Refactor response handling in ViewAuth and BaseView to return only child element…

…s and include user permissions in login response

opensipkd/base/models/users.py

 from datetime import datetime
 
+from click import group
 import pytz
 import sqlalchemy as sa
 from opensipkd.tools import as_timezone
@@ -147,6 +148,16 @@ class User(UserMixin, BaseModel, DefaultModel, Base):
         qry = cls.query_list()
         return qry.all()
 
+    def get_permissions(self):
+        groups = UserGroup.get_by_user(self)
+        perm_names=[]
+        for g in groups:
+            group_permissions = DBSession.query(GroupPermission).filter_by(group_id=g).all()
+            for gp in group_permissions:
+                if gp.perm_name not in perm_names:
+                    perm_names.append(gp.perm_name)
+        return perm_names
+
     # @classmethod
     # def get_departemen_id(cls, user_id):
     #     partner = Partner.query_user_id(user_id).first()

opensipkd/base/views/base_views.py

@@ -229,7 +229,6 @@ class BaseView(object):
             for k, v in value.items():
                 if type(v) in (colander.null, colander._null):
                     value[k] = ""
-        return children
         d = {
             "id": field.oid,
             "name": field.name,
@@ -597,7 +596,7 @@ class BaseView(object):
         if self.req.is_xhr:
             d = self.form2dict(form)
             import json
-            return Response(json=d)
+            return Response(json=d["children"])
 
         resources = form.get_widget_resources()
         readonly = "readonly" in kwargs and kwargs["readonly"] or False

opensipkd/base/views/user_login.py

@@ -225,7 +225,7 @@ class ViewAuth(BaseView):
                 set_user_log(msg, request, log, identity)
                 if self.req.is_xhr:
                     d = self.form2dict(e.field)
-                    return Response(json=d)
+                    return Response(json=d["children"])
                 request.session.flash(msg, 'error')
                 return HTTPFound(location=request.route_url('base-login'))
 
@@ -279,7 +279,8 @@ class ViewAuth(BaseView):
                 request.session.flash(str(e), "error")
                 if self.req.is_xhr:
                     # return Response(form.render())
-                    return Response(json=self.form2dict(form))
+                    d = self.form2dict(form)
+                    return Response(json=d["children"])
                 return render_to_response(
                     login_tpl, dict(
                         form=form,
@@ -302,7 +303,10 @@ class ViewAuth(BaseView):
         #                 next_url=next_url,
         #                 login=login, )
         if self.req.is_xhr:
-            return Response(json=self.form2dict(form))
+            d = self.form2dict(form)
+            d = d["children"]
+            # d["permission"]=user.get_permissions()
+            return Response(json=d)
         if login_tpl:
 
             return render_to_response(
@@ -353,8 +357,11 @@ def redirect_login(request, user):
     request.session.flash("Sukses Login")
     next_url = request.params.get('next')
     if request.is_xhr:
-        return Response(json={"success": True,
-                              "token": user.security_code}, headerlist=headers)
+        return Response(json={
+            "success": True,
+            "permission": user.get_permissions(),
+            "token": user.security_code
+        }, headerlist=headers)
 
     if not next_url and request.matched_route.name == 'login':
         url = get_params('modules_default', 'base-home')