auth blob handling (UI) works

13 years ago · d6a3b21d51
parent a1052df608
commit d6a3b21d51
8 changed files with 159 additions and 88 deletions
--- a/k4ever/api2/decorators.py
+++ b/k4ever/api2/decorators.py
@ -73,8 +73,9 @@ def requirePlugin(apiFunc):
 			if request.user:
 				group = request.user.groups.get(name="Plugin")
 				# no exception, exec apiFunc!
 				request.plugin = Plugin.objects.get(user=request.user)
 				return apiFunc(self, request, *args, **kwargs)
-		except Groups.DoesNotExist:
+		except Group.DoesNotExist:
 			pass
 		ret = rc.FORBIDDEN
--- a/k4ever/api2/handlers.py
+++ b/k4ever/api2/handlers.py
@ -136,6 +136,26 @@ class AuthBlobHandler(BaseHandler):
 	# model = 
 	pass
 class AuthUserHandler(BaseHandler):
 	allowed_methods = ('GET')
 	fields = ('id', 'username')
 	@requirePlugin
 	def read(self, request):
 		if not request.plugin.uniqueAuthblob:
 			ret = rc.BAD_REQUEST
 			ret.write("\nThis plugin does not support unique auth blobs, therefore we can't identify an user uniquely by its authblob\n")
 			return ret
 		if not request.GET.has_key('authblob'):
 			return rc.BAD_REQUEST
 		try:
 			perm = PluginPermission.objects.get(plugin=request.plugin, authblob=request.GET['authblob'])
 			return perm.user
 		except PluginPermission.DoesNotExist:
 			return rc.NOT_FOUND
 class ConfigHandler(BaseHandler):
 	allowed_methods = ('GET',)
--- a/k4ever/api2/urls.py
+++ b/k4ever/api2/urls.py
@ -22,6 +22,7 @@ accountBalanceRes      = CsrfExemptResource(handler=AccountBalanceHandler, **ad)
 authBlobRes = CsrfExemptResource(handler=AuthBlobHandler, **ad)
 authUserRes = CsrfExemptResource(handler=AuthUserHandler, **ad)
 configRes   = CsrfExemptResource(handler=ConfigHandler, **ad)
@ -37,6 +38,7 @@ urlpatterns = patterns('',
 	url(r'account/balance/?$', accountBalanceRes),
 	url(r'auth/blob/?$', authBlobRes),
 	url(r'auth/user/?$', authUserRes),
 	url(r'config/?$', configRes),
 )
--- a/k4ever/main/models.py
+++ b/k4ever/main/models.py
@ -19,12 +19,21 @@ def createUserProfile(sender, instance, created, **kwargs):
 post_save.connect(createUserProfile, sender=User)
 class Plugin(models.Model):
 	name = models.CharField(max_length=40)
 	user = models.ForeignKey(User, unique=True)
 	# plugin info
 	name = models.CharField(max_length=40)
 	author = models.CharField(max_length=40)
 	version = models.CharField(max_length=40)
 	descr = models.TextField(default='')
 	# plugin config
 	uniqueAuthblob = models.BooleanField(default=False)
 	userCanWriteAuthblob = models.BooleanField(default=True)
 	# automatically set when write is allowed
 	userCanReadAuthblob = models.BooleanField(default=True)
 	pluginCanWriteAuthblob = models.BooleanField(default=False)
 	pluginCanReadAuthblob = models.BooleanField(default=False)
 	def __unicode__(self):
 		return self.name
@ -32,7 +41,7 @@ class Plugin(models.Model):
 class PluginPermission(models.Model):
 	user = models.ForeignKey(User)
 	plugin = models.ForeignKey('Plugin')
-	authBlob = models.TextField(default='')
+	authblob = models.TextField(default='')
 	def __unicode__(self):
 		return "%s allows %s" % (self.user, self.plugin)
--- a/k4ever/main/templates/main/startpage.html
+++ b/k4ever/main/templates/main/startpage.html
@ -4,7 +4,7 @@
 	{% if allMost %}
 		Am beliebtesten ist: <br /> <br />
 		{% for buyable in allMost %}
-			{{ buyable.buyable__name }} ( {{ buyable.num_buys }} mal) <br />
+			<a href="/store/show/{{ buyable.buyable__id }}">{{ buyable.buyable__name }}</a> ( {{ buyable.num_buys }} mal) <br />
 			{% endfor %}
 		<br />
 	{% else %}
@ -15,7 +15,7 @@
 	{% if usersMost %}
 		Am oeftesten hattest du: <br /> <br />
 		{% for buyable in usersMost %}
-			{{ buyable.buyable__name }} ( {{ buyable.num_buys }} mal) <br />
+			<a href="/store/show/{{ buyable.buyable__id }}">{{ buyable.buyable__name }}</a> ( {{ buyable.num_buys }} mal) <br />
 			{% endfor %}
 		<br />
 	{% else %}
@ -26,7 +26,7 @@
 	{% if usersLast %}
 		Als letztes hattest du: <br /> <br />
 		{% for buyable in usersLast %}
-			{{ buyable.buyable__name }} <br />
+			<a href="/store/show/{{ buyable.buyable__id }}">{{ buyable.buyable__name }}</a> <br />
 			{% endfor %}
 		<br />
 	{% else %}
--- a/k4ever/main/templates/settings/settings.html
+++ b/k4ever/main/templates/settings/settings.html
@ -9,89 +9,57 @@
 	<br />
 	<h2>Plugin Berechtigungen</h2>
 	<hr />
-	<p>
+	{% if pluginerror %}
-		<form method="POST" action="/settings/plugins/addperm/">
+		<font color="red">{{ pluginerror|safe }}</font>
-			<select name="pid">
+	{% endif %}
-				<option value="0"> ----- </option>
+	{% if pluginmsg %}
-				{% for plugin in unallowedplugins %}
+		<font color="green">{{ pluginmsg|safe }}</font>
 				<option value="{{ plugin.id }}">{{ plugin.name }}</option>
 				{% endfor %}
 			</select>
 			<input type="submit" value="Plugin erlauben">
 		</form>
 	</p>
 	<p>
 	<table>
 		<tr>
 			<th>Name</th>
 			<th>AuthBlob</th>
 			<th>Optionen</th>
 		</tr>
 	{% if pluginpermissions %}
 		{% for pperm in pluginpermissions %}
 		{% if pperm.plugin in plugins %}
 			end test
 		{% endif %}
 		<tr style="background: green">
 			<td style="vertical-align:middle">{{ pperm.plugin }}</td>
 			<td style="vertical-align:middle">
 				<form method="post" action="">
 					<textarea name="authblob">{{ pperm.authBlob }}</textarea>
 					<input type="submit" value="Speichern" />
 				</form>
 			</td>
 			<td style="vertical-align:middle">
 				<form method="post" action="">
 					<input type="submit"  value="Berechtigungen aufheben" />
 				</form>
 			<td>
 		</tr>
 		{% endfor %}
 	{% else %}
 		<tr>
 			<td align="center" colspan="10">Du hast bisher keinem Plugin zugriff auf deinen Account gew&auml;hrt</td>
 		</tr>
 	{% endif %}
 	</table>
 	Perms {{ pluginpermissions }} <br />
 	<br /><br />
 	<h2>Second Idea for Plugin interface</h2>
 	<hr />
 	<p>
 	<table>
 		<tr>
 			<th>Name</th>
 			<th>Author</th>
 			<th>Version</th>
 			<th>Beschreibung</th>
 			<th>AuthBlob</th>
-			<th>Optionen</th>
+			<th>Erlauben/Verbieten</th>
 		</tr>
 	{% if pluginpermissions %}
 		{% for plugin in plugins %}
 		<tr style="{%if plugin in unallowedplugins%}background:red{%else%}background: green{%endif%}">
 			<td style="vertical-align:middle">{{ plugin }}</td>
 			<td style="vertical-align:middle">
 				{%if plugin not in unallowedplugins %}
 				<form method="post" action="">
 					<textarea name="authblob">{{ pperm.authBlob }}</textarea>
 					<input type="submit" value="Speichern" />
 				</form>
 				{%endif%}
 			</td>
 			<td style="vertical-align:middle">
 				<form method="post" action="">
 					{%if plugin in unallowedplugins %}
 					<input type="submit"  value="Berechtigungen hinzuf&uuml;gen" />
 					{%else%}
 					<input type="submit"  value="Berechtigungen aufheben" />
 					{%endif%}
 				</form>
 			<td>
 		</tr>
-		{% endfor %}
+	{% for p in permissions %}
-	{% else %}
+	<tr style="background: green">
-		<tr>
+		<td style="vertical-align:middle">{{ p.plugin.name }}</td>
-			<td align="center" colspan="10">Du hast bisher keinem Plugin zugriff auf deinen Account gew&auml;hrt</td>
+		<td style="vertical-align:middle">{{ p.plugin.author }}</td>
-		</tr>
+		<td style="vertical-align:middle">{{ p.plugin.version }}</td>
-	{% endif %}
+		<td style="vertical-align:top">{{ p.plugin.descr }}</td>
 		<td>
 		{% if p.plugin.userCanWriteAuthblob %}
 			<form method="post" action="/user/settings/plugin/authblob/{{ p.plugin.id }}/">
 				{% csrf_token %}
 				<textarea name="authblob">{{ p.authblob }}</textarea>
 				<input type="submit" value="Speichern">
 			</form>
 		{% else %}
 			{% if p.plugin.userCanReadAuthblob %}
 				{{ p.authblob }}
 			{% else %}
 				---
 			{% endif %}
 		{% endif %}
 		</td>
 		<td style="vertical-align:middle"><a href="/user/settings/plugin/deny/{{ p.plugin.id }}/">Plugin verbieten</a></td>
 	</tr>
 	{% endfor %}
 	{% for plugin in unallowed %}
 	<tr style="background: red">
 		<td style="vertical-align:middle">{{ plugin.name }}</td>
 		<td style="vertical-align:middle">{{ plugin.author }}</td>
 		<td style="vertical-align:middle">{{ plugin.version }}</td>
 		<td style="vertical-align:top">{{ plugin.descr }}</td>
 		<td>&nbsp;</td>
 		<td style="vertical-align:middle"><a href="/user/settings/plugin/allow/{{ plugin.id }}/">Plugin erlauben</a></td>
 	</tr>
 	{% endfor %}
 	</table>
 	</p>
 {% endblock %}
--- a/k4ever/main/urls.py
+++ b/k4ever/main/urls.py
@ -11,4 +11,7 @@ urlpatterns = patterns('',
 					{'template_name': 'registration/logout.html',
 					 'next_page': '/user/login/'}),
 	(r'^settings/$', 'main.views.settings'),
 	#plugin stuff
 	(r'^settings/plugin/(?P<method>(?:allow|deny))/(?P<pluginId>\d+)/$', 'main.views.pluginPermission'),
 	(r'^settings/plugin/authblob/(?P<pluginId>\d+)/$', 'main.views.pluginAuthblob'),
 )
--- a/k4ever/main/views.py
+++ b/k4ever/main/views.py
@ -2,6 +2,7 @@ from django.shortcuts import render_to_response
 from django.template import RequestContext
 from django.contrib.auth.decorators import login_required
 from django.db.models import Count
 from django.http import HttpResponseRedirect
 from main.models import Plugin, PluginPermission
@ -12,17 +13,84 @@ def startpage(request):
 	''' Diese Funktion wird wahrscheinlich viel Last erzeugen, da 
 	sie ueber mehrere Tabellen joined,filtered und wieder reduced.
 	'''
-	allMost = Purchase.objects.filter(isDeposit=False).values('buyable__name').annotate(num_buys=Count('buyable')).order_by('-num_buys')
+	allMost = Purchase.objects.filter(isDeposit=False).values('buyable__name', 'buyable__id').annotate(num_buys=Count('buyable')).order_by('-num_buys')
-	usersMost = Purchase.objects.filter(isDeposit=False).values('buyable__name').filter(order__user=request.user.id).annotate(num_buys=Count('buyable')).order_by('-num_buys')
+	usersMost = Purchase.objects.filter(isDeposit=False).values('buyable__name','buyable__id').filter(order__user=request.user.id).annotate(num_buys=Count('buyable')).order_by('-num_buys')
-	usersLast = Purchase.objects.filter(isDeposit=False).values('buyable__name').filter(order__user=request.user.id).order_by('-order__dateTime')
+	usersLast = Purchase.objects.filter(isDeposit=False).values('buyable__name','buyable__id').filter(order__user=request.user.id).order_by('-order__dateTime')
 	return render_to_response("main/startpage.html", {'allMost' : allMost,'usersMost': usersMost, 'usersLast' : usersLast}, RequestContext(request))
 def register(request):
 	return render_to_response("registration/register.html", RequestContext(request))
-@login_required
+
-def settings(request):
+def getPluginDict(request):
 	plugins = Plugin.objects.all()
 	allowed = Plugin.objects.filter(pluginpermission__user=request.user)
 	unallowed = Plugin.objects.exclude(pluginpermission__user=request.user)
 	perms = PluginPermission.objects.filter(user=request.user)
-	return render_to_response("settings/settings.html", {'plugins': plugins, 'unallowedplugins': unallowed, 'pluginpermissions': perms}, RequestContext(request))
+	
 	return {'plugins': plugins, 'allowed': allowed, 'unallowed': unallowed, 'permissions': perms}
@login_required
 def settings(request):
 	return render_to_response("settings/settings.html", getPluginDict(request), RequestContext(request))
@login_required
 def pluginPermission(request, method, pluginId):
 	plugin = None
 	try:
 		plugin = Plugin.objects.get(id=pluginId)
 	except Plugin.DoesNotExist:
 		d = getPluginDict(request)
 		d['pluginerror'] = "Ein Plugin mit der angegebenen ID existiert nicht"
 		return render_to_response("settings/settings.html", d, RequestContext(request))
 	if method == "allow":
 		try:
 			p = PluginPermission.objects.get(user=request.user, plugin=plugin)
 			d = getPluginDict(request)
 			d['pluginerror'] = "Dieses Plugin wurde bereits erlaubt"
 			return render_to_response("settings/settings.html", d, RequestContext(request))
 		except PluginPermission.DoesNotExist:
 			p = PluginPermission(user=request.user, plugin=plugin)
 			p.save()
 	else:
 		try:
 			p = PluginPermission.objects.get(user=request.user, plugin=plugin)
 			p.delete()
 		except PluginPermission.DoesNotExist:
 			d = getPluginDict(request)
 			d['pluginerror'] = "Keine Berechtigungen f&uuml;r dieses Plugin gefunden - kann also auch nicht zur&uuml;ckgezogen werden"
 			return render_to_response("settings/settings.html", d, RequestContext(request))
 	return HttpResponseRedirect("/user/settings/")
@login_required
 def pluginAuthblob(request, pluginId):
 	if request.method != "POST":
 		return HttpResponseRedirect("/user/settings/")
 	plugin = None
 	try:
 		plugin = Plugin.objects.get(id=pluginId)
 	except Plugin.DoesNotExist:
 		d = getPluginDict(request)
 		d['pluginerror'] = "Ein Plugin mit der angegebenen ID existiert nicht"
 		return render_to_response("settings/settings.html", d, RequestContext(request))
 	p = None
 	try:
 		p = PluginPermission.objects.get(user=request.user, plugin=plugin)
 	except PluginPermission.DoesNotExist:
 		d = getPluginDict(request)
 		d['pluginerror'] = "Vor dem editieren vom Authblob muss das Plugin ersteinmal erlaubt werden"
 		return render_to_response("settings/settings.html", d, RequestContext(request))
 	if not p.plugin.userCanWriteAuthblob or not request.POST.has_key("authblob"):
 		d = getPluginDict(request)
 		d['pluginerror'] = "Der Authblob darf f&uuml;r dieses Plugin nicht vom User ver&auml;ndert werden (oder der Authblob war kaputt)"
 		return render_to_response("settings/settings.html", d, RequestContext(request))
 	p.authblob = request.POST['authblob']
 	p.save()
 	d = getPluginDict(request)
 	d['pluginmsg'] = "Authblob erfolgreich ge&auml;ndert"
 	return render_to_response("settings/settings.html", d, RequestContext(request))