summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ogcp/forms/auth.py15
-rw-r--r--ogcp/models.py13
-rw-r--r--ogcp/templates/auth/add_user.html54
-rw-r--r--ogcp/templates/auth/edit_user.html54
-rw-r--r--ogcp/templates/auth/user_form.html126
-rw-r--r--ogcp/templates/base.html2
-rw-r--r--ogcp/templates/commands.html8
-rw-r--r--ogcp/templates/images.html16
-rw-r--r--ogcp/templates/repos.html24
-rw-r--r--ogcp/templates/scopes.html57
-rw-r--r--ogcp/templates/servers.html2
-rw-r--r--ogcp/templates/users.html2
-rw-r--r--ogcp/views.py72
13 files changed, 309 insertions, 136 deletions
diff --git a/ogcp/forms/auth.py b/ogcp/forms/auth.py
index d85931b..a76ec7c 100644
--- a/ogcp/forms/auth.py
+++ b/ogcp/forms/auth.py
@@ -7,7 +7,8 @@
from wtforms import (
Form, SubmitField, HiddenField, SelectField, BooleanField, IntegerField,
- StringField, RadioField, PasswordField, SelectMultipleField, widgets
+ StringField, RadioField, PasswordField, SelectMultipleField, FormField,
+ widgets
)
from wtforms.validators import InputRequired, Optional
from flask_wtf import FlaskForm
@@ -28,6 +29,12 @@ class LoginForm(FlaskForm):
)
+class PermissionForm(FlaskForm):
+ add = BooleanField(_l('Add'), default=True)
+ update = BooleanField(_l('Update'), default=True)
+ delete = BooleanField(_l('Delete'), default=True)
+
+
class UserForm(FlaskForm):
username = StringField(
label=_l('Username'),
@@ -50,6 +57,12 @@ class UserForm(FlaskForm):
option_widget=widgets.CheckboxInput(),
widget=widgets.ListWidget(prefix_label=False)
)
+ client_permissions = FormField(PermissionForm, label=_l('Client Permissions'))
+ center_permissions = FormField(PermissionForm, label=_l('Center Permissions'))
+ room_permissions = FormField(PermissionForm, label=_l('Room Permissions'))
+ folder_permissions = FormField(PermissionForm, label=_l('Folder Permissions'))
+ image_permissions = FormField(PermissionForm, label=_l('Image Permissions'))
+ repository_permissions = FormField(PermissionForm, label=_l('Repository Permissions'))
submit_btn = SubmitField(
label=_l('Submit')
)
diff --git a/ogcp/models.py b/ogcp/models.py
index d27b869..ef050ed 100644
--- a/ogcp/models.py
+++ b/ogcp/models.py
@@ -8,7 +8,18 @@
from flask_login import UserMixin
class User(UserMixin):
- def __init__(self, username, scopes, admin):
+ def __init__(self, username, scopes, admin, permissions):
self.id = username
self.scopes = scopes
self.admin = admin
+ self.permissions = permissions
+
+ def get_permission(self, target, action):
+ if self.admin or not target in self.permissions:
+ return True
+ return self.permissions[target].get(action, True)
+
+ def target_is_disabled(self, target):
+ if self.admin or not target in self.permissions or not self.permissions[target]:
+ return False
+ return all(value == False for value in self.permissions[target].values())
diff --git a/ogcp/templates/auth/add_user.html b/ogcp/templates/auth/add_user.html
index cc5ed09..4661236 100644
--- a/ogcp/templates/auth/add_user.html
+++ b/ogcp/templates/auth/add_user.html
@@ -1,53 +1,5 @@
-{% extends 'users.html' %}
-{% import "bootstrap/wtf.html" as wtf %}
+{% extends 'auth/user_form.html' %}
-{% set sidebar_state = 'disabled' %}
-{% set btn_back = true %}
+{% block subhead_heading %}{{_('Add user')}}{% endblock %}
-{% block nav_user_add %}active{% endblock %}
-{% block content %}
-
-<h1 class="m-5">{{_('Add a user')}}</h1>
-
-<form action="{{ url_for('user_add_post') }}" method="post" class="form">
- {{ form.hidden_tag() }}
-
- <div class="form-group">
- {{ form.username.label(class_='form-label') }}
- {{ form.username(class_='form-control') }}
- </div>
-
- <div class="form-group">
- {{ form.pwd.label(class_='form-label') }}
- {{ form.pwd(class_='form-control') }}
- </div>
-
- <div class="form-group">
- {{ form.pwd_confirm.label(class_='form-label') }}
- {{ form.pwd_confirm(class_='form-control') }}
- </div>
-
- <div class="form-group form-check">
- {{ form.admin(class_='form-check-input') }}
- {{ form.admin.label(class_='form-check-label') }}
- </div>
-
- <div class="form-group">
- {{ form.scopes.label(class_='form-label') }}
- <div class="form-text text-muted">{{ form.scopes.description }}</div>
- <div>
- {% for value, label, checked in form.scopes.iter_choices() %}
- <div class="form-check">
- <input class="form-check-input" type="checkbox" name="{{ form.scopes.name }}" value="{{ value }}" {% if checked %} checked {% endif %}>
- <label class="form-check-label">{{ label }}</label>
- </div>
- {% endfor %}
- </div>
- </div>
-
- <div class="form-group">
- {{ form.submit_btn(class_='btn btn-primary') }}
- </div>
-</form>
-
-{% endblock %}
+{% block form_action %}{{ url_for('user_add_post') }}{% endblock %}
diff --git a/ogcp/templates/auth/edit_user.html b/ogcp/templates/auth/edit_user.html
index 3b10508..42ba5aa 100644
--- a/ogcp/templates/auth/edit_user.html
+++ b/ogcp/templates/auth/edit_user.html
@@ -1,53 +1,9 @@
-{% extends 'users.html' %}
-{% import "bootstrap/wtf.html" as wtf %}
+{% extends 'auth/user_form.html' %}
-{% set sidebar_state = 'disabled' %}
-{% set btn_back = true %}
+{% block subhead_heading %}{{_('Edit user {}').format(form.username.data)}}{% endblock %}
-{% block nav_user_edit %}active{% endblock %}
-{% block content %}
+{% block form_action %}{{ url_for('user_edit_post') }}{% endblock %}
-<h1 class="m-5">{{_('Edit user {}').format(form.username.data)}}</h1>
+{% block pwd_field %}<input type="password" name="pwd" class="form-control" placeholder="{{ _('Leave blank if not changing') }}">{% endblock %}
-<form action="{{ url_for('user_edit_post') }}" method="post" class="form">
- {{ form.hidden_tag() }}
-
- <div class="form-group">
- {{ form.username.label(class_='form-label') }}
- {{ form.username(class_='form-control') }}
- </div>
-
- <div class="form-group">
- {{ form.pwd.label(class_='form-label') }}
- <input type="password" name="pwd" class="form-control" placeholder="{{ _('Leave blank if not changing') }}">
- </div>
-
- <div class="form-group">
- {{ form.pwd_confirm.label(class_='form-label') }}
- <input type="password" name="pwd_confirm" class="form-control" placeholder="{{ _('Leave blank if not changing') }}">
- </div>
-
- <div class="form-group form-check">
- {{ form.admin(class_='form-check-input') }}
- {{ form.admin.label(class_='form-check-label') }}
- </div>
-
- <div class="form-group">
- {{ form.scopes.label(class_='form-label') }}
- <div class="form-text text-muted">{{ form.scopes.description }}</div>
- <div>
- {% for value, label, checked in form.scopes.iter_choices() %}
- <div class="form-check">
- <input class="form-check-input" type="checkbox" name="{{ form.scopes.name }}" value="{{ value }}" {% if checked %} checked {% endif %}>
- <label class="form-check-label">{{ label }}</label>
- </div>
- {% endfor %}
- </div>
- </div>
-
- <div class="form-group">
- {{ form.submit_btn(class_='btn btn-primary') }}
- </div>
-</form>
-
-{% endblock %}
+{% block pwd_confirm_field %}<input type="password" name="pwd_confirm" class="form-control" placeholder="{{ _('Leave blank if not changing') }}">{% endblock %}
diff --git a/ogcp/templates/auth/user_form.html b/ogcp/templates/auth/user_form.html
new file mode 100644
index 0000000..7b6b338
--- /dev/null
+++ b/ogcp/templates/auth/user_form.html
@@ -0,0 +1,126 @@
+{% extends 'users.html' %}
+{% import "bootstrap/wtf.html" as wtf %}
+
+{% set sidebar_state = 'disabled' %}
+{% set btn_back = true %}
+
+{% block nav_user_add %}active{% endblock %}
+{% block content %}
+
+<h1 class="m-5">{% block subhead_heading %}{% endblock %}</h1>
+
+<form action="{% block form_action %}{% endblock %}" method="post" class="form">
+ {{ form.hidden_tag() }}
+
+ <div class="form-group">
+ {{ form.username.label(class_='form-label') }}
+ {{ form.username(class_='form-control') }}
+ </div>
+
+ <div class="form-group">
+ {{ form.pwd.label(class_='form-label') }}
+ {% block pwd_field %}{{ form.pwd(class_='form-control') }}{% endblock %}
+ </div>
+
+ <div class="form-group">
+ {{ form.pwd_confirm.label(class_='form-label') }}
+ {% block pwd_confirm_field %}{{ form.pwd_confirm(class_='form-control') }}{% endblock %}
+ </div>
+
+ <div class="form-group">
+ <div class="custom-control custom-switch">
+ {{ form.admin(class_="custom-control-input", id="adminToggle") }}
+ <label class="custom-control-label" for="adminToggle">{{ form.admin.label.text }}</label>
+ </div>
+ </div>
+
+ <!-- jQuery -->
+ <script src="{{ url_for('static', filename='AdminLTE/plugins/jquery/jquery.min.js') }}"></script>
+ <script>
+ $(document).ready(function(){
+
+ var isAdminEnabled = $('#adminToggle').is(':checked');
+ if(isAdminEnabled) {
+ $('#PermissionSection').hide();
+ }
+
+ $('#adminToggle').change(function() {
+ isAdminEnabled = $(this).is(':checked');
+ $('#PermissionSection').toggle(!isAdminEnabled);
+ });
+ });
+ </script>
+
+ <div id="PermissionSection">
+ <div class="form-group">
+ <label class="form-label">{{ _('Permissions') }}</label>
+ <table class="text-center table">
+ <thead>
+ <tr>
+ <th></th>
+ <th>{{ form.client_permissions.add.label.text }}</th>
+ <th>{{ form.client_permissions.update.label.text }}</th>
+ <th>{{ form.client_permissions.delete.label.text }}</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <th>{{ form.client_permissions.label }}</th>
+ <td>{{ form.client_permissions.add() }}</td>
+ <td>{{ form.client_permissions.update() }}</td>
+ <td>{{ form.client_permissions.delete() }}</td>
+ </tr>
+ <tr>
+ <th>{{ form.center_permissions.label }}</th>
+ <td>{{ form.center_permissions.add() }}</td>
+ <td>{{ form.center_permissions.update() }}</td>
+ <td>{{ form.center_permissions.delete() }}</td>
+ </tr>
+ <tr>
+ <th>{{ form.room_permissions.label }}</th>
+ <td>{{ form.room_permissions.add() }}</td>
+ <td>{{ form.room_permissions.update() }}</td>
+ <td>{{ form.room_permissions.delete() }}</td>
+ </tr>
+ <tr>
+ <th>{{ form.folder_permissions.label }}</th>
+ <td>{{ form.folder_permissions.add() }}</td>
+ <td>{{ form.folder_permissions.update() }}</td>
+ <td>{{ form.folder_permissions.delete() }}</td>
+ </tr>
+ <tr>
+ <th>{{ form.image_permissions.label }}</th>
+ <td>{{ form.image_permissions.add() }}</td>
+ <td>{{ form.image_permissions.update() }}</td>
+ <td>{{ form.image_permissions.delete() }}</td>
+ </tr>
+ <tr>
+ <th>{{ form.repository_permissions.label }}</th>
+ <td>{{ form.repository_permissions.add() }}</td>
+ <td>{{ form.repository_permissions.update() }}</td>
+ <td>{{ form.repository_permissions.delete() }}</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+
+ <div class="form-group">
+ {{ form.scopes.label(class_='form-label') }}
+ <div class="form-text text-muted">{{ form.scopes.description }}</div>
+ <div>
+ {% for value, label, checked in form.scopes.iter_choices() %}
+ <div class="form-check">
+ <input class="form-check-input" type="checkbox" name="{{ form.scopes.name }}" value="{{ value }}" {% if checked %} checked {% endif %}>
+ <label class="form-check-label">{{ label }}</label>
+ </div>
+ {% endfor %}
+ </div>
+ </div>
+ </div>
+
+ <div class="form-group">
+ {{ form.submit_btn(class_='btn btn-primary') }}
+ </div>
+</form>
+
+{% endblock %}
diff --git a/ogcp/templates/base.html b/ogcp/templates/base.html
index 9839029..2af9873 100644
--- a/ogcp/templates/base.html
+++ b/ogcp/templates/base.html
@@ -36,10 +36,10 @@
<li class="nav-item {% block nav_scopes%}{% endblock %}">
<a class="nav-link" href="{{ url_for('scopes') }}">{{ _('Scopes management') }}</a>
</li>
- {% if current_user.admin %}
<li class="nav-item {% block nav_repos %}{% endblock %}">
<a class="nav-link" href="{{ url_for('manage_repos') }}">{{ _('Repos') }}</a>
</li>
+ {% if current_user.admin %}
<li class="nav-item {% block nav_users %}{% endblock %}">
<a class="nav-link" href="{{ url_for('users') }}">{{ _('Users') }}</a>
</li>
diff --git a/ogcp/templates/commands.html b/ogcp/templates/commands.html
index 7a63c38..9bb0176 100644
--- a/ogcp/templates/commands.html
+++ b/ogcp/templates/commands.html
@@ -16,7 +16,7 @@
{% endblock %}
{% block commands %}
-
+{% if current_user.is_authenticated %}
<div class="dropdown btn">
<button class="btn btn-secondary btn-light dropdown-toggle{% block nav_client %}{% endblock %}" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false">
{{ _('Client') }}
@@ -66,10 +66,14 @@
{{ _('Image') }}
</button>
<div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
+ {% if current_user.get_permission('IMAGE', 'ADD') %}
<input class="btn btn-light dropdown-item{% block nav_image_create %}{% endblock %}" type="submit" value="{{ _('Create image') }}"
form="scopesForm" formaction="{{ url_for('action_image_create') }}" formmethod="get">
+ {% endif %}
+ {% if current_user.get_permission('IMAGE', 'UPDATE') %}
<input class="btn btn-light dropdown-item {% block nav_image_update %}{% endblock %}" type="submit" value="{{ _('Update image') }}"
form="scopesForm" formaction="{{ url_for('action_image_update') }}" formmethod="get">
+ {% endif %}
<input class="btn btn-light dropdown-item{% block nav_image_restore %}{% endblock %}" type="submit" value="{{ _('Restore Image') }}"
form="scopesForm" formaction="{{ url_for('action_image_restore') }}" formmethod="get">
</div>
@@ -109,7 +113,7 @@
form="scopesForm" formaction="{{ url_for('action_legacy_rt_log') }}" formmethod="get" formtarget="_blank">
</div>
</div>
-
+{% endif %}
{% if btn_back %}
<button class="btn btn-danger ml-3" type="button" id="backButton" onclick="history.back()">
{{ _("Back") }}
diff --git a/ogcp/templates/images.html b/ogcp/templates/images.html
index c439e52..00bb2e4 100644
--- a/ogcp/templates/images.html
+++ b/ogcp/templates/images.html
@@ -58,13 +58,15 @@
{% endblock %}
{% block commands %}
- <input class="btn btn-light" type="submit" value="{{ _('Image details') }}"
- form="imagesForm" formaction="{{ url_for('action_image_info') }}" formmethod="get">
- <input class="btn btn-light" type="submit" value="{{ _('List images') }}"
- form="imagesForm" formaction="{{ url_for('action_image_list') }}" formmethod="get">
-{% if current_user.admin %}
- <input class="btn btn-light" type="submit" value="{{ _('Delete image') }}"
- form="imagesForm" formaction="{{ url_for('action_image_delete') }}" formmethod="get">
+{% if current_user.is_authenticated %}
+ <input class="btn btn-light" type="submit" value="{{ _('Image details') }}"
+ form="imagesForm" formaction="{{ url_for('action_image_info') }}" formmethod="get">
+ <input class="btn btn-light" type="submit" value="{{ _('List images') }}"
+ form="imagesForm" formaction="{{ url_for('action_image_list') }}" formmethod="get">
+ {% if current_user.get_permission('IMAGE', 'DELETE') %}
+ <input class="btn btn-light" type="submit" value="{{ _('Delete image') }}"
+ form="imagesForm" formaction="{{ url_for('action_image_delete') }}" formmethod="get">
+ {% endif %}
{% endif %}
{% if btn_back %}
<button class="btn btn-danger ml-3" type="button" id="backButton" onclick="history.back()">
diff --git a/ogcp/templates/repos.html b/ogcp/templates/repos.html
index ef56d2a..06bee58 100644
--- a/ogcp/templates/repos.html
+++ b/ogcp/templates/repos.html
@@ -50,14 +50,22 @@
{% endblock %}
{% block commands %}
- <input class="btn btn-light {% block nav_repo_info %}{% endblock %}" type="submit" value="{{ _('Repo details') }}"
- form="reposForm" formaction="{{ url_for('action_repo_info') }}" formmethod="get">
- <input class="btn btn-light {% block nav_repo_add %}{% endblock %}" type="submit" value="{{ _('Add repo') }}"
- form="reposForm" formaction="{{ url_for('action_repo_add') }}" formmethod="get">
- <input class="btn btn-light {% block nav_repo_delete %}{% endblock %}" type="submit" value="{{ _('Delete repo') }}"
- form="reposForm" formaction="{{ url_for('action_repo_delete') }}" formmethod="get">
- <input class="btn btn-light {% block nav_repo_update %}{% endblock %}" type="submit" value="{{ _('Update repo') }}"
- form="reposForm" formaction="{{ url_for('action_repo_update') }}" formmethod="get">
+{% if current_user.is_authenticated %}
+ <input class="btn btn-light {% block nav_repo_info %}{% endblock %}" type="submit" value="{{ _('Repo details') }}"
+ form="reposForm" formaction="{{ url_for('action_repo_info') }}" formmethod="get">
+ {% if current_user.get_permission('REPOSITORY', 'ADD') %}
+ <input class="btn btn-light {% block nav_repo_add %}{% endblock %}" type="submit" value="{{ _('Add repo') }}"
+ form="reposForm" formaction="{{ url_for('action_repo_add') }}" formmethod="get">
+ {% endif %}
+ {% if current_user.get_permission('REPOSITORY', 'DELETE') %}
+ <input class="btn btn-light {% block nav_repo_delete %}{% endblock %}" type="submit" value="{{ _('Delete repo') }}"
+ form="reposForm" formaction="{{ url_for('action_repo_delete') }}" formmethod="get">
+ {% endif %}
+ {% if current_user.get_permission('REPOSITORY', 'UPDATE') %}
+ <input class="btn btn-light {% block nav_repo_update %}{% endblock %}" type="submit" value="{{ _('Update repo') }}"
+ form="reposForm" formaction="{{ url_for('action_repo_update') }}" formmethod="get">
+ {% endif %}
+{% endif %}
{% if btn_back %}
<button class="btn btn-danger ml-3" type="button" id="backButton" onclick="history.back()">
diff --git a/ogcp/templates/scopes.html b/ogcp/templates/scopes.html
index dc5eb71..8236877 100644
--- a/ogcp/templates/scopes.html
+++ b/ogcp/templates/scopes.html
@@ -16,72 +16,103 @@
{% endblock %}
{% block commands %}
- {% if current_user.is_authenticated %}
+{% if current_user.is_authenticated %}
+
+ {% if not current_user.target_is_disabled('CLIENT') %}
<div class="dropdown btn">
<button class="btn btn-secondary btn-light dropdown-toggle {% block nav_client %}{% endblock %}" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false">
{{ _('Client') }}
</button>
<div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
+ {% if current_user.get_permission('CLIENT', 'ADD') %}
<input class="btn btn-light dropdown-item {% block nav_client_add %}{% endblock %}" type="submit" value="{{ _('Add client') }}"
- form="scopesForm" formaction="{{ url_for('action_client_add') }}" formmethod="get">
+ form="scopesForm" formaction="{{ url_for('action_client_add') }}" formmethod="get">
+ {% endif %}
<input class="btn btn-light dropdown-item {% block nav_client_update %}{% endblock %}" type="submit" value="{{ _('Update client') }}"
form="scopesForm" formaction="{{ url_for('action_client_update') }}" formmethod="get">
+ {% if current_user.get_permission('CLIENT', 'UPDATE') %}
<input class="btn btn-light dropdown-item {% block nav_client_move %}{% endblock %}" type="submit" value="{{ _('Move client') }}"
- form="scopesForm" formaction="{{ url_for('action_client_move') }}" formmethod="get">
+ form="scopesForm" formaction="{{ url_for('action_client_move') }}" formmethod="get">
+ {% endif %}
+ {% if current_user.get_permission('CLIENT', 'ADD') %}
<input class="btn btn-light dropdown-item {% block nav_clients_import %}{% endblock %}" type="submit" value="{{ _('Import clients') }}"
- form="scopesForm" formaction="{{ url_for('action_clients_import_get') }}" formmethod="get">
+ form="scopesForm" formaction="{{ url_for('action_clients_import_get') }}" formmethod="get">
+ {% endif %}
+ {% if current_user.get_permission('CLIENT', 'DELETE') %}
<input class="btn btn-light dropdown-item {% block nav_client_delete %}{% endblock %}" type="submit" value="{{ _('Delete client') }}"
- form="scopesForm" formaction="{{ url_for('action_client_delete') }}" formmethod="get">
+ form="scopesForm" formaction="{{ url_for('action_client_delete') }}" formmethod="get">
+ {% endif %}
</div>
</div>
{% endif %}
- {% if current_user.admin %}
+
<div class="dropdown btn">
<button class="btn btn-secondary btn-light dropdown-toggle {% block nav_room %}{% endblock %}" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false">
{{ _('Room') }}
</button>
<div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
+ {% if current_user.get_permission('ROOM', 'ADD') %}
<input class="btn btn-light dropdown-item {% block nav_room_add %}{% endblock %}" type="submit" value="{{ _('Add room') }}"
- form="scopesForm" formaction="{{ url_for('action_room_add') }}" formmethod="get">
+ form="scopesForm" formaction="{{ url_for('action_room_add') }}" formmethod="get">
+ {% endif %}
+ {% if current_user.get_permission('ROOM', 'UPDATE') %}
<input class="btn btn-light dropdown-item {% block nav_room_update %}{% endblock %}" type="submit" value="{{ _('Update room') }}"
- form="scopesForm" formaction="{{ url_for('action_room_update') }}" formmethod="get">
+ form="scopesForm" formaction="{{ url_for('action_room_update') }}" formmethod="get">
+ {% endif %}
+ {% if current_user.get_permission('ROOM', 'DELETE') %}
<input class="btn btn-light dropdown-item {% block nav_room_delete %}{% endblock %}" type="submit" value="{{ _('Delete room') }}"
- form="scopesForm" formaction="{{ url_for('action_room_delete') }}" formmethod="get">
+ form="scopesForm" formaction="{{ url_for('action_room_delete') }}" formmethod="get">
+ {% endif %}
<input class="btn btn-light dropdown-item {% block nav_room_info %}{% endblock %}" type="submit" value="{{ _('Room details') }}"
form="scopesForm" formaction="{{ url_for('action_room_info') }}" formmethod="get">
</div>
</div>
+
<div class="dropdown btn">
<button class="btn btn-secondary btn-light dropdown-toggle {% block nav_center %}{% endblock %}" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false">
{{ _('Center') }}
</button>
<div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
+ {% if current_user.get_permission('CENTER', 'ADD') %}
<input class="btn btn-light dropdown-item {% block nav_center_add %}{% endblock %}" type="submit" value="{{ _('Add center') }}"
- form="scopesForm" formaction="{{ url_for('action_center_add') }}" formmethod="get">
+ form="scopesForm" formaction="{{ url_for('action_center_add') }}" formmethod="get">
+ {% endif %}
+ {% if current_user.get_permission('CENTER', 'UPDATE') %}
<input class="btn btn-light dropdown-item {% block nav_center_update %}{% endblock %}" type="submit" value="{{ _('Update center') }}"
- form="scopesForm" formaction="{{ url_for('action_center_update') }}" formmethod="get">
+ form="scopesForm" formaction="{{ url_for('action_center_update') }}" formmethod="get">
+ {% endif %}
+ {% if current_user.get_permission('CENTER', 'DELETE') %}
<input class="btn btn-light dropdown-item {% block nav_center_delete %}{% endblock %}" type="submit" value="{{ _('Delete center') }}"
- form="scopesForm" formaction="{{ url_for('action_center_delete') }}" formmethod="get">
+ form="scopesForm" formaction="{{ url_for('action_center_delete') }}" formmethod="get">
+ {% endif %}
<input class="btn btn-light dropdown-item {% block nav_center_info %}{% endblock %}" type="submit" value="{{ _('Center details') }}"
form="scopesForm" formaction="{{ url_for('action_center_info') }}" formmethod="get">
</div>
</div>
+ {% if not current_user.target_is_disabled('FOLDER') %}
<div class="dropdown btn">
<button class="btn btn-secondary btn-light dropdown-toggle {% block nav_folder %}{% endblock %}" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false">
{{ _('Folder') }}
</button>
<div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
+ {% if current_user.get_permission('FOLDER', 'ADD') %}
<input class="btn btn-light dropdown-item {% block nav_folder_add %}{% endblock %}" type="submit" value="{{ _('Add folder') }}"
form="scopesForm" formaction="{{ url_for('action_folder_add') }}" formmethod="get">
+ {% endif %}
+ {% if current_user.get_permission('FOLDER', 'UPDATE') %}
<input class="btn btn-light dropdown-item {% block nav_folder_update %}{% endblock %}" type="submit" value="{{ _('Update folder') }}"
form="scopesForm" formaction="{{ url_for('action_folder_update') }}" formmethod="get">
+ {% endif %}
+ {% if current_user.get_permission('FOLDER', 'DELETE') %}
<input class="btn btn-light dropdown-item {% block nav_folder_delete %}{% endblock %}" type="submit" value="{{ _('Delete folder') }}"
form="scopesForm" formaction="{{ url_for('action_folder_delete') }}" formmethod="get">
+ {% endif %}
</div>
</div>
-
{% endif %}
+{% endif %}
+
{% if btn_back %}
<button class="btn btn-danger ml-3" type="button" id="backButton" onclick="history.back()">
{{ _("Back") }}
diff --git a/ogcp/templates/servers.html b/ogcp/templates/servers.html
index 9a466ea..bc09c4f 100644
--- a/ogcp/templates/servers.html
+++ b/ogcp/templates/servers.html
@@ -25,6 +25,7 @@
{% endblock %}
{% block commands %}
+{% if current_user.is_authenticated %}
<input class="btn btn-light {% block nav_server_add %}{% endblock %}" type="submit" value="{{ _('Add server') }}"
form="serversForm" formaction="{{ url_for('server_add_get') }}" formmethod="get">
<input class="btn btn-light {% block nav_server_delete %}{% endblock %}" type="submit" value="{{ _('Delete server') }}"
@@ -34,5 +35,6 @@
{{ _("Back") }}
</button>
{% endif %}
+{% endif %}
{% endblock %}
diff --git a/ogcp/templates/users.html b/ogcp/templates/users.html
index 72f23f3..01b0a60 100644
--- a/ogcp/templates/users.html
+++ b/ogcp/templates/users.html
@@ -24,6 +24,7 @@
{% endblock %}
{% block commands %}
+{% if current_user.is_authenticated %}
<input class="btn btn-light {% block nav_user_add %}{% endblock %}" type="submit" value="{{ _('Add user') }}"
form="usersForm" formaction="{{ url_for('user_add_get') }}" formmethod="get">
<input class="btn btn-light {% block nav_user_edit %}{% endblock %}" type="submit" value="{{ _('Edit user') }}"
@@ -35,5 +36,6 @@
{{ _("Back") }}
</button>
{% endif %}
+{% endif %}
{% endblock %}
diff --git a/ogcp/views.py b/ogcp/views.py
index 45a0f73..9868e78 100644
--- a/ogcp/views.py
+++ b/ogcp/views.py
@@ -311,7 +311,7 @@ def get_scopes(ips=set()):
list_scopes.append(server_scope)
all_scopes = {'scope': list_scopes}
all_scopes = sort_scopes(all_scopes)
- if current_user.scopes:
+ if not current_user.admin and current_user.scopes:
remove_disabled_scopes(all_scopes)
clients = get_clients()
add_state_and_ips(all_scopes, clients['clients'], ips)
@@ -369,7 +369,10 @@ def load_user(username):
if not user_dict:
return None
- user = User(username, user_dict.get('SCOPES'), user_dict.get('ADMIN'))
+ user = User(username,
+ user_dict.get('SCOPES'),
+ user_dict.get('ADMIN'),
+ user_dict.get('PERMISSIONS', {}))
return user
@app.errorhandler(404)
@@ -458,7 +461,10 @@ def login():
user_dict = authenticate_user(form_user, pwd_hash)
if not user_dict:
return render_template('auth/login.html', form=form)
- user = User(form_user, user_dict.get('SCOPES'), user_dict.get('ADMIN'))
+ user = User(form_user,
+ user_dict.get('SCOPES'),
+ user_dict.get('ADMIN'),
+ user_dict.get('PERMISSIONS', {}))
login_user(user)
return redirect(url_for('index'))
return render_template('auth/login.html', form=LoginForm())
@@ -3027,6 +3033,38 @@ def save_user(form, preserve_pwd):
'PASS': pwd_hash,
'ADMIN': admin,
'SCOPES': scopes,
+ 'PERMISSIONS': {
+ 'CLIENT': {
+ 'ADD': form.client_permissions.add.data,
+ 'UPDATE': form.client_permissions.update.data,
+ 'DELETE': form.client_permissions.delete.data,
+ },
+ 'CENTER': {
+ 'ADD': form.center_permissions.add.data,
+ 'UPDATE': form.center_permissions.update.data,
+ 'DELETE': form.center_permissions.delete.data,
+ },
+ 'ROOM': {
+ 'ADD': form.room_permissions.add.data,
+ 'UPDATE': form.room_permissions.update.data,
+ 'DELETE': form.room_permissions.delete.data,
+ },
+ 'FOLDER': {
+ 'ADD': form.folder_permissions.add.data,
+ 'UPDATE': form.folder_permissions.update.data,
+ 'DELETE': form.folder_permissions.delete.data,
+ },
+ 'IMAGE': {
+ 'ADD': form.image_permissions.add.data,
+ 'UPDATE': form.image_permissions.update.data,
+ 'DELETE': form.image_permissions.delete.data,
+ },
+ 'REPOSITORY': {
+ 'ADD': form.repository_permissions.add.data,
+ 'UPDATE': form.repository_permissions.update.data,
+ 'DELETE': form.repository_permissions.delete.data,
+ },
+ },
}
filename = os.path.join(app.root_path, ogcp_cfg_path)
@@ -3110,6 +3148,34 @@ def user_edit_get():
form.username.render_kw = {'readonly': True}
form.admin.data = user.get('ADMIN')
form.scopes.data = user.get('SCOPES')
+
+ if 'PERMISSIONS' in user:
+ permissions = user.get('PERMISSIONS')
+
+ def get_permission(target, action):
+ if not target in permissions:
+ return True
+ return permissions[target].get(action, True)
+
+ form.client_permissions.add.data = get_permission('CLIENT', 'ADD')
+ form.client_permissions.update.data = get_permission('CLIENT', 'UPDATE')
+ form.client_permissions.delete.data = get_permission('CLIENT', 'DELETE')
+ form.center_permissions.add.data = get_permission('CENTER', 'ADD')
+ form.center_permissions.update.data = get_permission('CENTER', 'UPDATE')
+ form.center_permissions.delete.data = get_permission('CENTER', 'DELETE')
+ form.room_permissions.add.data = get_permission('ROOM', 'ADD')
+ form.room_permissions.update.data = get_permission('ROOM', 'UPDATE')
+ form.room_permissions.delete.data = get_permission('ROOM', 'DELETE')
+ form.folder_permissions.add.data = get_permission('FOLDER', 'ADD')
+ form.folder_permissions.update.data = get_permission('FOLDER', 'UPDATE')
+ form.folder_permissions.delete.data = get_permission('FOLDER', 'DELETE')
+ form.image_permissions.add.data = get_permission('IMAGE', 'ADD')
+ form.image_permissions.update.data = get_permission('IMAGE', 'UPDATE')
+ form.image_permissions.delete.data = get_permission('IMAGE', 'DELETE')
+ form.repository_permissions.add.data = get_permission('REPOSITORY', 'ADD')
+ form.repository_permissions.update.data = get_permission('REPOSITORY', 'UPDATE')
+ form.repository_permissions.delete.data = get_permission('REPOSITORY', 'DELETE')
+
form.scopes.choices = get_available_centers()
return render_template('auth/edit_user.html', form=form)