logos-co/open-law
1
0
Fork 0
mirror of https://github.com/logos-co/open-law.git synced 2025-02-12 23:06:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix local permissions

Browse Source
This commit is contained in:
SvyatoslavArtymovych 2023-06-06 13:58:34 +03:00
parent 930295af7b
commit de3c41e2c7
6 changed files with 173 additions and 145239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/controllers/require_permission.py
View File

@ -20,11 +20,12 @@ def check_permissions(
)
entity = None
for model in entities:
entity_id_field = (model.__name__ + "_id").lower()
entity_id = request_args.get(entity_id_field)
entity: m.Book | m.Collection | m.Section | m.Interpretation | m.Comment = (
db.session.get(model, entity_id)
)
if not entity:
entity_id_field = (model.__name__ + "_id").lower()
entity_id = request_args.get(entity_id_field)
entity: m.Book | m.Collection | m.Section | m.Interpretation | m.Comment = (
db.session.get(model, entity_id)
)
if entity is None:
log(log.INFO, "No entity [%s] found", entities)

145088
app/static/js/main.js
View File

File diff suppressed because one or more lines are too long

55
app/templates/book/components/collection_context_menu.html
View File

@ -1,35 +1,36 @@
{% if current_user.is_authenticated %}
<!-- prettier-ignore -->
{% set access_to_create_collections =has_permission(collection, Access.C) %}
{% set access_to_update_collections =has_permission(collection, Access.U) %}
{% set access_to_delete_collections =has_permission(collection, Access.D) %}
{% set access_to_create_section =has_permission(collection, Access.C, EntityType.SECTION) %}
{% set access_to_create_collections_in_root = has_permission(collection.parent, Access.C) %}
{% set access_to_create_collections = has_permission(collection, Access.C) %}
{% set access_to_update_collections = has_permission(collection, Access.U) %}
{% set access_to_delete_collections = has_permission(collection, Access.D) %}
{% set access_to_create_section = has_permission(collection, Access.C, EntityType.SECTION) %}
{% if access_to_create_collections or access_to_update_collections %}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
{% if access_to_create_collections %}
<li>
<button
type="button"
data-modal-target="add-collection-modal"
data-modal-toggle="add-collection-modal"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
New Collection
</button>
</li>
{% if collection.active_children or not collection.active_sections%}
<li>
<button
type="button"
id="callAddSubCollectionModal"
data-modal-target="add-sub-collection-modal"
data-modal-toggle="add-sub-collection-modal"
data-collection-id="{{collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
New Subcollection
</button>
</li>
<!-- prettier-ignore -->
{% if access_to_create_collections_in_root %}
<li>
<button
type="button"
data-modal-target="add-collection-modal"
data-modal-toggle="add-collection-modal"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
New Collection
</button>
</li>
{% endif %}
{% if collection.active_children or not collection.active_sections%}
<li>
<button
type="button"
id="callAddSubCollectionModal"
data-modal-target="add-sub-collection-modal"
data-modal-toggle="add-sub-collection-modal"
data-collection-id="{{collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
New Subcollection
</button>
</li>
<!-- prettier-ignore -->
{% endif %}
{% if access_to_create_section %}
{% if not collection.active_children or not collection.active_children and collection.active_sections %}

230
app/templates/book/components/sub_collection_context_menu.html
View File

@ -1,119 +1,125 @@
<!-- prettier-ignore -->
{% if current_user.is_authenticated %}
{% set access_to_create_collections =has_permission(sub_collection, Access.C) %}
{% set access_to_update_collections= has_permission(sub_collection, Access.U) %}
{% set access_to_delete_collections = has_permission(sub_collection, Access.D) %}
{% set access_to_create_section = has_permission(collection, Access.C,EntityType.SECTION) %}
{% if access_to_create_collections or access_to_update_collections or access_to_create_section %}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
<!-- prettier-ignore -->
{% if access_to_create_section and sub_collection.active_sections and not sub_collection.active_children %}
<li>
<button
type="button"
id="callAddSectionModal"
data-modal-target="add-section-modal"
data-modal-toggle="add-section-modal"
data-collection-id="{{collection.id}}"
data-sub-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
New Section
</button>
</li>
<!-- prettier-ignore -->
{% elif not sub_collection.active_sections and not sub_collection.active_children %} {% if access_to_create_section %}
<li>
<button
type="button"
id="callAddSectionModal"
data-modal-target="add-section-modal"
data-modal-toggle="add-section-modal"
data-collection-id="{{collection.id}}"
data-sub-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
New Section
</button>
</li>
{% set access_to_create_collections =has_permission(sub_collection, Access.C) %}
{% set access_to_update_collections= has_permission(sub_collection, Access.U) %}
{% set access_to_delete_collections = has_permission(sub_collection, Access.D) %}
{% set access_to_create_section = has_permission(sub_collection, Access.C,EntityType.SECTION) %}
{% if access_to_create_collections or access_to_update_collections or access_to_create_section %}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
<!-- prettier-ignore -->
{% if access_to_create_section and sub_collection.active_sections and not sub_collection.active_children %}
<li>
<button
type="button"
id="callAddSectionModal"
data-modal-target="add-section-modal"
data-modal-toggle="add-section-modal"
data-collection-id="{{collection.id}}"
data-sub-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"
>
New Section
</button>
</li>
<!-- prettier-ignore -->
{% elif not sub_collection.active_sections and not sub_collection.active_children %}
{% if access_to_create_section %}
<li>
<button
type="button"
id="callAddSectionModal"
data-modal-target="add-section-modal"
data-modal-toggle="add-section-modal"
data-collection-id="{{collection.id}}"
data-sub-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"
>
New Section
</button>
</li>
{% endif %}
<!-- prettier-ignore -->
{% if access_to_create_collections %}
<li>
<button
type="button"
id="callAddSubCollectionModal"
data-modal-target="add-sub-collection-modal"
data-modal-toggle="add-sub-collection-modal"
data-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"
>
New Subcollection
</button>
</li>
{% endif %}
{% else %}
<!-- prettier-ignore -->
{% if access_to_create_collections %}
<li>
<button
type="button"
id="callAddSubCollectionModal"
data-modal-target="add-sub-collection-modal"
data-modal-toggle="add-sub-collection-modal"
data-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
New Subcollection
</button>
</li>
{% endif %}
{% endif %}
</ul>
{% endif %}
<!-- prettier-ignore -->
{% if access_to_create_collections %}
<li>
<button
type="button"
id="callAddSubCollectionModal"
data-modal-target="add-sub-collection-modal"
data-modal-toggle="add-sub-collection-modal"
data-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
New Subcollection
</button>
</li>
{% endif %} {% else %}
<!-- prettier-ignore -->
{% if access_to_create_collections %}
<li>
<button
type="button"
id="callAddSubCollectionModal"
data-modal-target="add-sub-collection-modal"
data-modal-toggle="add-sub-collection-modal"
data-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
New Subcollection
</button>
</li>
<!-- prettier-ignore -->
{% if access_to_update_collections or access_to_delete_collections%}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
{% if access_to_update_collections %}
<li>
<button
type="button"
id="rename-sub-collection-button-{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
Rename Sub Collection
</button>
</li>
{% endif %}
<!-- prettier-ignore -->
{% if access_to_delete_collections %}
<li>
<button
type="button"
id="callDeleteSubCollectionModal"
data-modal-target="delete-sub-collection-modal"
data-modal-toggle="delete-sub-collection-modal"
data-collection-id="{{collection.id}}"
data-sub-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"
>
Delete Sub Collection
</button>
</li>
{% endif %}
</ul>
{% endif %}
{% endif %}
</ul>
{% endif %}
<!-- prettier-ignore -->
{% if access_to_update_collections or access_to_delete_collections%}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
{% if access_to_update_collections %}
<li>
<button
type="button"
id="rename-sub-collection-button-{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
Rename Sub Collection
</button>
</li>
{% endif %}
<!-- prettier-ignore -->
{% if access_to_delete_collections %}
<li>
<button
type="button"
id="callDeleteSubCollectionModal"
data-modal-target="delete-sub-collection-modal"
data-modal-toggle="delete-sub-collection-modal"
data-collection-id="{{collection.id}}"
data-sub-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
Delete Sub Collection
</button>
</li>
{% endif %}
</ul>
{% endif %}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
<li>
<button
type="button"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
Export Sub Collection
</button>
</li>
</ul>
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
<li>
<button
type="button"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
Export Sub Collection
</button>
</li>
</ul>
{% else %}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
<li>
<button
type="button"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
Connect your wallet to do this
</button>
</li>
</ul>
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
<li>
<button
type="button"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
Connect your wallet to do this
</button>
</li>
</ul>
{% endif %}

26
app/views/permission.py
View File

@ -17,8 +17,8 @@ bp = Blueprint("permission", __name__, url_prefix="/permission")
def set_permissions():
form: f.EditPermissionForm = f.EditPermissionForm()
book_id = form.book_id.data
if form.validate_on_submit():
book_id = form.book_id.data
book: m.Book = db.session.get(m.Book, book_id)
if not book or book.is_deleted or book.owner != current_user:
log(log.INFO, "User: [%s] is not owner of book: [%s]", current_user, book)
@ -55,6 +55,19 @@ def set_permissions():
users_access: m.AccessGroup
users_access.users.remove(user)
permissions_json = json.loads(form.permissions.data)
book_ids = permissions_json.get("book", [])
for book_id in book_ids:
entire_boot_access_group = m.AccessGroup.query.filter_by(
book_id=book_id, name=contributor.role.name.lower()
).first()
m.UserAccessGroups(
user_id=user.id, access_group_id=entire_boot_access_group.id
).save(False)
db.session.commit()
flash("Success!", "success")
return redirect(url_for("book.settings", book_id=book_id))
new_access_group = None
match contributor.role:
case m.BookContributor.Roles.EDITOR:
@ -74,13 +87,6 @@ def set_permissions():
False
)
permissions_json = json.loads(form.permissions.data)
book_ids = permissions_json.get("book", [])
for book_id in book_ids:
m.BookAccessGroups(
book_id=book_id, access_group_id=new_access_group.id
).save(False)
collection_ids = permissions_json.get("collection", [])
for collection_id in collection_ids:
m.CollectionAccessGroups(
@ -102,7 +108,9 @@ def set_permissions():
field_label = form._fields[field].label.text
for error in errors:
flash(error.replace("Field", field_label), "danger")
return redirect(url_for("book.settings", book_id=book_id))
if book_id:
return redirect(url_for("book.settings", book_id=book_id))
return redirect(url_for("book.my_library"))
@bp.route("/access_tree", methods=["GET"])

2
src/drag_and_drop.ts
View File

@ -15,6 +15,7 @@ export function initDnD() {
put: ['sections'],
},
animation: 100,
filter: '.filter',
onEnd: async function (/**Event*/ evt) {
var itemEl = evt.item; // dragged HTMLElement
const bookId = itemEl.getAttribute('data-book-id');
@ -49,6 +50,7 @@ export function initDnD() {
put: ['sub_collections'],
},
animation: 100,
filter: '.filter',
onEnd: async function (/**Event*/ evt) {
var itemEl = evt.item; // dragged HTMLElement
const bookId = itemEl.getAttribute('data-book-id');