feat: rebocar permisos

Author: ybenitezf

Diff for: jsclient/src/controllers/permrow_controller.js

@@ -0,0 +1,45 @@
+import { Controller } from "stimulus";
+
+export default class extends Controller {
+
+    static targets = [ "removelink" ]
+    static values = {
+        csrf: String
+    }
+
+    delete(event) {
+        event.preventDefault();
+        if (confirm('¿Rebocar este permiso?')) {
+            // TODO: hacer un post al DICED para permisos
+            var form = new FormData()
+            form.append("csrf_token", this.csrfValue)
+
+            fetch( this.removelinkTarget, {
+                method: "POST",
+                body: form
+            }).then(res => {
+                if ( res.ok ) {
+                    res.json().then(data => {
+                        this.element.classList.add('hide')
+                        M.toast({
+                            html: data.message,
+                            classes: 'rounded yellow darken-4'
+                        })
+                    })
+                } else {
+                    M.toast({
+                        html: 'No se pude rebocar el permiso',
+                        classes: 'rounded red darken-3'
+                    })
+                }
+            }).catch(error => {
+                console.log(error)
+                M.toast({
+                    html: 'Error en la petición',
+                    classes: 'rounded red darken-3'
+                })
+            })
+        }
+    }
+
+}

Diff for: newswriter/__init__.py

@@ -8,6 +8,7 @@
 from flask_caching import Cache
 from flask_static_digest import FlaskStaticDigest
 from flask_menu import register_menu, Menu
+from flask_wtf import CSRFProtect
 from apifairy import APIFairy
 from flask_marshmallow import Marshmallow
 # from celery import Celery
@@ -30,6 +31,7 @@
 flask_statics = FlaskStaticDigest()
 apifairy = APIFairy()
 ma = Marshmallow()
+csrf = CSRFProtect()
 # celery = Celery(__name__)
 # Breadcrumbs is a subclass of flask_menu.Menu
 menu = Menu()
@@ -94,6 +96,7 @@ def create_app(config='newswriter.config.Config'):
     flask_statics.init_app(app)
     ma.init_app(app)
     menu.init_app(app)
+    csrf.init_app(app)
     apifairy.init_app(app)
 
     # incluir modulos y rutas

Diff for: newswriter/models/permissions.py

@@ -1,5 +1,6 @@
 from newswriter.permissions import AdminRolNeed
 from flask_principal import Permission, ItemNeed, Need
+from typing import Any, List
 
 # Boards
 LISTAR_CONTENIDO = 'listar::articulo'
@@ -47,3 +48,16 @@ class PonerArticulosPermission(Permission):
     def __init__(self, board_name):
         need = ItemNeed(PONER_CONTENIDO, board_name, 'board')
         super().__init__(need, AdminRolNeed, PonerArticulosNeed)
+
+
+class BoardPermissionHelpers(object):
+
+    @classmethod
+    def getPermissionLabel(cls, k: str) -> str:
+        return BOARD_PERMS_DESCRIPTIONS[k]
+
+    @classmethod
+    def getFormChoices(cls) -> List[Any]:
+        return [
+            (k, cls.getPermissionLabel(k)) for k in BOARD_PERMS_DESCRIPTIONS
+        ]

Diff for: newswriter/templates/permission/index.html

@@ -25,14 +25,23 @@ <h4>Listado de permisos para {{ role.name }}</h4>
             <th>Permiso</th>
             <th>Modelo</th>
             <th>Objeto</th>
+            <!-- operaciones -->
+            <th></th>
         </tr>
     </thead>
     <tbody>
         {% for p in permission_list %}
-        <tr>
-            <td>{{ p.name }}</td>
+        <tr data-controller="permrow" data-permrow-csrf-value="{{ csrf_token() }}">
+            <td>{{ get_permission_label(p.name) }}</td>
             <td>{{ p.model_name }}</td>
             <td>{{ p.record_id }}</td>
+            <td>
+                <a data-permrow-target="removelink" href="{{ url_for('admin_perms.delete', pk=p.id) }}"
+                    class="waves-effect waves-light btn-small red" title="Revocar permiso"
+                    data-action="click->permrow#delete">
+                    <i class="material-icons">delete</i>
+                </a>
+            </td>
         </tr>
         {% endfor %}
     </tbody>

Diff for: newswriter/views/admin/permissions.py

@@ -1,53 +1,73 @@
 '''CRUD en permisos'''
-from wtforms import validators
 from newswriter.models import security
-from newswriter.models import permissions as perms
+from newswriter.models.permissions import BoardPermissionHelpers
 from flask_wtf import FlaskForm
-from wtforms import SelectField, StringField, HiddenField
+from wtforms import SelectField, StringField, HiddenField, SubmitField
 from wtforms.validators import DataRequired
 from flask_diced import Diced
 from flask import url_for, render_template, flash, redirect
 
 
-def _pl(k):
-    return (k, perms.BOARD_PERMS_DESCRIPTIONS[k])
-
-
 class PermissionCreateForm(FlaskForm):
     name = SelectField(
-        "Permiso", choices=[_pl(k) for k in perms.BOARD_PERMS_DESCRIPTIONS])
+        "Permiso", choices=BoardPermissionHelpers.getFormChoices())
     model_name = SelectField(
         "Modelo", choices=[('board', 'Board')])
     record_id = StringField("Objeto")
     role_id = HiddenField("Role", validators=[DataRequired()])
 
 
+class RevokePermissionForm(FlaskForm):
+    submit = SubmitField('Rebocar permiso')
+
+
 class PermissionDiced(Diced):
     model = security.Permission
-    exclude_views = ('detail',)
+    exclude_views = ('detail', 'edit')
 
     # rules
     index_rule = '/<role_id>/'
     create_rule = '/<role_id>/create/'
+    delete_rule = '/<pk>/delete/'
 
     # forms
     create_form_class = PermissionCreateForm
+    delete_form_class = RevokePermissionForm
 
     # properties
 
+    # views
     def index_view(self, role_id):
         """index view function"""
         role = security.Role.query.get_or_404(role_id)
         context = self.index_view_context({
             self.object_list_name: self.query_all(role),
-            "role": role
+            "role": role,
+            "get_permission_label": BoardPermissionHelpers.getPermissionLabel
         })
         return render_template(self.index_template, **context)
 
     def query_all(self, role: security.Role):
         """returns all objects"""
         return role.permissions
 
+    def delete_view(self, pk):
+        """delete view function
+
+        :param pk:
+            the primary key of the model to be deleted.
+        """
+        obj = self.query_object(pk)
+        form = self.delete_form_class(obj=obj)
+        if form.validate_on_submit():
+            obj.delete()
+            message = self.delete_flash_message
+            if message is None:
+                message = self.object_name + ' deleted'
+            return {"message": message}
+        context = self.delete_view_context({self.delete_form_name: form})
+        return render_template(self.delete_template, **context)
+
     def create_view(self, role_id):
         """create view function"""
         role = security.Role.query.get_or_404(role_id)

Diff for: newswriter/views/admin/roles.py

@@ -16,6 +16,7 @@ class RoleCreateForm(FlaskForm):
 class RoleDeleteForm(FlaskForm):
     submit = SubmitField('Eliminar rol')
 
+
 class RevokeRoleForm(FlaskForm):
     submit = SubmitField('Quitar del grupo')