From 9edca65294b2105b55056aa03109c10325e25031 Mon Sep 17 00:00:00 2001
From: Emmanuel Viennet <emmanuel.viennet@gmail.com>
Date: Mon, 4 Sep 2023 21:34:23 +0200
Subject: [PATCH] =?UTF-8?q?WIP:=20=C3=A9diteur=20de=20r=C3=B4les/permissio?=
 =?UTF-8?q?ns?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/static/css/role_editor.css | 42 +++++++++++++++++++++
 app/templates/configuration.j2 |  5 ++-
 app/templates/role_editor.j2   | 69 ++++++++++++++++++++++++++++++++++
 app/views/scodoc.py            | 16 +++++++-
 app/views/users.py             |  4 +-
 5 files changed, 133 insertions(+), 3 deletions(-)
 create mode 100644 app/static/css/role_editor.css
 create mode 100644 app/templates/role_editor.j2

diff --git a/app/static/css/role_editor.css b/app/static/css/role_editor.css
new file mode 100644
index 00000000..2c3d87dc
--- /dev/null
+++ b/app/static/css/role_editor.css
@@ -0,0 +1,42 @@
+
+.help {
+    margin-bottom: 24px;
+}
+
+section#roles {
+    background-color: #fffaf4;
+}
+
+.role {
+	display: flex;
+	flex-wrap: wrap;
+	gap: 4px;
+    margin-bottom: 32px;
+}
+
+.role>div, .role span {
+	display: block;
+	padding: 4px 8px;
+	border: 1px solid #aaa;
+	border-radius: 4px;
+}
+
+.role input {
+	display: none;
+}
+
+.role input:checked:not([value=aucun])+span {
+	background: rgb(165, 6, 59);
+	border-color: rgb(165, 6, 59);
+	color: #fff;
+}
+
+.role>:nth-child(1) {
+	background: #09c;
+	border-color: #09c;
+	color: #fff;
+}
+
+.permission-roles label {
+    font-weight: normal;
+}
\ No newline at end of file
diff --git a/app/templates/configuration.j2 b/app/templates/configuration.j2
index 5eaa73b5..88b3118d 100644
--- a/app/templates/configuration.j2
+++ b/app/templates/configuration.j2
@@ -72,9 +72,12 @@
     </p>
 </section>
 
-<h2>Utilisateurs et CAS</h2>
+<h2>Utilisateurs, Rôles et CAS</h2>
 <section>
     <div>
+        🎎 <a class="stdlink" href="{{url_for('scodoc.config_roles')}}">Définition des rôles et permissions</a>
+    </div>
+    <div style="margin-top: 16px;">
         🏰 <a class="stdlink" href="{{url_for('scodoc.config_cas')}}">Configuration du service CAS</a>
     </div>
     <div style="margin-top: 16px;">
diff --git a/app/templates/role_editor.j2 b/app/templates/role_editor.j2
new file mode 100644
index 00000000..bc4ea948
--- /dev/null
+++ b/app/templates/role_editor.j2
@@ -0,0 +1,69 @@
+{# -*- mode: jinja-html -*- #}
+{# -*- Edition des rôles/permissions -- inspiré de partition_editor -*- #}
+{% extends "base.j2" %}
+{% import 'bootstrap/wtf.html' as wtf %}
+
+{% block styles %}
+    {{super()}}
+    <link rel="stylesheet" href="{{ scu.STATIC_DIR }}/css/partition_editor.css">
+    <link rel="stylesheet" href="{{ scu.STATIC_DIR }}/css/role_editor.css">
+{% endblock %}
+
+{% block app_content %}
+
+<h1>Définition des rôles et leurs permissions</h1>
+
+<div class="help">Les rôles sont associés à un ensemble de permissions. Chaque
+utilisateur peut avoir un nombre quelconque de rôles <em>dans chaque
+département</em>. 
+Sur cette page vous pouvez modifier les permissions associée à chaque rôle, ou créer de nouveaux rôles.
+</div>
+
+{# <div class="links">
+<a class="stdlink" href="{{ url_for('scodoc.users') }}">liste des comptes utilisateurs</a>
+</div> #}
+
+<main>
+	<section id="roles">
+        <div class="permission-roles">
+        {% for role in roles %}
+        <div class="role">
+            <div>{{role.name}}</div>
+            <label title="Aucune permission">
+                <input type="checkbox" name="{{role.id}}" value="aucun" checked="" class="">
+                <span class="aucun"> - </span>                    
+            </label>
+            {% for permission_name in permissions_names %}
+            <label>
+                <input type="checkbox" 
+                    name="{{role.id}}-{{Permission.get_by_name(permission_name)}}"
+                    value="{{role.id}}-{{Permission.get_by_name(permission_name)}}"
+                    {{"checked" if role.has_permission(Permission.get_by_name(permission_name)) else ''}}
+                >
+                <span data-permission="{{
+                    Permission.get_by_name(permission_name)
+                }}">{{permission_name}}</span>
+            </label>
+            {% endfor %}
+        </div>
+        {% endfor %}
+        </div>
+    </section>
+</main>
+
+<script>
+
+function associe_role_permission() {
+    alert("toto");
+}
+
+document.querySelectorAll("label").forEach(btn => { 
+    btn.addEventListener("mousedown", (event) => { event.preventDefault() }) 
+});
+document.querySelectorAll(".role input").forEach(input => {
+    input.addEventListener("input", associe_role_permission) 
+});
+
+</script>
+
+{% endblock %}
\ No newline at end of file
diff --git a/app/views/scodoc.py b/app/views/scodoc.py
index 214ea426..ca2ec096 100644
--- a/app/views/scodoc.py
+++ b/app/views/scodoc.py
@@ -53,7 +53,7 @@ from werkzeug.exceptions import BadRequest, NotFound
 
 
 from app import db
-from app.auth.models import User
+from app.auth.models import User, Role
 from app.auth.cas import set_cas_configuration
 from app.decorators import (
     admin_required,
@@ -144,6 +144,20 @@ def toggle_dept_vis(dept_id):
     return redirect(url_for("scodoc.index"))
 
 
+@bp.route("/ScoDoc/config_roles", methods=["GET", "POST"])
+@admin_required
+def config_roles():
+    """Form associations rôles / permissions"""
+    permissions_names = sorted(Permission.permission_by_value.values())
+    roles = Role.query.order_by(Role.name).all()
+    return render_template(
+        "role_editor.j2",
+        Permission=Permission,
+        permissions_names=permissions_names,
+        roles=roles,
+    )
+
+
 @bp.route("/ScoDoc/config_cas", methods=["GET", "POST"])
 @admin_required
 def config_cas():
diff --git a/app/views/users.py b/app/views/users.py
index 6f60b090..acee92a3 100644
--- a/app/views/users.py
+++ b/app/views/users.py
@@ -39,7 +39,7 @@ from enum import auto, IntEnum
 from xml.etree import ElementTree
 
 import flask
-from flask import g, url_for, request, current_app, flash
+from flask import g, url_for, request, flash
 from flask import redirect, render_template
 from flask_login import current_user
 from flask_wtf import FlaskForm
@@ -74,6 +74,8 @@ from app.scodoc.sco_import_users import generate_password
 from app.scodoc.sco_permissions_check import can_handle_passwd
 from app.scodoc.TrivialFormulator import TrivialFormulator, tf_error_message
 from app.views import users_bp as bp
+from app.views import scodoc_bp
+
 
 _ = lambda x: x  # sans babel
 _l = _