Mercurial > hg > ltpdarepo
changeset 126:18b94c01d497
Simplify database permissions handling.
author | Daniele Nicolodi <daniele@grinta.net> |
---|---|
date | Fri, 14 Oct 2011 10:34:47 +0200 |
parents | ab38e8a0eb8d |
children | 83e915192078 |
files | src/ltpdarepo/templates/databases/permissions.html src/ltpdarepo/views/databases.py |
diffstat | 2 files changed, 17 insertions(+), 23 deletions(-) [+] |
line wrap: on
line diff
--- a/src/ltpdarepo/templates/databases/permissions.html Fri Oct 14 10:34:33 2011 +0200 +++ b/src/ltpdarepo/templates/databases/permissions.html Fri Oct 14 10:34:47 2011 +0200 @@ -18,7 +18,6 @@ <tr> <td> <a href="{{ url_for('manage.users.view', username=user) }}">{{ user }}</a> - <input type="hidden" name="{{ user }}" value="" /> </td> <td><input type="checkbox" name="{{user}}:select" value="Y" {%- if priv['select'] %} checked="checked" {% endif -%} /></td> <td><input type="checkbox" name="{{user}}:insert" value="Y" {%- if priv['insert'] %} checked="checked" {% endif -%} /></td>
--- a/src/ltpdarepo/views/databases.py Fri Oct 14 10:34:33 2011 +0200 +++ b/src/ltpdarepo/views/databases.py Fri Oct 14 10:34:47 2011 +0200 @@ -11,7 +11,6 @@ except ImportError: from ordereddict import OrderedDict - app = Blueprint('manage.databases', __name__) @@ -83,21 +82,19 @@ def _get_permissions(database): - # this may be probably obtained with some join magic curs = g.db.cursor() - curs.execute("""SELECT username FROM users ORDER BY username""") - users = [row[0] for row in curs.fetchall()] + curs.execute("""SELECT username, + IFNULL(Select_priv, 'N'), IFNULL(Insert_priv, 'N'), + IFNULL(Update_priv, 'N'), IFNULL(Delete_priv, 'N') + FROM users + LEFT JOIN mysql.db ON username=User AND Db=%s + ORDER BY username""", (database, )) privs = OrderedDict() - for user in users: - curs.execute("""SELECT Select_priv, Insert_priv, Update_priv, Delete_priv - FROM mysql.db WHERE User=%s AND Db=%s""", (user, database, )) - row = curs.fetchone() - if row is None: - row = ('N', 'N', 'N', 'N') - privs[user] = {'select': row[0] == 'Y', - 'insert': row[1] == 'Y', - 'update': row[2] == 'Y', - 'delete': row[3] == 'Y'} + for row in curs.fetchall(): + privs[row[0]] = {'select': row[1] == 'Y', + 'insert': row[2] == 'Y', + 'update': row[3] == 'Y', + 'delete': row[4] == 'Y'} return privs @@ -105,12 +102,10 @@ users = permissions.keys() updates = [] for user in users: - permissions[user]['modified'] = False - if user in formdata: - for priv in ('select', 'insert', 'update', 'delete'): - value = bool(formdata.get('%s:%s' % (user, priv), False)) - if permissions[user][priv] != value: - updates.append((user, priv, value)) + for priv in ('select', 'insert', 'update', 'delete'): + value = bool(formdata.get('%s:%s' % (user, priv), False)) + if permissions[user][priv] != value: + updates.append((user, priv, value)) return updates @@ -130,11 +125,11 @@ db = Database.load(id=database) if db is None: # not found - abort(404) + abort(404) permissions = _get_permissions(database) # use an empty form to have CSRF protection form = Form() - if request.method == 'POST' and form.validate(): + if request.method == 'POST' and form.validate(): updates = _permissions_updates(permissions, request.form) _update_permissions(database, updates) flash('Permissions updated.')