diff --git a/cps/admin.py b/cps/admin.py index 531d855d..65327e1a 100644 --- a/cps/admin.py +++ b/cps/admin.py @@ -250,10 +250,11 @@ def list_domain(allow): response.headers["Content-Type"] = "application/json; charset=utf-8" return response -@admi.route("/ajax/editrestriction/", methods=['POST']) +@admi.route("/ajax/editrestriction/", defaults={"user":0}, methods=['POST']) +@admi.route("/ajax/editrestriction//", methods=['POST']) @login_required @admin_required -def edit_restriction(res_type): +def edit_restriction(res_type, user): element = request.form.to_dict() if element['id'].startswith('a'): if res_type == 0: # Tags as template @@ -267,8 +268,8 @@ def edit_restriction(res_type): config.config_allowed_column_value = ','.join(elementlist) config.save() if res_type == 2: # Tags per user - usr_id = os.path.split(request.referrer)[-1] - if usr_id.isdigit() == True: + usr_id = user + if isinstance(usr_id, int): usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first() else: usr = current_user @@ -277,8 +278,8 @@ def edit_restriction(res_type): usr.allowed_tags = ','.join(elementlist) ub.session.commit() if res_type == 3: # CColumn per user - usr_id = os.path.split(request.referrer)[-1] - if usr_id.isdigit() == True: + usr_id = user + if isinstance(usr_id, int): usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first() else: usr = current_user @@ -298,8 +299,8 @@ def edit_restriction(res_type): config.config_denied_column_value = ','.join(elementlist) config.save() if res_type == 2: # Tags per user - usr_id = os.path.split(request.referrer)[-1] - if usr_id.isdigit() == True: + usr_id = user + if isinstance(usr_id, int): usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first() else: usr = current_user @@ -308,8 +309,8 @@ def edit_restriction(res_type): usr.denied_tags = ','.join(elementlist) ub.session.commit() if res_type == 3: # CColumn per user - usr_id = os.path.split(request.referrer)[-1] - if usr_id.isdigit() == True: + usr_id = user + if isinstance(usr_id, int): usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first() else: usr = current_user @@ -335,10 +336,11 @@ def restriction_deletion(element, list_func): return ','.join(elementlist) -@admi.route("/ajax/addrestriction/", methods=['POST']) +@admi.route("/ajax/addrestriction/", defaults={"user_id":0}, methods=['POST']) +@admi.route("/ajax/addrestriction//", methods=['POST']) @login_required @admin_required -def add_restriction(res_type): +def add_restriction(res_type, user_id): element = request.form.to_dict() if res_type == 0: # Tags as template if 'submit_allow' in element: @@ -355,9 +357,8 @@ def add_restriction(res_type): config.config_denied_column_value = restriction_addition(element, config.list_allowed_column_values) config.save() if res_type == 2: # Tags per user - usr_id = os.path.split(request.referrer)[-1] - if usr_id.isdigit() == True: - usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first() + if isinstance(user_id, int): + usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first() else: usr = current_user if 'submit_allow' in element: @@ -367,9 +368,8 @@ def add_restriction(res_type): usr.denied_tags = restriction_addition(element, usr.list_denied_tags) ub.session.commit() if res_type == 3: # CustomC per user - usr_id = os.path.split(request.referrer)[-1] - if usr_id.isdigit() == True: - usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first() + if isinstance(user_id, int): + usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first() else: usr = current_user if 'submit_allow' in element: @@ -380,10 +380,11 @@ def add_restriction(res_type): ub.session.commit() return "" -@admi.route("/ajax/deleterestriction/", methods=['POST']) +@admi.route("/ajax/deleterestriction/", defaults={"user_id":0}, methods=['POST']) +@admi.route("/ajax/deleterestriction//", methods=['POST']) @login_required @admin_required -def delete_restriction(res_type): +def delete_restriction(res_type, user_id): element = request.form.to_dict() if res_type == 0: # Tags as template if element['id'].startswith('a'): @@ -400,9 +401,8 @@ def delete_restriction(res_type): config.config_denied_column_value = restriction_deletion(element, config.list_denied_column_values) config.save() elif res_type == 2: # Tags per user - usr_id = os.path.split(request.referrer)[-1] - if usr_id.isdigit() == True: - usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first() + if isinstance(user_id, int): + usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first() else: usr = current_user if element['id'].startswith('a'): @@ -412,9 +412,8 @@ def delete_restriction(res_type): usr.denied_tags = restriction_deletion(element, usr.list_denied_tags) ub.session.commit() elif res_type == 3: # Columns per user - usr_id = os.path.split(request.referrer)[-1] - if usr_id.isdigit() == True: # select current user if admins are editing their own rights - usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first() + if isinstance(user_id, int): + usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first() else: usr = current_user if element['id'].startswith('a'): @@ -425,11 +424,11 @@ def delete_restriction(res_type): ub.session.commit() return "" - -@admi.route("/ajax/listrestriction/") +@admi.route("/ajax/listrestriction/", defaults={"user_id":0}) +@admi.route("/ajax/listrestriction//") @login_required @admin_required -def list_restriction(res_type): +def list_restriction(res_type, user_id): if res_type == 0: # Tags as template restrict = [{'Element': x, 'type':_('Deny'), 'id': 'd'+str(i) } for i,x in enumerate(config.list_denied_tags()) if x != '' ] @@ -443,9 +442,8 @@ def list_restriction(res_type): for i,x in enumerate(config.list_allowed_column_values()) if x != ''] json_dumps = restrict + allow elif res_type == 2: # Tags per user - usr_id = os.path.split(request.referrer)[-1] - if usr_id.isdigit() == True: - usr = ub.session.query(ub.User).filter(ub.User.id == usr_id).first() + if isinstance(user_id, int): + usr = ub.session.query(ub.User).filter(ub.User.id == user_id).first() else: usr = current_user restrict = [{'Element': x, 'type':_('Deny'), 'id': 'd'+str(i) } @@ -454,9 +452,8 @@ def list_restriction(res_type): for i,x in enumerate(usr.list_allowed_tags()) if x != ''] json_dumps = restrict + allow elif res_type == 3: # CustomC per user - usr_id = os.path.split(request.referrer)[-1] - if usr_id.isdigit() == True: - usr = ub.session.query(ub.User).filter(ub.User.id==usr_id).first() + if isinstance(user_id, int): + usr = ub.session.query(ub.User).filter(ub.User.id==user_id).first() else: usr = current_user restrict = [{'Element': x, 'type':_('Deny'), 'id': 'd'+str(i) } diff --git a/cps/static/js/table.js b/cps/static/js/table.js index 62f7e220..16814dd2 100644 --- a/cps/static/js/table.js +++ b/cps/static/js/table.js @@ -253,14 +253,14 @@ $(function() { $("#h3").addClass("hidden"); $("#h4").addClass("hidden"); }); - function startTable(type) { + function startTable(type, user_id) { var pathname = document.getElementsByTagName("script"), src = pathname[pathname.length - 1].src; var path = src.substring(0, src.lastIndexOf("/")); $("#restrict-elements-table").bootstrapTable({ formatNoMatches: function () { return ""; }, - url: path + "/../../ajax/listrestriction/" + type, + url: path + "/../../ajax/listrestriction/" + type + "/" + user_id, rowStyle: function(row) { // console.log('Reihe :' + row + " Index :" + index); if (row.id.charAt(0) === "a") { @@ -274,13 +274,13 @@ $(function() { $.ajax ({ type: "Post", data: "id=" + row.id + "&type=" + row.type + "&Element=" + encodeURIComponent(row.Element), - url: path + "/../../ajax/deleterestriction/" + type, + url: path + "/../../ajax/deleterestriction/" + type + "/" + user_id, async: true, timeout: 900, success:function() { $.ajax({ method:"get", - url: path + "/../../ajax/listrestriction/" + type, + url: path + "/../../ajax/listrestriction/" + type + "/" + user_id, async: true, timeout: 900, success:function(data) { @@ -296,7 +296,7 @@ $(function() { $("#restrict-elements-table").removeClass("table-hover"); $("#restrict-elements-table").on("editable-save.bs.table", function (e, field, row) { $.ajax({ - url: path + "/../../ajax/editrestriction/" + type, + url: path + "/../../ajax/editrestriction/" + type + "/" + user_id, type: "Post", data: row }); @@ -304,13 +304,13 @@ $(function() { $("[id^=submit_]").click(function() { $(this)[0].blur(); $.ajax({ - url: path + "/../../ajax/addrestriction/" + type, + url: path + "/../../ajax/addrestriction/" + type + "/" + user_id, type: "Post", data: $(this).closest("form").serialize() + "&" + $(this)[0].name + "=", success: function () { $.ajax ({ method:"get", - url: path + "/../../ajax/listrestriction/" + type, + url: path + "/../../ajax/listrestriction/" + type + "/" + user_id, async: true, timeout: 900, success:function(data) { @@ -323,21 +323,21 @@ $(function() { }); } $("#get_column_values").on("click", function() { - startTable(1); + startTable(1, 0); $("#h2").removeClass("hidden"); }); $("#get_tags").on("click", function() { - startTable(0); + startTable(0, 0); $("#h1").removeClass("hidden"); }); $("#get_user_column_values").on("click", function() { - startTable(3); + startTable(3, $(this).data('id')); $("#h4").removeClass("hidden"); }); $("#get_user_tags").on("click", function() { - startTable(2); + startTable(2, $(this).data('id')); $(this)[0].blur(); $("#h3").removeClass("hidden"); }); diff --git a/cps/templates/user_edit.html b/cps/templates/user_edit.html index 9a186eb0..114dd163 100644 --- a/cps/templates/user_edit.html +++ b/cps/templates/user_edit.html @@ -11,6 +11,7 @@ {% endif %}
+
@@ -82,8 +83,8 @@ {% if ( g.user and g.user.role_admin() and not new_user ) %} - {{_('Add Allowed/Denied Tags')}} - {{_('Add allowed/Denied Custom Column Values')}} + {{_('Add Allowed/Denied Tags')}} + {{_('Add allowed/Denied Custom Column Values')}} {% endif %}