dashboard: permissions form for group edit

circle/dashboard/forms.py

@@ -47,6 +47,8 @@ from storage.models import Disk
 from vm.models import (
     InstanceTemplate, Lease, InterfaceTemplate, Node, Trait, Instance
 )
+from django.contrib.admin.widgets import FilteredSelectMultiple
+from django.contrib.auth.models import Permission
 from .models import Profile, GroupProfile
 from circle.settings.base import LANGUAGES
 from django.utils.translation import string_concat
@@ -1181,3 +1183,31 @@ class RawDataForm(forms.ModelForm):
                                 css_class="btn btn-success",
                                 css_id="submit-password-button"))
         return helper
+
+
+permissions_filtered = Permission.objects.exclude(
+    codename__startswith="add_").exclude(
+    codename__startswith="delete_").exclude(
+    codename__startswith="change_")
+
+
+class GroupPermissionForm(forms.ModelForm):
+    permissions = forms.ModelMultipleChoiceField(
+        queryset=permissions_filtered,
+        widget=FilteredSelectMultiple(_("permissions"), is_stacked=False)
+    )
+
+    class Meta:
+        model = Group
+        fields = ('permissions', )
+
+    @property
+    def helper(self):
+        helper = FormHelper()
+        helper.form_show_labels = False
+        helper.form_action = reverse_lazy(
+            "dashboard.views.group-permissions",
+            kwargs={'group_pk': self.instance.pk})
+        helper.add_input(Submit("submit", _("Save"),
+                                css_class="btn btn-success", ))
+        return helper

circle/dashboard/static/dashboard/dashboard.css

@@ -722,3 +722,28 @@ textarea[name="list-new-namelist"] {
   margin-bottom: 20px;
 
 }
+
+#group-detail-permission .filtered {
+  margin: 2px 0;
+  padding: 2px 3px;
+  vertical-align: middle;
+  font-family: "Lucida Grande", Verdana, Arial, sans-serif;
+  font-weight: normal;
+  font-size: 11px;
+  border: 1px solid #ccc;
+}
+
+#group-detail-permission .selector-available h2, 
+#group-detail-permission .selector-chosen h2 {
+  margin: 0;
+  padding: 5px 8px 5px 8px;
+  font-size: 12px;
+  text-align: left;
+  font-weight: bold;
+  background: #7CA0C7;
+  color: white;
+}
+
+#group-detail-user-table {
+  margin-top: 20px;
+}

circle/dashboard/templates/dashboard/group-detail.html

@@ -48,6 +48,8 @@
 {% crispy group_profile_form %}
 </form>
 
+<hr />
+
 <h3>{% trans "User list"|capfirst %}
     {% if perms.auth.add_user %}
         <a href="{% url "dashboard.views.create-user" group.pk %}" class="btn btn-success pull-right">{% trans "Create user" %}</a>
@@ -100,8 +102,8 @@
   </div>
   </form>
 
-
-<h3 id="group-detail-perm-header">{% trans "Permissions"|capfirst %}</h3>
+  <hr />
+<h3 id="group-detail-perm-header">{% trans "Access permissions"|capfirst %}</h3>
   <form action="{{acl.url}}" method="post">{% csrf_token %}
   <table class="table table-striped table-with-form-fields table-bordered" id="group-detail-perm-table">
     <thead>
@@ -172,11 +174,25 @@
   </div>
   </form>
 
+{% if user.is_superuser %}
+  <hr />
+
+<script type="text/javascript" src="/static/admin/js/jquery.min.js"></script>
+<script type="text/javascript" src="/static/admin/js/jquery.init.js"></script>
+{{ group_perm_form.media }}
+
+<h3>{% trans "Group permissions" %}</h3>
+
+<div id="group-detail-permission">
+{% crispy group_perm_form %}
+</div>
+
+<link rel="stylesheet" type="text/css" href="/static/admin/css/widgets.css" />
 
+{% endif %}
 	</div>
      </div>
     </div>
   </div>
 </div>
-<script src="{{ STATIC_URL}}dashboard/group-details.js"></script>
 {% endblock %}

circle/dashboard/urls.py

@@ -38,7 +38,8 @@ from .views import (
     get_vm_screenshot,
     ProfileView, toggle_use_gravatar, UnsubscribeFormView,
     UserKeyDelete, UserKeyDetail, UserKeyCreate,
-    VmTraitsUpdate, VmRawDataUpdate
+    VmTraitsUpdate, VmRawDataUpdate,
+    GroupPermissionsView,
 )
 
 urlpatterns = patterns(
@@ -168,6 +169,9 @@ urlpatterns = patterns(
     url(r'^group/(?P<group_pk>\d+)/create/$',
         UserCreationView.as_view(),
         name="dashboard.views.create-user"),
+    url(r'^group/(?P<group_pk>\d+)/permissions/$',
+        GroupPermissionsView.as_view(),
+        name="dashboard.views.group-permissions"),
 
     url(r'^sshkey/delete/(?P<pk>\d+)/$',
         UserKeyDelete.as_view(),

circle/dashboard/views.py

@@ -61,7 +61,7 @@ from .forms import (
     UserCreationForm, GroupProfileUpdateForm, UnsubscribeForm,
     VmSaveForm, UserKeyForm,
     CirclePasswordChangeForm, VmCreateDiskForm, VmDownloadDiskForm,
-    TraitsForm, RawDataForm
+    TraitsForm, RawDataForm, GroupPermissionForm
 )
 
 from .tables import (
@@ -807,12 +807,18 @@ class GroupDetailView(CheckedDetailView):
         context['acl'] = get_group_acl_data(self.object)
         context['group_profile_form'] = GroupProfileUpdate.get_form_object(
             self.request, self.object.profile)
+
+        if self.request.user.is_superuser:
+            context['group_perm_form'] = GroupPermissionForm(
+                instance=self.object)
+
         return context
 
     def post(self, request, *args, **kwargs):
         self.object = self.get_object()
         if not self.get_has_level()(request.user, 'operator'):
             raise PermissionDenied()
+
         if request.POST.get('new_name'):
             return self.__set_name(request)
         if request.POST.get('list-new-name'):
@@ -874,6 +880,17 @@ class GroupDetailView(CheckedDetailView):
                                          kwargs={'pk': self.object.pk}))
 
 
+class GroupPermissionsView(SuperuserRequiredMixin, UpdateView):
+    model = Group
+    form_class = GroupPermissionForm
+    slug_field = "pk"
+    slug_url_kwarg = "group_pk"
+
+    def get_success_url(self):
+        return "%s#group-detail-permission" % (
+            self.get_object().groupprofile.get_absolute_url())
+
+
 class AclUpdateView(LoginRequiredMixin, View, SingleObjectMixin):
 
     def post(self, request, *args, **kwargs):