change user permissions works
This commit is contained in:
parent
818c874352
commit
1c3124155c
|
|
@ -34,10 +34,11 @@ async def index(request):
|
|||
|
||||
forms_ = {
|
||||
'invite_user': forms.invite_user,
|
||||
'change_user_perms': forms.change_user_perms,
|
||||
'new_app': forms.new_app,
|
||||
'change_password': forms.change_password,
|
||||
'delete_key': forms.delete_key,
|
||||
'delele_session': forms.delete_session,
|
||||
'new_app': forms.new_app,
|
||||
}
|
||||
|
||||
if not forms_.get(form):
|
||||
|
|
|
|||
65
forms.py
65
forms.py
|
|
@ -23,6 +23,56 @@ async def invite_user(request):
|
|||
return {}
|
||||
|
||||
|
||||
async def change_user_perms(request):
|
||||
"""Allows an admin to change user permissions."""
|
||||
data = await request.post()
|
||||
pluses = []
|
||||
for key, value in data.items():
|
||||
if key == 'form_name':
|
||||
continue
|
||||
username, _, app_name = key.partition('-')
|
||||
pluses.append((username, app_name))
|
||||
|
||||
async with request.app['pool'].acquire() as conn:
|
||||
apps = await conn.fetch(
|
||||
"SELECT id, name FROM app_info")
|
||||
users = {p[0] for p in pluses}
|
||||
minuses = []
|
||||
for user in users:
|
||||
for app in apps:
|
||||
minuses.append((user, app['name']))
|
||||
minuses = [m for m in minuses if m not in pluses]
|
||||
|
||||
await conn.executemany(
|
||||
"INSERT INTO app_user (user_id, app_id) "
|
||||
"VALUES ((SELECT id FROM user_info WHERE username = $1), "
|
||||
"(SELECT id FROM app_info WHERE name = $2)) "
|
||||
"ON CONFLICT ON CONSTRAINT app_user_pkey DO NOTHING",
|
||||
pluses)
|
||||
await conn.executemany(
|
||||
"DELETE FROM app_user "
|
||||
"WHERE user_id = (SELECT id FROM user_info WHERE username = $1) "
|
||||
"AND app_id = (SELECT id FROM app_info WHERE name = $2)",
|
||||
minuses)
|
||||
return {}
|
||||
|
||||
|
||||
async def new_app(request):
|
||||
"""Allows an admin to add a new app to be managed by Buckler."""
|
||||
data = await request.post()
|
||||
app_name = data.get('app_name')
|
||||
app_url = data.get('app_url')
|
||||
app_key = data.get('app_key')
|
||||
key_hash = argon2.hash(app_key)
|
||||
|
||||
async with request.app['pool'].acquire() as conn:
|
||||
await conn.execute(
|
||||
"INSERT INTO app_info (name, url, key_hash) "
|
||||
"VALUES ($1, $2, $3)",
|
||||
app_name, app_url, key_hash)
|
||||
return {}
|
||||
|
||||
|
||||
async def change_password(request):
|
||||
"""Allows a user to change their password."""
|
||||
errors = {}
|
||||
|
|
@ -88,18 +138,3 @@ async def delete_session(request):
|
|||
"WHERE id = $1 AND user_id = $2",
|
||||
session_id, request['session']['id'])
|
||||
return {}
|
||||
|
||||
|
||||
async def new_app(request):
|
||||
data = await request.post()
|
||||
app_name = data.get('app_name')
|
||||
app_url = data.get('app_url')
|
||||
app_key = data.get('app_key')
|
||||
key_hash = argon2.hash(app_key)
|
||||
|
||||
async with request.app['pool'].acquire() as conn:
|
||||
await conn.execute(
|
||||
"INSERT INTO app_info (name, url, key_hash) "
|
||||
"VALUES ($1, $2, $3)",
|
||||
app_name, app_url, key_hash)
|
||||
return {}
|
||||
|
|
|
|||
|
|
@ -37,28 +37,30 @@
|
|||
<h3>User Permissions</h3>
|
||||
<article style="display: none;">
|
||||
<hr>
|
||||
<table id="users">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>User</th>
|
||||
{% for app in apps %}
|
||||
<th>{{ app['name'] }}</th>
|
||||
<form method="post" enctype="application/x-www-form-urlencoded">
|
||||
<input name="form_name" type="hidden" value="change_user_perms">
|
||||
<table id="users">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>User</th>
|
||||
{% for app in apps %}
|
||||
<th>{{ app['name'] }}</th>
|
||||
{% endfor %}
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for username, values in users.items() %}
|
||||
<tr>
|
||||
<td>{{ username }}</td>
|
||||
{% for app_name, value in values.items() %}
|
||||
<td><input aria-label="{{ username }}-{{ app_name }}" name="{{ username }}-{{ app_name }}" data-app-name={{ app_name }} type="checkbox"{% if value %} checked{% endif %}></td>
|
||||
{% endfor %}
|
||||
</tr>
|
||||
{% endfor %}
|
||||
<th></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for username, values in users.items() %}
|
||||
<tr>
|
||||
<td>{{ username }}</td>
|
||||
{% for name, value in values.items() %}
|
||||
<td><input aria-label="{{ username }}-{{ name }}" data-app-name={{ name }} type="checkbox" onchange="perm_change(this.parentElement.parentElement)"{% if value %} checked{% endif %}></td>
|
||||
{% endfor %}
|
||||
<td><input type="submit" value="Save" onclick="submit_user_perms(this.parentElement.parentElement)"></td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
</tbody>
|
||||
</table>
|
||||
<input type="submit" value="Submit">
|
||||
</form>
|
||||
</article>
|
||||
</section>
|
||||
<br>
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user