changeset 2672:3f729c4a241c

Added group acl report view for admin to help see ACL capabilities of each group with respect to all items in the wiki
author Ajitesh Gupta <ajgupta93@gmail.com>
date Sat, 19 Jul 2014 15:47:27 +0530
parents 5e518c71b581
children c040fb080073
files MoinMoin/apps/admin/templates/admin/group_acl_report.html MoinMoin/apps/admin/templates/admin/groupbrowser.html MoinMoin/apps/admin/views.py
diffstat 3 files changed, 68 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/MoinMoin/apps/admin/templates/admin/group_acl_report.html	Sat Jul 19 15:47:27 2014 +0530
@@ -0,0 +1,30 @@
+{% extends theme("layout.html") %}
+{% import "utils.html" as utils %}
+{% block content %}
+    <h1>{{ _("Group ACL Report") }}</h1>
+    <h2>{{ _("Group Name") }}: {{ group_name }}</h2>
+    <table class="table table-hover tablesorter tablesorter-default moin-sortable" data-sortlist="[[0,0]]">
+        <thead>
+            <tr>
+                <th>{{ _("Item Names") }}</th>
+                <th>{{ _("read") }}</th>
+                <th>{{ _("write") }}</th>
+                <th>{{ _("create") }}</th>
+                <th>{{ _("destroy") }}</th>
+                <th>{{ _("admin") }}</th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for item in group_items %}
+                <tr>
+                    <td><a href="{{ url_for('frontend.modify_item', item_name=item['fqname']) }}">{% if item['name'] %}{{ item['name']|join(', ') }}{% else %}{{ _("Item Id") }}: {{ item['itemid'] }}{% endif %}</a></td>
+                    <td>{% if 'read' in item['rights'] %}{{ _("read") }}{% endif %}</td>
+                    <td>{% if 'write' in item['rights'] %}{{ _("write") }}{% endif %}</td>
+                    <td>{% if 'create' in item['rights'] %}{{ _("create") }}{% endif %}</td>
+                    <td>{% if 'destroy' in item['rights'] %}{{ _("destroy") }}{% endif %}</td>
+                    <td>{% if 'admin' in item['rights'] %}{{ _("admin") }}{% endif %}</td>
+                </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+{% endblock %}
--- a/MoinMoin/apps/admin/templates/admin/groupbrowser.html	Sat Jul 19 15:21:50 2014 +0530
+++ b/MoinMoin/apps/admin/templates/admin/groupbrowser.html	Sat Jul 19 15:47:27 2014 +0530
@@ -17,7 +17,7 @@
                     <td>{% if group['grouptype'] == 'WikiGroup' %}<a href="{{ url_for('frontend.modify_item', item_name=group['name']) }}">{% endif %}{{ group['name'] }}</a></td>
                     <td>{{ group['member_users']|sort|join(', ') }}</td>
                     <td>{{ group['member_groups']|sort|join(', ') }}</td>
-                    <td>ACL Report</td>
+                    <td><a href="{{ url_for('admin.group_acl_report', group_name=group['name']) }}">{{ _("ACL Report") }}</a></td>
                 </tr>
             {% endfor %}
         </tbody>
--- a/MoinMoin/apps/admin/views.py	Sat Jul 19 15:21:50 2014 +0530
+++ b/MoinMoin/apps/admin/views.py	Sat Jul 19 15:47:27 2014 +0530
@@ -22,10 +22,11 @@
 from MoinMoin import user
 from MoinMoin.constants.keys import NAME, ITEMID, SIZE, EMAIL, DISABLED, NAME_EXACT, WIKINAME, TRASH, NAMESPACE, NAME_OLD, REVID, MTIME, COMMENT, LATEST_REVS, EMAIL_UNVALIDATED, ACL
 from MoinMoin.constants.namespaces import NAMESPACE_USERPROFILES, NAMESPACE_DEFAULT, NAMESPACE_ALL
-from MoinMoin.constants.rights import SUPERUSER
-from MoinMoin.security import require_permission
+from MoinMoin.constants.rights import SUPERUSER, ACL_RIGHTS_CONTENTS
+from MoinMoin.security import require_permission, ACLStringIterator
 from MoinMoin.util.interwiki import CompositeName
 from MoinMoin.datastruct.backends.wiki_groups import WikiGroup
+from MoinMoin.datastruct.backends import GroupDoesNotExistError
 
 
 @admin.route('/superuser')
@@ -331,3 +332,37 @@
     return render_template('admin/item_acl_report.html',
                            title_name=_('Item ACL Report'),
                            items_acls=items_acls)
+
+
+def search_group(group_name):
+    groups = flaskg.groups
+    if groups[group_name]:
+            return groups[group_name]
+    else:
+        raise GroupDoesNotExistError(group_name)
+
+
+@admin.route('/group_acl_report/<group_name>')
+@require_permission(SUPERUSER)
+def group_acl_report(group_name):
+    """
+    Display a 2-column table of items and ACLs, where the ACL rule specifies any
+    WikiGroup or ConfigGroup name.
+    """
+    group = search_group(group_name)
+    all_items = flaskg.storage.documents(wikiname=app.cfg.interwikiname)
+    group_items = []
+    for item in all_items:
+        acl_iterator = ACLStringIterator(ACL_RIGHTS_CONTENTS, item.meta.get(ACL, ''))
+        for modifier, entries, rights in acl_iterator:
+            if group_name in entries:
+                item_id = item.meta.get(ITEMID)
+                fqname = CompositeName(item.meta.get(NAMESPACE), u'itemid', item_id)
+                group_items.append(dict(name=item.meta.get(NAME),
+                                        itemid=item_id,
+                                        fqname=fqname,
+                                        rights=rights))
+    return render_template('admin/group_acl_report.html',
+                           title_name=_(u'Group ACL Report'),
+                           group_items=group_items,
+                           group_name=group_name)