[views] custom security view
authorPhilippe Pepiot <philippe.pepiot@logilab.fr>
Fri, 17 Feb 2017 16:03:47 +0100
changeset 126 79cf56fbfb1b
parent 125 965855c27476
child 131 98432b541113
[views] custom security view Override cubicweb security view to remove permissions table. Use a relation widget for 'owned_by' relation. Since there is only 'owned_by' edition on this view, add a selector to ensure user has 'add' permission on 'owned_by' for this entity. Closes extranet #16684489
__pkginfo__.py
views/management.py
--- a/__pkginfo__.py	Wed Feb 22 11:56:22 2017 +0100
+++ b/__pkginfo__.py	Fri Feb 17 16:03:47 2017 +0100
@@ -23,6 +23,7 @@
     'cubicweb-seda': None,
     'cubicweb-registration': None,
     'cubicweb-rememberme': None,
+    'cubicweb-relationwidget': None,
     'jinja2': None,
 }
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/views/management.py	Fri Feb 17 16:03:47 2017 +0100
@@ -0,0 +1,58 @@
+# copyright 2017 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
+# contact http://www.logilab.fr -- mailto:contact@logilab.fr
+#
+# This program is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Lesser General Public License as published by the Free
+# Software Foundation, either version 2.1 of the License, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+from logilab.mtconverter import xml_escape
+
+from cubicweb.predicates import relation_possible
+from cubicweb.web import formwidgets
+from cubicweb.web.formfields import guess_field
+from cubicweb.web.views.management import SecurityManagementView
+
+from cubes.relationwidget.views import RelationFacetWidget
+
+
+class SherpaSecurityManagementView(SecurityManagementView):
+    """Security view overriden to hide permissions definitions and using a
+    RelationFacetWidget to edit owner"""
+    __select__ = (SecurityManagementView.__select__ &
+                  relation_possible('owned_by', action='add'))
+
+    def entity_call(self, entity):
+        w = self.w
+        w(u'<h1><span class="etype">%s</span> <a href="%s">%s</a></h1>'
+          % (entity.dc_type().capitalize(),
+             xml_escape(entity.absolute_url()),
+             xml_escape(entity.dc_title())))
+        w('<h2>%s</h2>' % self._cw.__('Manage security'))
+        msg = self._cw.__('ownerships have been changed')
+        form = self._cw.vreg['forms'].select(
+            'base', self._cw, entity=entity,
+            form_renderer_id='onerowtable', submitmsg=msg,
+            form_buttons=[formwidgets.SubmitButton()],
+            domid='ownership%s' % entity.eid,
+            __redirectvid='security',
+            __redirectpath=entity.rest_path())
+        field = guess_field(entity.e_schema,
+                            self._cw.vreg.schema['owned_by'],
+                            req=self._cw,
+                            widget=RelationFacetWidget())
+        form.append_field(field)
+        form.render(w=w, display_progress_div=False)
+
+
+def registration_callback(vreg):
+    vreg.register_all(globals().values(), __name__)
+    vreg.unregister(SecurityManagementView)