From 8b0e33cdf488719018e1f1beb2ba6a99090522ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= Date: Wed, 22 Apr 2015 11:35:56 +0200 Subject: [PATCH 07/11] admin: change to be a redirect to /admin/$1 (#6726) --- wcs/admin/root.py | 155 +++--------------------------------------- wcs/qommon/backoffice/root.py | 24 +++++-- 2 files changed, 26 insertions(+), 153 deletions(-) diff --git a/wcs/admin/root.py b/wcs/admin/root.py index f49cab9..14a1b37 100644 --- a/wcs/admin/root.py +++ b/wcs/admin/root.py @@ -16,22 +16,9 @@ import os -from quixote import get_session, get_publisher, get_request, get_response -from quixote.directory import Directory, AccessControlled -from quixote.html import htmltext, TemplateIO - -from qommon.admin.root import AdminDirectory - -import settings -import forms -import roles -import users -import categories -import logger -import workflows -import bounces - -from qommon import errors, get_cfg +from quixote import get_request, redirect +from quixote.directory import Directory +from quixote.html import htmltext def gpl(): return htmltext("""

This program is free software; you can redistribute it and/or modify it @@ -50,19 +37,8 @@ def gpl(): """) -class RootDirectory(AccessControlled, AdminDirectory): - _q_exports = [''] - - settings = settings.SettingsDirectory() - forms = forms.FormsDirectory() - roles = roles.RolesDirectory() - users = users.UsersDirectory() - categories = categories.CategoriesDirectory() - logger = logger.LoggerDirectory() - workflows = workflows.WorkflowsDirectory() - bounces = bounces.BouncesDirectory() - - menu_items = [ +class RootDirectory(Directory): + menu_items = [ # still used for access control (permissions panel) ('forms/', N_('Forms')), ('workflows/', N_('Workflows')), ('users/', N_('Users')), @@ -73,91 +49,10 @@ class RootDirectory(AccessControlled, AdminDirectory): ('settings/', N_('Settings')), ('/', N_('WCS Form Server'))] - def _q_access(self): - get_response().breadcrumb.append( ('admin/', _('Administration')) ) - - req = get_request() - - if os.path.exists(os.path.join(get_publisher().app_dir, 'ADMIN_FOR_ALL')): - get_response().filter['admin_for_all'] = True - if req.user and req.user.is_admin: - # if the user had access to the admin, ADMIN_FOR_ALL was - # certainly added because something wrong happened when setting - # fine-grained access permissions with roles; so we give the - # user all possible roles. - req.user.roles = [x.id for x in roles.Role.select()] - return - - session = get_session() - - if req.user: - if get_publisher().user_class.count() == 0: - # this means user logged in anonymously - pass - elif not req.user.is_admin: - raise errors.AccessForbiddenError() - else: - if get_publisher().user_class.count() > 0: - raise errors.AccessUnauthorizedError() - - return - - def get_intro_text(self): - return _(''' -w.c.s. is a web application which allows to design and set up online forms. -It gives users the ability to create web forms easily without requiring any -other skill than familiarity with web surfing.''') - - def _q_index(self): - from menu import html_top - html_top('/') - r = TemplateIO(html=True) - r += htmltext('

%s

') % self.get_intro_text() - - r += htmltext('') - - r += htmltext('
') - r += htmltext('

%s

') % _('For more information:') - - r += htmltext('') - - get_response().filter['sidebar'] = str(self.get_sidebar()) - - return r.getvalue() - - def get_sidebar(self): - from menu import get_vc_version - r = TemplateIO(html=True) - version = get_vc_version() - if version: - r += htmltext('

') - r += _('Version:') - r += ' ' - r += version - r += htmltext('

') - - r += htmltext('
') - r += gpl() - r += htmltext('
') - - return r.getvalue() + def _q_traverse(self, path): + url = get_request().get_path_query() + url = url.replace('/admin/', '/backoffice/', 1) + return redirect(url) def register_page(cls, url_name, directory = None, label = None): if directory: @@ -173,35 +68,3 @@ other skill than familiarity with web surfing.''') cls.menu_items.insert(logger_index, (url_name, label)) register_page = classmethod(register_page) - - def _q_lookup(self, component): - if not component in [str(x[0]).strip('/') for x in self.menu_items]: - raise errors.TraversalError() - - authorised_roles = get_cfg('admin-permissions', {}).get(component) - if authorised_roles and not os.path.exists(os.path.join(get_publisher().app_dir, 'ADMIN_FOR_ALL')): - user_roles = set(get_request().user.roles) - if not user_roles.intersection(authorised_roles): - raise errors.AccessForbiddenError() - - return getattr(self, component) - - def get_menu_items(self): - if not get_request().user: - return self.menu_items - user_roles = set(get_request().user.roles or []) - if not get_cfg('admin-permissions', {}): - return self.menu_items - menu_items = self.menu_items[:] - for k, v in self.menu_items: - if not k.endswith(str('/')): - continue - k = k.strip(str('/')) - if not k: - continue - authorised_roles = get_cfg('admin-permissions', {}).get(k) - if not authorised_roles: - continue - if not user_roles.intersection(authorised_roles): - menu_items.remove((k+'/', v)) - return menu_items diff --git a/wcs/qommon/backoffice/root.py b/wcs/qommon/backoffice/root.py index e4d8d9b..a79a7bc 100644 --- a/wcs/qommon/backoffice/root.py +++ b/wcs/qommon/backoffice/root.py @@ -59,16 +59,26 @@ class BackofficeRootDirectory(AccessControlled, Directory): def _q_access(self): get_response().breadcrumb.append( ('backoffice/', _('Back Office')) ) + req = get_request() if os.path.exists(os.path.join(get_publisher().app_dir, 'ADMIN_FOR_ALL')): + get_response().filter['admin_for_all'] = True + if req.user and req.user.is_admin: + # if the user had access to the admin, ADMIN_FOR_ALL was + # certainly added because something wrong happened when setting + # fine-grained access permissions with roles; so we give the + # user all possible roles. + req.user.roles = [x.id for x in roles.Role.select()] return - user = get_request().user - if not user and get_publisher().user_class.count() > 0: - raise errors.AccessUnauthorizedError( - public_msg = _('Access to backoffice is restricted to authorized persons only. '\ - 'Please login.')) - if user and not user.can_go_in_backoffice(): - raise errors.AccessForbiddenError() + + if get_publisher().user_class.count() > 0: + user = req.user + if not user: + raise errors.AccessUnauthorizedError( + public_msg = _('Access to backoffice is restricted to authorized persons only. '\ + 'Please login.')) + if not user.can_go_in_backoffice(): + raise errors.AccessForbiddenError() get_response().filter['in_backoffice'] = True -- 2.1.4