in trac/trac/admin/web_ui.py [0:0]
def render_admin_panel(self, req, cat, page, path_info):
perm = PermissionSystem(self.env)
all_permissions = perm.get_all_permissions()
all_actions = perm.get_actions()
if req.method == 'POST':
subject = req.args.get('subject', '').strip()
action = req.args.get('action')
group = req.args.get('group', '').strip()
if subject and subject.isupper() or \
group and group.isupper():
raise TracError(_('All upper-cased tokens are reserved for '
'permission names'))
# Grant permission to subject
if req.args.get('add') and subject and action:
req.perm.require('PERMISSION_GRANT')
if action not in all_actions:
raise TracError(_('Unknown action'))
req.perm.require(action)
if (subject, action) not in all_permissions:
perm.grant_permission(subject, action)
add_notice(req, _('The subject %(subject)s has been '
'granted the permission %(action)s.',
subject=subject, action=action))
req.redirect(req.href.admin(cat, page))
else:
add_warning(req, _('The permission %(action)s was already '
'granted to %(subject)s.',
action=action, subject=subject))
# Add subject to group
elif req.args.get('add') and subject and group:
req.perm.require('PERMISSION_GRANT')
for action in perm.get_user_permissions(group):
if not action in all_actions: # plugin disabled?
self.env.log.warn("Adding %s to group %s: " \
"Permission %s unavailable, skipping perm check." \
% (subject, group, action))
else:
req.perm.require(action)
if (subject, group) not in all_permissions:
perm.grant_permission(subject, group)
add_notice(req, _('The subject %(subject)s has been added '
'to the group %(group)s.',
subject=subject, group=group))
req.redirect(req.href.admin(cat, page))
else:
add_warning(req, _('The subject %(subject)s was already '
'added to the group %(group)s.',
subject=subject, group=group))
# Remove permissions action
elif req.args.get('remove') and req.args.get('sel'):
req.perm.require('PERMISSION_REVOKE')
sel = req.args.get('sel')
sel = sel if isinstance(sel, list) else [sel]
for key in sel:
subject, action = key.split(':', 1)
subject = unicode_from_base64(subject)
action = unicode_from_base64(action)
if (subject, action) in perm.get_all_permissions():
perm.revoke_permission(subject, action)
add_notice(req, _('The selected permissions have been '
'revoked.'))
req.redirect(req.href.admin(cat, page))
perms = [perm for perm in all_permissions if perm[1].isupper()]
groups = [perm for perm in all_permissions if not perm[1].isupper()]
return 'admin_perms.html', {
'actions': all_actions, 'perms': perms, 'groups': groups,
'unicode_to_base64': unicode_to_base64
}