make user and group admin work fine

pboard/pboard/controllers/admingroup.py

 
 from pboard.lib import dbapi as pld
 
-class GroupField(PropertyMultipleSelectField):
-    """ Shows a limited list of groups """
-
-    def prepare(self):
-        # self.entity = pma.Group
-        #self.__class__.entity
-
-        visible_groups = pm.DBSession.query(pma.Group).\
-            filter(pma.Group.group_id>0).\
-            filter(pma.Group.group_id!=pma.Group.GROUP_ID_ALL_USERS).all()
-
-        self.options = [(group.group_id, group.getDisplayName()) for group in visible_groups]
-
-        if not self.value:
-            self.value = []
-        self.value = [unicode_text(v) for v in self.value]
-
-        super(PropertyMultipleSelectField, self).prepare()
-
-
-class AdminUserController(CrudRestController):
-    model = pma.User
+class AdminGroupController(CrudRestController):
+    model = pma.Group
 
     class new_form_type(AddRecordForm):
-        __model__ = pma.User
+        __model__ = pma.Group
+        __require_fields__     = ['group_name', 'display_name', 'users', 'personnal_group']
+        __omit_fields__        = ['created', 'permissions', '_lRights']
+        __field_order__        = ['group_name', 'display_name', 'users']
+
+        __headers__ = dict(group_name='Unique name', display_name='Visible name')
 
-        __require_fields__     = ['display_name', 'email_address', 'password', 'verify_password', 'groups']
-        __omit_fields__        = ['_password', 'created', 'user_id', '_lAllNodes']
-        __field_order__        = ['display_name', 'email_address', 'password', 'verify_password', 'groups']
+        group_name = tw2f.TextField('group_name')
+        display_name = tw2f.TextField('display_name')
+        personnal_group = tw2f.HiddenField('personnal_group', value='off')
 
-        email_address          = tw2f.TextField('email_address')
-        display_name           = tw2f.TextField('display_name')
-        verify_password        = tw2f.PasswordField('verify_password')
-        groups = GroupField('groups')
 
     class edit_form_type(EditableForm):
-        __model__ = pma.User
+        __model__ = pma.Group
+        __require_fields__     = ['group_name', 'display_name', 'users']
+        __omit_fields__        = ['personnal_group', 'created', 'permissions', '_lRights']
+        __field_order__        = ['group_name', 'display_name']
 
-        __require_fields__     = ['display_name', 'email_address', 'groups']
-        __omit_fields__        = ['_password', 'created', 'user_id', '_lAllNodes', 'password']
-        __field_order__        = ['display_name', 'email_address', 'groups']
+        __headers__ = dict(group_name='Unique name', display_name='Visible name')
 
-        email_address          = tw2f.TextField('email_address')
-        display_name           = tw2f.TextField('display_name')
-        groups = GroupField('groups')
 
     class edit_filler_type(EditFormFiller):
-        __model__ = pma.User
+        __model__ = pma.Group
 
-    class table_type(TableBase):
-        __model__ = pma.User
-        __limit_fields__ = ['user_id', 'email_address', 'display_name', 'groups']
-        __field_order__ = ['user_id', 'display_name', 'email_address', 'groups']
-        __headers__ = dict(user_id='id', email_address='Email', display_name='Name', groups='Groups')
-        __xml_fields__ = ['groups']
-
-    class table_filler_type(TableFiller):
-        __model__ = pma.User
-        __limit_fields__ = ['user_id', 'email_address', 'display_name', 'groups']
-
-        def groups(self, obj):
-            groups = ''.join(['<li>{0}</li>'.format(group.getDisplayName()) for group in obj.groups if group.group_id>0])
-            return groups.join(('<ul>', '</ul>'))
-
-    @tg.expose()
-    #@tg.validate(new_user_validator, error_handler=CrudRestController.new)
-    def post(self, *args, **kw):
-
-        real_name = kw['display_name']
-        email = kw['email_address']
-        groups = kw['groups'] if 'groups' in kw else []
-        password = kw['password']
-
-        new_user = pld.PODStaticController.createNewUser(real_name, email, password, groups)
-        if tg.request.response_type == 'application/json':
-            if new_user is not None and self.conditional_update_field is not None:
-                tg.response.last_modified = getattr(new_user, self.conditional_update_field)
-
-            return dict(model=self.model.__name__,
-                        value=self._dictify(new_user))
-
-        return tg.redirect('./', params=self._kept_params())
 
+    class table_type(TableBase):
+        __model__ = pma.Group
+        __limit_fields__ = ['group_id', 'group_name', 'display_name', 'users']
+        __headers__ = dict(group_id='id', group_name='Unique name', display_name='Visible name', users='Users')
+        __xml_fields__ = ['users']
 
-    @tg.expose()
-    def post_delete(self, *args, **kw):
-        user_id = int(args[0])
 
-        pld.PODStaticController.deleteUser(user_id)
-        return tg.redirect('./', params=self._kept_params())
+    class table_filler_type(TableFiller):
+        __model__ = pma.Group
+        __limit_fields__ = ['group_id', 'group_name', 'display_name', 'users']
+        #__add_fields__ = {'associated_users':None}
+
+        def _do_get_provider_count_and_objs(self, groups=None, **kw):
+            groups = pm.DBSession.query(pma.Group).\
+                filter(pma.Group.group_id>0).\
+                filter(pma.Group.group_id != pma.Group.GROUP_ID_ALL_USERS).\
+                filter(pma.Group.group_id != pma.Group.GROUP_ID_MANAGERS).\
+                all()
+            return len(groups), groups
+
+        def users(self, obj):
+            users = ''.join(['<li>{0}</li>'.format(user.getDisplayName()) for user in obj.users])
+            return users.join(('<ul>', '</ul>'))

pboard/pboard/controllers/apipublic.py

           tg.flash(_('Account creation error: account already exist: %s') % (email), 'error')
           tg.redirect(tg.lurl('/'))
 
-        loNewAccount = pld.PODStaticController.createUser()
-        loNewAccount.email_address = email
-        loNewAccount.display_name  = real_name if real_name!='' else email
-        loNewAccount.password      = password
-
-        loUserGroup = pld.PODStaticController.getGroup('user')
-        loUserGroup.users.append(loNewAccount)
-
-        pm.DBSession.add(loNewAccount)
-        pm.DBSession.flush()
-        pm.DBSession.refresh(loNewAccount)
-
-        loUserSpecificGroup = pld.PODStaticController.createGroup()
-
-        loUserSpecificGroup.group_id = 0-loNewAccount.user_id # group id of a given user is the opposite of the user id
-        loUserSpecificGroup.group_name = 'user_%d' % loNewAccount.user_id
-        loUserSpecificGroup.personnal_group = True
-        loUserSpecificGroup.users.append(loNewAccount)
-
-        pm.DBSession.flush()
+        loNewAccount = pld.PODStaticController.createNewUser(real_name if real_name!='' else email, email, password, [])
 
         tg.flash(_('Account successfully created: %s') % (email), 'info')
 

pboard/pboard/controllers/root.py

 from pboard.controllers import api as pca
 from pboard.controllers import apipublic as pcap
 from pboard.controllers import debug as pbcd
+from pboard.controllers import adminuser as pbcu
+from pboard.controllers import admingroup as pbcg
 
 from pboard import model as pm
 
 __all__ = ['RootController']
 
 
+class AdminController(BaseController):
+    users = pbcu.AdminUserController(pm.DBSession)
+    groups = pbcg.AdminGroupController(pm.DBSession)
+
+
 class RootController(BaseController):
     """
     The root controller for the pboard application.
 
     """
 
-    admin = tgac.AdminController(
-        [pm.Group, pm.User],
-        pm.DBSession,
-        config_type = pcad.PodAdminConfig
-    )
+    admin = AdminController()
 
     api   = pca.PODApiController()
     debug = pbcd.DebugController()

pboard/pboard/lib/dbapi.py

 import sqlalchemy.orm as sqlao
 import sqlalchemy as sqla
 
-from pboard.model import DeclarativeBase, metadata, DBSession
 from pboard.model import data as pbmd
 from pboard.model import auth as pbma
 import pboard.model as pbm
     return loUser
   
   @classmethod
-  def createUser(cls):
+  def createNewUser(cls, real_name, email_address, password, groups):
     loUser = pbma.User()
-    return loUser
-  
+    new_user = pbma.User()
+    new_user.email_address = email_address
+    new_user.display_name  = real_name if real_name!='' else email_address
+    new_user.password      = password
+
+    public_group = cls.getGroupById(pbma.Group.GROUP_ID_ALL_USERS)
+    public_group.users.append(new_user)
+
+    pbm.DBSession.add(new_user)
+    pbm.DBSession.flush()
+    pbm.DBSession.refresh(new_user)
+
+    user_dedicated_group = cls.createGroup()
+    user_dedicated_group.group_id = 0-new_user.user_id # group id of a given user is the opposite of the user id
+    user_dedicated_group.group_name = 'user_%d' % new_user.user_id
+    user_dedicated_group.personnal_group = True
+    user_dedicated_group.users.append(new_user)
+
+    for group_id in groups:
+        selected_group = cls.getGroupById(group_id)
+        selected_group.users.append(new_user)
+
+    pbm.DBSession.flush()
+
+    return new_user
+
+  @classmethod
+  def updateUser(cls, user_id, real_name, email, group_ids):
+
+      group_ids = list(map(int, group_ids))
+      group_ids.append(pbma.Group.GROUP_ID_ALL_USERS)
+      print('new group ids:', group_ids)
+      user_to_update = pbm.DBSession.query(pbma.User).filter(pbma.User.user_id==user_id).one()
+      user_to_update.display_name = real_name
+      user_to_update.email_address = email
+
+      merged_new_groups = []
+
+      for group in user_to_update.groups:
+          if group.group_id==pbma.Group.GROUP_ID_MANAGERS:
+              print('adding group (3)', group.group_id)
+              merged_new_groups.append(group)
+
+          elif group.group_id==pbma.Group.GROUP_ID_ALL_USERS:
+              print('adding group (2)', group.group_id)
+              merged_new_groups.append(group)
+
+          elif group.group_id in group_ids:
+              print('adding group', group.group_id)
+              merged_new_groups.append(group)
+
+          else:
+              print('remove group', group.group_id)
+              user_to_update.groups.remove(group)
+
+      for group_id in group_ids:
+          group = cls.getGroupById(group_id)
+
+          if group not in merged_new_groups:
+              merged_new_groups.append(group)
+
+      user_to_update.groups = merged_new_groups
+
+      for group in merged_new_groups:
+          print("group => ", group.group_id)
+      pbm.DBSession.flush()
+
+  @classmethod
+  def deleteUser(cls, user_id):
+      user_to_delete = pbm.DBSession.query(pbma.User).filter(pbma.User.user_id==user_id).one()
+      user_dedicated_group = pbm.DBSession.query(pbma.Group).filter(pbma.Group.group_id==-user_id).one()
+      pbm.DBSession.delete(user_to_delete)
+      pbm.DBSession.delete(user_dedicated_group)
+      pbm.DBSession.flush()
+
   @classmethod
   def getGroup(cls, psGroupName):
     loGroup = pbma.Group.by_group_name(psGroupName)
     return loGroup
 
   @classmethod
+  def getGroupById(cls, group_id):
+    return pbm.DBSession.query(pbma.Group).filter(pbma.Group.group_id==group_id).one()
+
+  @classmethod
   def createGroup(cls):
     loGroup = pbma.Group()
     return loGroup
   @classmethod
   def getRealGroupRightsOnNode(cls, piNodeId: int) -> pbmd.DIRTY_GroupRightsOnNode:
 
-    groupRightsOnNodeCustomSelect = DBSession\
+    groupRightsOnNodeCustomSelect = pbm.DBSession\
         .query(pbmd.DIRTY_GroupRightsOnNode)\
         .from_statement(pbmd.DIRTY_RealGroupRightOnNodeSqlQuery)\
         .params(node_id=piNodeId)\
   @classmethod
   def getUserDedicatedGroupRightsOnNode(cls, piNodeId: int) -> pbmd.DIRTY_GroupRightsOnNode:
 
-    groupRightsOnNodeCustomSelect = DBSession\
+    groupRightsOnNodeCustomSelect = pbm.DBSession\
         .query(pbmd.DIRTY_GroupRightsOnNode)\
         .from_statement(pbmd.DIRTY_UserDedicatedGroupRightOnNodeSqlQuery)\
         .params(node_id=piNodeId)\
         loNode.parent_id = parent_id
 
     if inherit_rights:
-        parent_node = DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.node_id==parent_id).one()
+        parent_node = pbm.DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.node_id==parent_id).one()
         self.copy_rights(parent_node, loNode)
 
-    DBSession.add(loNode)
+    pbm.DBSession.add(loNode)
 
     return loNode
 
     lsNodeIdFiltering = lsSqlSelectQuery % (str(self._iCurrentUserId))
 
     if liNodeId!=None and liNodeId!=0:
-      return DBSession.query(pbmd.PBNode).options(sqlao.joinedload_all("_oParent"), sqlao.joinedload_all("_lAllChildren"))\
+      return pbm.DBSession.query(pbmd.PBNode).options(sqlao.joinedload_all("_oParent"), sqlao.joinedload_all("_lAllChildren"))\
         .filter(pbmd.PBNode.node_id==liNodeId)\
         .filter(
           sqla.or_(
     Returns a list of nodes order by modification time and limited to piMaxNodeNb nodes
     """
     liOwnerIdList = self._getUserIdListForFiltering()
-    return DBSession.query(pbmd.PBNode).options(joinedload_all("_lAllChildren")).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).order_by(pbmd.PBNode.updated_at.desc()).limit(piMaxNodeNb).all()
+    return pbm.DBSession.query(pbmd.PBNode).options(joinedload_all("_lAllChildren")).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).order_by(pbmd.PBNode.updated_at.desc()).limit(piMaxNodeNb).all()
 
 
   def getListOfAllowedNodes(self, reset_cache=False) -> pbmd.PBNode:
             ORDER BY node_id ASC
         """
 
-        loNodeListResult = DBSession.query(pbmd.PBNode).\
+        loNodeListResult = pbm.DBSession.query(pbmd.PBNode).\
             from_statement(lsSqlQuery).\
             params(owner_id=self._iCurrentUserId)
         allowed_nodes = loNodeListResult.all()
 
     loKeywordFilteringClausesAsOr = sqla.or_(*loKeywordFilteringClauses) # Combine them with or to a BooleanClauseList
 
-    loResultsForSomeKeywords = DBSession.query(pbmd.PBNode).options(joinedload_all("_lAllChildren")).join(pbma.Rights).join(pbma.user_group_table, pbma.Rights.group_id==pbma.user_group_table.columns['group_id'])\
+    loResultsForSomeKeywords = pbm.DBSession.query(pbmd.PBNode).options(joinedload_all("_lAllChildren")).join(pbma.Rights).join(pbma.user_group_table, pbma.Rights.group_id==pbma.user_group_table.columns['group_id'])\
         .filter(loKeywordFilteringClausesAsOr)\
         .filter((pbmd.PBNode.owner_id.in_(liOwnerIdList)) | (pbma.user_group_table.c.user_id.in_(liOwnerIdList) & pbmd.PBNode.is_shared))\
         .order_by(sqla.desc(pbmd.PBNode.node_type))\
 
   def getNodesByStatus(self, psNodeStatus, piMaxNodeNb=5):
     liOwnerIdList = self._getUserIdListForFiltering()
-    return DBSession.query(pbmd.PBNode).options(joinedload_all("_lAllChildren")).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.node_status==psNodeStatus).order_by(pbmd.PBNode.updated_at).limit(piMaxNodeNb).all()
+    return pbm.DBSession.query(pbmd.PBNode).options(joinedload_all("_lAllChildren")).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.node_status==psNodeStatus).order_by(pbmd.PBNode.updated_at).limit(piMaxNodeNb).all()
 
 
   def getChildNodesForMenu(self, poParentNode: pbmd.PBNode, allowed_nodes: [pbmd.PBNode]) -> [pbmd.PBNode]:
             visible_child_nodes.append(child_node)
     else:
         # Root case
-        parent_nodes = DBSession
+        parent_nodes = pbm.DBSession
         for allowed_node in allowed_nodes:
             print("     @@@@@@@@@@@@@@@@ BEFORE @@@@@@@@@@@@@@@@ ")
             # loParent = allowed_node._oParent
 
   def getParentNode(self, loNode):
     liOwnerIdList = self._getUserIdListForFiltering()
-    return DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.node_id==loNode.parent_id).one()
+    return pbm.DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.node_id==loNode.parent_id).one()
 
   def getSiblingNodes(self, poNode, pbReverseOrder=False):
     liOwnerIdList = self._getUserIdListForFiltering()
     
     if pbReverseOrder:
-      return DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.parent_id==poNode.parent_id).order_by(pbmd.PBNode.node_order.desc()).all()
+      return pbm.DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.parent_id==poNode.parent_id).order_by(pbmd.PBNode.node_order.desc()).all()
     else:
-      return DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.parent_id==poNode.parent_id).order_by(pbmd.PBNode.node_order).all()
+      return pbm.DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.parent_id==poNode.parent_id).order_by(pbmd.PBNode.node_order).all()
 
   def resetNodeOrderOfSiblingNodes(self, loSiblingNodes):
     liNewWeight = 0
 
   def getNodeFileContent(self, liNodeId):
     liOwnerIdList = self._getUserIdListForFiltering()
-    return DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.node_id==liNodeId).one().data_file_content
+    return pbm.DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.node_id==liNodeId).one().data_file_content
 
   def deleteNode(loNode):
     # INFO - D.A. - 2013-11-07 - should be save as getNode should return only accessible nodes
-    DBSession.delete(loNode)
+    pbm.DBSession.delete(loNode)
     return
 
   def createRight(self):

pboard/pboard/model/auth.py

 
 
 class Group(DeclarativeBase):
+    GROUP_ID_ALL_USERS = 2
+    GROUP_ID_MANAGERS = 1
 
     __tablename__ = 'pod_group'
 

pboard/pboard/templates/master.mak

                 Admin <b class="caret"></b>
               </a>
               <ul class="dropdown-menu">
-                <li><a href="${tg.url('/admin/users')}"><i class="fa fa-user"></i> ${_('List users')}</a></li>
-                <li><a href="${tg.url('/admin/groups')}"><i class="fa fa-group"></i> ${_('Manage groups')}</a></li>
+                <li><a href="${tg.url('/admin/users')}"><i class="fa fa-user"></i> ${_('Users')}</a></li>
+                <li><a href="${tg.url('/admin/groups')}"><i class="fa fa-group"></i> ${_('Groups')}</a></li>
                 % if request.identity and 'managers' in request.identity['groups']:
                   <li class="divider" role="presentation"></li>
                   <li><a href="${tg.url('/admin')}"><i class="fa fa-magic"></i> Manage all</a></li>