From 5809fa061ebbdf6102e39f58badfabe1405203c3 Mon Sep 17 00:00:00 2001 From: tobes Date: Fri, 15 Feb 2013 18:12:15 +0000 Subject: [PATCH] [#409] Remove authz admin functionality from controller --- ckan/controllers/admin.py | 155 -------------------------------------- 1 file changed, 155 deletions(-) diff --git a/ckan/controllers/admin.py b/ckan/controllers/admin.py index fc809e560ea..128aae67afe 100644 --- a/ckan/controllers/admin.py +++ b/ckan/controllers/admin.py @@ -3,16 +3,9 @@ import ckan.lib.base as base import ckan.lib.helpers as h import ckan.lib.app_globals as app_globals -import ckan.lib.authztool import ckan.model as model -import ckan.logic import ckan.new_authz -from ckan.model.authz import Role -roles = Role.get_all() -role_tuples = [(x, x) for x in roles] - - c = base.c request = base.request _ = base._ @@ -92,154 +85,6 @@ def index(self): return base.render('admin/index.html') - def authz(self): - def action_save_form(users): - # The permissions grid has been saved - # which is a grid of checkboxes named user$role - rpi = request.params.items() - - # The grid passes us a list of the users/roles that were displayed - submitted = [a for (a, b) in rpi if (b == u'submitted')] - # and also those which were checked - checked = [a for (a, b) in rpi if (b == u'on')] - - # from which we can deduce true/false for each user/role - # combination that was displayed in the form - table_dict = {} - for a in submitted: - table_dict[a] = False - for a in checked: - table_dict[a] = True - - # now we'll split up the user$role strings to make a dictionary - # from (user,role) to True/False, which tells us what we need to - # do. - new_user_role_dict = {} - for (ur, val) in table_dict.items(): - u, r = ur.split('$') - new_user_role_dict[(u, r)] = val - - # we get the current user/role assignments - # and make a dictionary of them - current_uors = model.Session.query(model.SystemRole).all() - current_users_roles = [(uor.user.name, uor.role) - for uor in current_uors - if uor.user] - - current_user_role_dict = {} - for (u, r) in current_users_roles: - current_user_role_dict[(u, r)] = True - - # and now we can loop through our dictionary of desired states - # checking whether a change needs to be made, and if so making it - - # WORRY: Here it seems that we have to check whether someone is - # already assigned a role, in order to avoid assigning it twice, - # or attempting to delete it when it doesn't exist. Otherwise - # problems occur. However this doesn't affect the index page, - # which would seem to be prone to suffer the same effect. Why - # the difference? - - - for ((u, r), val) in new_user_role_dict.items(): - if val: - if not ((u, r) in current_user_role_dict): - model.add_user_to_role( - model.User.by_name(u), r, - model.System()) - else: - if ((u, r) in current_user_role_dict): - model.remove_user_from_role( - model.User.by_name(u), r, - model.System()) - - # finally commit the change to the database - model.Session.commit() - h.flash_success(_("Changes Saved")) - - if ('save' in request.POST): - action_save_form('users') - - def action_add_form(users): - # The user is attempting to set new roles for a named user - new_user = request.params.get('new_user_name') - # this is the list of roles whose boxes were ticked - checked_roles = [a for (a, b) in request.params.items() - if (b == u'on')] - # this is the list of all the roles that were in the submitted - # form - submitted_roles = [a for (a, b) in request.params.items() - if (b == u'submitted')] - - # from this we can make a dictionary of the desired states - # i.e. true for the ticked boxes, false for the unticked - desired_roles = {} - for r in submitted_roles: - desired_roles[r] = False - for r in checked_roles: - desired_roles[r] = True - - # again, in order to avoid either creating a role twice or - # deleting one which is non-existent, we need to get the users' - # current roles (if any) - - current_uors = model.Session.query(model.SystemRole).all() - - - current_roles = [uor.role for uor in current_uors - if (uor.user and uor.user.name == new_user)] - user_object = model.User.by_name(new_user) - if user_object is None: - # The submitted user does not exist. Bail with flash - # message - h.flash_error(_('unknown user:') + str(new_user)) - else: - # Whenever our desired state is different from our - # current state, change it. - for (r, val) in desired_roles.items(): - if val: - if (r not in current_roles): - model.add_user_to_role(user_object, r, - model.System()) - else: - if (r in current_roles): - model.remove_user_from_role(user_object, r, - model.System()) - h.flash_success(_("User Added")) - - # and finally commit all these changes to the database - model.Session.commit() - - if 'add' in request.POST: - action_add_form('users') - - # ================= - # Display the page - # Find out all the possible roles. For the system object that's just - # all of them. - possible_roles = Role.get_all() - - # get the list of users who have roles on the System, with their roles - uors = model.Session.query(model.SystemRole).all() - # uniquify and sort - users = sorted(list(set([uor.user.name for uor in uors if uor.user]))) - - users_roles = [(uor.user.name, uor.role) for uor in uors if uor.user] - user_role_dict = {} - for u in users: - for r in possible_roles: - if (u, r) in users_roles: - user_role_dict[(u, r)] = True - else: - user_role_dict[(u, r)] = False - - - # pass these variables to the template for rendering - c.roles = possible_roles - c.users = users - c.user_role_dict = user_role_dict - - return base.render('admin/authz.html') def trash(self): c.deleted_revisions = model.Session.query(