upstream/kallithea Commit - r305:61be6dcd

protected admin controllers

marcink -

r305:61be6dcd default

parent child

pylons_app/controllers/admin.py

0 +3 -5

             #!/usr/bin/env python
             # encoding: utf-8
             # admin controller for pylons
             # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; version 2
             # of the License or (at your opinion) any later version of the license.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
             # MA  02110-1301, USA.
             """
             Created on April 7, 2010
             admin controller for pylons
             @author: marcink
             """
             import logging
             from pylons import request, response, session, tmpl_context as c
             from pylons_app.lib.base import BaseController, render
             from pylons_app.model import meta
             from pylons_app.model.db import UserLog
             from webhelpers.paginate import Page
-            from pylons_app.lib.auth import LoginRequired
+            from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator
             log = logging.getLogger(__name__)
             class AdminController(BaseController):
                 @LoginRequired()
                 def __before__(self):
-                    user = session['hg_app_user']
-                    c.admin_user = user.is_admin
-                    c.admin_username = user.username
                     super(AdminController, self).__before__()
+                @HasPermissionAllDecorator('hg.admin')
                 def index(self):
                     sa = meta.Session
                     users_log = sa.query(UserLog).order_by(UserLog.action_date.desc())
                     p = int(request.params.get('page', 1))
                     c.users_log = Page(users_log, page=p, items_per_page=10)
                     c.log_data = render('admin/admin_log.html')
                     if request.params.get('partial'):
                         return c.log_data
                     return render('admin/admin.html')

pylons_app/controllers/permissions.py

0 +19 -6

             #!/usr/bin/env python
             # encoding: utf-8
             # permissions controller for pylons
             # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; version 2
             # of the License or (at your opinion) any later version of the license.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
             # MA  02110-1301, USA.
             """
             Created on April 27, 2010
             permissions controller for pylons
             @author: marcink
             """
+            from formencode import htmlfill
+            from pylons import request, session, tmpl_context as c, url
+            from pylons.controllers.util import abort, redirect
+            from pylons.i18n.translation import _
+            from pylons_app.lib import helpers as h
+            from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator
+            from pylons_app.lib.base import BaseController, render
+            from pylons_app.model.db import User, UserLog
+            from pylons_app.model.forms import UserForm
+            from pylons_app.model.user_model import UserModel
+            import formencode
             import logging
-            from pylons import request, response, session, tmpl_context as c, url
-            from pylons.controllers.util import abort, redirect
-            from pylons_app.lib.base import BaseController, render
             log = logging.getLogger(__name__)
             class PermissionsController(BaseController):
                 """REST Controller styled on the Atom Publishing Protocol"""
                 # To properly map this controller, ensure your config/routing.py
                 # file has a resource setup:
                 #     map.resource('permission', 'permissions')
+                @LoginRequired()
+                @HasPermissionAllDecorator('hg.admin')
+                def __before__(self):
+                    c.admin_user = session.get('admin_user')
+                    c.admin_username = session.get('admin_username')
+                    super(PermissionsController, self).__before__()
                 def index(self, format='html'):
                     """GET /permissions: All items in the collection"""
                     # url('permissions')
                     return render('admin/permissions/permissions.html')
                 def create(self):
                     """POST /permissions: Create a new item"""
                     # url('permissions')
                 def new(self, format='html'):
                     """GET /permissions/new: Form to create a new item"""
                     # url('new_permission')
                 def update(self, id):
                     """PUT /permissions/id: Update an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     #    <input type="hidden" name="_method" value="PUT" />
                     # Or using helpers:
                     #    h.form(url('permission', id=ID),
                     #           method='put')
                     # url('permission', id=ID)
                 def delete(self, id):
                     """DELETE /permissions/id: Delete an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     #    <input type="hidden" name="_method" value="DELETE" />
                     # Or using helpers:
                     #    h.form(url('permission', id=ID),
                     #           method='delete')
                     # url('permission', id=ID)
                 def show(self, id, format='html'):
                     """GET /permissions/id: Show a specific item"""
                     # url('permission', id=ID)
                 def edit(self, id, format='html'):
                     """GET /permissions/id/edit: Form to edit an existing item"""
                     # url('edit_permission', id=ID)

pylons_app/controllers/users.py

0 +6 -4

             #!/usr/bin/env python
             # encoding: utf-8
             # users controller for pylons
             # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; version 2
             # of the License or (at your opinion) any later version of the license.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
             # MA  02110-1301, USA.
             """
             Created on April 4, 2010
             users controller for pylons
             @author: marcink
             """
-            import logging
+            from formencode import htmlfill
             from pylons import request, session, tmpl_context as c, url
             from pylons.controllers.util import abort, redirect
             from pylons.i18n.translation import _
             from pylons_app.lib import helpers as h
-            from pylons_app.lib.auth import LoginRequired
+            from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator
             from pylons_app.lib.base import BaseController, render
             from pylons_app.model.db import User, UserLog
             from pylons_app.model.forms import UserForm
             from pylons_app.model.user_model import UserModel
             import formencode
-            from formencode import htmlfill
+            import logging
             log = logging.getLogger(__name__)
             class UsersController(BaseController):
                 """REST Controller styled on the Atom Publishing Protocol"""
                 # To properly map this controller, ensure your config/routing.py
                 # file has a resource setup:
                 #     map.resource('user', 'users')
                 @LoginRequired()
+                @HasPermissionAllDecorator('hg.admin')
                 def __before__(self):
                     c.admin_user = session.get('admin_user')
                     c.admin_username = session.get('admin_username')
                     super(UsersController, self).__before__()
                 def index(self, format='html'):
                     """GET /users: All items in the collection"""
                     # url('users')
                     c.users_list = self.sa.query(User).all()
                     return render('admin/users/users.html')
                 def create(self):
                     """POST /users: Create a new item"""
                     # url('users')
                     user_model = UserModel()
                     login_form = UserForm()()
                     try:
                         form_result = login_form.to_python(dict(request.POST))
                         user_model.create(form_result)
                         h.flash(_('created user %s') % form_result['username'],
                                 category='success')
                     except formencode.Invalid as errors:
                         c.form_errors = errors.error_dict
                         return htmlfill.render(
                              render('admin/users/user_add.html'),
                             defaults=errors.value,
                             encoding="UTF-8")
                     except Exception:
                         h.flash(_('error occured during creation of user %s') \
                                 % form_result['username'], category='error')
                     return redirect(url('users'))
                 def new(self, format='html'):
                     """GET /users/new: Form to create a new item"""
                     # url('new_user')
                     return render('admin/users/user_add.html')
                 def update(self, id):
                     """PUT /users/id: Update an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     #    <input type="hidden" name="_method" value="PUT" />
                     # Or using helpers:
                     #    h.form(url('user', id=ID),
                     #           method='put')
                     # url('user', id=ID)
                     user_model = UserModel()
                     _form = UserForm(edit=True)()
                     try:
                         form_result = _form.to_python(dict(request.POST))
                         user_model.update(id, form_result)
                         h.flash(_('User updated succesfully'), category='success')
                     except formencode.Invalid as errors:
                         c.user = user_model.get_user(id)
                         c.form_errors = errors.error_dict
                         return htmlfill.render(
                              render('admin/users/user_edit.html'),
                             defaults=errors.value,
                             encoding="UTF-8")
                     except Exception:
                         h.flash(_('error occured during update of user %s') \
                                 % form_result['username'], category='error')
                     return redirect(url('users'))
                 def delete(self, id):
                     """DELETE /users/id: Delete an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     #    <input type="hidden" name="_method" value="DELETE" />
                     # Or using helpers:
                     #    h.form(url('user', id=ID),
                     #           method='delete')
                     # url('user', id=ID)
                     user_model = UserModel()
                     try:
                         user_model.delete(id)
                         h.flash(_('sucessfully deleted user'), category='success')
                     except Exception:
                         h.flash(_('An error occured during deletion of user'),
                                 category='error')
                     return redirect(url('users'))
                 def show(self, id, format='html'):
                     """GET /users/id: Show a specific item"""
                     # url('user', id=ID)
                 def edit(self, id, format='html'):
                     """GET /users/id/edit: Form to edit an existing item"""
                     # url('edit_user', id=ID)
                     c.user = self.sa.query(User).get(id)
                     defaults = c.user.__dict__
                     return htmlfill.render(
                         render('admin/users/user_edit.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages