Práva: Správa uživatelů

ee6d0194 · Martin Mareš · 41a46cbd · ee6d0194
Commit ee6d0194 authored 4 years ago by Martin Mareš
--- a/mo/web/org_users.py
+++ b/mo/web/org_users.py
@@ -11,7 +11,7 @@ from wtforms.validators import Required
 import mo
 import mo.db as db
-import mo.rights
+from mo.rights import Right
 import mo.util
 import mo.users
 from mo.web import app
@@ -41,8 +41,7 @@ class UsersFilterForm(PagerForm):
 @app.route('/org/user/')
 def org_users():
    sess = db.get_session()
-    rr = mo.rights.Rights(g.user)
+    rr = g.gatekeeper.rights_generic()
-    rr.get_generic()
    q = sess.query(db.User).filter_by(is_admin=False, is_org=False)
    filter = UsersFilterForm(request.args)
@@ -109,8 +108,8 @@ def org_users():
    return render_template(
        'org_users.html', users=users, count=count,
        filter=filter, filter_errors=filter_errors,
-        can_edit=rr.have_right(mo.rights.Right.edit_users),
+        can_edit=rr.have_right(Right.edit_users),
-        can_add=rr.have_right(mo.rights.Right.add_users),
+        can_add=rr.have_right(Right.add_users),
    )
@@ -122,8 +121,7 @@ class OrgsFilterForm(PagerForm):
 @app.route('/org/org/')
 def org_orgs():
    sess = db.get_session()
-    rr = mo.rights.Rights(g.user)
+    rr = g.gatekeeper.rights_generic()
-    rr.get_generic()
    q = sess.query(db.User).filter(or_(db.User.is_admin, db.User.is_org)).options(
        subqueryload(db.User.roles).joinedload(db.UserRole.place)
@@ -150,8 +148,8 @@ def org_orgs():
    return render_template(
        'org_orgs.html', users=users, count=count,
        filter=filter, filter_errors=None,
-        can_edit=rr.have_right(mo.rights.Right.edit_orgs),
+        can_edit=rr.have_right(Right.edit_orgs),
-        can_add=rr.have_right(mo.rights.Right.add_orgs),
+        can_add=rr.have_right(Right.add_orgs),
    )
@@ -177,9 +175,8 @@ def org_org(id: int):
    if not user or (not user.is_org and not user.is_admin):
        raise werkzeug.exceptions.NotFound()
-    rr = mo.rights.Rights(g.user)
+    rr = g.gatekeeper.rights_generic()
-    rr.get_generic()
+    can_assign_rights = rr.have_right(Right.assign_rights)
-    can_assign_rights = rr.have_right(mo.rights.Right.assign_rights)
    form_add_role = FormAddRole()
    form_remove_role = FormRemoveRole()
@@ -256,8 +253,7 @@ def org_user(id: int):
    if user.is_org or user.is_admin:
        return redirect(url_for('org_org', id=id))
-    rr = mo.rights.Rights(g.user)
+    rr = g.gatekeeper.rights_generic()
-    rr.get_generic()
    participants = sess.query(db.Participant).filter_by(user_id=user.user_id)
    rounds = sess.query(db.Participation).filter_by(user_id=user.user_id)
@@ -295,8 +291,7 @@ def org_user_edit(id: int):
    if is_org and not (user.is_admin or user.is_org):
        return redirect(url_for("org_user_edit", id=id))
-    rr = mo.rights.Rights(g.user)
+    rr = g.gatekeeper.rights_generic()
-    rr.get_generic()
    if not rr.can_edit_user(user):
        raise werkzeug.exceptions.Forbidden()
@@ -327,14 +322,13 @@ def org_user_edit(id: int):
 @app.route('/org/user/new/', methods=('GET', 'POST'))
 def org_user_new():
    sess = db.get_session()
-    rr = mo.rights.Rights(g.user)
+    rr = g.gatekeeper.rights_generic()
-    rr.get_generic()
    is_org = request.endpoint == "org_org_new"
-    if is_org and not rr.have_right(mo.rights.Right.add_orgs):
+    if is_org and not rr.have_right(Right.add_orgs):
        raise werkzeug.exceptions.Forbidden()
-    elif not rr.have_right(mo.rights.Right.add_users):
+    elif not rr.have_right(Right.add_users):
        raise werkzeug.exceptions.Forbidden()
    form = NewUserForm()