diff --git a/buckler.py b/buckler.py index 05d142a..26606a9 100644 --- a/buckler.py +++ b/buckler.py @@ -34,10 +34,11 @@ async def index(request): forms_ = { 'invite_user': forms.invite_user, + 'change_user_perms': forms.change_user_perms, + 'new_app': forms.new_app, 'change_password': forms.change_password, 'delete_key': forms.delete_key, 'delele_session': forms.delete_session, - 'new_app': forms.new_app, } if not forms_.get(form): diff --git a/forms.py b/forms.py index 033ea63..4a59dac 100644 --- a/forms.py +++ b/forms.py @@ -23,6 +23,56 @@ async def invite_user(request): return {} +async def change_user_perms(request): + """Allows an admin to change user permissions.""" + data = await request.post() + pluses = [] + for key, value in data.items(): + if key == 'form_name': + continue + username, _, app_name = key.partition('-') + pluses.append((username, app_name)) + + async with request.app['pool'].acquire() as conn: + apps = await conn.fetch( + "SELECT id, name FROM app_info") + users = {p[0] for p in pluses} + minuses = [] + for user in users: + for app in apps: + minuses.append((user, app['name'])) + minuses = [m for m in minuses if m not in pluses] + + await conn.executemany( + "INSERT INTO app_user (user_id, app_id) " + "VALUES ((SELECT id FROM user_info WHERE username = $1), " + "(SELECT id FROM app_info WHERE name = $2)) " + "ON CONFLICT ON CONSTRAINT app_user_pkey DO NOTHING", + pluses) + await conn.executemany( + "DELETE FROM app_user " + "WHERE user_id = (SELECT id FROM user_info WHERE username = $1) " + "AND app_id = (SELECT id FROM app_info WHERE name = $2)", + minuses) + return {} + + +async def new_app(request): + """Allows an admin to add a new app to be managed by Buckler.""" + data = await request.post() + app_name = data.get('app_name') + app_url = data.get('app_url') + app_key = data.get('app_key') + key_hash = argon2.hash(app_key) + + async with request.app['pool'].acquire() as conn: + await conn.execute( + "INSERT INTO app_info (name, url, key_hash) " + "VALUES ($1, $2, $3)", + app_name, app_url, key_hash) + return {} + + async def change_password(request): """Allows a user to change their password.""" errors = {} @@ -88,18 +138,3 @@ async def delete_session(request): "WHERE id = $1 AND user_id = $2", session_id, request['session']['id']) return {} - - -async def new_app(request): - data = await request.post() - app_name = data.get('app_name') - app_url = data.get('app_url') - app_key = data.get('app_key') - key_hash = argon2.hash(app_key) - - async with request.app['pool'].acquire() as conn: - await conn.execute( - "INSERT INTO app_info (name, url, key_hash) " - "VALUES ($1, $2, $3)", - app_name, app_url, key_hash) - return {} diff --git a/templates/index.html b/templates/index.html index c8a515b..88797f0 100644 --- a/templates/index.html +++ b/templates/index.html @@ -37,28 +37,30 @@

User Permissions

- - - - - {% for app in apps %} - + + +
User{{ app['name'] }}
+ + + + {% for app in apps %} + + {% endfor %} + + + + {% for username, values in users.items() %} + + + {% for app_name, value in values.items() %} + + {% endfor %} + {% endfor %} - - - - - {% for username, values in users.items() %} - - - {% for name, value in values.items() %} - - {% endfor %} - - - {% endfor %} - -
User{{ app['name'] }}
{{ username }}
{{ username }}
+ + + +