Merge branch 'master' of bitbucket.org:lebouquetin/protov1

pboard/pboard/controllers/api.py

@@ -23,6 +23,7 @@ from tg.i18n import ugettext as _, lazy_ugettext as l_
 from pboard.lib.base import BaseController
 from pboard.lib   import dbapi as pld
 from pboard.model import data as pmd
+from pboard.model import auth as pma
 from pboard import model as pm
 from pboard.lib.auth import can_read, can_write
 
@@ -299,3 +300,56 @@ class PODApiController(BaseController):
       # - if root node, then exception
       # - this redirect is done in order to be adapted to comment share status toggle
       redirect(lurl('/document/%s#tab-comments'%(loNode._oParent.node_id)))
+
+    @expose()
+    @require(can_read())
+    def set_access_management(self, node_id, is_shared='off', read=[0], write=[0]):
+
+      llReadAccessGroupIds = [int(liGroupId) for liGroupId in read]
+      llWriteAccessGroupIds = [int(liGroupId) for liGroupId in write]
+
+      # HACK - D.A. - 2015-058-20
+      # the 0 values are added in order to get a read and write parameters as list even if only one value is inside
+      # (the default behavior of TG2 is to convert it to a string value if only one value is sent
+      #
+      llReadAccessGroupIds.remove(0) # remove useless value
+      llWriteAccessGroupIds.remove(0) # remove useless value
+
+      loCurrentUser   = pld.PODStaticController.getCurrentUser()
+      loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
+
+      loNode = loApiController.getNode(node_id)
+      # loNode._lRights = list()
+
+      # SHARE IS OFF, so deactivate the document share (and do not change "shared-with" group configuration
+      if is_shared=='off':
+        loNode.is_shared = False
+        pm.DBSession.flush()
+        redirect(lurl('/document/%s#tab-accessmanagement'%(loNode.node_id)))
+
+      # SHARE IS ON, so remove all current shares and set the new ones
+      loNode.is_shared = True
+
+      for loRight in loNode._lRights:
+        pm.DBSession.delete(loRight)
+      pm.DBSession.flush()
+
+      ldNewRights = dict()
+      for liGroupId in llReadAccessGroupIds:
+        ldNewRights[liGroupId] = pma.Rights.READ_ACCESS
+
+      for liGroupId in llWriteAccessGroupIds:
+        liOldValue = 0
+        if liGroupId in ldNewRights:
+          liOldValue = ldNewRights[liGroupId]
+        ldNewRights[liGroupId] = liOldValue + pma.Rights.WRITE_ACCESS
+
+      for liGroupId, liRightLevel in ldNewRights.items():
+        loNewRight = loApiController.createRight()
+        loNewRight.group_id = liGroupId
+        loNewRight.node_id = node_id
+        loNewRight.rights = liRightLevel
+        loNode._lRights.append(loNewRight)
+
+      redirect(lurl('/document/%s#tab-accessmanagement'%(loNode.node_id)))
+

pboard/pboard/controllers/root.py

@@ -116,13 +116,13 @@ class RootController(BaseController):
     @expose('pboard.templates.document')
     #@require(predicates.in_group('user', msg=l_('Please login to access this page')))
     @require(can_read())
-    def document(self, node=0, version=0, came_from=lurl('/'), highlight=''):
+    def document(self, node_id=0, version=0, came_from=lurl('/'), highlight=''):
         """show the user dashboard"""
         loCurrentUser   = pld.PODStaticController.getCurrentUser()
         loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
 
         loRootNodeList = loApiController.buildTreeListForMenu(pbmd.PBNodeStatus.getVisibleIdsList())
-        liNodeId         = int(node)
+        liNodeId         = int(node_id)
         liVersionId      = int(version)
 
         loCurrentNode    = None

pboard/pboard/lib/auth.py

@@ -11,17 +11,28 @@ class can_read(Predicate):
         pass
 
     def evaluate(self, environ, credentials):
-        if 'node' in environ['webob.adhoc_attrs']['validation']['values']:
-            node_id = environ['webob.adhoc_attrs']['validation']['values']['node']
+        if 'node_id' in environ['webob.adhoc_attrs']['validation']['values']:
+            node_id = environ['webob.adhoc_attrs']['validation']['values']['node_id']
             if node_id!=0:
                 has_right = session.execute("""
-                        select *
-                        from pod_group_node pgn
+                    select
+                        node_id
+                    from
+                        pod_group_node pgn
                         join pod_user_group pug on pug.group_id = pgn.group_id
                         join pod_user pu on pug.user_id = pu.user_id
-                        where rights > 0
+                    where
+                        rights > 0
                         and email_address = :mail
-                        and node_id = :node""", {"mail":credentials["repoze.who.userid"], "node":node_id})
+                        and node_id = :node
+                    union
+                        select
+                            node_id
+                        from
+                            pod_nodes
+                        where
+                            node_id = :node
+                        """, {"mail":credentials["repoze.who.userid"], "node":node_id})
                 if has_right.rowcount == 0 :
                     self.unmet()
 
@@ -32,15 +43,28 @@ class can_write(Predicate):
         pass
 
     def evaluate(self, environ, credentials):
-        node_id = environ['webob.adhoc_attrs']['validation']['values']['node_id']
-        has_right = session.execute("""
-                select *
-                from pod_group_node pgn
-                join pod_user_group pug on pug.group_id = pgn.group_id
-                join pod_user pu on pug.user_id = pu.user_id
-                where rights > 1
-                and email_address = :mail
-                and node_id = :node""", {"mail":credentials["repoze.who.userid"], "node":node_id})
-        if has_right.rowcount == 0 :
-            self.unmet()
+        if 'node_id' in environ['webob.adhoc_attrs']['validation']['values']:
+            node_id = environ['webob.adhoc_attrs']['validation']['values']['node_id']
+            if node_id!=0:
+                has_right = session.execute("""
+                        select
+                            node_id
+                        from
+                            pod_group_node pgn
+                            join pod_user_group pug on pug.group_id = pgn.group_id
+                            join pod_user pu on pug.user_id = pu.user_id
+                        where
+                            rights > 1
+                            and email_address = :mail
+                            and node_id = :node
+                        union
+                            select
+                                node_id
+                            from
+                                pod_nodes
+                            where
+                                node_id = :node
+                        """, {"mail":credentials["repoze.who.userid"], "node":node_id})
+                if has_right.rowcount == 0 :
+                    self.unmet()
 

pboard/pboard/lib/dbapi.py

@@ -226,3 +226,7 @@ class PODUserFilteredApiController(object):
     # INFO - D.A. - 2013-11-07 - should be save as getNode should return only accessible nodes
     DBSession.delete(loNode)
     return
+
+  def createRight(self):
+    loRight = pbma.Rights()
+    return loRight

pboard/pboard/model/auth.py

@@ -11,6 +11,7 @@ though.
 import os
 from datetime import datetime
 from hashlib import sha256
+from sqlalchemy.sql.functions import session_user
 
 __all__ = ['User', 'Group', 'Permission']
 
@@ -42,13 +43,14 @@ user_group_table = Table('pod_user_group', metadata,
 
 
 class Rights(DeclarativeBase):
+
     READ_ACCESS = 1
     WRITE_ACCESS = 2
 
     __tablename__ = 'pod_group_node'
 
-    group_id = Column(Integer, ForeignKey('pod_group.group_id'), autoincrement=True, primary_key=True)
-    node_id = Column(Integer, ForeignKey('pod_nodes.node_id'), autoincrement=True, primary_key=True)
+    group_id = Column(Integer, ForeignKey('pod_group.group_id'), primary_key=True)
+    node_id = Column(Integer, ForeignKey('pod_nodes.node_id'), primary_key=True)
     rights = Column(Integer)
 
     def hasReadAccess(self):
@@ -57,6 +59,8 @@ class Rights(DeclarativeBase):
     def hasWriteAccess(self):
         return self.rights & Rights.WRITE_ACCESS
 
+
+
 class Group(DeclarativeBase):
 
     __tablename__ = 'pod_group'
@@ -68,7 +72,9 @@ class Group(DeclarativeBase):
     personnal_group = Column(Boolean)
     users = relation('User', secondary=user_group_table, backref='groups')
 
-    _lRights = relationship('Rights', remote_side=[Rights.group_id], backref='_oGroup')
+    _lRights = relationship('Rights', backref='_oGroup', cascade = "all, delete-orphan")
+
+
 
     def __repr__(self):
         return '<Group: name=%s>' % repr(self.group_name)
@@ -83,7 +89,12 @@ class Group(DeclarativeBase):
 
     def getDisplayName(self) -> str:
         if self.group_id<0:
-            return self.users[0].display_name
+            # FIXME - D.A. - 2014-05-19 - MAKE THIS CODE CLEANER,
+            try:
+                return self.users[0].getDisplayName()
+            except:
+                print('ERROR GROUP =>', self.group_id)
+
 
         return self.display_name
 
@@ -91,6 +102,13 @@ class Group(DeclarativeBase):
     def rights(self):
         return self._lRights
 
+    def hasSomeAccess(self, poNode):
+        for loRight in self._lRights:
+            if loRight.node_id == poNode.node_id and loRight.rights>0:
+                return True
+        return False
+
+
 
 class User(DeclarativeBase):
     """
@@ -180,6 +198,11 @@ class User(DeclarativeBase):
         hash.update((password + self.password[:64]).encode('utf-8'))
         return self.password[64:] == hash.hexdigest()
 
+    def getDisplayName(self):
+        if self.display_name!=None and self.display_name!='':
+            return self.display_name
+        else:
+            return self.email_address
 
 
 class Permission(DeclarativeBase):

pboard/pboard/model/data.py

@@ -189,7 +189,7 @@ class PBNode(DeclarativeBase):
   data_file_mime_type = Column(Unicode(255),  unique=False, nullable=False, default='')
   data_file_content   = sqlao.deferred(Column(LargeBinary(), unique=False, nullable=False, default=None))
 
-  rights = relation('Rights')
+  _lRights = relationship('Rights', backref='_oNode', cascade = "all, delete-orphan")
 
   _oParent = relationship('PBNode', remote_side=[node_id], backref='_lAllChildren')
   _oOwner = relationship('User', remote_side=[pma.User.user_id], backref='_lAllNodes')
@@ -217,6 +217,13 @@ class PBNode(DeclarativeBase):
   def getChildNb(self):
     return self.getChildNbOfType([PBNodeType.Data])
 
+  def getGroupsWithSomeAccess(self):
+    llRights = []
+    for loRight in self._lRights:
+      if loRight.rights>0:
+        llRights.append(loRight)
+    return llRights
+
   def getChildren(self, pbIncludeDeleted=False):
     """return all children nodes of type 'data' or 'node' or 'folder'"""
     # return self.getChildrenOfType([PBNodeType.Node, PBNodeType.Folder, PBNodeType.Data])

pboard/pboard/templates/document-widgets-tabs.mak

@@ -3,7 +3,7 @@
 <%namespace name="DOC" file="pboard.templates.document-widgets"/>
 
 <%def name="HistoryTabContent(poNode)">
-  <h4>History</h4>
+  <h4>${_('Revisions')}</h4>
   <ul>
   % for version in poNode.getHistory():
   	<li><a href="${tg.url('/document/%i/%i'%(version.node_id, version.version_id))}">${version.created_at.strftime("%a %x %X")}</a></li>
@@ -18,26 +18,14 @@
   ##
   <h4>${_('Share options')}</h4> 
   <p>
-    This document is
     % if poNode.is_shared==False:
-      <span class="label label-info">
-        <i class="fa fa-user"></i>
-        ${_('private')}
-      </span>
+      <span class="pod-grey">${_('This document is not shared')}</span>
     % else:
-      <span class="label label-info">
-        <i class="fa fa-group"></i>
-        ${_('collaborative')}
-      </span>
+      <span class="">${_('This document is shared.')}</span>
     % endif
   </p>
   <p>
-    % if poNode.is_shared==True or poNode.is_shared==False:
-      ${_('People working on it are:')}
-######
-##
-## FIXME - SHOW LIST OF GROUPS ALLOWED TO WORK ON THE DOCUMENT
-##
+    % if poNode.is_shared==True:
     <table class="table table-striped table-hover table-condensed">
       <thead>
         <tr>
@@ -46,44 +34,48 @@
         </tr>
       </thead>
       % for loCurrentGroup in real_groups:
-        <tr>
-          <td>${loCurrentGroup.getDisplayName()}</td>
-          <td>
-            % for loRight in loCurrentGroup.rights:
-              % if loRight.node_id==poNode.node_id:
-                % if loRight.hasReadAccess():
-                  <span class="label label-success">R</span>
-                % endif
-                % if loRight.hasWriteAccess():
-                  <span class="label label-warning">W</span>
+        % if loCurrentGroup.hasSomeAccess(poNode):
+          <tr>
+            <td>${loCurrentGroup.getDisplayName()}</td>
+            <td>
+              % for loRight in loCurrentGroup.rights:
+                % if loRight.node_id==poNode.node_id:
+                  % if loRight.hasReadAccess():
+                    <span class="label label-success">R</span>
+                  % endif
+                  % if loRight.hasWriteAccess():
+                    <span class="label label-warning">W</span>
+                  % endif
                 % endif
-              % endif
-            % endfor
-          </td>
-        </tr>
+              % endfor
+            </td>
+          </tr>
+        % endif
       % endfor
       <thead>
         <tr>
-          <th><i class="fa fa-user"></i> ${_('Users')}</th>
+          <th><i class="fa fa-user"></i> ${_('Individual users')}</th>
           <th></th>
         </tr>
       </thead>
       % for loCurrentGroup in user_specific_groups:
-        <tr>
-          <td>${loCurrentGroup.getDisplayName()}</td>
-          <td>
-            % for loRight in loCurrentGroup.rights:
-              % if loRight.node_id==poNode.node_id:
-                % if loRight.hasReadAccess():
-                  <span class="label label-success">R</span>
-                % endif
-                % if loRight.hasWriteAccess():
-                  <span class="label label-warning">W</span>
+        % if loCurrentGroup.hasSomeAccess(poNode):
+          <tr>
+            <td>${loCurrentGroup.getDisplayName()}</td>
+            <td>
+              % for loRight in loCurrentGroup.rights:
+                % if loRight.node_id==poNode.node_id:
+                  % if loRight.hasReadAccess():
+                    <span class="label label-success">R</span>
+                  % endif
+                  % if loRight.hasWriteAccess():
+                    <span class="label label-warning">W</span>
+                  % endif
                 % endif
-              % endif
-            % endfor
-          </td>
-        </tr>
+              % endfor
+            </td>
+          </tr>
+        % endif
       % endfor
     </table>
     
@@ -123,58 +115,101 @@
     </div>
     <div class="modal-body">
 
-      <form id='document-share-form' method="GET" action="${tg.url('/api/set_access_management?node_id=%d'%poNode.node_id)}">
+      <form id='document-share-form' method="GET" action="${tg.url('/api/set_access_management')}">
+        <input type="hidden" name="node_id" value="${poNode.node_id}" />
+        <input type="hidden" name="read" value="0" />
+        <input type="hidden" name="write" value="0" />
         <fieldset>
           <label class="checkbox">
             <input name="is_shared" type="checkbox" id="document-share-selector" ${('', 'checked')[poNode.is_shared]}/>
-            ${_('Share document with collaborators.')} <i class="fa fa-group"></i>
+            ${_('Share document with collaborators.')}
           </label>
           <div id="document-share-people-selector">
-            <p>
-              ${_('Select read and write access for each group or people...')}</p>
+            <p>${_('Select read and write access for each group or people...')}</p>
             <script>
-            function updateRights(psUserId) {
-              var ACCESS_NONE = '';
-              var ACCESS_READ = 'R';
-              var ACCESS_WRITE = 'RW';
+            function updateRights(psUserId, piNewValue = -1) {
+              var ACCESS_UNDEFINED = -1;
+              var ACCESS_NONE = 0;
+              var ACCESS_READ = 1;
+              var ACCESS_WRITE = 2;
               
               var nodeIdForSelectedUser = 'user-'+psUserId+'-value';
-              var widget = $('#'+nodeIdForSelectedUser);
-              var oldValue = widget.val();
-              var newValue = '';
-              if(oldValue==ACCESS_NONE) {
-                newValue = ACCESS_READ;
-                newHtml = '<span class="label label-success">R</span>';
-              } else if(oldValue==ACCESS_READ) {
-                newValue = ACCESS_WRITE;
-                newHtml = '<span class="label label-success">R</span> <span class="label label-warning">W</span>';
-              } else if (oldValue==ACCESS_WRITE) {
-                newValue = ACCESS_NONE;
+              var widgetRead = $('#'+nodeIdForSelectedUser+'-read');
+              var widgetWrite = $('#'+nodeIdForSelectedUser+'-write');
+              var oldReadValue = widgetRead.val()
+              var oldWriteValue = widgetWrite.val();
+              
+              if(oldReadValue=='' && oldWriteValue=='' && piNewValue==ACCESS_UNDEFINED || piNewValue==ACCESS_READ) {
+## SET READ ACCESS
+                widgetRead.val(psUserId)
+                widgetWrite.val('')
+                newHtml = '<span class="label label-success" title="${'Allow to read the item'}">R</span>';
+              } else if(oldReadValue==psUserId && oldWriteValue=='' && piNewValue==ACCESS_UNDEFINED || piNewValue==ACCESS_READ+ACCESS_WRITE) {
+## SET READ + WRITE ACCESS
+                widgetRead.val(psUserId)
+                widgetWrite.val(psUserId)
+                newHtml = '<span class="label label-success" title="${'Allow to read the item'}">R</span> <span class="label label-warning" title="${'Allow to modify the item'}">W</span>';
+              } else if (oldReadValue==psUserId && oldWriteValue==psUserId && piNewValue==ACCESS_UNDEFINED || piNewValue==ACCESS_NONE) {
+## SET NO ACCESS
+                widgetRead.val('')
+                widgetWrite.val('')
                 newHtml = '';
               } else {
-                newValue = ACCESS_READ;
-                newHtml = '<span class="label label-success">R</span>';
+## SET READ ACCESS (default)
+                widgetRead.val(psUserId)
+                widgetWrite.val('')
+                newHtml = '<span class="label label-success" title="${'Allow to read the item'}">R</span>';
               }
               
-              widget.val(newValue);
               visibleid = 'user-'+psUserId+'-rights';
               $("#"+visibleid).html(newHtml);
             }
             </script>
             
             <table class="table table-striped table-hover table-condensed">
+    ######
+    ##
+    ## REAL GROUPS LISTING HERE
+    ##
               <thead>
                 <tr>
-                  <th></th>
+                  <th><i class="fa fa-group"></i></th>
                   <th>${_('Group')}</th>
                   <th>${_('Access')}</th>
                 </tr>
               </thead>
+              % for loCurrentGroup in real_groups:
+              <tr id='user-${loCurrentGroup.group_id}-rights-row'>
+                <td>
+                  <a
+                    class="btn btn-mini"
+                    onclick="updateRights(${loCurrentGroup.group_id})"
+                  >
+                    <i class="fa fa-key"></i>
+                  </a>
+                </td>
+                <td class='pod-highlightable-access-management-cell'>
+                  ${loCurrentGroup.getDisplayName()}
+                  <input type="hidden" id="user-${loCurrentGroup.group_id}-value-read" name="read" value="" />
+                  <input type="hidden" id="user-${loCurrentGroup.group_id}-value-write" name="write" value="" />
+                </td>
+                <td id="user-${loCurrentGroup.group_id}-rights" class="pod-right-cell"></td>
+              </tr>
+              % endfor
+              
     ######
     ##
-    ## FIXME - SET A DYNAMIC SELECT LIST HERE
+    ## INDIVIDUAL USERS LISTING HERE
     ##
+              <thead>
+                <tr>
+                  <th><i class="fa fa-user"></i></th>
+                  <th>${_('Individual Users')}</th>
+                  <th>${_('Access')}</th>
+                </tr>
+              </thead>
               % for loCurrentGroup in user_specific_groups:
+              
               <tr id='user-${loCurrentGroup.group_id}-rights-row'>
                 <td>
                   <a
@@ -186,12 +221,8 @@
                 </td>
                 <td class='pod-highlightable-access-management-cell'>
                   ${loCurrentGroup.getDisplayName()}
-                  <input
-                    type="hidden"
-                    id="user-${loCurrentGroup.group_id}-value"
-                    name="user[${loCurrentGroup.group_id}]"
-                    value=""
-                  />
+                  <input type="hidden" id="user-${loCurrentGroup.group_id}-value-read" name="read" value="" />
+                  <input type="hidden" id="user-${loCurrentGroup.group_id}-value-write" name="write" value="" />
                 </td>
                 <td id="user-${loCurrentGroup.group_id}-rights" class="pod-right-cell"></td>
               </tr>
@@ -298,6 +329,8 @@
 
       // Submit access-management modal dialog form
       $('#document-share-form-submit-button').click(function(){
+        $("input[name='read'][value='']").remove();
+        $("input[name='write'][value='']").remove();
         $('#document-share-form')[0].submit();
       });
 
@@ -308,7 +341,28 @@
       // FIXME - 2014-05-06 - This is not working (should be done at document.ready time)
       // note: putting this in a document.ready callback does not work.
       //
-      $('#document-share-form')[0].reset();
+##
+## The following code is something like dirty ;)
+## the goal of this piece of code is to setup view
+## according to hidden input values
+## for read/write access management
+##
+
+      % for loCurrentGroup in real_groups + user_specific_groups:
+        % if loCurrentGroup.hasSomeAccess(poNode)==False:
+              updateRights(${loCurrentGroup.group_id}, 0);
+        % else:
+          % for loRight in loCurrentGroup.rights:
+            % if loRight.node_id==poNode.node_id:
+##
+## The following line should build some javascript code similar to this:
+## updateRights(-5, 3);
+              updateRights(${loCurrentGroup.group_id}, ${loRight.rights});
+            % endif
+          % endfor
+        % endif
+      % endfor
+
       toggleDocumentSharePeopleSelector($('#document-share-selector').prop("checked"));
 ##        toggleDocumentPublicKeyGenerator($('#document-public-selector').prop("checked"));  
 ##        

pboard/pboard/templates/document-widgets.mak

@@ -206,9 +206,9 @@
         ${_('private')}
       </sup>
     % else:
-      <sup class="label label-warning" title="${_('This document is collaborative')}">
+      <sup class="label label-warning" title="${_('This document is shared')}">
         <i class="fa fa-group"></i>
-        ${_('collaborative')}
+        ${_('shared')}
       </sup>
     % endif
 ######

pboard/pboard/templates/document.mak

@@ -123,7 +123,7 @@
                 <li>${DOC.MetadataTab('#contacts', 'tab', _('Address book'), 'fa-user', current_node.getContacts())}</li>
                 <li>${DOC.MetadataTab('#comments', 'tab', _('Comment thread'), 'fa-comments-o', current_node.getComments())}</li>
                 <li>${DOC.MetadataTab('#files', 'tab', _('Attachments'), 'fa-paperclip', current_node.getFiles())}</li>
-                <li class="pull-right">${DOC.MetadataTab('#accessmanagement', 'tab', _('Access Management'), 'fa-key', [])}</li>
+                <li class="pull-right">${DOC.MetadataTab('#accessmanagement', 'tab', _('Access Management'), 'fa-key', current_node.getGroupsWithSomeAccess())}</li>
                 <li class="pull-right">${DOC.MetadataTab('#history', 'tab', _('History'), 'fa-history', current_node.getHistory())}</li>
             </ul>
             ################################