auth blob handling (UI) works

This commit is contained in:
seba 2011-09-30 22:29:02 +02:00
parent a1052df608
commit d6a3b21d51
8 changed files with 159 additions and 88 deletions

View File

@ -73,8 +73,9 @@ def requirePlugin(apiFunc):
if request.user: if request.user:
group = request.user.groups.get(name="Plugin") group = request.user.groups.get(name="Plugin")
# no exception, exec apiFunc! # no exception, exec apiFunc!
request.plugin = Plugin.objects.get(user=request.user)
return apiFunc(self, request, *args, **kwargs) return apiFunc(self, request, *args, **kwargs)
except Groups.DoesNotExist: except Group.DoesNotExist:
pass pass
ret = rc.FORBIDDEN ret = rc.FORBIDDEN

View File

@ -136,6 +136,26 @@ class AuthBlobHandler(BaseHandler):
# model = # model =
pass pass
class AuthUserHandler(BaseHandler):
allowed_methods = ('GET')
fields = ('id', 'username')
@requirePlugin
def read(self, request):
if not request.plugin.uniqueAuthblob:
ret = rc.BAD_REQUEST
ret.write("\nThis plugin does not support unique auth blobs, therefore we can't identify an user uniquely by its authblob\n")
return ret
if not request.GET.has_key('authblob'):
return rc.BAD_REQUEST
try:
perm = PluginPermission.objects.get(plugin=request.plugin, authblob=request.GET['authblob'])
return perm.user
except PluginPermission.DoesNotExist:
return rc.NOT_FOUND
class ConfigHandler(BaseHandler): class ConfigHandler(BaseHandler):
allowed_methods = ('GET',) allowed_methods = ('GET',)

View File

@ -22,6 +22,7 @@ accountBalanceRes = CsrfExemptResource(handler=AccountBalanceHandler, **ad)
authBlobRes = CsrfExemptResource(handler=AuthBlobHandler, **ad) authBlobRes = CsrfExemptResource(handler=AuthBlobHandler, **ad)
authUserRes = CsrfExemptResource(handler=AuthUserHandler, **ad)
configRes = CsrfExemptResource(handler=ConfigHandler, **ad) configRes = CsrfExemptResource(handler=ConfigHandler, **ad)
@ -37,6 +38,7 @@ urlpatterns = patterns('',
url(r'account/balance/?$', accountBalanceRes), url(r'account/balance/?$', accountBalanceRes),
url(r'auth/blob/?$', authBlobRes), url(r'auth/blob/?$', authBlobRes),
url(r'auth/user/?$', authUserRes),
url(r'config/?$', configRes), url(r'config/?$', configRes),
) )

View File

@ -19,12 +19,21 @@ def createUserProfile(sender, instance, created, **kwargs):
post_save.connect(createUserProfile, sender=User) post_save.connect(createUserProfile, sender=User)
class Plugin(models.Model): class Plugin(models.Model):
name = models.CharField(max_length=40)
user = models.ForeignKey(User, unique=True) user = models.ForeignKey(User, unique=True)
# plugin info
name = models.CharField(max_length=40)
author = models.CharField(max_length=40) author = models.CharField(max_length=40)
version = models.CharField(max_length=40) version = models.CharField(max_length=40)
descr = models.TextField(default='') descr = models.TextField(default='')
# plugin config
uniqueAuthblob = models.BooleanField(default=False) uniqueAuthblob = models.BooleanField(default=False)
userCanWriteAuthblob = models.BooleanField(default=True)
# automatically set when write is allowed
userCanReadAuthblob = models.BooleanField(default=True)
pluginCanWriteAuthblob = models.BooleanField(default=False)
pluginCanReadAuthblob = models.BooleanField(default=False)
def __unicode__(self): def __unicode__(self):
return self.name return self.name
@ -32,7 +41,7 @@ class Plugin(models.Model):
class PluginPermission(models.Model): class PluginPermission(models.Model):
user = models.ForeignKey(User) user = models.ForeignKey(User)
plugin = models.ForeignKey('Plugin') plugin = models.ForeignKey('Plugin')
authBlob = models.TextField(default='') authblob = models.TextField(default='')
def __unicode__(self): def __unicode__(self):
return "%s allows %s" % (self.user, self.plugin) return "%s allows %s" % (self.user, self.plugin)

View File

@ -4,7 +4,7 @@
{% if allMost %} {% if allMost %}
Am beliebtesten ist: <br /> <br /> Am beliebtesten ist: <br /> <br />
{% for buyable in allMost %} {% for buyable in allMost %}
{{ buyable.buyable__name }} ( {{ buyable.num_buys }} mal) <br /> <a href="/store/show/{{ buyable.buyable__id }}">{{ buyable.buyable__name }}</a> ( {{ buyable.num_buys }} mal) <br />
{% endfor %} {% endfor %}
<br /> <br />
{% else %} {% else %}
@ -15,7 +15,7 @@
{% if usersMost %} {% if usersMost %}
Am oeftesten hattest du: <br /> <br /> Am oeftesten hattest du: <br /> <br />
{% for buyable in usersMost %} {% for buyable in usersMost %}
{{ buyable.buyable__name }} ( {{ buyable.num_buys }} mal) <br /> <a href="/store/show/{{ buyable.buyable__id }}">{{ buyable.buyable__name }}</a> ( {{ buyable.num_buys }} mal) <br />
{% endfor %} {% endfor %}
<br /> <br />
{% else %} {% else %}
@ -26,7 +26,7 @@
{% if usersLast %} {% if usersLast %}
Als letztes hattest du: <br /> <br /> Als letztes hattest du: <br /> <br />
{% for buyable in usersLast %} {% for buyable in usersLast %}
{{ buyable.buyable__name }} <br /> <a href="/store/show/{{ buyable.buyable__id }}">{{ buyable.buyable__name }}</a> <br />
{% endfor %} {% endfor %}
<br /> <br />
{% else %} {% else %}

View File

@ -9,89 +9,57 @@
<br /> <br />
<h2>Plugin Berechtigungen</h2> <h2>Plugin Berechtigungen</h2>
<hr /> <hr />
<p> {% if pluginerror %}
<form method="POST" action="/settings/plugins/addperm/"> <font color="red">{{ pluginerror|safe }}</font>
<select name="pid"> {% endif %}
<option value="0"> ----- </option> {% if pluginmsg %}
{% for plugin in unallowedplugins %} <font color="green">{{ pluginmsg|safe }}</font>
<option value="{{ plugin.id }}">{{ plugin.name }}</option> {% endif %}
{% endfor %}
</select>
<input type="submit" value="Plugin erlauben">
</form>
</p>
<p> <p>
<table> <table>
<tr> <tr>
<th>Name</th> <th>Name</th>
<th>Author</th>
<th>Version</th>
<th>Beschreibung</th>
<th>AuthBlob</th> <th>AuthBlob</th>
<th>Optionen</th> <th>Erlauben/Verbieten</th>
</tr> </tr>
{% if pluginpermissions %} {% for p in permissions %}
{% for pperm in pluginpermissions %} <tr style="background: green">
{% if pperm.plugin in plugins %} <td style="vertical-align:middle">{{ p.plugin.name }}</td>
end test <td style="vertical-align:middle">{{ p.plugin.author }}</td>
<td style="vertical-align:middle">{{ p.plugin.version }}</td>
<td style="vertical-align:top">{{ p.plugin.descr }}</td>
<td>
{% if p.plugin.userCanWriteAuthblob %}
<form method="post" action="/user/settings/plugin/authblob/{{ p.plugin.id }}/">
{% csrf_token %}
<textarea name="authblob">{{ p.authblob }}</textarea>
<input type="submit" value="Speichern">
</form>
{% else %}
{% if p.plugin.userCanReadAuthblob %}
{{ p.authblob }}
{% else %}
---
{% endif %}
{% endif %} {% endif %}
<tr style="background: green"> </td>
<td style="vertical-align:middle">{{ pperm.plugin }}</td> <td style="vertical-align:middle"><a href="/user/settings/plugin/deny/{{ p.plugin.id }}/">Plugin verbieten</a></td>
<td style="vertical-align:middle"> </tr>
<form method="post" action=""> {% endfor %}
<textarea name="authblob">{{ pperm.authBlob }}</textarea> {% for plugin in unallowed %}
<input type="submit" value="Speichern" /> <tr style="background: red">
</form> <td style="vertical-align:middle">{{ plugin.name }}</td>
</td> <td style="vertical-align:middle">{{ plugin.author }}</td>
<td style="vertical-align:middle"> <td style="vertical-align:middle">{{ plugin.version }}</td>
<form method="post" action=""> <td style="vertical-align:top">{{ plugin.descr }}</td>
<input type="submit" value="Berechtigungen aufheben" /> <td>&nbsp;</td>
</form> <td style="vertical-align:middle"><a href="/user/settings/plugin/allow/{{ plugin.id }}/">Plugin erlauben</a></td>
<td> </tr>
</tr> {% endfor %}
{% endfor %}
{% else %}
<tr>
<td align="center" colspan="10">Du hast bisher keinem Plugin zugriff auf deinen Account gew&auml;hrt</td>
</tr>
{% endif %}
</table>
Perms {{ pluginpermissions }} <br />
<br /><br />
<h2>Second Idea for Plugin interface</h2>
<hr />
<p>
<table>
<tr>
<th>Name</th>
<th>AuthBlob</th>
<th>Optionen</th>
</tr>
{% if pluginpermissions %}
{% for plugin in plugins %}
<tr style="{%if plugin in unallowedplugins%}background:red{%else%}background: green{%endif%}">
<td style="vertical-align:middle">{{ plugin }}</td>
<td style="vertical-align:middle">
{%if plugin not in unallowedplugins %}
<form method="post" action="">
<textarea name="authblob">{{ pperm.authBlob }}</textarea>
<input type="submit" value="Speichern" />
</form>
{%endif%}
</td>
<td style="vertical-align:middle">
<form method="post" action="">
{%if plugin in unallowedplugins %}
<input type="submit" value="Berechtigungen hinzuf&uuml;gen" />
{%else%}
<input type="submit" value="Berechtigungen aufheben" />
{%endif%}
</form>
<td>
</tr>
{% endfor %}
{% else %}
<tr>
<td align="center" colspan="10">Du hast bisher keinem Plugin zugriff auf deinen Account gew&auml;hrt</td>
</tr>
{% endif %}
</table> </table>
</p> </p>
{% endblock %} {% endblock %}

View File

@ -11,4 +11,7 @@ urlpatterns = patterns('',
{'template_name': 'registration/logout.html', {'template_name': 'registration/logout.html',
'next_page': '/user/login/'}), 'next_page': '/user/login/'}),
(r'^settings/$', 'main.views.settings'), (r'^settings/$', 'main.views.settings'),
#plugin stuff
(r'^settings/plugin/(?P<method>(?:allow|deny))/(?P<pluginId>\d+)/$', 'main.views.pluginPermission'),
(r'^settings/plugin/authblob/(?P<pluginId>\d+)/$', 'main.views.pluginAuthblob'),
) )

View File

@ -2,6 +2,7 @@ from django.shortcuts import render_to_response
from django.template import RequestContext from django.template import RequestContext
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.db.models import Count from django.db.models import Count
from django.http import HttpResponseRedirect
from main.models import Plugin, PluginPermission from main.models import Plugin, PluginPermission
@ -12,17 +13,84 @@ def startpage(request):
''' Diese Funktion wird wahrscheinlich viel Last erzeugen, da ''' Diese Funktion wird wahrscheinlich viel Last erzeugen, da
sie ueber mehrere Tabellen joined,filtered und wieder reduced. sie ueber mehrere Tabellen joined,filtered und wieder reduced.
''' '''
allMost = Purchase.objects.filter(isDeposit=False).values('buyable__name').annotate(num_buys=Count('buyable')).order_by('-num_buys') allMost = Purchase.objects.filter(isDeposit=False).values('buyable__name', 'buyable__id').annotate(num_buys=Count('buyable')).order_by('-num_buys')
usersMost = Purchase.objects.filter(isDeposit=False).values('buyable__name').filter(order__user=request.user.id).annotate(num_buys=Count('buyable')).order_by('-num_buys') usersMost = Purchase.objects.filter(isDeposit=False).values('buyable__name','buyable__id').filter(order__user=request.user.id).annotate(num_buys=Count('buyable')).order_by('-num_buys')
usersLast = Purchase.objects.filter(isDeposit=False).values('buyable__name').filter(order__user=request.user.id).order_by('-order__dateTime') usersLast = Purchase.objects.filter(isDeposit=False).values('buyable__name','buyable__id').filter(order__user=request.user.id).order_by('-order__dateTime')
return render_to_response("main/startpage.html", {'allMost' : allMost,'usersMost': usersMost, 'usersLast' : usersLast}, RequestContext(request)) return render_to_response("main/startpage.html", {'allMost' : allMost,'usersMost': usersMost, 'usersLast' : usersLast}, RequestContext(request))
def register(request): def register(request):
return render_to_response("registration/register.html", RequestContext(request)) return render_to_response("registration/register.html", RequestContext(request))
@login_required
def settings(request): def getPluginDict(request):
plugins = Plugin.objects.all() plugins = Plugin.objects.all()
allowed = Plugin.objects.filter(pluginpermission__user=request.user)
unallowed = Plugin.objects.exclude(pluginpermission__user=request.user) unallowed = Plugin.objects.exclude(pluginpermission__user=request.user)
perms = PluginPermission.objects.filter(user=request.user) perms = PluginPermission.objects.filter(user=request.user)
return render_to_response("settings/settings.html", {'plugins': plugins, 'unallowedplugins': unallowed, 'pluginpermissions': perms}, RequestContext(request))
return {'plugins': plugins, 'allowed': allowed, 'unallowed': unallowed, 'permissions': perms}
@login_required
def settings(request):
return render_to_response("settings/settings.html", getPluginDict(request), RequestContext(request))
@login_required
def pluginPermission(request, method, pluginId):
plugin = None
try:
plugin = Plugin.objects.get(id=pluginId)
except Plugin.DoesNotExist:
d = getPluginDict(request)
d['pluginerror'] = "Ein Plugin mit der angegebenen ID existiert nicht"
return render_to_response("settings/settings.html", d, RequestContext(request))
if method == "allow":
try:
p = PluginPermission.objects.get(user=request.user, plugin=plugin)
d = getPluginDict(request)
d['pluginerror'] = "Dieses Plugin wurde bereits erlaubt"
return render_to_response("settings/settings.html", d, RequestContext(request))
except PluginPermission.DoesNotExist:
p = PluginPermission(user=request.user, plugin=plugin)
p.save()
else:
try:
p = PluginPermission.objects.get(user=request.user, plugin=plugin)
p.delete()
except PluginPermission.DoesNotExist:
d = getPluginDict(request)
d['pluginerror'] = "Keine Berechtigungen f&uuml;r dieses Plugin gefunden - kann also auch nicht zur&uuml;ckgezogen werden"
return render_to_response("settings/settings.html", d, RequestContext(request))
return HttpResponseRedirect("/user/settings/")
@login_required
def pluginAuthblob(request, pluginId):
if request.method != "POST":
return HttpResponseRedirect("/user/settings/")
plugin = None
try:
plugin = Plugin.objects.get(id=pluginId)
except Plugin.DoesNotExist:
d = getPluginDict(request)
d['pluginerror'] = "Ein Plugin mit der angegebenen ID existiert nicht"
return render_to_response("settings/settings.html", d, RequestContext(request))
p = None
try:
p = PluginPermission.objects.get(user=request.user, plugin=plugin)
except PluginPermission.DoesNotExist:
d = getPluginDict(request)
d['pluginerror'] = "Vor dem editieren vom Authblob muss das Plugin ersteinmal erlaubt werden"
return render_to_response("settings/settings.html", d, RequestContext(request))
if not p.plugin.userCanWriteAuthblob or not request.POST.has_key("authblob"):
d = getPluginDict(request)
d['pluginerror'] = "Der Authblob darf f&uuml;r dieses Plugin nicht vom User ver&auml;ndert werden (oder der Authblob war kaputt)"
return render_to_response("settings/settings.html", d, RequestContext(request))
p.authblob = request.POST['authblob']
p.save()
d = getPluginDict(request)
d['pluginmsg'] = "Authblob erfolgreich ge&auml;ndert"
return render_to_response("settings/settings.html", d, RequestContext(request))