diff options
| author | Alejandro Sirgo Rica <asirgo@soleta.eu> | 2024-06-25 17:29:02 +0200 |
|---|---|---|
| committer | Alejandro Sirgo Rica <asirgo@soleta.eu> | 2024-06-27 10:03:14 +0200 |
| commit | 977b457d5ce7661e8b4680d5543ad4d31063dcf1 (patch) | |
| tree | b978944834f149c3aea9083c166fc2ba7b1d950f /ogcp/templates/scopes.html | |
| parent | 25bb1ff73b537c53b07c7d41c28e1b52c149c026 (diff) | |
ogcp: add user permission mechanism
Add a new user permission system to control the allowed operations
accessible from each account.
Add a permission matrix editable through the user/add and user/edit
views. The permission matrix has client, center, room, folder, image
and repository as permission targets and add, update and delete as
permission types.
Restrict each view based on the user permissions, hide all actions
from not autheticated users.
permissions defined in the class UserForm.
Serialize each user permissions into ogcp.json as:
{
...
"USERS" [
{
"USER": "admin"
...
"PERMISSIONS": {
"CLIENT": {
"ADD": true,
"UPDATE": true,
"DELETE": true,
},
... <- same structure for "CENTER", "ROOM", "FOLDER", "IMAGE"
and "REPOSITORY"
}
},
...
],
...
}
Grant all the permissions to old user configuration to not disrupt their
workflow. The administrator will need to assign the permissions for each
user.
Ignore scope and permission restrictions for admin users.
Save permissions and scopes even if the user is admin to account for the
case of a temporal admin promotion without losing the previous
configuration.
Use template inheritance for add_user.html and edit_user.html to prevent
big code duplication with the new HTML code to render the permission
matrix.
Make user administration an admin only feature.
Define methods get_permission and target_is_disabled to improve readability
in template conditionals that disable features based on user permissions.
Diffstat (limited to 'ogcp/templates/scopes.html')
| -rw-r--r-- | ogcp/templates/scopes.html | 57 |
1 files changed, 44 insertions, 13 deletions
diff --git a/ogcp/templates/scopes.html b/ogcp/templates/scopes.html index dc5eb71..8236877 100644 --- a/ogcp/templates/scopes.html +++ b/ogcp/templates/scopes.html @@ -16,72 +16,103 @@ {% endblock %} {% block commands %} - {% if current_user.is_authenticated %} +{% if current_user.is_authenticated %} + + {% if not current_user.target_is_disabled('CLIENT') %} <div class="dropdown btn"> <button class="btn btn-secondary btn-light dropdown-toggle {% block nav_client %}{% endblock %}" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false"> {{ _('Client') }} </button> <div class="dropdown-menu" aria-labelledby="dropdownMenuButton"> + {% if current_user.get_permission('CLIENT', 'ADD') %} <input class="btn btn-light dropdown-item {% block nav_client_add %}{% endblock %}" type="submit" value="{{ _('Add client') }}" - form="scopesForm" formaction="{{ url_for('action_client_add') }}" formmethod="get"> + form="scopesForm" formaction="{{ url_for('action_client_add') }}" formmethod="get"> + {% endif %} <input class="btn btn-light dropdown-item {% block nav_client_update %}{% endblock %}" type="submit" value="{{ _('Update client') }}" form="scopesForm" formaction="{{ url_for('action_client_update') }}" formmethod="get"> + {% if current_user.get_permission('CLIENT', 'UPDATE') %} <input class="btn btn-light dropdown-item {% block nav_client_move %}{% endblock %}" type="submit" value="{{ _('Move client') }}" - form="scopesForm" formaction="{{ url_for('action_client_move') }}" formmethod="get"> + form="scopesForm" formaction="{{ url_for('action_client_move') }}" formmethod="get"> + {% endif %} + {% if current_user.get_permission('CLIENT', 'ADD') %} <input class="btn btn-light dropdown-item {% block nav_clients_import %}{% endblock %}" type="submit" value="{{ _('Import clients') }}" - form="scopesForm" formaction="{{ url_for('action_clients_import_get') }}" formmethod="get"> + form="scopesForm" formaction="{{ url_for('action_clients_import_get') }}" formmethod="get"> + {% endif %} + {% if current_user.get_permission('CLIENT', 'DELETE') %} <input class="btn btn-light dropdown-item {% block nav_client_delete %}{% endblock %}" type="submit" value="{{ _('Delete client') }}" - form="scopesForm" formaction="{{ url_for('action_client_delete') }}" formmethod="get"> + form="scopesForm" formaction="{{ url_for('action_client_delete') }}" formmethod="get"> + {% endif %} </div> </div> {% endif %} - {% if current_user.admin %} + <div class="dropdown btn"> <button class="btn btn-secondary btn-light dropdown-toggle {% block nav_room %}{% endblock %}" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false"> {{ _('Room') }} </button> <div class="dropdown-menu" aria-labelledby="dropdownMenuButton"> + {% if current_user.get_permission('ROOM', 'ADD') %} <input class="btn btn-light dropdown-item {% block nav_room_add %}{% endblock %}" type="submit" value="{{ _('Add room') }}" - form="scopesForm" formaction="{{ url_for('action_room_add') }}" formmethod="get"> + form="scopesForm" formaction="{{ url_for('action_room_add') }}" formmethod="get"> + {% endif %} + {% if current_user.get_permission('ROOM', 'UPDATE') %} <input class="btn btn-light dropdown-item {% block nav_room_update %}{% endblock %}" type="submit" value="{{ _('Update room') }}" - form="scopesForm" formaction="{{ url_for('action_room_update') }}" formmethod="get"> + form="scopesForm" formaction="{{ url_for('action_room_update') }}" formmethod="get"> + {% endif %} + {% if current_user.get_permission('ROOM', 'DELETE') %} <input class="btn btn-light dropdown-item {% block nav_room_delete %}{% endblock %}" type="submit" value="{{ _('Delete room') }}" - form="scopesForm" formaction="{{ url_for('action_room_delete') }}" formmethod="get"> + form="scopesForm" formaction="{{ url_for('action_room_delete') }}" formmethod="get"> + {% endif %} <input class="btn btn-light dropdown-item {% block nav_room_info %}{% endblock %}" type="submit" value="{{ _('Room details') }}" form="scopesForm" formaction="{{ url_for('action_room_info') }}" formmethod="get"> </div> </div> + <div class="dropdown btn"> <button class="btn btn-secondary btn-light dropdown-toggle {% block nav_center %}{% endblock %}" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false"> {{ _('Center') }} </button> <div class="dropdown-menu" aria-labelledby="dropdownMenuButton"> + {% if current_user.get_permission('CENTER', 'ADD') %} <input class="btn btn-light dropdown-item {% block nav_center_add %}{% endblock %}" type="submit" value="{{ _('Add center') }}" - form="scopesForm" formaction="{{ url_for('action_center_add') }}" formmethod="get"> + form="scopesForm" formaction="{{ url_for('action_center_add') }}" formmethod="get"> + {% endif %} + {% if current_user.get_permission('CENTER', 'UPDATE') %} <input class="btn btn-light dropdown-item {% block nav_center_update %}{% endblock %}" type="submit" value="{{ _('Update center') }}" - form="scopesForm" formaction="{{ url_for('action_center_update') }}" formmethod="get"> + form="scopesForm" formaction="{{ url_for('action_center_update') }}" formmethod="get"> + {% endif %} + {% if current_user.get_permission('CENTER', 'DELETE') %} <input class="btn btn-light dropdown-item {% block nav_center_delete %}{% endblock %}" type="submit" value="{{ _('Delete center') }}" - form="scopesForm" formaction="{{ url_for('action_center_delete') }}" formmethod="get"> + form="scopesForm" formaction="{{ url_for('action_center_delete') }}" formmethod="get"> + {% endif %} <input class="btn btn-light dropdown-item {% block nav_center_info %}{% endblock %}" type="submit" value="{{ _('Center details') }}" form="scopesForm" formaction="{{ url_for('action_center_info') }}" formmethod="get"> </div> </div> + {% if not current_user.target_is_disabled('FOLDER') %} <div class="dropdown btn"> <button class="btn btn-secondary btn-light dropdown-toggle {% block nav_folder %}{% endblock %}" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false"> {{ _('Folder') }} </button> <div class="dropdown-menu" aria-labelledby="dropdownMenuButton"> + {% if current_user.get_permission('FOLDER', 'ADD') %} <input class="btn btn-light dropdown-item {% block nav_folder_add %}{% endblock %}" type="submit" value="{{ _('Add folder') }}" form="scopesForm" formaction="{{ url_for('action_folder_add') }}" formmethod="get"> + {% endif %} + {% if current_user.get_permission('FOLDER', 'UPDATE') %} <input class="btn btn-light dropdown-item {% block nav_folder_update %}{% endblock %}" type="submit" value="{{ _('Update folder') }}" form="scopesForm" formaction="{{ url_for('action_folder_update') }}" formmethod="get"> + {% endif %} + {% if current_user.get_permission('FOLDER', 'DELETE') %} <input class="btn btn-light dropdown-item {% block nav_folder_delete %}{% endblock %}" type="submit" value="{{ _('Delete folder') }}" form="scopesForm" formaction="{{ url_for('action_folder_delete') }}" formmethod="get"> + {% endif %} </div> </div> - {% endif %} +{% endif %} + {% if btn_back %} <button class="btn btn-danger ml-3" type="button" id="backButton" onclick="history.back()"> {{ _("Back") }} |