Commit 82677475 authored by Marc Duez's avatar Marc Duez

database : permission >> in addition to the permission system to access...

database : permission >> in addition to the permission system to access patients each user have some specific right about creating new patient / uploading new files / scheduling runs
parent bab52c8f
......@@ -7,12 +7,14 @@ if request.env.http_origin:
def add():
if auth.has_permission('admin', 'patient', request.vars['id'], auth.user_id):
return dict(message=T('add file'))
else :
res = {"success" : "false", "message" : "you need admin permission on this patient to add file"}
if not auth.has_permission('admin', 'patient', request.vars['id'], auth.user_id):
res = {"success" : "false", "message" : "you need admin permission on this patient to add files"}
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
elif not auth.has_permission('upload', 'sequence_file', request.vars['id'], auth.user_id):
res = {"success" : "false", "message" : "you don't have right to upload files"}
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
else:
return dict(message=T('add file'))
#TODO check data
def add_form():
......@@ -46,6 +48,13 @@ def add_form():
def edit():
if not auth.has_permission('admin', 'patient', request.vars['id'], auth.user_id):
res = {"success" : "false", "message" : "you need admin permission to edit files"}
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
#elif not auth.has_permission('upload', 'sequence_file', request.vars['id'], auth.user_id):
# res = {"success" : "false", "message" : "you don't have right to upload files"}
# return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
else:
return dict(message=T('edit file'))
......
......@@ -17,16 +17,19 @@ def rights():
if auth.has_membership("admin"):
id = request.vars["id"]
group_id = auth.user_group(id)
msg = ""
if request.vars["value"] == "true" :
auth.add_permission(group_id, 'create', request.vars["name"], 0)
auth.add_permission(group_id, request.vars["right"], request.vars["name"], 0)
msg += "add '" + request.vars["right"] + "' permission on '" + request.vars["name"] + "' for user " + db.auth_user[id].first_name + " " + db.auth_user[id].last_name
else :
auth.del_permission(group_id, 'create', request.vars["name"], 0)
auth.del_permission(group_id, request.vars["right"], request.vars["name"], 0)
msg += "remove '" + request.vars["right"] + "' permission on '" + request.vars["name"] + "' for user " + db.auth_user[id].first_name + " " + db.auth_user[id].last_name
res = { "redirect": "user/info",
"args" : {"id" : id },
"message": "permission changed"}
"message": msg}
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
else :
res = {"message": "acces denied"}
res = {"message": "admin only"}
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
......@@ -119,9 +119,13 @@ query = db(
<td> {{if row.data_file.run_date :}}{{=row.data_file.run_date }}{{pass}} </td>
<td>
{{if filename != '' and config_id != -1:}}
{{if row.data_file.id == None or ( status != "RUNNING" and status != "QUEUED"):}}
{{if row.data_file.id == None or ( status != "RUNNING" and status != "QUEUED" and status != "ASSIGNED"):}}
{{if auth.has_permission("upload", "sequence_file") :}}
<span class="button" onclick="db.call('default/run_request', { 'sequence_file_id' : '{{=row.sequence_file.id}}', 'config_id' : {{=config_id}} } )"> run >> </span>
{{else:}}
<span class="button inactive" title="you don't have permission to schedule runs"> run >> </span>
{{pass}}
{{else:}}
{{=status}}
{{pass}}
{{pass}}
......@@ -133,15 +137,24 @@ query = db(
<table class="db_table" id="db_fixed_header"></table>
</div>
<div class="db_block">
<div class="db_block_left">
{{if auth.has_permission("upload", "sequence_file") :}}
<span class="button2" onclick="db.call('file/add', { 'id' : '{{=request.vars["id"]}}' } )"> add file </span>
{{else:}}
<span class="button2 inactive" onclick="db.call('file/add', { 'id' : '{{=request.vars["id"]}}' } )" title="you don't have permission to upload files"> add file </span>
{{pass}}
</div>
{{if fused_count >0:}}
<div class="db_block_right">
<span class="button2" onclick="db.load_data( { 'patient_id' : '{{=request.vars["id"]}}' , 'config_id' : {{=config_id}} } )" > see result </span>
</div>
{{pass}}
</div>
{{if fused_count >0:}}
......
......@@ -21,7 +21,14 @@ query = db(
<div class="db_block">
<div class="db_block_left">
create patient
<input type="checkbox" name="patient" onclick="db.user_rights(this.checked, this.name, {{=id}});" {{if auth.has_permission('create', 'patient', 0, id) :}}{{="checked"}}{{pass}}>
<input type="checkbox" name="patient" onclick="db.user_rights(this.checked, this.name, 'create', {{=id}});" {{if auth.has_permission('create', 'patient', 0, id) :}}{{="checked"}}{{pass}}>
upload sequence
<input type="checkbox" name="sequence_file" onclick="db.user_rights(this.checked, this.name, 'upload', {{=id}});" {{if auth.has_permission('upload', 'sequence_file', 0, id) :}}{{="checked"}}{{pass}}>
run vidjil
<input type="checkbox" name="data_file" onclick="db.user_rights(this.checked, this.name, 'run', {{=id}});" {{if auth.has_permission('run', 'data_file', 0, id) :}}{{="checked"}}{{pass}}>
</br>
<!--create config <input type="checkbox" name="config" onclick="db.test(this.checked, this.name, {{request.vars["id"]}});"></br>-->
</div>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment