diff -r e00779f0dcba -r c0c161736794 src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/partial/permissions.html
--- a/src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/partial/permissions.html Mon Dec 05 14:25:21 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/partial/permissions.html Tue Dec 06 17:45:35 2011 +0100
@@ -1,99 +1,77 @@
{% load i18n %}
+
+
+
+
+
+
+
+
-
-
+
+
+
+
-
-
-
- {{ management_form }}
-
-
-
-
-
- {% for form, group in group_form %}
-
- | {{ form.share }} |
- {{ group.name }} |
-
- {% trans "perm.read" %}
- {% trans "perm.write" %}
- |
- {{ form.perms }}
- {{ form.group }}
-
- {% endfor %}
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
diff -r e00779f0dcba -r c0c161736794 src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/partial/sharewith.html
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/partial/sharewith.html Tue Dec 06 17:45:35 2011 +0100
@@ -0,0 +1,5 @@
+{% load i18n %}
+
+{% for res in elem_list%}
+
+{% endfor %}
\ No newline at end of file
diff -r e00779f0dcba -r c0c161736794 src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/partial/userslist.html
--- a/src/ldt/ldt/ldt_utils/templates/ldt/ldt_utils/partial/userslist.html Mon Dec 05 14:25:21 2011 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,5 +0,0 @@
-{% load i18n %}
-
-{% for user in user_list %}
-
-{% endfor %}
\ No newline at end of file
diff -r e00779f0dcba -r c0c161736794 src/ldt/ldt/ldt_utils/urls.py
--- a/src/ldt/ldt/ldt_utils/urls.py Mon Dec 05 14:25:21 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/urls.py Tue Dec 06 17:45:35 2011 +0100
@@ -32,7 +32,7 @@
url(r'^filterprojects/_(?P
[\w\%\_\-\+]*?)/(?Ptrue|false)/(?P\d)/(?P.*)$', "views.projects_filter",),
url(r'^filtercontents/_(?P[\w\%\_\-\+]*?)/$', "views.contents_filter",),
url(r'^filtergroups/_(?P[\w\%\_\-\+]*?)/$', "views.groups_filter",),
- url(r'filterusers/_(?P[\w\%\_\-\+]*?)/(?P.*)$', "views.users_filter"),
+ url(r'filtershare/_(?P[\w\%\_\-\+]*?)/$', "views.share_filter"),
(r'^embedpopup/?$', "views.popup_embed"),
url(r'^segment/(?P.*)/(?P.*)/(?P.*)/(?P.*)/(?P.*)/$', 'views.index_segment'),
url(r'^segmentInit/(?P.*)/(?P.*)/(?P.*)/(?P.*)/(?P.*)/$', 'views.init_segment'),
diff -r e00779f0dcba -r c0c161736794 src/ldt/ldt/ldt_utils/views.py
--- a/src/ldt/ldt/ldt_utils/views.py Mon Dec 05 14:25:21 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/views.py Tue Dec 06 17:45:35 2011 +0100
@@ -20,7 +20,7 @@
from forms import (LdtAddForm, SearchForm, AddProjectForm, CopyProjectForm,
ContentForm, MediaForm, GroupAddForm, PermissionForm)
from guardian.core import ObjectPermissionChecker
-from guardian.shortcuts import assign, remove_perm, get_perms, get_objects_for_group
+from guardian.shortcuts import assign, remove_perm, get_perms, get_objects_for_group, get_objects_for_user
from ldt.ldt_utils.models import Content
from ldt.ldt_utils.utils import boolean_convert, LdtUtils, LdtSearch
from ldt.security.utils import (assign_object_to_groups, set_forbidden_stream,
@@ -181,27 +181,28 @@
{'projects': project_list, 'show_username':show_username,
'is_gecko': is_gecko, 'group_id':id_group},
context_instance=RequestContext(request))
+
+def share_filter(request, filter):
-def users_filter(request, filter, id_group=None):
- if filter and len(filter) > 0 and filter[0] == '_':
- filter = filter[1:]
+ if not filter or len(filter) == 0:
+ raise AttributeError("filter should be a string")
- query = Q(id=settings.ANONYMOUS_USER_ID) | Q(id=request.user.id) | Q(is_superuser=True)
- filter_query = Q(username__icontains=filter) if filter else Q()
- user_list = User.objects.exclude(query).filter(filter_query)[0:20]
+ filter = filter[1:]
+
+ users = User.objects.filter(username__icontains=filter)[0:20]
+ groups = Group.objects.filter(name__icontains=filter).exclude(name=settings.PUBLIC_GROUP_NAME)[0:20]
- if id_group:
- group = Group.objects.get(id=id_group)
- members_list = group.user_set.all()
- for u in user_list:
- if u in members_list:
- u.member = True
- if u.has_perm('change_group', group):
- u.admin = True
+ resp = []
+ for u in users:
+ resp.append({'name':u.username, 'id':u.id, 'type': 'user'})
- return render_to_response("ldt/ldt_utils/partial/userslist.html", {'user_list': user_list},
- context_instance=RequestContext(request))
-
+ for g in groups:
+ resp.append({'name': g.name, 'id': g.id, 'type': 'group'})
+
+ resp = sorted(resp, key=lambda elem: elem['name'].lower())
+
+ return render_to_response("ldt/ldt_utils/partial/sharewith.html", {'elem_list' : resp}, context_instance=RequestContext(request))
+
@login_required
def contents_filter(request, filter):
if filter and len(filter) > 0 and filter[0] == '_':
@@ -222,7 +223,6 @@
{'contents': content_list},
context_instance=RequestContext(request))
-
@login_required
def groups_filter(request, filter):
if filter and len(filter) > 0 and filter[0] == '_':
@@ -449,40 +449,38 @@
@login_required
def create_ldt_view(request):
- permission_formset = formset_factory(PermissionForm, extra=0)
groups = request.user.groups.exclude(name=settings.PUBLIC_GROUP_NAME)
redirect_to = ''
if request.method == "POST" :
form = LdtAddForm(request.POST)
form_status = "none"
contents = Content.safe_objects.all()
- group_form = permission_formset(request.POST)
-
- if form.is_valid() and group_form.is_valid():
- user = request.user
-
+
+ if form.is_valid():
+ user = request.user
project = Project.create_project(title=form.cleaned_data['title'], user=user,
- contents=form.cleaned_data['contents'],
+ #contents=form.cleaned_data['contents'],
+ contents=[],
description=form.cleaned_data['description'])
- assign_object_to_groups(project, group_form.cleaned_data)
+ assign_object_to_groups(project, form.cleaned_data["read_list"], form.cleaned_data["write_list"], user)
form_status = "saved"
is_gecko = ((request.META['HTTP_USER_AGENT'].lower().find("firefox")) > -1);
if is_gecko :
redirect_to = reverse('index_project_full', args=[project.ldt_id])
else:
- return HttpResponseRedirect(reverse('index_project', args=[project.ldt_id]))
-
- management_form, group_form = get_perm_form(groups, permission_formset)
-
+ return HttpResponseRedirect(reverse('index_project', args=[project.ldt_id]))
+
else:
form = LdtAddForm()
- contents = Content.safe_objects.all() #@UndefinedVariable
- management_form, group_form = get_perm_form(groups, permission_formset)
+ contents = Content.safe_objects.all()
form_status = "none"
-
- return render_to_response('ldt/ldt_utils/create_ldt.html', {'contents': contents, 'form': form, 'group_form': group_form, 'management_form': management_form, 'form_status':form_status,
- 'redirect_to': redirect_to, 'create_project_action':reverse(create_ldt_view), 'language_code' : settings.LANGUAGE_CODE[2:]}, context_instance=RequestContext(request))
+
+ user_list = User.objects.all()[0:20]
+ elem_list = [{'name': u.username, 'id': u.id, 'type': 'user'} for u in user_list]
+ return render_to_response('ldt/ldt_utils/create_ldt.html', {'contents': contents, 'form': form, 'form_status':form_status,
+ 'redirect_to': redirect_to, 'create_project_action':reverse(create_ldt_view), 'language_code' : settings.LANGUAGE_CODE[2:],
+ 'elem_list': elem_list}, context_instance=RequestContext(request))
def created_ldt(request):
return render_to_response('ldt/ldt_utils/save_done.html', context_instance=RequestContext(request))
@@ -500,7 +498,6 @@
def init_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id):
if project_id != u"_":
- assert False, project_id
get_object_or_404(Project.safe_objects, ldt_id=project_id)
ldtgen = LdtUtils()
@@ -842,7 +839,6 @@
@login_required
def create_project(request, iri_id):
- permission_formset = formset_factory(PermissionForm, extra=0)
content = get_object_or_404(Content.safe_objects, iri_id=iri_id)
contents = [ content, ]
groups = request.user.groups.exclude(name=settings.PUBLIC_GROUP_NAME)
@@ -851,39 +847,36 @@
if request.method == "POST" :
- group_form = permission_formset(request.POST)
form = AddProjectForm(request.POST)
- if form.is_valid() and group_form.is_valid():
+ if form.is_valid():
user = request.user
project = Project.create_project(title=form.cleaned_data['title'], user=user, contents=contents, description=form.cleaned_data['description'])
- form_status = "saved"
+ form_status = "saved"
+ assign_object_to_groups(project, form.cleaned_data["read_list"], form.cleaned_data["write_list"], user)
+
# Modal window is not used with firefox
is_gecko = ((request.META['HTTP_USER_AGENT'].lower().find("firefox")) > -1);
if is_gecko :
redirect_to = reverse('index_project_full', args=[project.ldt_id])
else:
return HttpResponseRedirect(reverse('index_project', args=[project.ldt_id]))
- assign_object_to_groups(project, group_form.cleaned_data)
-
- management_form, group_form = get_perm_form(groups, permission_formset)
+
else:
form = AddProjectForm()
- management_form, group_form = get_perm_form(groups, permission_formset)
- return render_to_response('ldt/ldt_utils/create_ldt.html', {'form':form, 'form_status': form_status, 'contents':contents,'groups' : groups, 'group_form': group_form,
- 'management_form': management_form, 'redirect_to': redirect_to, 'create_project_action':reverse("ldt.ldt_utils.views.create_project", args=[iri_id])}, context_instance=RequestContext(request))
+ return render_to_response('ldt/ldt_utils/create_ldt.html', {'form':form, 'form_status': form_status, 'contents':contents,'groups' : groups,
+ 'redirect_to': redirect_to, 'create_project_action':reverse("ldt.ldt_utils.views.create_project", args=[iri_id])}, context_instance=RequestContext(request))
@login_required
def update_project(request, ldt_id):
- permission_formset = formset_factory(PermissionForm, extra=0)
project = get_object_or_404(Project.safe_objects, ldt_id=ldt_id)
contents = project.contents.all()
groups = request.user.groups.exclude(name=settings.PUBLIC_GROUP_NAME)
-
- management_form = None
-
+ elem_list = User.objects.all()[0:20]
+ elem_list = [{'name': e.username, 'id': e.id, 'type': e.type} for e in elem_list]
+
if request.method == "POST" :
submit_action = request.REQUEST.get("submit_button", False)
if submit_action == "prepare_delete":
@@ -901,14 +894,11 @@
project.delete()
form_status = 'deleted'
form = AddProjectForm()
- group_form = permission_formset()
else:
form_status = 'none'
form = AddProjectForm(request.POST)
- group_form = permission_formset(request.POST)
- if form.is_valid() and group_form.is_valid():
-
+ if form.is_valid():
if project.title != form.cleaned_data['title'] or project.description != form.cleaned_data['description']:
project.title = form.cleaned_data['title']
project.description = form.cleaned_data['description']
@@ -919,32 +909,15 @@
project.ldt = lxml.etree.tostring(ldt, pretty_print=True)
project.save()
- assign_object_to_groups(project, group_form.cleaned_data)
+ assign_object_to_groups(project, form.cleaned_data["read_list"], form.cleaned_data["write_list"], request.user)
form_status = "saved"
else:
form = AddProjectForm({'title':unicode(project.title), 'description':unicode(project.get_description())})
- perm_list = []
- for group in groups:
- group_perms = get_perms(group, project)
- share = False
- perm = None
- if 'view_project' in group_perms:
- share = True
- perm = 'read'
- if 'change_project' in group_perms:
- perm = 'write'
-
- perm_list.append({'share': share, 'perms': perm, 'group': group.id })
- permission = permission_formset(initial=perm_list)
- management_form = permission.management_form
- group_form = zip(permission, groups)
-
form_status = 'none'
return render_to_response('ldt/ldt_utils/create_ldt.html', {'form':form, 'form_status':form_status, 'groups': groups,
- 'ldt_id': ldt_id, 'contents':contents, 'group_form': group_form, 'management_form': management_form,
- 'create_project_action':reverse("ldt.ldt_utils.views.update_project", args=[ldt_id])}, context_instance=RequestContext(request))
+ 'elem_list': elem_list, 'ldt_id': ldt_id, 'contents':contents, 'create_project_action':reverse("ldt.ldt_utils.views.update_project", args=[ldt_id])}, context_instance=RequestContext(request))
@login_required
def copy_project(request, ldt_id, group_id=None):
@@ -1334,6 +1307,7 @@
return HttpResponseServerError('User can not leave a group.
')
query = Q(id=settings.ANONYMOUS_USER_ID) | Q(id=request.user.id) | Q(is_superuser=True)
user_list = User.objects.exclude(query)[0:20]
+ user_list = [{'name': x.username, 'id': x.id, 'type': 'user'} for x in user_list]
form_status = ''
if request.method == 'POST':
@@ -1359,7 +1333,7 @@
form = GroupAddForm()
form.fields['members_list'].queryset = user_list
- return render_to_response("ldt/ldt_utils/create_group.html", {'form' : form, 'form_status' : form_status, 'user_list' : user_list, 'admin_list': user_list}, context_instance=RequestContext(request))
+ return render_to_response("ldt/ldt_utils/create_group.html", {'form' : form, 'form_status' : form_status, 'elem_list' : user_list}, context_instance=RequestContext(request))
@login_required
def update_group(request, group_id):
@@ -1398,7 +1372,7 @@
for user in new_member_list:
group.user_set.add(user)
- if user in admin_list and user.get_profile().is_regular:
+ if user in admin_list:
assign('change_group', user, group)
else:
remove_perm('change_group', user, group)
diff -r e00779f0dcba -r c0c161736794 src/ldt/ldt/security/utils.py
--- a/src/ldt/ldt/security/utils.py Mon Dec 05 14:25:21 2011 +0100
+++ b/src/ldt/ldt/security/utils.py Tue Dec 06 17:45:35 2011 +0100
@@ -1,8 +1,7 @@
from django.conf import settings
from django.contrib.contenttypes.models import ContentType
-from django.contrib.auth.models import Group
from guardian.core import ObjectPermissionChecker
-from guardian.shortcuts import assign, remove_perm
+from guardian.shortcuts import assign, remove_perm, get_users_with_perms, get_groups_with_perms
try:
from threading import local
@@ -104,19 +103,28 @@
return obj_list
-def assign_object_to_groups(object, permissions):
+def assign_object_to_groups(object, read_list, write_list, owner):
name = object.__class__.__name__.lower()
- for elem in permissions:
- group = Group.objects.get(id=elem['group'])
- if elem['share']:
- assign('view_%s' % name, group, object)
- if elem['perms'] == 'write':
- assign('change_%s' % name, group, object)
- else:
- remove_perm('change_%s' % name, group, object)
+
+ old_users = get_users_with_perms(object).exclude(id=owner.id)
+ old_groups = get_groups_with_perms(object)
+
+ for elem in read_list:
+ assign('view_%s' % name, elem, object)
+ if elem in write_list:
+ assign('change_%s' % name, elem, object)
else:
- remove_perm('view_%s' % name, group, object)
- remove_perm('change_%s' % name, group, object)
+ remove_perm('change_%s' % name, elem, object)
+
+ def remove_perms(new_list, old_list, obj, name):
+ for e in old_list:
+ if e not in new_list:
+ remove_perm('view_%s' % name, e, obj)
+ remove_perm('change_%s' % name, e, obj)
+
+ remove_perms(read_list, old_users, object, name)
+ remove_perms(read_list, old_groups, object, name)
+
def get_perm_form(groups, formset):
perm_list = []
diff -r e00779f0dcba -r c0c161736794 src/ldt/ldt/static/ldt/js/multiselect.js
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/ldt/ldt/static/ldt/js/multiselect.js Tue Dec 06 17:45:35 2011 +0100
@@ -0,0 +1,103 @@
+function init_multi_select_events (first_list, sec_list, first_selection, sec_selection, search_input, search_url) {
+
+ $("#selectelems").click(function () {
+ var list = get_selected_elems(first_list);
+ move_elem(first_list, sec_list, list);
+ add_to_form(first_selection, list, "read_list");
+ });
+
+ $("#removeelems").click(function () {
+ var list = get_selected_elems(sec_list);
+ move_elem(sec_list, first_list, list);
+ remove_from_form(first_selection, list);
+ });
+
+ $("#selectall").click(function () {
+ var list = get_all_options(first_list);
+ move_elem(first_list, sec_list, list);
+ add_to_form(first_selection, list, "read_list");
+ });
+
+ $("#removeall").click(function () {
+ var elem_list = get_all_options(sec_list);
+ move_elem(sec_list, first_list, get_all_options(sec_list));
+ remove_from_form(first_selection, elem_list);
+ remove_from_form(sec_selection, elem_list);
+ });
+
+ $("#chooseaux").click(function () {
+ var elems = get_selected_elems(sec_list);
+
+ for (var i=0; i < elems.length; i++) {
+ $("option[value=" + elems[i] + "]", sec_list).css('color', '#2181B1');
+ $(sec_selection).append("");
+ }
+ });
+
+ $("#removeaux").click(function () {
+ var users = get_selected_elems(sec_list);
+
+ for (var i=0; i < users.length; i++) {
+ $("option[value=" + users[i] + "]", sec_list).css('color', 'black');
+ $("input[value=" + users[i] + "]", sec_selection).remove();
+ }
+ });
+
+ $(document).ready(function () {
+ filter_elems(first_list, sec_list);
+ input_list_init = [
+ {'input_selector':search_input, 'container_selector': first_list, 'url':search_url}
+ ];
+ searchFieldInit(input_list_init);
+ });
+}
+
+function move_elem (from, to, elems) {
+ var selected = $("#sec_selection");
+ for (var i=0; i < elems.length; i++) {
+ var option = $("option[value=" + elems[i] + "]", from);
+ option.css('color', 'black');
+ $("input[value=" + elems[i] + "]", selected).remove();
+ to.append(option);
+ }
+}
+
+function get_selected_elems(list) {
+ var selected = Array();
+ $("option:selected", list).each(function (e) {
+ selected.push($(this).val());
+ });
+ return selected;
+}
+
+function remove_from_form(form, elem_list) {
+ for (var i=0; i < elem_list.length; i++) {
+ $("input[value=" + elem_list[i] + "]", form).remove();
+ }
+}
+
+function add_to_form(form, elem_list, name) {
+ for (var i=0; i < elem_list.length; i++) {
+ form.append("");
+ }
+}
+
+function get_all_options (select) {
+ var all = Array();
+ $("option", select).each(function() {
+ all.push($(this).val());
+ });
+ return all;
+}
+
+function filter_elems(first_list, sec_list) {
+ var selected = get_all_options(sec_list);
+
+ $("option", first_list).each(function () {
+ for (var i = 0; i < selected.length; i++) {
+ if (selected[i] == $(this).attr('value')) {
+ $(this).remove();
+ }
+ }
+ });
+}
\ No newline at end of file
