Commit a67ece17 authored by HERBERT Ryan's avatar HERBERT Ryan

Applying correct PermissionEnum

There were several places in the code where strings were still used to
determine, add or remove permissions. These have now all been replaced
with the correct Element from PermissionEnum
parent 8990d1de
......@@ -15,7 +15,7 @@ def index():
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
query = db((auth.vidjil_accessible_query('read', db.config) | auth.vidjil_accessible_query('admin', db.config) ) ).select(orderby=~db.config.name)
query = db((auth.vidjil_accessible_query(PermissionEnum.read_config.value, db.config) | auth.vidjil_accessible_query(PermissionEnum.admin_config.value, db.config) ) ).select(orderby=~db.config.name)
return dict(message=T('Configs'),
query=query,
......@@ -52,7 +52,7 @@ def add_form():
break
db.auth_permission.insert(group_id=user_group,
name='create',
name=PermissionEnum.create_config.value,
table_name='config',
record_id=config_id)
......
......@@ -85,18 +85,18 @@ def init_db(force=False):
## permission
## system admin have admin/read/create rights on all patients, groups and configs
auth.add_permission(id_admin_group, 'admin', db.patient, 0)
auth.add_permission(id_admin_group, 'admin', db.auth_group, 0)
auth.add_permission(id_admin_group, 'admin', db.config, 0)
auth.add_permission(id_admin_group, 'admin', db.pre_process, 0)
auth.add_permission(id_admin_group, 'read', db.patient, 0)
auth.add_permission(id_admin_group, 'read', db.auth_group, 0)
auth.add_permission(id_admin_group, 'read', db.config, 0)
auth.add_permission(id_admin_group, 'read', db.pre_process, 0)
auth.add_permission(id_admin_group, 'create', db.patient, 0)
auth.add_permission(id_admin_group, 'create', db.auth_group, 0)
auth.add_permission(id_admin_group, 'create', db.config, 0)
auth.add_permission(id_admin_group, 'create', db.pre_process, 0)
auth.add_permission(id_admin_group, PermissionEnum.admin.value, db.sample_set, 0)
auth.add_permission(id_admin_group, PermissionEnum.admin_group.value, db.auth_group, 0)
auth.add_permission(id_admin_group, PermissionEnum.admin_config.value, db.config, 0)
auth.add_permission(id_admin_group, PermissionEnum.admin_pre_process.value, db.pre_process, 0)
auth.add_permission(id_admin_group, PermissionEnum.read.value, db.sample_set, 0)
auth.add_permission(id_admin_group, PermissionEnum.read_group.value, db.auth_group, 0)
auth.add_permission(id_admin_group, PermissionEnum.read_config.value, db.config, 0)
auth.add_permission(id_admin_group, PermissionEnum.read_pre_process.value, db.pre_process, 0)
auth.add_permission(id_admin_group, PermissionEnum.create.value, db.sample_set, 0)
auth.add_permission(id_admin_group, PermissionEnum.create_group.value, db.auth_group, 0)
auth.add_permission(id_admin_group, PermissionEnum.create_config.value, db.config, 0)
auth.add_permission(id_admin_group, PermissionEnum.create_pre_process.value, db.pre_process, 0)
auth.add_permission(id_admin_group, 'impersonate', db.auth_user, 0)
def init_from_csv():
......
......@@ -48,7 +48,7 @@ def add():
))
query_patient = db(
auth.vidjil_accessible_query('admin', db.patient)
auth.vidjil_accessible_query(PermissionEnum.admin.value, db.patient)
).select(
db.patient.ALL,
orderby = ~db.patient.id
......@@ -65,7 +65,7 @@ def add():
patient = birth+name+id
query_run = db(
auth.vidjil_accessible_query('admin', db.run)
auth.vidjil_accessible_query(PermissionEnum.admin.value, db.run)
).select(
db.run.ALL,
orderby = ~db.run.id
......@@ -208,7 +208,7 @@ def edit():
))
query_patient = db(
auth.vidjil_accessible_query('admin', db.patient)
auth.vidjil_accessible_query(PermissionEnum.admin.value, db.patient)
).select(
db.patient.ALL,
orderby = ~db.patient.id
......@@ -225,7 +225,7 @@ def edit():
patient = birth+name+id
query_run = db(
auth.vidjil_accessible_query('admin', db.run)
auth.vidjil_accessible_query(PermissionEnum.admin.value, db.run)
).select(
db.run.ALL,
orderby = ~db.run.id
......
......@@ -51,7 +51,7 @@ def add_form():
if len(parent_list) > 0:
for parent in parent_list:
db.group_assoc.insert(first_group_id=parent.first_group_id, second_group_id=id)
auth.add_permission(parent.first_group_id, PermissionEnum.group_admin.value, id)
auth.add_permission(parent.first_group_id, PermissionEnum.admin_group.value, id)
else:
db.group_assoc.insert(first_group_id=group_parent, second_group_id=id)
auth.add_permission(group_parent, PermissionEnum.admin_group.value, id)
......@@ -110,7 +110,7 @@ def remove_permission():
error += "missing user_id, "
if error=="":
auth.del_permission(auth.user_group(request.vars["user_id"]), 'admin', db.auth_group, request.vars["group_id"])
auth.del_permission(auth.user_group(request.vars["user_id"]), PermissionEnum.admin_group.value, db.auth_group, request.vars["group_id"])
res = {"redirect" : "group/permission" ,
"args" : { "id" : request.vars["group_id"]} }
......@@ -120,7 +120,7 @@ def remove_permission():
## give admin right to a group member
## need ["group_id", "user_id"]
def change_permission():
auth.add_permission(auth.user_group(request.vars["user_id"]), 'admin', db.auth_group, request.vars["group_id"])
auth.add_permission(auth.user_group(request.vars["user_id"]), PermissionEnum.admin_group.value, db.auth_group, request.vars["group_id"])
res = {"redirect" : "group/permission" , "args" : { "id" : request.vars["group_id"]} }
log.info(res)
......
......@@ -134,13 +134,14 @@ def index():
##retrieve patient list
query = db(
auth.vidjil_accessible_query('read', db.patient)
auth.vidjil_accessible_query(PermissionEnum.read.value, db.patient)
).select(
db.patient.ALL,
orderby = ~db.patient.id
)
auth.load_permissions('admin', 'patient')
auth.load_permissions(PermissionEnum.admin.value, 'patient')
auth.load_permissions(PermissionEnum.anon.value, 'patient')
result = {}
for i, row in enumerate(query) :
......@@ -190,7 +191,7 @@ def index():
query3 = db(
(db.patient.sample_set_id == db.fused_file.sample_set_id) &
(db.fused_file.config_id == db.config.id) &
(auth.vidjil_accessible_query('read', db.config) | auth.vidjil_accessible_query('admin', db.config) )
(auth.vidjil_accessible_query(PermissionEnum.read_config.value, db.config) | auth.vidjil_accessible_query(PermissionEnum.admin_config.value, db.config) )
).select(
db.patient.id, db.config.name, db.config.id, db.fused_file.fused_file
)
......@@ -203,7 +204,7 @@ def index():
query4 = db(
((db.patient.id == db.auth_permission.record_id) | (db.auth_permission.record_id == 0)) &
(db.auth_permission.table_name == 'patient') &
(db.auth_permission.name == 'read') &
(db.auth_permission.name == PermissionEnum.access.value) &
(db.auth_group.id == db.auth_permission.group_id)
).select(
db.patient.id, db.auth_group.role
......@@ -311,9 +312,7 @@ def add_form():
admin_group = db(db.auth_group.role=='admin').select().first().id
#patient creator automaticaly has all rights
#auth.add_permission(user_group, 'admin', db.patient, id)
auth.add_permission(user_group, 'access', db.patient, id)
#auth.add_permission(user_group, 'anon', db.patient, id)
auth.add_permission(user_group, PermissionEnum.access.value, db.patient, id)
patient_name = request.vars["first_name"] + ' ' + request.vars["last_name"]
......
......@@ -13,7 +13,7 @@ def index():
res = {"redirect" : "default/user/login"}
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
query = db((auth.vidjil_accessible_query('read', db.pre_process) | auth.vidjil_accessible_query('admin', db.pre_process) ) ).select(orderby=~db.pre_process.name)
query = db((auth.vidjil_accessible_query(PermissionEnum.read_pre_process.value, db.pre_process) | auth.vidjil_accessible_query(PermissionEnum.admin_pre_process.value, db.pre_process) ) ).select(orderby=~db.pre_process.name)
return dict(message=T('Pre-process list'),
query=query,
......@@ -39,7 +39,7 @@ def add_form():
command=request.vars['pre_process_command']
)
auth.add_permission(auth.user_group(), 'read', db.pre_process, pre_proc_id)
auth.add_permission(auth.user_group(), PermissionEnum.read_pre_process.value, db.pre_process, pre_proc_id)
res = {"redirect": "pre_process/index",
"message": "pre_process '%s' added" % request.vars['pre_process_name']}
......
......@@ -26,13 +26,13 @@ def index():
##retrieve run list
query_run = db(
auth.vidjil_accessible_query('read', db.run)
auth.vidjil_accessible_query(PermissionEnum.read.value, db.run)
).select(
db.run.ALL,
orderby = ~db.run.id
)
auth.load_permissions('admin', 'run')
auth.load_permissions(PermissionEnum.admin.value, 'run')
result = {}
for i, row in enumerate(query_run) :
......@@ -85,7 +85,7 @@ def index():
query3 = db(
(db.run.sample_set_id == db.fused_file.sample_set_id) &
(db.fused_file.config_id == db.config.id) &
(auth.vidjil_accessible_query('read', db.config) | auth.vidjil_accessible_query('admin', db.config) )
(auth.vidjil_accessible_query(PermissionEnum.read_config.value, db.config) | auth.vidjil_accessible_query(PermissionEnum.admin_config.value, db.config) )
).select(
db.run.id, db.config.name, db.config.id, db.fused_file.fused_file
)
......@@ -99,7 +99,7 @@ def index():
query4 = db(
((db.run.id == db.auth_permission.record_id) | (db.auth_permission.record_id == 0)) &
(db.auth_permission.table_name == 'patient') &
(db.auth_permission.name == 'read') &
(db.auth_permission.name == PermissionEnum.read.value) &
(db.auth_group.id == db.auth_permission.group_id)
).select(
db.run.id, db.auth_group.role
......
......@@ -28,10 +28,10 @@ def next_sample_set():
go_next = int(request.vars['next'])
if go_next > 0:
res = db((db[sample_type].id > current_id) & (auth.vidjil_accessible_query('read', db[sample_type]))).select(
res = db((db[sample_type].id > current_id) & (auth.vidjil_accessible_query(PermissionEnum.read.value, db[sample_type]))).select(
db[sample_type].id, db[sample_type].sample_set_id, orderby=db[sample_type].id, limitby=(0,1))
else:
res = db((db[sample_type].id < current_id) & (auth.vidjil_accessible_query('read', db[sample_type]))).select(
res = db((db[sample_type].id < current_id) & (auth.vidjil_accessible_query(PermissionEnum.read.value, db[sample_type]))).select(
db[sample_type].id, db[sample_type].sample_set_id, orderby=~db[sample_type].id, limitby=(0,1))
if (len(res) > 0):
request.vars["id"] = str(res[0].sample_set_id)
......@@ -204,7 +204,7 @@ def custom():
myGroupBy = None
if request.vars["id"] and auth.can_view_sample_set(request.vars["id"]):
q = ((auth.vidjil_accessible_query('read', db.config))
q = ((auth.vidjil_accessible_query(PermissionEnum.read_config.value, db.config))
& (db.sample_set.id == request.vars["id"])
& (db.sample_set.id == db.patient.sample_set_id)
& (db.sample_set_membership.sample_set_id == db.sample_set.id)
......@@ -215,8 +215,8 @@ def custom():
)
else:
q = ((auth.vidjil_accessible_query('read', db.patient))
& (auth.vidjil_accessible_query('read', db.config))
q = ((auth.vidjil_accessible_query(PermissionEnum.read.value, db.patient))
& (auth.vidjil_accessible_query(PermissionEnum.read_config.value, db.config))
& (db.sample_set.id == db.patient.sample_set_id)
& (db.sample_set_membership.sample_set_id == db.sample_set.id)
& (db.sequence_file.id == db.sample_set_membership.sequence_file_id)
......
......@@ -11,8 +11,13 @@ class PermissionEnum(Enum):
run = 'run'
admin_config = 'admin'
read_config = 'read'
create_config = 'create'
admin_group = 'admin'
read_group = 'read'
create_group = 'create'
admin_pre_process = 'admin'
read_pre_process = 'read'
create_preprocess = 'create'
anon = 'anon'
class VidjilAuth(Auth):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment