Mercurial > kallithea
comparison pylons_app/controllers/users.py @ 305:61be6dcd49a0
protected admin controllers
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Mon, 28 Jun 2010 23:28:31 +0200 |
parents | 14478d989870 |
children | fdf9f6ee5217 |
comparison
equal
deleted
inserted
replaced
304:14478d989870 | 305:61be6dcd49a0 |
---|---|
20 """ | 20 """ |
21 Created on April 4, 2010 | 21 Created on April 4, 2010 |
22 users controller for pylons | 22 users controller for pylons |
23 @author: marcink | 23 @author: marcink |
24 """ | 24 """ |
25 import logging | 25 from formencode import htmlfill |
26 from pylons import request, session, tmpl_context as c, url | 26 from pylons import request, session, tmpl_context as c, url |
27 from pylons.controllers.util import abort, redirect | 27 from pylons.controllers.util import abort, redirect |
28 from pylons.i18n.translation import _ | 28 from pylons.i18n.translation import _ |
29 from pylons_app.lib import helpers as h | 29 from pylons_app.lib import helpers as h |
30 from pylons_app.lib.auth import LoginRequired | 30 from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator |
31 from pylons_app.lib.base import BaseController, render | 31 from pylons_app.lib.base import BaseController, render |
32 from pylons_app.model.db import User, UserLog | 32 from pylons_app.model.db import User, UserLog |
33 from pylons_app.model.forms import UserForm | 33 from pylons_app.model.forms import UserForm |
34 from pylons_app.model.user_model import UserModel | 34 from pylons_app.model.user_model import UserModel |
35 import formencode | 35 import formencode |
36 from formencode import htmlfill | 36 import logging |
37 | 37 |
38 log = logging.getLogger(__name__) | 38 log = logging.getLogger(__name__) |
39 | 39 |
40 class UsersController(BaseController): | 40 class UsersController(BaseController): |
41 """REST Controller styled on the Atom Publishing Protocol""" | 41 """REST Controller styled on the Atom Publishing Protocol""" |
42 # To properly map this controller, ensure your config/routing.py | 42 # To properly map this controller, ensure your config/routing.py |
43 # file has a resource setup: | 43 # file has a resource setup: |
44 # map.resource('user', 'users') | 44 # map.resource('user', 'users') |
45 | |
45 @LoginRequired() | 46 @LoginRequired() |
47 @HasPermissionAllDecorator('hg.admin') | |
46 def __before__(self): | 48 def __before__(self): |
47 c.admin_user = session.get('admin_user') | 49 c.admin_user = session.get('admin_user') |
48 c.admin_username = session.get('admin_username') | 50 c.admin_username = session.get('admin_username') |
49 super(UsersController, self).__before__() | 51 super(UsersController, self).__before__() |
50 | 52 |
108 except Exception: | 110 except Exception: |
109 h.flash(_('error occured during update of user %s') \ | 111 h.flash(_('error occured during update of user %s') \ |
110 % form_result['username'], category='error') | 112 % form_result['username'], category='error') |
111 | 113 |
112 return redirect(url('users')) | 114 return redirect(url('users')) |
113 | 115 |
114 def delete(self, id): | 116 def delete(self, id): |
115 """DELETE /users/id: Delete an existing item""" | 117 """DELETE /users/id: Delete an existing item""" |
116 # Forms posted to this method should contain a hidden field: | 118 # Forms posted to this method should contain a hidden field: |
117 # <input type="hidden" name="_method" value="DELETE" /> | 119 # <input type="hidden" name="_method" value="DELETE" /> |
118 # Or using helpers: | 120 # Or using helpers: |