kallithea Changeset - 61be6dcd49a0

Changeset - 61be6dcd49a0

Parent rev.

Child rev.

[Not reviewed]

default

0 3 0

Marcin Kuzminski - 15 years ago 2010-06-28 23:28:31
marcin@python-works.com

protected admin controllers

3 files changed with 28 insertions and 15 deletions:

pylons_app/controllers/admin.py

pylons_app/controllers/permissions.py

pylons_app/controllers/users.py

0 comments (0 inline, 0 general)

pylons_app/controllers/admin.py

➞

Show inline comments

@@ @@ -19,36 +19,34 @@ @@
 # MA  02110-1301, USA.
 """
 Created on April 7, 2010
 admin controller for pylons
 @author: marcink
 """
 import logging
 from pylons import request, response, session, tmpl_context as c
 from pylons_app.lib.base import BaseController, render
 from pylons_app.model import meta
 from pylons_app.model.db import UserLog
 from webhelpers.paginate import Page
 from pylons_app.lib.auth import LoginRequired
+from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator
 log = logging.getLogger(__name__)
 class AdminController(BaseController):
     @LoginRequired()
     def __before__(self):
         user = session['hg_app_user']
         c.admin_user = user.is_admin
         c.admin_username = user.username
         super(AdminController, self).__before__()
     @HasPermissionAllDecorator('hg.admin')
     def index(self):
         sa = meta.Session
         users_log = sa.query(UserLog).order_by(UserLog.action_date.desc())
         p = int(request.params.get('page', 1))
         c.users_log = Page(users_log, page=p, items_per_page=10)
         c.log_data = render('admin/admin_log.html')
         if request.params.get('partial'):
             return c.log_data
         return render('admin/admin.html')

pylons_app/controllers/permissions.py

➞

Show inline comments

@@ @@ -13,39 +13,52 @@ @@
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 27, 2010
 permissions controller for pylons
 @author: marcink
 """
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from pylons_app.lib import helpers as h
 from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator
 from pylons_app.lib.base import BaseController, render
 from pylons_app.model.db import User, UserLog
 from pylons_app.model.forms import UserForm
 from pylons_app.model.user_model import UserModel
 import formencode
 import logging
 from pylons import request, response, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons_app.lib.base import BaseController, render
 log = logging.getLogger(__name__)
 class PermissionsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('permission', 'permissions')
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(PermissionsController, self).__before__()
     def index(self, format='html'):
         """GET /permissions: All items in the collection"""
         # url('permissions')
         return render('admin/permissions/permissions.html')
     def create(self):
         """POST /permissions: Create a new item"""
         # url('permissions')
     def new(self, format='html'):
         """GET /permissions/new: Form to create a new item"""
         # url('new_permission')

pylons_app/controllers/users.py

➞

Show inline comments

@@ @@ -13,45 +13,47 @@ @@
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 4, 2010
 users controller for pylons
 @author: marcink
 """
-import logging
+from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from pylons_app.lib import helpers as h
 from pylons_app.lib.auth import LoginRequired
+from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator
 from pylons_app.lib.base import BaseController, render
 from pylons_app.model.db import User, UserLog
 from pylons_app.model.forms import UserForm
 from pylons_app.model.user_model import UserModel
 import formencode
-from formencode import htmlfill
+import logging
 log = logging.getLogger(__name__)
 class UsersController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('user', 'users')
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(UsersController, self).__before__()
     def index(self, format='html'):
         """GET /users: All items in the collection"""
         # url('users')
         c.users_list = self.sa.query(User).all()
         return render('admin/users/users.html')
@@ @@ -101,25 +103,25 @@ class UsersController(BaseController): @@
         except formencode.Invalid as errors:
             c.user = user_model.get_user(id)
             c.form_errors = errors.error_dict
             return htmlfill.render(
                  render('admin/users/user_edit.html'),
                 defaults=errors.value,
                 encoding="UTF-8")
         except Exception:
             h.flash(_('error occured during update of user %s') \
                     % form_result['username'], category='error')
         return redirect(url('users'))
     def delete(self, id):
         """DELETE /users/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('user', id=ID),
         #           method='delete')
         # url('user', id=ID)
         user_model = UserModel()
         try:
             user_model.delete(id)
             h.flash(_('sucessfully deleted user'), category='success')

0 comments (0 inline, 0 general)