logos-co/open-law
1
0
Fork 0
mirror of https://github.com/logos-co/open-law.git synced 2025-02-13 07:16:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix local permissions

Browse Source
This commit is contained in:
SvyatoslavArtymovych 2023-06-06 13:58:34 +03:00
parent 930295af7b
commit de3c41e2c7
6 changed files with 173 additions and 145239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/require_permission.py
View File

@ -20,6 +20,7 @@ def check_permissions(
) )
entity = None entity = None
for model in entities: for model in entities:
if not entity:
entity_id_field = (model.__name__ + "_id").lower() entity_id_field = (model.__name__ + "_id").lower()
entity_id = request_args.get(entity_id_field) entity_id = request_args.get(entity_id_field)
entity: m.Book | m.Collection | m.Section | m.Interpretation | m.Comment = ( entity: m.Book | m.Collection | m.Section | m.Interpretation | m.Comment = (

145088
app/static/js/main.js
View File

File diff suppressed because one or more lines are too long

13
app/templates/book/components/collection_context_menu.html
View File

@ -1,12 +1,13 @@
{% if current_user.is_authenticated %} {% if current_user.is_authenticated %}
<!-- prettier-ignore --> <!-- prettier-ignore -->
{% set access_to_create_collections =has_permission(collection, Access.C) %} {% set access_to_create_collections_in_root = has_permission(collection.parent, Access.C) %}
{% set access_to_update_collections =has_permission(collection, Access.U) %} {% set access_to_create_collections = has_permission(collection, Access.C) %}
{% set access_to_delete_collections =has_permission(collection, Access.D) %} {% set access_to_update_collections = has_permission(collection, Access.U) %}
{% set access_to_create_section =has_permission(collection, Access.C, EntityType.SECTION) %} {% set access_to_delete_collections = has_permission(collection, Access.D) %}
{% set access_to_create_section = has_permission(collection, Access.C, EntityType.SECTION) %}
{% if access_to_create_collections or access_to_update_collections %} {% if access_to_create_collections or access_to_update_collections %}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200"> <ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
{% if access_to_create_collections %} {% if access_to_create_collections_in_root %}
<li> <li>
<button <button
type="button" type="button"
@ -16,6 +17,7 @@
New Collection New Collection
</button> </button>
</li> </li>
{% endif %}
{% if collection.active_children or not collection.active_sections%} {% if collection.active_children or not collection.active_sections%}
<li> <li>
<button <button
@ -30,7 +32,6 @@
</li> </li>
<!-- prettier-ignore --> <!-- prettier-ignore -->
{% endif %} {% endif %}
{% endif %}
{% if access_to_create_section %} {% if access_to_create_section %}
{% if not collection.active_children or not collection.active_children and collection.active_sections %} {% if not collection.active_children or not collection.active_children and collection.active_sections %}
<li> <li>

56
app/templates/book/components/sub_collection_context_menu.html
View File

@ -1,11 +1,12 @@
<!-- prettier-ignore --> <!-- prettier-ignore -->
{% if current_user.is_authenticated %} {% if current_user.is_authenticated %}
{% set access_to_create_collections =has_permission(sub_collection, Access.C) %} {% set access_to_create_collections =has_permission(sub_collection, Access.C) %}
{% set access_to_update_collections= has_permission(sub_collection, Access.U) %} {% set access_to_update_collections= has_permission(sub_collection, Access.U) %}
{% set access_to_delete_collections = has_permission(sub_collection, Access.D) %} {% set access_to_delete_collections = has_permission(sub_collection, Access.D) %}
{% set access_to_create_section = has_permission(collection, Access.C,EntityType.SECTION) %} {% set access_to_create_section = has_permission(sub_collection, Access.C,EntityType.SECTION) %}
{% if access_to_create_collections or access_to_update_collections or access_to_create_section %}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200"> {% if access_to_create_collections or access_to_update_collections or access_to_create_section %}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
<!-- prettier-ignore --> <!-- prettier-ignore -->
{% if access_to_create_section and sub_collection.active_sections and not sub_collection.active_children %} {% if access_to_create_section and sub_collection.active_sections and not sub_collection.active_children %}
<li> <li>
@ -16,12 +17,14 @@
data-modal-toggle="add-section-modal" data-modal-toggle="add-section-modal"
data-collection-id="{{collection.id}}" data-collection-id="{{collection.id}}"
data-sub-collection-id="{{sub_collection.id}}" data-sub-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"> class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"
>
New Section New Section
</button> </button>
</li> </li>
<!-- prettier-ignore --> <!-- prettier-ignore -->
{% elif not sub_collection.active_sections and not sub_collection.active_children %} {% if access_to_create_section %} {% elif not sub_collection.active_sections and not sub_collection.active_children %}
{% if access_to_create_section %}
<li> <li>
<button <button
type="button" type="button"
@ -30,7 +33,8 @@
data-modal-toggle="add-section-modal" data-modal-toggle="add-section-modal"
data-collection-id="{{collection.id}}" data-collection-id="{{collection.id}}"
data-sub-collection-id="{{sub_collection.id}}" data-sub-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"> class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"
>
New Section New Section
</button> </button>
</li> </li>
@ -44,11 +48,13 @@
data-modal-target="add-sub-collection-modal" data-modal-target="add-sub-collection-modal"
data-modal-toggle="add-sub-collection-modal" data-modal-toggle="add-sub-collection-modal"
data-collection-id="{{sub_collection.id}}" data-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"> class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"
>
New Subcollection New Subcollection
</button> </button>
</li> </li>
{% endif %} {% else %} {% endif %}
{% else %}
<!-- prettier-ignore --> <!-- prettier-ignore -->
{% if access_to_create_collections %} {% if access_to_create_collections %}
<li> <li>
@ -62,14 +68,13 @@
New Subcollection New Subcollection
</button> </button>
</li> </li>
{% endif %}
{% endif %}
</ul>
{% endif %}
<!-- prettier-ignore --> <!-- prettier-ignore -->
{% endif %} {% if access_to_update_collections or access_to_delete_collections%}
{% endif %} <ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
</ul>
{% endif %}
<!-- prettier-ignore -->
{% if access_to_update_collections or access_to_delete_collections%}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
{% if access_to_update_collections %} {% if access_to_update_collections %}
<li> <li>
<button <button
@ -90,14 +95,15 @@
data-modal-toggle="delete-sub-collection-modal" data-modal-toggle="delete-sub-collection-modal"
data-collection-id="{{collection.id}}" data-collection-id="{{collection.id}}"
data-sub-collection-id="{{sub_collection.id}}" data-sub-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"> class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"
>
Delete Sub Collection Delete Sub Collection
</button> </button>
</li> </li>
{% endif %} {% endif %}
</ul> </ul>
{% endif %} {% endif %}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200"> <ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
<li> <li>
<button <button
type="button" type="button"
@ -105,9 +111,9 @@
Export Sub Collection Export Sub Collection
</button> </button>
</li> </li>
</ul> </ul>
{% else %} {% else %}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200"> <ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
<li> <li>
<button <button
type="button" type="button"
@ -115,5 +121,5 @@
Connect your wallet to do this Connect your wallet to do this
</button> </button>
</li> </li>
</ul> </ul>
{% endif %} {% endif %}

24
app/views/permission.py
View File

@ -17,8 +17,8 @@ bp = Blueprint("permission", __name__, url_prefix="/permission")
def set_permissions(): def set_permissions():
form: f.EditPermissionForm = f.EditPermissionForm() form: f.EditPermissionForm = f.EditPermissionForm()
if form.validate_on_submit():
book_id = form.book_id.data book_id = form.book_id.data
if form.validate_on_submit():
book: m.Book = db.session.get(m.Book, book_id) book: m.Book = db.session.get(m.Book, book_id)
if not book or book.is_deleted or book.owner != current_user: if not book or book.is_deleted or book.owner != current_user:
log(log.INFO, "User: [%s] is not owner of book: [%s]", current_user, book) log(log.INFO, "User: [%s] is not owner of book: [%s]", current_user, book)
@ -55,6 +55,19 @@ def set_permissions():
users_access: m.AccessGroup users_access: m.AccessGroup
users_access.users.remove(user) users_access.users.remove(user)
permissions_json = json.loads(form.permissions.data)
book_ids = permissions_json.get("book", [])
for book_id in book_ids:
entire_boot_access_group = m.AccessGroup.query.filter_by(
book_id=book_id, name=contributor.role.name.lower()
).first()
m.UserAccessGroups(
user_id=user.id, access_group_id=entire_boot_access_group.id
).save(False)
db.session.commit()
flash("Success!", "success")
return redirect(url_for("book.settings", book_id=book_id))
new_access_group = None new_access_group = None
match contributor.role: match contributor.role:
case m.BookContributor.Roles.EDITOR: case m.BookContributor.Roles.EDITOR:
@ -74,13 +87,6 @@ def set_permissions():
False False
) )
permissions_json = json.loads(form.permissions.data)
book_ids = permissions_json.get("book", [])
for book_id in book_ids:
m.BookAccessGroups(
book_id=book_id, access_group_id=new_access_group.id
).save(False)
collection_ids = permissions_json.get("collection", []) collection_ids = permissions_json.get("collection", [])
for collection_id in collection_ids: for collection_id in collection_ids:
m.CollectionAccessGroups( m.CollectionAccessGroups(
@ -102,7 +108,9 @@ def set_permissions():
field_label = form._fields[field].label.text field_label = form._fields[field].label.text
for error in errors: for error in errors:
flash(error.replace("Field", field_label), "danger") flash(error.replace("Field", field_label), "danger")
if book_id:
return redirect(url_for("book.settings", book_id=book_id)) return redirect(url_for("book.settings", book_id=book_id))
return redirect(url_for("book.my_library"))
@bp.route("/access_tree", methods=["GET"]) @bp.route("/access_tree", methods=["GET"])

2
src/drag_and_drop.ts
View File

@ -15,6 +15,7 @@ export function initDnD() {
put: ['sections'], put: ['sections'],
}, },
animation: 100, animation: 100,
filter: '.filter',
onEnd: async function (/**Event*/ evt) { onEnd: async function (/**Event*/ evt) {
var itemEl = evt.item; // dragged HTMLElement var itemEl = evt.item; // dragged HTMLElement
const bookId = itemEl.getAttribute('data-book-id'); const bookId = itemEl.getAttribute('data-book-id');
@ -49,6 +50,7 @@ export function initDnD() {
put: ['sub_collections'], put: ['sub_collections'],
}, },
animation: 100, animation: 100,
filter: '.filter',
onEnd: async function (/**Event*/ evt) { onEnd: async function (/**Event*/ evt) {
var itemEl = evt.item; // dragged HTMLElement var itemEl = evt.item; // dragged HTMLElement
const bookId = itemEl.getAttribute('data-book-id'); const bookId = itemEl.getAttribute('data-book-id');