Mercurial > hg > ltpdarepo

changeset 60:1bfd1f5ec9ba

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Show user permissions in user management view.
author Daniele Nicolodi <daniele@grinta.net>
date Sat, 13 Aug 2011 20:27:24 +0200
parents 2850a914aef9
children 59ad887c794b
files src/ltpdarepo/templates/users/view.html src/ltpdarepo/views/users.py
diffstat 2 files changed, 41 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/ltpdarepo/templates/users/view.html	Sat Aug 13 20:27:24 2011 +0200
+++ b/src/ltpdarepo/templates/users/view.html	Sat Aug 13 20:27:24 2011 +0200
@@ -1,9 +1,38 @@
 {% import 'forms.html' as forms %}
 {% extends "layout.html" %}
+{% block head %}
+    <script type="text/javascript" src="{{ url_for('static', filename='jquery.js') }}"></script>
+    <script type="text/javascript">
+      $(function () {
+      $('.toggle').toggle(
+        function () {
+          $('#permissions').toggle();
+          $(this).html('hide');
+        },
+        function () {
+          $('#permissions').toggle();
+          $(this).html('show');
+        });
+      });
+    </script>
+{% endblock %}
 {% block title %}User {{ username }}{% endblock %}
 {% block body %}
 <h2>User &#x00AB;{{ username }}&#x00BB;</h2>
 {{ forms.view(form) }}
+<p class="field"><span class="label">Permissions:</span> <a class="toggle" href="">show</a></p>
+<table id="permissions" class="permissions hidden">
+  <tr><th></th><th>select</th><th>insert</th><th>update</th><th>delete</th></tr>
+  {% for db, p in permissions.iteritems() %}
+  <tr>
+    <td><a href="{{ url_for('manage.databases.view', database=db) }}">{{ db }}</a></td>
+    <td>{% if p['select'] %}&times;{% endif %}</td>
+    <td>{% if p['insert'] %}&times;{% endif %}</td>
+    <td>{% if p['update'] %}&times;{% endif %}</td>
+    <td>{% if p['delete'] %}&times;{% endif %}</td>
+  </tr>
+  {% endfor %}
+</table>
 <ul class="actions">
   <li><a href="{{ url_for('manage.users.edit', username=username) }}">Edit</a></li>
   <li><a href="{{ url_for('manage.users.drop', username=username) }}">Drop</a></li>
--- a/src/ltpdarepo/views/users.py	Sat Aug 13 20:27:24 2011 +0200
+++ b/src/ltpdarepo/views/users.py	Sat Aug 13 20:27:24 2011 +0200
@@ -29,7 +29,18 @@
         # not found
         abort(404)
     form = IUser(obj=user)
-    return render_template('users/view.html', username=username, form=form)
+    
+    privs = {}
+    curs = g.db.cursor()
+    curs.execute('''SELECT DISTINCT Db, Select_priv, Insert_priv,
+                    Update_priv, Delete_priv FROM mysql.db WHERE User=%s''', username)
+    for row in curs.fetchall():
+        privs[row[0]] = {'select': row[1] == 'Y',
+                         'insert': row[2] == 'Y',
+                         'update': row[3] == 'Y',
+                         'delete': row[4] == 'Y'}
+
+    return render_template('users/view.html', username=username, form=form, permissions=privs)
 
 
 @app.route('/<username>/edit', methods=('GET', 'POST'))