logos-co/open-law
1
0
Fork 0
mirror of https://github.com/logos-co/open-law.git synced 2025-02-13 07:16:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix local permissions

Browse Source
This commit is contained in:
SvyatoslavArtymovych 2023-06-06 13:58:34 +03:00
parent 930295af7b
commit de3c41e2c7
6 changed files with 173 additions and 145239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/controllers/require_permission.py
View File

@ -20,11 +20,12 @@ def check_permissions(
) )
entity = None entity = None
for model in entities: for model in entities:
entity_id_field = (model.__name__ + "_id").lower() if not entity:
entity_id = request_args.get(entity_id_field) entity_id_field = (model.__name__ + "_id").lower()
entity: m.Book | m.Collection | m.Section | m.Interpretation | m.Comment = ( entity_id = request_args.get(entity_id_field)
db.session.get(model, entity_id) entity: m.Book | m.Collection | m.Section | m.Interpretation | m.Comment = (
) db.session.get(model, entity_id)
)
if entity is None: if entity is None:
log(log.INFO, "No entity [%s] found", entities) log(log.INFO, "No entity [%s] found", entities)

145088
app/static/js/main.js
View File

File diff suppressed because one or more lines are too long

55
app/templates/book/components/collection_context_menu.html
View File

@ -1,35 +1,36 @@
{% if current_user.is_authenticated %} {% if current_user.is_authenticated %}
<!-- prettier-ignore --> <!-- prettier-ignore -->
{% set access_to_create_collections =has_permission(collection, Access.C) %} {% set access_to_create_collections_in_root = has_permission(collection.parent, Access.C) %}
{% set access_to_update_collections =has_permission(collection, Access.U) %} {% set access_to_create_collections = has_permission(collection, Access.C) %}
{% set access_to_delete_collections =has_permission(collection, Access.D) %} {% set access_to_update_collections = has_permission(collection, Access.U) %}
{% set access_to_create_section =has_permission(collection, Access.C, EntityType.SECTION) %} {% set access_to_delete_collections = has_permission(collection, Access.D) %}
{% set access_to_create_section = has_permission(collection, Access.C, EntityType.SECTION) %}
{% if access_to_create_collections or access_to_update_collections %} {% if access_to_create_collections or access_to_update_collections %}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200"> <ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
{% if access_to_create_collections %} {% if access_to_create_collections_in_root %}
<li> <li>
<button <button
type="button" type="button"
data-modal-target="add-collection-modal" data-modal-target="add-collection-modal"
data-modal-toggle="add-collection-modal" data-modal-toggle="add-collection-modal"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"> class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
New Collection New Collection
</button> </button>
</li> </li>
{% if collection.active_children or not collection.active_sections%}
<li>
<button
type="button"
id="callAddSubCollectionModal"
data-modal-target="add-sub-collection-modal"
data-modal-toggle="add-sub-collection-modal"
data-collection-id="{{collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
New Subcollection
</button>
</li>
<!-- prettier-ignore -->
{% endif %} {% endif %}
{% if collection.active_children or not collection.active_sections%}
<li>
<button
type="button"
id="callAddSubCollectionModal"
data-modal-target="add-sub-collection-modal"
data-modal-toggle="add-sub-collection-modal"
data-collection-id="{{collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
New Subcollection
</button>
</li>
<!-- prettier-ignore -->
{% endif %} {% endif %}
{% if access_to_create_section %} {% if access_to_create_section %}
{% if not collection.active_children or not collection.active_children and collection.active_sections %} {% if not collection.active_children or not collection.active_children and collection.active_sections %}

230
app/templates/book/components/sub_collection_context_menu.html
View File

@ -1,119 +1,125 @@
<!-- prettier-ignore --> <!-- prettier-ignore -->
{% if current_user.is_authenticated %} {% if current_user.is_authenticated %}
{% set access_to_create_collections =has_permission(sub_collection, Access.C) %} {% set access_to_create_collections =has_permission(sub_collection, Access.C) %}
{% set access_to_update_collections= has_permission(sub_collection, Access.U) %} {% set access_to_update_collections= has_permission(sub_collection, Access.U) %}
{% set access_to_delete_collections = has_permission(sub_collection, Access.D) %} {% set access_to_delete_collections = has_permission(sub_collection, Access.D) %}
{% set access_to_create_section = has_permission(collection, Access.C,EntityType.SECTION) %} {% set access_to_create_section = has_permission(sub_collection, Access.C,EntityType.SECTION) %}
{% if access_to_create_collections or access_to_update_collections or access_to_create_section %}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200"> {% if access_to_create_collections or access_to_update_collections or access_to_create_section %}
<!-- prettier-ignore --> <ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
{% if access_to_create_section and sub_collection.active_sections and not sub_collection.active_children %} <!-- prettier-ignore -->
<li> {% if access_to_create_section and sub_collection.active_sections and not sub_collection.active_children %}
<button <li>
type="button" <button
id="callAddSectionModal" type="button"
data-modal-target="add-section-modal" id="callAddSectionModal"
data-modal-toggle="add-section-modal" data-modal-target="add-section-modal"
data-collection-id="{{collection.id}}" data-modal-toggle="add-section-modal"
data-sub-collection-id="{{sub_collection.id}}" data-collection-id="{{collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"> data-sub-collection-id="{{sub_collection.id}}"
New Section class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"
</button> >
</li> New Section
<!-- prettier-ignore --> </button>
{% elif not sub_collection.active_sections and not sub_collection.active_children %} {% if access_to_create_section %} </li>
<li> <!-- prettier-ignore -->
<button {% elif not sub_collection.active_sections and not sub_collection.active_children %}
type="button" {% if access_to_create_section %}
id="callAddSectionModal" <li>
data-modal-target="add-section-modal" <button
data-modal-toggle="add-section-modal" type="button"
data-collection-id="{{collection.id}}" id="callAddSectionModal"
data-sub-collection-id="{{sub_collection.id}}" data-modal-target="add-section-modal"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"> data-modal-toggle="add-section-modal"
New Section data-collection-id="{{collection.id}}"
</button> data-sub-collection-id="{{sub_collection.id}}"
</li> class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"
>
New Section
</button>
</li>
{% endif %}
<!-- prettier-ignore -->
{% if access_to_create_collections %}
<li>
<button
type="button"
id="callAddSubCollectionModal"
data-modal-target="add-sub-collection-modal"
data-modal-toggle="add-sub-collection-modal"
data-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"
>
New Subcollection
</button>
</li>
{% endif %}
{% else %}
<!-- prettier-ignore -->
{% if access_to_create_collections %}
<li>
<button
type="button"
id="callAddSubCollectionModal"
data-modal-target="add-sub-collection-modal"
data-modal-toggle="add-sub-collection-modal"
data-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
New Subcollection
</button>
</li>
{% endif %}
{% endif %}
</ul>
{% endif %} {% endif %}
<!-- prettier-ignore --> <!-- prettier-ignore -->
{% if access_to_create_collections %} {% if access_to_update_collections or access_to_delete_collections%}
<li> <ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
<button {% if access_to_update_collections %}
type="button" <li>
id="callAddSubCollectionModal" <button
data-modal-target="add-sub-collection-modal" type="button"
data-modal-toggle="add-sub-collection-modal" id="rename-sub-collection-button-{{sub_collection.id}}"
data-collection-id="{{sub_collection.id}}" class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"> Rename Sub Collection
New Subcollection </button>
</button> </li>
</li> {% endif %}
{% endif %} {% else %} <!-- prettier-ignore -->
<!-- prettier-ignore --> {% if access_to_delete_collections %}
{% if access_to_create_collections %} <li>
<li> <button
<button type="button"
type="button" id="callDeleteSubCollectionModal"
id="callAddSubCollectionModal" data-modal-target="delete-sub-collection-modal"
data-modal-target="add-sub-collection-modal" data-modal-toggle="delete-sub-collection-modal"
data-modal-toggle="add-sub-collection-modal" data-collection-id="{{collection.id}}"
data-collection-id="{{sub_collection.id}}" data-sub-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"> class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"
New Subcollection >
</button> Delete Sub Collection
</li> </button>
<!-- prettier-ignore --> </li>
{% endif %}
</ul>
{% endif %} {% endif %}
{% endif %} <ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
</ul> <li>
{% endif %} <button
<!-- prettier-ignore --> type="button"
{% if access_to_update_collections or access_to_delete_collections%} class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200"> Export Sub Collection
{% if access_to_update_collections %} </button>
<li> </li>
<button </ul>
type="button"
id="rename-sub-collection-button-{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
Rename Sub Collection
</button>
</li>
{% endif %}
<!-- prettier-ignore -->
{% if access_to_delete_collections %}
<li>
<button
type="button"
id="callDeleteSubCollectionModal"
data-modal-target="delete-sub-collection-modal"
data-modal-toggle="delete-sub-collection-modal"
data-collection-id="{{collection.id}}"
data-sub-collection-id="{{sub_collection.id}}"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
Delete Sub Collection
</button>
</li>
{% endif %}
</ul>
{% endif %}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
<li>
<button
type="button"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
Export Sub Collection
</button>
</li>
</ul>
{% else %} {% else %}
<ul class="py-2 text-sm text-gray-700 dark:text-gray-200"> <ul class="py-2 text-sm text-gray-700 dark:text-gray-200">
<li> <li>
<button <button
type="button" type="button"
class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white"> class="w-full block px-4 py-2 hover:bg-gray-100 dark:hover:bg-gray-600 dark:hover:text-white">
Connect your wallet to do this Connect your wallet to do this
</button> </button>
</li> </li>
</ul> </ul>
{% endif %} {% endif %}

26
app/views/permission.py
View File

@ -17,8 +17,8 @@ bp = Blueprint("permission", __name__, url_prefix="/permission")
def set_permissions(): def set_permissions():
form: f.EditPermissionForm = f.EditPermissionForm() form: f.EditPermissionForm = f.EditPermissionForm()
book_id = form.book_id.data
if form.validate_on_submit(): if form.validate_on_submit():
book_id = form.book_id.data
book: m.Book = db.session.get(m.Book, book_id) book: m.Book = db.session.get(m.Book, book_id)
if not book or book.is_deleted or book.owner != current_user: if not book or book.is_deleted or book.owner != current_user:
log(log.INFO, "User: [%s] is not owner of book: [%s]", current_user, book) log(log.INFO, "User: [%s] is not owner of book: [%s]", current_user, book)
@ -55,6 +55,19 @@ def set_permissions():
users_access: m.AccessGroup users_access: m.AccessGroup
users_access.users.remove(user) users_access.users.remove(user)
permissions_json = json.loads(form.permissions.data)
book_ids = permissions_json.get("book", [])
for book_id in book_ids:
entire_boot_access_group = m.AccessGroup.query.filter_by(
book_id=book_id, name=contributor.role.name.lower()
).first()
m.UserAccessGroups(
user_id=user.id, access_group_id=entire_boot_access_group.id
).save(False)
db.session.commit()
flash("Success!", "success")
return redirect(url_for("book.settings", book_id=book_id))
new_access_group = None new_access_group = None
match contributor.role: match contributor.role:
case m.BookContributor.Roles.EDITOR: case m.BookContributor.Roles.EDITOR:
@ -74,13 +87,6 @@ def set_permissions():
False False
) )
permissions_json = json.loads(form.permissions.data)
book_ids = permissions_json.get("book", [])
for book_id in book_ids:
m.BookAccessGroups(
book_id=book_id, access_group_id=new_access_group.id
).save(False)
collection_ids = permissions_json.get("collection", []) collection_ids = permissions_json.get("collection", [])
for collection_id in collection_ids: for collection_id in collection_ids:
m.CollectionAccessGroups( m.CollectionAccessGroups(
@ -102,7 +108,9 @@ def set_permissions():
field_label = form._fields[field].label.text field_label = form._fields[field].label.text
for error in errors: for error in errors:
flash(error.replace("Field", field_label), "danger") flash(error.replace("Field", field_label), "danger")
return redirect(url_for("book.settings", book_id=book_id)) if book_id:
return redirect(url_for("book.settings", book_id=book_id))
return redirect(url_for("book.my_library"))
@bp.route("/access_tree", methods=["GET"]) @bp.route("/access_tree", methods=["GET"])

2
src/drag_and_drop.ts
View File

@ -15,6 +15,7 @@ export function initDnD() {
put: ['sections'], put: ['sections'],
}, },
animation: 100, animation: 100,
filter: '.filter',
onEnd: async function (/**Event*/ evt) { onEnd: async function (/**Event*/ evt) {
var itemEl = evt.item; // dragged HTMLElement var itemEl = evt.item; // dragged HTMLElement
const bookId = itemEl.getAttribute('data-book-id'); const bookId = itemEl.getAttribute('data-book-id');
@ -49,6 +50,7 @@ export function initDnD() {
put: ['sub_collections'], put: ['sub_collections'],
}, },
animation: 100, animation: 100,
filter: '.filter',
onEnd: async function (/**Event*/ evt) { onEnd: async function (/**Event*/ evt) {
var itemEl = evt.item; // dragged HTMLElement var itemEl = evt.item; // dragged HTMLElement
const bookId = itemEl.getAttribute('data-book-id'); const bookId = itemEl.getAttribute('data-book-id');