Guardian permissions #45
Conversation
This reverts commit 3103133.
Simplify management of CCM repo on GitHub.
This reverts commit 06c22aa.
This reverts commit 3b362c1.
This reverts commit b08541b.
…nto aricent_dev
Fix: Cloud Admin was available to Network Admin and Cloud Admin Fix: Username replaced with Email
Fix for user role permissions Code added to ajax request to get permission depending on role
|
Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please sign up at https://code.facebook.com/cla - and if you have received this in error or have any questions, please drop us a line at [email protected]. Thanks! If you are contributing on behalf of someone else (eg your employer): the individual CLA is not sufficient - use https://developers.facebook.com/opensource/cla?type=company instead. Contact [email protected] if you have any questions. |
There was a problem hiding this comment.
Permission checks should be against a particular network instance as apposed to get_all_permissions for a user. Also I am not sure why we are rendering a permission denied message in the templates. This should be handled by the view to ensure it applies to both GET/POST. Some questions about permission_required selection for user management
| self.helper.form_action = '/dashboard/user/management/blocking' | ||
| else: | ||
| self.helper.form_action = '/dashboard/user/management/delete' | ||
| # self.helper.form_class = 'form-vertical' |
| @@ -26,7 +26,7 @@ | |||
| <h3>Network Activity</h3> | |||
| </div> | |||
| </div> | |||
|
|
|||
| {% if 'endagaweb.view_usage' in user_permission %} | |||
There was a problem hiding this comment.
this check should be against the network object
| @@ -146,6 +146,7 @@ | |||
| </div> | |||
| </div> | |||
|
|
|||
| {% if 'endagaweb.download_usage' in user_permission %} | |||
There was a problem hiding this comment.
for these permissions to work with guardian they need to be a part of the Network model and you can then use Guardian to check this permission against this object
| @@ -34,6 +34,7 @@ | |||
| </div> | |||
| </div> | |||
|
|
|||
| {% if 'endagaweb.view_graph' in user_permission %} | |||
There was a problem hiding this comment.
this permission is global to all networks per user
| <link href="/static/css/dashboard.css" rel="stylesheet"> | ||
| <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.0.3/css/font-awesome.min.css"> | ||
| <link href="/static/css/dashboard.css" rel="stylesheet"/> | ||
| <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.0.3/css/font-awesome.min.css"/> |
There was a problem hiding this comment.
if you use the CDN delete the file from static
| <div class="input-group col-xs-8"> | ||
| <select name='network' id="network" class="form-control" multiple="multiple" size="5" | ||
| required="required"> | ||
| {% for network in networks %} |
There was a problem hiding this comment.
this may need to be thought over since if I don't have a particular permission on a network, I shouldnt be able to grant it to someone else
| </body> | ||
| </div> | ||
| </form> | ||
| {% else %} |
There was a problem hiding this comment.
post? the check needs to happen in the view
cloud/endagaweb/views/dashboard.py
Outdated
| @@ -122,7 +151,9 @@ def dashboard_view(request): | |||
| network_has_activity = UsageEvent.objects.filter( | |||
| network=network).exists() | |||
| context = { | |||
| 'networks': get_objects_for_user(request.user, 'view_network', klass=Network), | |||
| 'user_permission': request.user.get_all_permissions(), | |||
There was a problem hiding this comment.
the user_permission should contain the context of the selected network
cloud/endagaweb/views/towers.py
Outdated
|
|
||
|
|
||
| class TowerList(drf_views.APIView): | ||
| class TowerList(PermissionRequiredMixin, drf_views.APIView): |
There was a problem hiding this comment.
should check against the network instance:
If a get_object() method is defined either manually or by including another mixin (for example SingleObjectMixin) or self.object is defined then the permission will be tested against that specific instance, alternatively you can specify get_permission_object() method if self.object or get_object() does not return the object against you want to test permission
cloud/endagaweb/views/dashboard.py
Outdated
|
|
||
|
|
||
| class UserBlockUnblock(ProtectedView): | ||
| permission_required = 'endagaweb.view_user' |
There was a problem hiding this comment.
should this be the block_user permission
|
Just a process point: this PR is 'on top' of the original Sprint 1 PR #33, do you intend to close the original one and instead have us focus our attention on this one, or address them separately? At this point I recommend the former, as we don't want to merge the permission changes without Guardian incorporated. Once you have addressed @kkroo's comments we can review this again. Just one additional minor request that will eliminate numerous lint errors that get flagged by our internal build system: please make sure EVERY file ends with a newline, but that the last line of the file does not contain any other whitespace. And remove any code that is currently commented out. Thanks |
|
@sagarsharma-aricent updated the pull request - view changes |
|
@sagarsharma-aricent updated the pull request - view changes |
|
@sagarsharma-aricent updated the pull request - view changes |
| $.each(imsi_list, function(key, val){ | ||
| imsi_val[i++]=val.value; | ||
| }); | ||
| console.log(imsi_val) |
| console.log("done"); | ||
| window.location = "/dashboard/subscriber_management/subscriber"; | ||
| }).fail(function(response) { | ||
| console.log(response); |
| </div> | ||
| </div><!--Email Ends--> | ||
|
|
||
| <!--Password--> |
There was a problem hiding this comment.
maybe we don't require a password? password reset is sent anyhow. what about existing users?
There was a problem hiding this comment.
Password is kept temporarily for testing purpose.
If we mention existing user in email field , an edit option will be shown just below email for editing the user.
Please find attached snapshots
| <div class="input-group-addon"> | ||
| <i class="glyphicon glyphicon-signal"></i> | ||
| </div> | ||
| <input type="hidden" name="network_id" id="network_id" value="{{ network.id }}"/> |
There was a problem hiding this comment.
lets get rid of this? there is only one option here can be implicit
| $.ajax({ | ||
| url: "/dashboard/user/management/checkuser?email=" + $('#email').val(), | ||
| //beforeSend: function(xhr) { | ||
| // xhr.setRequestHeader("X-CSRFToken", '{{ csrf_token }}'); |
There was a problem hiding this comment.
CSRF should be required. I think it gets switched on for POST by default so you can change the request type for this endpoint
| </div> | ||
| </div><!--Email Ends--> | ||
|
|
||
| <!--Network--> |
There was a problem hiding this comment.
this is implicit in the current selected network
| @@ -0,0 +1,259 @@ | |||
| {% extends "dashboard/layout.html" %} | |||
There was a problem hiding this comment.
I'm not sure why this file was added
There was a problem hiding this comment.
Wrongly added, now removed
cloud/endagaweb/views/dashboard.py
Outdated
| network = user_profile.network | ||
| user = User.objects.get(id=user_profile.user_id) | ||
| available_permissions = get_perms(request.user, network) | ||
| print network.id |
cloud/endagaweb/views/dashboard.py
Outdated
| user_profile = UserProfile.objects.create(user=user) | ||
| user_network = Network.objects.get(id=networks) | ||
| # Add the permissions | ||
| for permission_id in permissions: |
There was a problem hiding this comment.
needs validation that its only from the list of available permissions
There was a problem hiding this comment.
added check to validate assigned permission against available permissions
cloud/endagaweb/views/dashboard.py
Outdated
|
|
||
| def _send_reset_link(self, request): | ||
| return password_reset(request, | ||
| # email_template_name='dashboard/user_management/reset_email.html', |
|
@sagarsharma-aricent updated the pull request - view changes |
|
All the changes are incorporated as requested. |
sharma-sagar
changed the title
|
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Facebook open source project. Thanks! |
|
@sharma-sagar updated the pull request - view changes |
|
Hello, Add/Edit/Block/Delete User this commit is on top of this pr ( #45 ) |
|
@sharma-sagar updated the pull request - view changes |
|
@sharma-sagar updated the pull request - view changes |
|
@kkroo has imported this pull request. If you are a Facebook employee, you can view this diff on Phabricator. |
Guardian Permission Implementation.
This commit is on top of sprint_1 (user management and subscriber management).
Also:
Added user management where user wasn't able to see any same level user to block/unblock or delete.
Added Role in subscriber management.
Please review
Thanks