|
|
@ -347,10 +347,11 @@ def list_domain(allow):
|
|
|
|
response.headers["Content-Type"] = "application/json; charset=utf-8"
|
|
|
|
response.headers["Content-Type"] = "application/json; charset=utf-8"
|
|
|
|
return response
|
|
|
|
return response
|
|
|
|
|
|
|
|
|
|
|
|
@admi.route("/ajax/editrestriction/<int:res_type>", methods=['POST'])
|
|
|
|
@admi.route("/ajax/editrestriction/<int:res_type>", defaults={"user_id":0}, methods=['POST'])
|
|
|
|
|
|
|
|
@admi.route("/ajax/editrestriction/<int:res_type>/<int:user_id>", methods=['POST'])
|
|
|
|
@login_required
|
|
|
|
@login_required
|
|
|
|
@admin_required
|
|
|
|
@admin_required
|
|
|
|
def edit_restriction(res_type):
|
|
|
|
def edit_restriction(res_type, user_id):
|
|
|
|
element = request.form.to_dict()
|
|
|
|
element = request.form.to_dict()
|
|
|
|
if element['id'].startswith('a'):
|
|
|
|
if element['id'].startswith('a'):
|
|
|
|
if res_type == 0: # Tags as template
|
|
|
|
if res_type == 0: # Tags as template
|
|
|
@ -364,9 +365,8 @@ def edit_restriction(res_type):
|
|
|
|
config.config_allowed_column_value = ','.join(elementlist)
|
|
|
|
config.config_allowed_column_value = ','.join(elementlist)
|
|
|
|
config.save()
|
|
|
|
config.save()
|
|
|
|
if res_type == 2: # Tags per user
|
|
|
|
if res_type == 2: # Tags per user
|
|
|
|
usr_id = os.path.split(request.referrer)[-1]
|
|
|
|
if isinstance(user_id, int):
|
|
|
|
if usr_id.isdigit() == True:
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first()
|
|
|
|
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
usr = current_user
|
|
|
|
usr = current_user
|
|
|
|
elementlist = usr.list_allowed_tags()
|
|
|
|
elementlist = usr.list_allowed_tags()
|
|
|
@ -377,9 +377,8 @@ def edit_restriction(res_type):
|
|
|
|
except OperationalError:
|
|
|
|
except OperationalError:
|
|
|
|
ub.session.rollback()
|
|
|
|
ub.session.rollback()
|
|
|
|
if res_type == 3: # CColumn per user
|
|
|
|
if res_type == 3: # CColumn per user
|
|
|
|
usr_id = os.path.split(request.referrer)[-1]
|
|
|
|
if isinstance(user_id, int):
|
|
|
|
if usr_id.isdigit() == True:
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first()
|
|
|
|
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
usr = current_user
|
|
|
|
usr = current_user
|
|
|
|
elementlist = usr.list_allowed_column_values()
|
|
|
|
elementlist = usr.list_allowed_column_values()
|
|
|
@ -401,9 +400,8 @@ def edit_restriction(res_type):
|
|
|
|
config.config_denied_column_value = ','.join(elementlist)
|
|
|
|
config.config_denied_column_value = ','.join(elementlist)
|
|
|
|
config.save()
|
|
|
|
config.save()
|
|
|
|
if res_type == 2: # Tags per user
|
|
|
|
if res_type == 2: # Tags per user
|
|
|
|
usr_id = os.path.split(request.referrer)[-1]
|
|
|
|
if isinstance(user_id, int):
|
|
|
|
if usr_id.isdigit() == True:
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first()
|
|
|
|
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
usr = current_user
|
|
|
|
usr = current_user
|
|
|
|
elementlist = usr.list_denied_tags()
|
|
|
|
elementlist = usr.list_denied_tags()
|
|
|
@ -414,9 +412,8 @@ def edit_restriction(res_type):
|
|
|
|
except OperationalError:
|
|
|
|
except OperationalError:
|
|
|
|
ub.session.rollback()
|
|
|
|
ub.session.rollback()
|
|
|
|
if res_type == 3: # CColumn per user
|
|
|
|
if res_type == 3: # CColumn per user
|
|
|
|
usr_id = os.path.split(request.referrer)[-1]
|
|
|
|
if isinstance(user_id, int):
|
|
|
|
if usr_id.isdigit() == True:
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first()
|
|
|
|
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
usr = current_user
|
|
|
|
usr = current_user
|
|
|
|
elementlist = usr.list_denied_column_values()
|
|
|
|
elementlist = usr.list_denied_column_values()
|
|
|
@ -444,10 +441,11 @@ def restriction_deletion(element, list_func):
|
|
|
|
return ','.join(elementlist)
|
|
|
|
return ','.join(elementlist)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@admi.route("/ajax/addrestriction/<int:res_type>", methods=['POST'])
|
|
|
|
@admi.route("/ajax/addrestriction/<int:res_type>", defaults={"user_id":0}, methods=['POST'])
|
|
|
|
|
|
|
|
@admi.route("/ajax/addrestriction/<int:res_type>/<int:user_id>", methods=['POST'])
|
|
|
|
@login_required
|
|
|
|
@login_required
|
|
|
|
@admin_required
|
|
|
|
@admin_required
|
|
|
|
def add_restriction(res_type):
|
|
|
|
def add_restriction(res_type, user_id):
|
|
|
|
element = request.form.to_dict()
|
|
|
|
element = request.form.to_dict()
|
|
|
|
if res_type == 0: # Tags as template
|
|
|
|
if res_type == 0: # Tags as template
|
|
|
|
if 'submit_allow' in element:
|
|
|
|
if 'submit_allow' in element:
|
|
|
@ -464,9 +462,8 @@ def add_restriction(res_type):
|
|
|
|
config.config_denied_column_value = restriction_addition(element, config.list_allowed_column_values)
|
|
|
|
config.config_denied_column_value = restriction_addition(element, config.list_allowed_column_values)
|
|
|
|
config.save()
|
|
|
|
config.save()
|
|
|
|
if res_type == 2: # Tags per user
|
|
|
|
if res_type == 2: # Tags per user
|
|
|
|
usr_id = os.path.split(request.referrer)[-1]
|
|
|
|
if isinstance(user_id, int):
|
|
|
|
if usr_id.isdigit() == True:
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first()
|
|
|
|
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
usr = current_user
|
|
|
|
usr = current_user
|
|
|
|
if 'submit_allow' in element:
|
|
|
|
if 'submit_allow' in element:
|
|
|
@ -482,9 +479,8 @@ def add_restriction(res_type):
|
|
|
|
except OperationalError:
|
|
|
|
except OperationalError:
|
|
|
|
ub.session.rollback()
|
|
|
|
ub.session.rollback()
|
|
|
|
if res_type == 3: # CustomC per user
|
|
|
|
if res_type == 3: # CustomC per user
|
|
|
|
usr_id = os.path.split(request.referrer)[-1]
|
|
|
|
if isinstance(user_id, int):
|
|
|
|
if usr_id.isdigit() == True:
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first()
|
|
|
|
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
usr = current_user
|
|
|
|
usr = current_user
|
|
|
|
if 'submit_allow' in element:
|
|
|
|
if 'submit_allow' in element:
|
|
|
@ -501,10 +497,11 @@ def add_restriction(res_type):
|
|
|
|
ub.session.rollback()
|
|
|
|
ub.session.rollback()
|
|
|
|
return ""
|
|
|
|
return ""
|
|
|
|
|
|
|
|
|
|
|
|
@admi.route("/ajax/deleterestriction/<int:res_type>", methods=['POST'])
|
|
|
|
@admi.route("/ajax/deleterestriction/<int:res_type>", defaults={"user_id":0}, methods=['POST'])
|
|
|
|
|
|
|
|
@admi.route("/ajax/deleterestriction/<int:res_type>/<int:user_id>", methods=['POST'])
|
|
|
|
@login_required
|
|
|
|
@login_required
|
|
|
|
@admin_required
|
|
|
|
@admin_required
|
|
|
|
def delete_restriction(res_type):
|
|
|
|
def delete_restriction(res_type, user_id):
|
|
|
|
element = request.form.to_dict()
|
|
|
|
element = request.form.to_dict()
|
|
|
|
if res_type == 0: # Tags as template
|
|
|
|
if res_type == 0: # Tags as template
|
|
|
|
if element['id'].startswith('a'):
|
|
|
|
if element['id'].startswith('a'):
|
|
|
@ -521,9 +518,8 @@ def delete_restriction(res_type):
|
|
|
|
config.config_denied_column_value = restriction_deletion(element, config.list_denied_column_values)
|
|
|
|
config.config_denied_column_value = restriction_deletion(element, config.list_denied_column_values)
|
|
|
|
config.save()
|
|
|
|
config.save()
|
|
|
|
elif res_type == 2: # Tags per user
|
|
|
|
elif res_type == 2: # Tags per user
|
|
|
|
usr_id = os.path.split(request.referrer)[-1]
|
|
|
|
if isinstance(user_id, int):
|
|
|
|
if usr_id.isdigit() == True:
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first()
|
|
|
|
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
usr = current_user
|
|
|
|
usr = current_user
|
|
|
|
if element['id'].startswith('a'):
|
|
|
|
if element['id'].startswith('a'):
|
|
|
@ -539,9 +535,8 @@ def delete_restriction(res_type):
|
|
|
|
except OperationalError:
|
|
|
|
except OperationalError:
|
|
|
|
ub.session.rollback()
|
|
|
|
ub.session.rollback()
|
|
|
|
elif res_type == 3: # Columns per user
|
|
|
|
elif res_type == 3: # Columns per user
|
|
|
|
usr_id = os.path.split(request.referrer)[-1]
|
|
|
|
if isinstance(user_id, int):
|
|
|
|
if usr_id.isdigit() == True: # select current user if admins are editing their own rights
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first()
|
|
|
|
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
usr = current_user
|
|
|
|
usr = current_user
|
|
|
|
if element['id'].startswith('a'):
|
|
|
|
if element['id'].startswith('a'):
|
|
|
@ -558,11 +553,11 @@ def delete_restriction(res_type):
|
|
|
|
ub.session.rollback()
|
|
|
|
ub.session.rollback()
|
|
|
|
return ""
|
|
|
|
return ""
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@admi.route("/ajax/listrestriction/<int:res_type>", defaults={"user_id":0})
|
|
|
|
@admi.route("/ajax/listrestriction/<int:res_type>")
|
|
|
|
@admi.route("/ajax/listrestriction/<int:res_type>/<int:user_id>")
|
|
|
|
@login_required
|
|
|
|
@login_required
|
|
|
|
@admin_required
|
|
|
|
@admin_required
|
|
|
|
def list_restriction(res_type):
|
|
|
|
def list_restriction(res_type, user_id):
|
|
|
|
if res_type == 0: # Tags as template
|
|
|
|
if res_type == 0: # Tags as template
|
|
|
|
restrict = [{'Element': x, 'type':_('Deny'), 'id': 'd'+str(i) }
|
|
|
|
restrict = [{'Element': x, 'type':_('Deny'), 'id': 'd'+str(i) }
|
|
|
|
for i,x in enumerate(config.list_denied_tags()) if x != '' ]
|
|
|
|
for i,x in enumerate(config.list_denied_tags()) if x != '' ]
|
|
|
@ -576,9 +571,8 @@ def list_restriction(res_type):
|
|
|
|
for i,x in enumerate(config.list_allowed_column_values()) if x != '']
|
|
|
|
for i,x in enumerate(config.list_allowed_column_values()) if x != '']
|
|
|
|
json_dumps = restrict + allow
|
|
|
|
json_dumps = restrict + allow
|
|
|
|
elif res_type == 2: # Tags per user
|
|
|
|
elif res_type == 2: # Tags per user
|
|
|
|
usr_id = os.path.split(request.referrer)[-1]
|
|
|
|
if isinstance(user_id, int):
|
|
|
|
if usr_id.isdigit() == True:
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == user_id).first()
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id == usr_id).first()
|
|
|
|
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
usr = current_user
|
|
|
|
usr = current_user
|
|
|
|
restrict = [{'Element': x, 'type':_('Deny'), 'id': 'd'+str(i) }
|
|
|
|
restrict = [{'Element': x, 'type':_('Deny'), 'id': 'd'+str(i) }
|
|
|
@ -587,9 +581,8 @@ def list_restriction(res_type):
|
|
|
|
for i,x in enumerate(usr.list_allowed_tags()) if x != '']
|
|
|
|
for i,x in enumerate(usr.list_allowed_tags()) if x != '']
|
|
|
|
json_dumps = restrict + allow
|
|
|
|
json_dumps = restrict + allow
|
|
|
|
elif res_type == 3: # CustomC per user
|
|
|
|
elif res_type == 3: # CustomC per user
|
|
|
|
usr_id = os.path.split(request.referrer)[-1]
|
|
|
|
if isinstance(user_id, int):
|
|
|
|
if usr_id.isdigit() == True:
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id==user_id).first()
|
|
|
|
usr = ub.session.query(ub.User).filter(ub.User.id==usr_id).first()
|
|
|
|
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
usr = current_user
|
|
|
|
usr = current_user
|
|
|
|
restrict = [{'Element': x, 'type':_('Deny'), 'id': 'd'+str(i) }
|
|
|
|
restrict = [{'Element': x, 'type':_('Deny'), 'id': 'd'+str(i) }
|
|
|
|