Refactor response handling in ViewAuth and BaseView to return only child element…

…s and include user permissions in login response

Refactor response handling in ViewAuth and BaseView to return only child element…
…s and include user permissions in login response
aa.gustiana@gmail.com
Commit 23b5bce8 authored Aug 14, 2025 by aa.gustiana@gmail.com
Showing 3 changed files with 24 additions and 7 deletions
opensipkd/base/models/users.py
opensipkd/base/views/base_views.py
opensipkd/base/views/user_login.py
--- a/opensipkd/base/models/users.py
+++ b/opensipkd/base/models/users.py
 from datetime import datetime
+from click import group
 import pytz
 import sqlalchemy as sa
 from opensipkd.tools import as_timezone
@@ -147,6 +148,16 @@ class User(UserMixin, BaseModel, DefaultModel, Base):
        qry = cls.query_list()
        return qry.all()
+    def get_permissions(self):
+        groups = UserGroup.get_by_user(self)
+        perm_names=[]
+        for g in groups:
+            group_permissions = DBSession.query(GroupPermission).filter_by(group_id=g).all()
+            for gp in group_permissions:
+                if gp.perm_name not in perm_names:
+                    perm_names.append(gp.perm_name)
+        return perm_names
    # @classmethod
    # def get_departemen_id(cls, user_id):
    #     partner = Partner.query_user_id(user_id).first()

--- a/opensipkd/base/views/base_views.py
+++ b/opensipkd/base/views/base_views.py
@@ -229,7 +229,6 @@ class BaseView(object):
            for k, v in value.items():
                if type(v) in (colander.null, colander._null):
                    value[k] = ""
-        return children
        d = {
            "id": field.oid,
            "name": field.name,
@@ -597,7 +596,7 @@ class BaseView(object):
        if self.req.is_xhr:
            d = self.form2dict(form)
            import json
-            return Response(json=d)
+            return Response(json=d["children"])
        resources = form.get_widget_resources()
        readonly = "readonly" in kwargs and kwargs["readonly"] or False

--- a/opensipkd/base/views/user_login.py
+++ b/opensipkd/base/views/user_login.py
@@ -225,7 +225,7 @@ class ViewAuth(BaseView):
                set_user_log(msg, request, log, identity)
                if self.req.is_xhr:
                    d = self.form2dict(e.field)
-                    return Response(json=d)
+                    return Response(json=d["children"])
                request.session.flash(msg, 'error')
                return HTTPFound(location=request.route_url('base-login'))
@@ -279,7 +279,8 @@ class ViewAuth(BaseView):
                request.session.flash(str(e), "error")
                if self.req.is_xhr:
                    # return Response(form.render())
-                    return Response(json=self.form2dict(form))
+                    d = self.form2dict(form)
+                    return Response(json=d["children"])
                return render_to_response(
                    login_tpl, dict(
                        form=form,
@@ -302,7 +303,10 @@ class ViewAuth(BaseView):
        #                 next_url=next_url,
        #                 login=login, )
        if self.req.is_xhr:
-            return Response(json=self.form2dict(form))
+            d = self.form2dict(form)
+            d = d["children"]
+            # d["permission"]=user.get_permissions()
+            return Response(json=d)
        if login_tpl:
            return render_to_response(
@@ -353,8 +357,11 @@ def redirect_login(request, user):
    request.session.flash("Sukses Login")
    next_url = request.params.get('next')
    if request.is_xhr:
-        return Response(json={"success": True,
+        return Response(json={
-                              "token": user.security_code}, headerlist=headers)
+            "success": True,
+            "permission": user.get_permissions(),
+            "token": user.security_code
+        }, headerlist=headers)
    if not next_url and request.matched_route.name == 'login':
        url = get_params('modules_default', 'base-home')