27 |
27 |
from django.core.urlresolvers import reverse
|
28 |
28 |
from django.contrib.auth import get_user_model
|
29 |
29 |
|
|
30 |
from django_rbac.exceptions import InsufficientAuthLevel
|
30 |
31 |
from django_rbac.utils import get_role_model, get_permission_model, get_ou_model
|
31 |
32 |
|
32 |
33 |
from authentic2.utils import redirect
|
... | ... | |
79 |
80 |
|
80 |
81 |
def authorize(self, request, *args, **kwargs):
|
81 |
82 |
super(RolesView, self).authorize(request, *args, **kwargs)
|
82 |
|
self.can_add = bool(request.user.ous_with_perm('a2_rbac.add_role'))
|
|
83 |
self.could_add = bool(request.user.ous_with_perm('a2_rbac.add_role'))
|
83 |
84 |
|
84 |
85 |
|
85 |
86 |
listing = RolesView.as_view()
|
... | ... | |
176 |
177 |
hooks.call_hooks('event', name='manager-remove-role-member',
|
177 |
178 |
user=self.request.user, role=self.object, member=user)
|
178 |
179 |
else:
|
|
180 |
if self.could_change:
|
|
181 |
raise InsufficientAuthLevel
|
179 |
182 |
messages.warning(self.request, _('You are not authorized'))
|
180 |
183 |
return super(RoleMembersView, self).form_valid(form)
|
181 |
184 |
|
... | ... | |
205 |
208 |
|
206 |
209 |
def post(self, request, *args, **kwargs):
|
207 |
210 |
if not self.can_delete:
|
|
211 |
if self.could_delete:
|
|
212 |
raise InsufficientAuthLevel
|
208 |
213 |
raise PermissionDenied
|
209 |
214 |
return super(RoleDeleteView, self).post(request, *args, **kwargs)
|
210 |
215 |
|
... | ... | |
259 |
264 |
hooks.call_hooks('event', name='manager-remove-permission',
|
260 |
265 |
user=self.request.user, role=self.object, permission=perm)
|
261 |
266 |
else:
|
|
267 |
if self.could_change:
|
|
268 |
raise InsufficientAuthLevel
|
262 |
269 |
messages.warning(self.request, _('You are not authorized'))
|
263 |
270 |
return super(RolePermissionsView, self).form_valid(form)
|
264 |
271 |
|
265 |
|
-
|