:o_id, :p_id) + """) + return flask.g.db.execute(query, o_id=user_id, p_id=perm_id) + def decode_perm_string(string, sep=","): """Decodes a `sep`-separated string of permissions.""" if string is None: diff --git a/ruddock/modules/perm_mgr/routes.py b/ruddock/modules/perm_mgr/routes.py index 32d2d04..92713ab 100644 --- a/ruddock/modules/perm_mgr/routes.py +++ b/ruddock/modules/perm_mgr/routes.py @@ -25,7 +25,14 @@ def show_permissions(): @blueprint.route('/edit_user/') @login_required(Permissions.PERMISSION_MANAGER) def edit_user_permissions(user_id): - pass + x = helpers.fetch_specific_user_permissions(user_id) + user_perms = {"name": x["name"], + "perms": helpers.decode_perm_string_with_id(x['permissions']), + "id": x["user_id"]} + all_perms = helpers.get_all_perms() + diff_perms = [p for p in all_perms if not any(p["id"] == u["id"] for u in user_perms["perms"])] + return flask.render_template('edit_user.html', info=user_perms, + all_perms=diff_perms) @blueprint.route('/edit_office/') @login_required(Permissions.PERMISSION_MANAGER) @@ -43,6 +50,7 @@ def edit_office_permissions(office_id): @login_required(Permissions.PERMISSION_MANAGER) def delete_user_perm(user_id): perm_id = flask.request.form.get("perm_id") + helpers.delete_user_permission(user_id, perm_id) return flask.redirect(flask.url_for("perm_mgr.edit_user_permissions", user_id=user_id)) @blueprint.route('/delete_office_perm/', methods=["POST"]) @@ -56,6 +64,7 @@ def delete_office_perm(office_id): @login_required(Permissions.PERMISSION_MANAGER) def add_user_perm(user_id): perm_id = flask.request.form.get("perm_id") + helpers.insert_user_permission(user_id, perm_id) return flask.redirect(flask.url_for("perm_mgr.edit_user_permissions", user_id=user_id)) @blueprint.route('/add_office_perm/', methods=["POST"]) diff --git a/ruddock/modules/perm_mgr/templates/edit_user.html b/ruddock/modules/perm_mgr/templates/edit_user.html new file mode 100644 index 0000000..bb2ad67 --- /dev/null +++ b/ruddock/modules/perm_mgr/templates/edit_user.html @@ -0,0 +1,48 @@ +{% extends "layout.html" %} + +{% block body %} +
+ {# Name and subtitle #} +

{{ info["name"] }}

+

+ Editing user permissions. +

+ +
+ + + + + + + + + {% for perm in info["perms"] %} + + + + + + + + {% endfor %} + + + + + + + +
PermissionsActions
{{ perm["name"] }} + +
Add: + + + +
+
+{% endblock body %} From 814b974846e53a32271bc6d685ca71ebcb07c371 Mon Sep 17 00:00:00 2001 From: Siddharth Kurella Date: Thu, 22 Mar 2018 04:06:29 -0400 Subject: [PATCH 7/8] Fix crash on editing office/user with no permissions --- ruddock/modules/perm_mgr/helpers.py | 5 +++-- ruddock/modules/perm_mgr/templates/edit_office.html | 12 +++++++++++- ruddock/modules/perm_mgr/templates/edit_user.html | 12 +++++++++++- 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/ruddock/modules/perm_mgr/helpers.py b/ruddock/modules/perm_mgr/helpers.py index f810731..17e7d91 100644 --- a/ruddock/modules/perm_mgr/helpers.py +++ b/ruddock/modules/perm_mgr/helpers.py @@ -43,7 +43,7 @@ def fetch_specific_office_permissions(office_id): SELECT GROUP_CONCAT(permission_id) AS permissions, office_name, office_id FROM office_permissions - NATURAL JOIN offices + NATURAL RIGHT JOIN offices WHERE office_id = :id GROUP BY office_id """) @@ -112,7 +112,8 @@ def fetch_specific_user_permissions(user_id): query = sqlalchemy.text(""" SELECT GROUP_CONCAT(permission_id) AS permissions, name, user_id FROM user_permissions - NATURAL JOIN members_extra + NATURAL RIGHT JOIN members_current + NATURAL JOIN members_extra WHERE user_id = :id GROUP BY user_id """) diff --git a/ruddock/modules/perm_mgr/templates/edit_office.html b/ruddock/modules/perm_mgr/templates/edit_office.html index cd31ba1..47be6bb 100644 --- a/ruddock/modules/perm_mgr/templates/edit_office.html +++ b/ruddock/modules/perm_mgr/templates/edit_office.html @@ -21,9 +21,19 @@

- {{ perm["name"] }} + {% if perm["id"] == 0 %} + + {% endif %} + {{ perm["name"] }} + {% if perm["id"] == 0 %} + + {% endif %} + + + {% if perm["id"] != 0 %} + {% endif %}
diff --git a/ruddock/modules/perm_mgr/templates/edit_user.html b/ruddock/modules/perm_mgr/templates/edit_user.html index bb2ad67..615e926 100644 --- a/ruddock/modules/perm_mgr/templates/edit_user.html +++ b/ruddock/modules/perm_mgr/templates/edit_user.html @@ -21,9 +21,19 @@

- {{ perm["name"] }} + {% if perm["id"] == 0 %} + + {% endif %} + {{ perm["name"] }} + {% if perm["id"] == 0 %} + + {% endif %} + + + {% if perm["id"] != 0 %} + {% endif %}
From 6b51c55a7d181326b2ab533bbd2f717177d94378 Mon Sep 17 00:00:00 2001 From: Siddharth Kurella Date: Thu, 22 Mar 2018 15:37:38 -0400 Subject: [PATCH 8/8] Fix showing members who aren't users on perm mgr --- ruddock/modules/perm_mgr/helpers.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ruddock/modules/perm_mgr/helpers.py b/ruddock/modules/perm_mgr/helpers.py index 17e7d91..9091785 100644 --- a/ruddock/modules/perm_mgr/helpers.py +++ b/ruddock/modules/perm_mgr/helpers.py @@ -82,6 +82,7 @@ def fetch_user_permissions(): SELECT GROUP_CONCAT(permission_id) AS permissions, name, user_id FROM user_permissions NATURAL RIGHT JOIN members_current + NATURAL JOIN users NATURAL JOIN members_extra GROUP BY user_id @@ -112,7 +113,7 @@ def fetch_specific_user_permissions(user_id): query = sqlalchemy.text(""" SELECT GROUP_CONCAT(permission_id) AS permissions, name, user_id FROM user_permissions - NATURAL RIGHT JOIN members_current + NATURAL RIGHT JOIN users NATURAL JOIN members_extra WHERE user_id = :id GROUP BY user_id