Correção de permissões, de templates e menssagens

Adley
1 parent aa3fa2d6
Showing 8 changed files with 66 additions and 56 deletions Show diff stats
wscacicneo/__init__.py
wscacicneo/models.py
wscacicneo/templates/editarorgao.pt
wscacicneo/templates/editaruser.pt
wscacicneo/templates/home.pt
wscacicneo/templates/list_user.pt
wscacicneo/templates/master.pt
wscacicneo/views.py
@@ -5,6 +5,7 @@ from wscacicneo import config
 from pyramid.authentication import AuthTktAuthenticationPolicy
 from pyramid.authorization import ACLAuthorizationPolicy
 from pyramid.config import Configurator
+from pyramid.httpexceptions import HTTPNotFound
@@ -31,7 +32,6 @@ def main(global_config, **settings):
     # Rotas Básicas
     cfg.add_route('home', 'home')
-    cfg.add_route('error', 'error')
     cfg.add_route('notifications', 'notifications')
     cfg.add_route('orgao', 'orgao/cadastro')
@@ -65,7 +65,7 @@ so = Table(&#39;so&#39;, Base.metadata,
 mapper(SistemaOperacional, so)
 class RootFactory(object):
-    __acl__ = [ (Allow, Everyone, 'view'),
-                (Allow, 'Administrador', 'edit') ]
+    __acl__ = [ (Allow, Everyone, 'user'),
+                (Allow, 'Administrador', 'admin') ]
     def __init__(self, request):
         pass
 \ No newline at end of file
@@ -105,8 +105,8 @@
                     type: "PUT",
                     url: "${request.route_url('root')}put_orgao",
                     data: data, 
-                    success: function(){ alert('Cadastro realizado com sucesso')   },
-                    error: function(){ alert('Erro ao realizar o cadastro. Todos os campos são obrigatórios') },
+                    success: function(){ alert('Alteração realizado com sucesso')   },
+                    error: function(){ alert('Erro ao alterar o orgão. Todos os campos são obrigatórios') },
                 }); 
             });
         </script>
@@ -59,7 +59,7 @@
                 <div class="form-group">
                     <label class="col-lg-2 control-label">Senha</label>
                         <div class="col-lg-5">
-                        <input type="text" id="senha" value="${senha}" class="form-control" placeholder="Informe novamente sua senha">
+                        <input type="text" id="senha" class="form-control" placeholder="Informe novamente sua senha">
                     </div>
                 </div><div class="form-group">
                     <label class="col-lg-2 control-label">Confirmar Senha</label>
@@ -114,16 +114,30 @@
                     'permissao': permissao,
                     'senha': senha
                 }
-                if (data.email.indexOf("gov.br") > -1 == false){
-                   alert('Somente é permitido cadastro de e-mails institucionais');
+                var emailCorreto = 0;
+                var senhaConfere = 0;
+                if (data.email.indexOf("gov.br") > -1 == true){
+                  emailCorreto = 1;
+                }
+                if(senha.value == confirmarsenha.value && senha.value != "" ){
+                  senhaConfere = 1;
+                }
+                if (emailCorreto == 0 || senhaConfere == 0){
+                    if(emailCorreto == 0){
+                        setTimeout(function() {noty({text: 'Erro: O campo "E-Mail" deve ser preenchido por um e-mail institucional',layout:'topRight',type:'error',timeout:5000});}, 100);
+                    }
+                    if(senhaConfere == 0){
+                        setTimeout(function() {noty({text: 'Erro: O campo "Senha" e "Confirmar Senha" estão diferentes ou em branco',layout:'topRight',type:'error',timeout:5000});}, 100);  
+                    }
                 }else{
-                $.ajax({
-                    type: "PUT",
-                    url: "${request.route_url('root')}put_user",
-                    data: data, 
-                    success: function(){ alert('sucesso') },
-                    error: function(){ alert('erro') },
-                });}
+                  $.ajax({
+                      type: "PUT",
+                      url: "${request.route_url('root')}put_user",
+                      data: data, 
+                      success: function(){ alert('Alteração realizado com sucesso') },
+                      error: function(){ alert('Erro ao Alterar do usuário. Todos os campos são obrigatórios') },
+                  });
+                }
             });
         </script>
     </metal:content>
 <metal:main use-macro="load: master.pt">
  <metal:content fill-slot="conteudo">
  	<div>
-		<p><h3 align="center">Sistema Super-Gerente</h3></p>
+		<p><h2 align="center">Sistema Super-Gerente</h2></p>
+		<br>
+		<p><h3 align="center"><a href="${request.route_url('root')}login"> Faça Login </a></h3></p>
 	</div>
  </metal:content>
 </metal:main>
@@ -24,8 +24,7 @@
                                                 <tr>
                                                     <th>Nome</th>
                                                     <th>Matricula</th>
-                                                    <th>Cargo</th>
-                                                    <th>Setor</th>
+                                                    <th>E-mail</th>
                                                     <th>Orgão</th>
                                                     <th>Permissão</th>
                                                     <th>Opções</th>
@@ -35,14 +34,12 @@
                                                 <tr tal:repeat="doc user_doc">
                                                     <td>${doc.nome}</td>
                                                     <td>${doc.matricula}</td>
-                                                    <td>${doc.cargo}</td>
-                                                    <td>${doc.setor}</td>
+                                                    <td>${doc.email}</td>
                                                     <td>${doc.orgao}</td>
                                                     <td>${doc.permissao}</td>
                                                     <td>
-                                                        <a class="btn btn-xs btn-success"><i class="fa fa-check"></i></a>
-                                                        <a href="${request.route_url('root')}usuario/editar/${doc.matricula}" class="btn btn-xs btn-warning"><i class="fa fa-pencil"></i></a>
-                                                        <a href="${request.route_url('root')}usuario/delete/${doc.matricula}" class="btn btn-xs btn-danger"><i class="fa fa-times"></i></a>
+                                                        <a href="${request.route_url('root')}usuario/editar/${doc.matricula}" class="btn btn-xs btn-warning" title="Editar"><i class="fa fa-pencil"></i></a>
+                                                        <a href="${request.route_url('root')}usuario/delete/${doc.matricula}" class="btn btn-xs btn-danger" title="Apagar"><i class="fa fa-times"></i></a>
                                                     </td>
                                                 </tr>
                                             </tbody>
@@ -96,7 +96,7 @@
 						<!-- Page heading -->
 						<div class="page-head">
-							<h2 class="pull-left"><i class="fa fa-home"></i> ${request.path}</h2>
+							<h2 class="pull-left"><i class="fa fa-home"></i> Você está em: ${request.path}</h2>
 							<div class="clearfix"></div>
 import requests
 import json
 from pyramid.response import Response
-from pyramid.httpexceptions import HTTPFound
+from pyramid.httpexceptions import HTTPFound, HTTPNotFound
 from pyramid.view import view_config
 from sqlalchemy.orm import sessionmaker
 from sqlalchemy import create_engine, MetaData
@@ -50,16 +50,12 @@ def root(request):
     return {'project': 'WSCacicNeo'}
 # Views básicas
-@view_config(route_name='home', renderer='templates/home.pt')
+@view_config(route_name='home', renderer='templates/home.pt', permission="user")
 def home(request):
     return {'project': 'WSCacicNeo'}
-@view_config(route_name='error', renderer='templates/error.pt')
-def error(request):
-    return {'project': 'WSCacicNeo'}
-
 # Lista de Notificação
-@view_config(route_name='list_notify', renderer='templates/list_notify.pt')
+@view_config(route_name='list_notify', renderer='templates/list_notify.pt', permission="admin")
 def list_notify(request):
     notify_obj = Notify(
         orgao = 'deasdsd',
@@ -72,11 +68,11 @@ def list_notify(request):
     return {'doc': doc}
-@view_config(route_name='notify', renderer='templates/notify_coleta.pt')
+@view_config(route_name='notify', renderer='templates/notify_coleta.pt', permission="admin")
 def notify(request):
     return {'project': 'WSCacicNeo'}
-@view_config(route_name='post_notify')
+@view_config(route_name='post_notify', permission="admin")
 def post_notify(request):
     requests = request.params
     notify_obj = Notify(
@@ -89,11 +85,11 @@ def post_notify(request):
     return Response(str(results))
 # Views de Orgão
-@view_config(route_name='orgao', renderer='templates/orgao.pt')
+@view_config(route_name='orgao', renderer='templates/orgao.pt', permission="admin")
 def orgao(request):
     return {'project': 'WSCacicNeo'}
-@view_config(route_name='listorgao', renderer='templates/list_orgao.pt')
+@view_config(route_name='listorgao', renderer='templates/list_orgao.pt', permission="user")
 def listorgao(request):
     orgao_obj = Orgao(
         nome = 'sahuds',
@@ -108,7 +104,7 @@ def listorgao(request):
     search = orgao_obj.search_list_orgaos()
     return {'orgao_doc': search.results}
-@view_config(route_name='editorgao', renderer='templates/editarorgao.pt')
+@view_config(route_name='editorgao', renderer='templates/editarorgao.pt', permission="admin")
 def editorgao(request):
     sigla = request.matchdict['sigla']
     orgao_obj = Orgao(
@@ -133,7 +129,7 @@ def editorgao(request):
         'url' : search.results[0].url
     }
-@view_config(route_name='post_orgao')
+@view_config(route_name='post_orgao', permission="admin")
 def post_orgao(request):
     """
     Post doc órgãos
@@ -156,7 +152,7 @@ def post_orgao(request):
     return Response(str(id_doc))
-@view_config(route_name='put_orgao')
+@view_config(route_name='put_orgao', permission="admin")
 def put_orgao(request):
     """
     Edita um doc apartir do id
@@ -190,7 +186,7 @@ def put_orgao(request):
     return Response(edit)
-@view_config(route_name='delete_orgao')
+@view_config(route_name='delete_orgao', permission="admin")
 def delete_orgao(request):
     """
     Deleta doc apartir do id
@@ -214,7 +210,7 @@ def delete_orgao(request):
     return Response(delete)
 # Views de Favoritos
-@view_config(route_name='favoritos', renderer='templates/favoritos.pt')
+@view_config(route_name='favoritos', renderer='templates/favoritos.pt', permission="admin")
 def favoritos(request):
     matricula = request.matchdict['matricula']
     user_obj = User(
@@ -245,7 +241,7 @@ def favoritos(request):
         'senha' : search.results[0].senha
     }
-@view_config(route_name='edit_favoritos')
+@view_config(route_name='edit_favoritos', permission="admin")
 def edit_favoritos(request):
     """
     Editar do Favoritos
@@ -284,7 +280,7 @@ def edit_favoritos(request):
     return Response(edit)
 # Reports
-@view_config(route_name='create_orgao')
+@view_config(route_name='create_orgao',permission="admin")
 def create_base(request):
     nm_orgao = request.matchdict['nm_orgao']
     coletaManualBase = coleta_manual.ColetaManualBase(nm_orgao)
@@ -308,7 +304,7 @@ def conf_report(request):
     search = orgao_obj.search_list_orgaos()
     return {'orgao_doc': search.results}
-@view_config(route_name='report_itens', renderer='templates/report.pt')
+@view_config(route_name='report_itens', renderer='templates/report.pt', permission="admin")
 def report_itens(request):
     nm_orgao = request.matchdict['nm_orgao']
     attr = request.matchdict['attr']
@@ -318,11 +314,11 @@ def report_itens(request):
 # Users
-@view_config(route_name='user', renderer='templates/user.pt', permission='edit')
+@view_config(route_name='user', renderer='templates/user.pt', permission='admin')
 def user(request):
     return {'project': 'WSCacicNeo'}
-@view_config(route_name='post_user')
+@view_config(route_name='post_user', permission="admin")
 def post_user(request):
     """
     Post doc users
@@ -355,7 +351,7 @@ def post_user(request):
     else:
         return {"emailerrado":"emailerrado"}
-@view_config(route_name='edituser', renderer='templates/editaruser.pt', permission="edit")
+@view_config(route_name='edituser', renderer='templates/editaruser.pt', permission="admin")
 def edituser(request):
     matricula = request.matchdict['matricula']
     user_obj = User(
@@ -382,7 +378,7 @@ def edituser(request):
         'senha' : search.results[0].senha
     }
-@view_config(route_name='put_user')
+@view_config(route_name='put_user', permission="admin")
 def put_user(request):
     """
     Edita um doc de user apartir do id
@@ -423,7 +419,7 @@ def put_user(request):
     else:
         return { }
-@view_config(route_name='listuser', renderer='templates/list_user.pt', permission="view")
+@view_config(route_name='listuser', renderer='templates/list_user.pt', permission="admin")
 def listuser(request):
     user_obj = User(
         nome = 'asdasd',
@@ -440,7 +436,7 @@ def listuser(request):
     search = user_obj.search_list_users()
     return {'user_doc': search.results}
-@view_config(route_name='delete_user')
+@view_config(route_name='delete_user', permission="admin")
 def delete_user(request):
     """
     Deleta doc apartir do id
@@ -465,7 +461,7 @@ def delete_user(request):
     return Response(delete)
 # Autenticação
-@view_config(route_name='login', renderer='templates/login.pt')
+@view_config(route_name='login', renderer='templates/login.pt', permission="view")
 @forbidden_view_config(renderer='templates/login.pt')
 def login(request):
     user_obj = User(
@@ -482,10 +478,11 @@ def login(request):
     )
     login_url = request.route_url('login')
     referrer = request.url
+    message = 'Você não tem permissão para isso. Autentique-se.'
     if referrer == login_url:
         referrer = request.route_url('root') + 'home' # never use the login form itself as came_from
+        message = ''
     came_from = request.params.get('came_from', referrer)
-    message = ''
     email = ''
     senha = ''
     is_visible = 'none'
@@ -498,12 +495,12 @@ def login(request):
                 headers = remember(request, email)
                 return HTTPFound(location = came_from,
                                  headers = headers)
-            is_visible = "block"
             message = 'E-mail ou senha incorretos'
         except:
-            is_visible = "block"
             message = 'E-mail ou senha incorretos'
+    if message != '':
+        is_visible = "block"
     return dict(
         message = message,
         url = request.application_url + '/login',
@@ -513,14 +510,14 @@ def login(request):
         is_visible = is_visible,
         )
-@view_config(route_name='logout')
+@view_config(route_name='logout', permission="admin")
 def logout(request):
     headers = forget(request)
     return HTTPFound(location = request.route_url('login'),
                      headers = headers)
 # Coleta
-@view_config(route_name='cadastro_coleta', renderer='templates/cadastro_coleta.pt')
+@view_config(route_name='cadastro_coleta', renderer='templates/cadastro_coleta.pt', permission="admin")
 def cadastro_coleta(request):
     orgao_obj = Orgao(
         nome = 'teste',
@@ -536,7 +533,7 @@ def cadastro_coleta(request):
     return {'orgao_doc': search.results}
-@view_config(route_name='post_coleta_manual')
+@view_config(route_name='post_coleta_manual', permission="admin")
 def post_coleta_manual(request):
     """
     Post doc ColetaManual
	@@ -96,7 +96,7 @@		@@ -96,7 +96,7 @@
96		96
97	<!-- Page heading -->	97	<!-- Page heading -->
98	<div class="page-head">	98	<div class="page-head">
99	- <h2 class="pull-left"><i class="fa fa-home"></i> ${request.path}</h2>	99	+ <h2 class="pull-left"><i class="fa fa-home"></i> Você está em: ${request.path}</h2>
100		100
101		101
102	<div class="clearfix"></div>	102	<div class="clearfix"></div>