change user permissions works
This commit is contained in:
parent
818c874352
commit
1c3124155c
|
@ -34,10 +34,11 @@ async def index(request):
|
||||||
|
|
||||||
forms_ = {
|
forms_ = {
|
||||||
'invite_user': forms.invite_user,
|
'invite_user': forms.invite_user,
|
||||||
|
'change_user_perms': forms.change_user_perms,
|
||||||
|
'new_app': forms.new_app,
|
||||||
'change_password': forms.change_password,
|
'change_password': forms.change_password,
|
||||||
'delete_key': forms.delete_key,
|
'delete_key': forms.delete_key,
|
||||||
'delele_session': forms.delete_session,
|
'delele_session': forms.delete_session,
|
||||||
'new_app': forms.new_app,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if not forms_.get(form):
|
if not forms_.get(form):
|
||||||
|
|
65
forms.py
65
forms.py
|
@ -23,6 +23,56 @@ async def invite_user(request):
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
|
|
||||||
|
async def change_user_perms(request):
|
||||||
|
"""Allows an admin to change user permissions."""
|
||||||
|
data = await request.post()
|
||||||
|
pluses = []
|
||||||
|
for key, value in data.items():
|
||||||
|
if key == 'form_name':
|
||||||
|
continue
|
||||||
|
username, _, app_name = key.partition('-')
|
||||||
|
pluses.append((username, app_name))
|
||||||
|
|
||||||
|
async with request.app['pool'].acquire() as conn:
|
||||||
|
apps = await conn.fetch(
|
||||||
|
"SELECT id, name FROM app_info")
|
||||||
|
users = {p[0] for p in pluses}
|
||||||
|
minuses = []
|
||||||
|
for user in users:
|
||||||
|
for app in apps:
|
||||||
|
minuses.append((user, app['name']))
|
||||||
|
minuses = [m for m in minuses if m not in pluses]
|
||||||
|
|
||||||
|
await conn.executemany(
|
||||||
|
"INSERT INTO app_user (user_id, app_id) "
|
||||||
|
"VALUES ((SELECT id FROM user_info WHERE username = $1), "
|
||||||
|
"(SELECT id FROM app_info WHERE name = $2)) "
|
||||||
|
"ON CONFLICT ON CONSTRAINT app_user_pkey DO NOTHING",
|
||||||
|
pluses)
|
||||||
|
await conn.executemany(
|
||||||
|
"DELETE FROM app_user "
|
||||||
|
"WHERE user_id = (SELECT id FROM user_info WHERE username = $1) "
|
||||||
|
"AND app_id = (SELECT id FROM app_info WHERE name = $2)",
|
||||||
|
minuses)
|
||||||
|
return {}
|
||||||
|
|
||||||
|
|
||||||
|
async def new_app(request):
|
||||||
|
"""Allows an admin to add a new app to be managed by Buckler."""
|
||||||
|
data = await request.post()
|
||||||
|
app_name = data.get('app_name')
|
||||||
|
app_url = data.get('app_url')
|
||||||
|
app_key = data.get('app_key')
|
||||||
|
key_hash = argon2.hash(app_key)
|
||||||
|
|
||||||
|
async with request.app['pool'].acquire() as conn:
|
||||||
|
await conn.execute(
|
||||||
|
"INSERT INTO app_info (name, url, key_hash) "
|
||||||
|
"VALUES ($1, $2, $3)",
|
||||||
|
app_name, app_url, key_hash)
|
||||||
|
return {}
|
||||||
|
|
||||||
|
|
||||||
async def change_password(request):
|
async def change_password(request):
|
||||||
"""Allows a user to change their password."""
|
"""Allows a user to change their password."""
|
||||||
errors = {}
|
errors = {}
|
||||||
|
@ -88,18 +138,3 @@ async def delete_session(request):
|
||||||
"WHERE id = $1 AND user_id = $2",
|
"WHERE id = $1 AND user_id = $2",
|
||||||
session_id, request['session']['id'])
|
session_id, request['session']['id'])
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
|
|
||||||
async def new_app(request):
|
|
||||||
data = await request.post()
|
|
||||||
app_name = data.get('app_name')
|
|
||||||
app_url = data.get('app_url')
|
|
||||||
app_key = data.get('app_key')
|
|
||||||
key_hash = argon2.hash(app_key)
|
|
||||||
|
|
||||||
async with request.app['pool'].acquire() as conn:
|
|
||||||
await conn.execute(
|
|
||||||
"INSERT INTO app_info (name, url, key_hash) "
|
|
||||||
"VALUES ($1, $2, $3)",
|
|
||||||
app_name, app_url, key_hash)
|
|
||||||
return {}
|
|
||||||
|
|
|
@ -37,6 +37,8 @@
|
||||||
<h3>User Permissions</h3>
|
<h3>User Permissions</h3>
|
||||||
<article style="display: none;">
|
<article style="display: none;">
|
||||||
<hr>
|
<hr>
|
||||||
|
<form method="post" enctype="application/x-www-form-urlencoded">
|
||||||
|
<input name="form_name" type="hidden" value="change_user_perms">
|
||||||
<table id="users">
|
<table id="users">
|
||||||
<thead>
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
|
@ -44,21 +46,21 @@
|
||||||
{% for app in apps %}
|
{% for app in apps %}
|
||||||
<th>{{ app['name'] }}</th>
|
<th>{{ app['name'] }}</th>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
<th></th>
|
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
{% for username, values in users.items() %}
|
{% for username, values in users.items() %}
|
||||||
<tr>
|
<tr>
|
||||||
<td>{{ username }}</td>
|
<td>{{ username }}</td>
|
||||||
{% for name, value in values.items() %}
|
{% for app_name, value in values.items() %}
|
||||||
<td><input aria-label="{{ username }}-{{ name }}" data-app-name={{ name }} type="checkbox" onchange="perm_change(this.parentElement.parentElement)"{% if value %} checked{% endif %}></td>
|
<td><input aria-label="{{ username }}-{{ app_name }}" name="{{ username }}-{{ app_name }}" data-app-name={{ app_name }} type="checkbox"{% if value %} checked{% endif %}></td>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
<td><input type="submit" value="Save" onclick="submit_user_perms(this.parentElement.parentElement)"></td>
|
|
||||||
</tr>
|
</tr>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
<input type="submit" value="Submit">
|
||||||
|
</form>
|
||||||
</article>
|
</article>
|
||||||
</section>
|
</section>
|
||||||
<br>
|
<br>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user