Commit ec81d3b6 authored by Marc Duez's avatar Marc Duez

server : patient.py rework patient permission page

parent f519ae9e
......@@ -343,49 +343,75 @@ def delete():
#
def permission():
if (auth.has_permission('admin', 'patient', request.vars["id"]) ):
return dict(message=T('permission'))
query = db( db.auth_group.role != 'admin' ).select()
for row in query :
row.owner = row.role
if row.owner[:5] == "user_" :
id = int(row.owner[5:])
row.owner = db.auth_user[id].first_name + " " + db.auth_user[id].last_name
row.admin = False
if db( (db.auth_permission.name == "admin")
& (db.auth_permission.record_id == request.vars["id"])
& (db.auth_permission.group_id == row.id)
& (db.auth_permission.table_name == db.patient)
).count() > 0 :
row.admin = True
row.anon = False
if db( (db.auth_permission.name == "anon")
& (db.auth_permission.record_id == request.vars["id"])
& (db.auth_permission.group_id == row.id)
& (db.auth_permission.table_name == db.patient)
).count() > 0 :
row.anon = True
row.read = False
if db( (db.auth_permission.name == "read")
& (db.auth_permission.record_id == request.vars["id"])
& (db.auth_permission.group_id == row.id)
& (db.auth_permission.table_name == db.patient)
).count() > 0 :
row.read = True
return dict(query=query)
else :
res = {"message": ACCESS_DENIED}
log.error(res)
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
#
def remove_permission():
def change_permission():
if (auth.has_permission('admin', 'patient', request.vars["patient_id"]) ):
error = ""
if request.vars["group_id"] == "" :
error += "missing group_id, "
if request.vars["patient_id"] == "" :
error += "missing patient_id, "
if request.vars["permission"] == "" :
error += "missing permission, "
if error=="":
auth.del_permission(request.vars["group_id"], 'admin', db.patient, request.vars["patient_id"])
auth.del_permission(request.vars["group_id"], 'read', db.patient, request.vars["patient_id"])
res = {"redirect" : "patient/permission" ,
"args" : { "id" : request.vars["patient_id"]},
"message" : "access removed to '%s'" % request.vars["group_id"]}
log.info(res)
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
else :
res = {"message": ACCESS_DENIED}
log.error(res)
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
#
def change_permission():
if (auth.has_permission('admin', 'patient', request.vars["patient_id"]) ):
auth.add_permission(request.vars["group_id"], request.vars["permission"], db.patient, request.vars["patient_id"])
res = {"redirect" : "patient/permission" ,
"args" : { "id" : request.vars["patient_id"]},
"message" : "access '%s' granted to '%s'" % (request.vars["permission"], request.vars["group_id"])}
log.info(res)
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
if db( (db.auth_permission.name == request.vars["permission"])
& (db.auth_permission.record_id == request.vars["patient_id"])
& (db.auth_permission.group_id == request.vars["group_id"])
& (db.auth_permission.table_name == db.patient)
).count() > 0 :
auth.del_permission(request.vars["group_id"], request.vars["permission"], db.patient, request.vars["patient_id"])
res = {"message" : "access '%s' deleted to '%s'" % (request.vars["permission"], db.auth_group[request.vars["group_id"]].role)}
else :
auth.add_permission(request.vars["group_id"], request.vars["permission"], db.patient, request.vars["patient_id"])
res = {"message" : "access '%s' granted to '%s'" % (request.vars["permission"], db.auth_group[request.vars["group_id"]].role)}
log.info(res)
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
else :
res = {"message": "incomplete request : "+error }
log.error(res)
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
else :
res = {"message": ACCESS_DENIED}
log.error(res)
......
......@@ -33,7 +33,7 @@
{{for row in query :}}
<tr onclick="db.call('patient/info', {'id' :'{{=row.patient.id}}' , 'config_id' : {{=row.most_used_conf}} } )" >
<td> {{=row.patient.last_name + " " + row.patient.first_name }} </td>
<td> {{=vidjil_utils.anon(row.patient.id, auth.user_id)}} </td>
<td> {{=row.patient.birth }} </td>
<td> {{=row.patient.info }} </td>
<td> {{=row.confs}}</td>
......
{{extend 'db_layout.html'}}
{{
query = db(
(db.auth_permission.table_name == "patient") &
(db.auth_permission.record_id == request.vars["id"]) &
(db.auth_permission.group_id == db.auth_group.id)
).select( orderby=db.auth_permission.name )
}}
<div>
<h3>
patient acces permission
......@@ -19,71 +9,51 @@ query = db(
<table class="db_table" id="table">
<thead>
<tr><td class="column1"> group / user</td>
<td> right </td>
<td class="column5"> </td>
<td> </td>
<td class="column1"> read</td>
<td class="column1"> admin</td>
<td class="column1"> private info</td>
</tr>
</thead>
{{ for row in query :}}
{{ owner = row.auth_group.role}}
{{ if owner[:5] == "user_" :}}
{{
id = int(owner[5:])
owner = db.auth_user[id].first_name + " " + db.auth_user[id].last_name
}}
{{pass}}
<tr>
<td> {{=owner}} </td>
<td> {{=row.auth_permission.name }} </td>
<td onclick="db.call('patient/remove_permission', {'patient_id' :'{{=request.vars["id"]}}', 'group_id' :'{{=row.auth_group.id}}' } )"> X </td>
</tr>
<tr>
<td> {{=row.owner}} </td>
<td></td>
{{if auth.has_permission("admin", "patient", request.vars["id"], auth.user.id) :}}
<td> <input type="checkbox" onclick="db.call('patient/change_permission', {
'patient_id' : {{=request.vars["id"]}} ,
'group_id' : {{=row.id}} ,
'permission' : 'read' } )"
{{if row.read :}} checked {{pass}}></td>
<td> <input type="checkbox" onclick="db.call('patient/change_permission', {
'patient_id' : {{=request.vars["id"]}} ,
'group_id' : {{=row.id}} ,
'permission' : 'admin' } )"
{{if row.admin :}} checked {{pass}}></td>
<td> <input type="checkbox" onclick="db.call('patient/change_permission', {
'patient_id' : {{=request.vars["id"]}} ,
'group_id' : {{=row.id}} ,
'permission' : 'anon' } )"
{{if row.anon :}} checked {{pass}}></td>
{{else:}}
<td class="inactive"> <input type="checkbox" onclick="this.click()"
{{if row.read :}} checked {{pass}}></td>
<td class="inactive"> <input type="checkbox" onclick="this.click()"
{{if row.admin :}} checked {{pass}}></td>
<td class="inactive"> <input type="checkbox" onclick="this.click()"
{{if row.anon :}} checked {{pass}}></td>
{{pass}}
</tr>
{{pass}}
</table>
<table class="db_table" id="db_fixed_header"></table>
</div>
<span class="button" onclick="db.call('patient/index')"> back to list </span>
{{if auth.has_permission("admin", "patient", request.vars["id"], auth.user.id) :}}
<div>
add
<span>
<select id="select_perm" name="config">
<option value="read">read only</option>
<option value="admin">admin</option>
</select>
</span>
permission to
<span>
<select id="select_group" name="config">
{{for row in db(db.auth_group).select():}}
{{if row.role != "admin" and row.role[:5] != "user_" :}}
<option value="{{=row.id }}">{{=row.role}} </option>
{{pass}}
{{pass}}
<option> - - - </option>
{{for row in db(db.auth_user).select():}}
<option value="{{=auth.user_group(row.id)}}">{{=row.first_name + " " + row.last_name}} </option>
{{pass}}
</select>
</span>
<span class="button" onclick="db.call('patient/change_permission', {
'patient_id' : {{=request.vars["id"]}} ,
'group_id' : document.getElementById('select_group').value ,
'permission' : document.getElementById('select_perm').value
} )">
add
</span>
</div>
{{else:}}
{{if not auth.has_permission("admin", "patient", request.vars["id"], auth.user.id) :}}
<div>you need admin access on this patient if you want to change permission </div>
{{pass}}
</div>
......@@ -16,7 +16,7 @@
{{for row in query :}}
<tr onclick="db.call('user/info', {'id' :'{{=row.id}}'} )">
<td> {{=row.first_name + " " + row.last_name }} </td>
<td> {{=vidjil_utils.anon(row.id, auth.user_id)}} </td>
<td> {{=row.email}} </td>
<td> {{=row.created}} </td>
<td> {{=row.files}} ({{=vidjil_utils.format_size(row.size)}}) </td>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment