kallithea Changeset - 25dbbdae3ed9

Changeset - 25dbbdae3ed9

Parent rev.

Child rev.

[Not reviewed]

beta

0 8 0

Marcin Kuzminski - 13 years ago 2013-04-08 23:49:08
marcin@python-works.com

consistent handling of grant/revoke of permissions widgets
- use 1 method for users and for users groups
- use common JS for ajax revoke
- cleanup code

8 files changed with 103 insertions and 150 deletions:

rhodecode/config/routing.py

rhodecode/controllers/admin/repos.py

rhodecode/controllers/admin/repos_groups.py

rhodecode/controllers/admin/users_groups.py

rhodecode/public/js/rhodecode.js

rhodecode/templates/admin/repos/repo_edit_perms.html

rhodecode/templates/admin/repos_groups/repos_group_edit_perms.html

rhodecode/templates/admin/users_groups/user_group_edit_perms.html

0 comments (0 inline, 0 general)

rhodecode/config/routing.py

➞

Show inline comments

@@ @@ -119,25 +119,21 @@ def make_map(config): @@
              action="show", conditions=dict(method=["GET"],
                                             function=check_repo))
         m.connect("formatted_repo", "/repos/{repo_name:.*?}.{format}",
              action="show", conditions=dict(method=["GET"],
                                             function=check_repo))
         #add repo perm member
         m.connect('set_repo_perm_member', "/set_repo_perm_member/{repo_name:.*?}",
         m.connect('set_repo_perm_member',
                   "/repos/{repo_name:.*?}/grant_perm",
              action="set_repo_perm_member",
              conditions=dict(method=["POST"], function=check_repo))
         #ajax delete repo perm user
         m.connect('delete_repo_user', "/repos_delete_user/{repo_name:.*?}",
              action="delete_perm_user",
              conditions=dict(method=["DELETE"], function=check_repo))
         #ajax delete repo perm users_group
         m.connect('delete_repo_users_group',
                   "/repos_delete_users_group/{repo_name:.*?}",
                   action="delete_perm_users_group",
         m.connect('delete_repo_perm_member',
                   "/repos/{repo_name:.*?}/revoke_perm",
                   action="delete_repo_perm_member",
                   conditions=dict(method=["DELETE"], function=check_repo))
         #settings actions
         m.connect('repo_stats', "/repos_stats/{repo_name:.*?}",
                   action="repo_stats", conditions=dict(method=["DELETE"],
                                                        function=check_repo))
@@ @@ -181,12 +177,24 @@ def make_map(config): @@
                   action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_new_repos_group", "/repos_groups/new.{format}",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("update_repos_group", "/repos_groups/{group_name:.*?}",
                   action="update", conditions=dict(method=["PUT"],
                                                    function=check_group))
         #add repo group perm member
         m.connect('set_repo_group_perm_member',
                   "/repos_groups/{group_name:.*?}/grant_perm",
                   action="set_repo_group_perm_member",
                   conditions=dict(method=["POST"], function=check_group))
         #ajax delete repo group perm
         m.connect('delete_repo_group_perm_member',
                   "/repos_groups/{group_name:.*?}/revoke_perm",
                   action="delete_repo_group_perm_member",
                   conditions=dict(method=["DELETE"], function=check_group))
         m.connect("delete_repos_group", "/repos_groups/{group_name:.*?}",
                   action="delete", conditions=dict(method=["DELETE"],
                                                    function=check_group_skip_path))
         m.connect("edit_repos_group", "/repos_groups/{group_name:.*?}/edit",
                   action="edit", conditions=dict(method=["GET"],
                                                  function=check_group))
@@ @@ -198,30 +206,12 @@ def make_map(config): @@
                   action="show", conditions=dict(method=["GET"],
                                                  function=check_group))
         m.connect("formatted_repos_group", "/repos_groups/{group_name:.*?}.{format}",
                   action="show", conditions=dict(method=["GET"],
                                                  function=check_group))
         #add repo perm member
         m.connect('set_repo_group_perm_member',
                   "/set_repo_group_perm_member/{group_name:.*?}",
              action="set_repo_group_perm_member",
              conditions=dict(method=["POST"], function=check_group))
         # ajax delete repository group perm user
         m.connect('delete_repos_group_user_perm',
                   "/delete_repos_group_user_perm/{group_name:.*?}",
              action="delete_repos_group_user_perm",
              conditions=dict(method=["DELETE"], function=check_group))
         # ajax delete repository group perm users_group
         m.connect('delete_repos_group_users_group_perm',
                   "/delete_repos_group_users_group_perm/{group_name:.*?}",
                   action="delete_repos_group_users_group_perm",
                   conditions=dict(method=["DELETE"], function=check_group))
     #ADMIN USER REST ROUTES
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/users') as m:
         m.connect("users", "/users",
                   action="create", conditions=dict(method=["POST"]))
         m.connect("users", "/users",

rhodecode/controllers/admin/repos.py

➞

Show inline comments

@@ @@ -48,12 +48,13 @@ from rhodecode.model.db import User, Rep @@
 from rhodecode.model.forms import RepoForm, RepoFieldForm, RepoPermsForm
 from rhodecode.model.scm import ScmModel, RepoGroupList
 from rhodecode.model.repo import RepoModel
 from rhodecode.lib.compat import json
 from sqlalchemy.sql.expression import func
 from rhodecode.lib.exceptions import AttachedForksError
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
 class ReposController(BaseRepoController):
     """
@@ @@ -337,48 +338,39 @@ class ReposController(BaseRepoController @@
         #              repo_name, self.ip_addr, self.sa)
         Session().commit()
         h.flash(_('Repository permissions updated'), category='success')
         return redirect(url('edit_repo', repo_name=repo_name))
     @HasRepoPermissionAllDecorator('repository.admin')
-    def delete_perm_user(self, repo_name):
+    def delete_repo_perm_member(self, repo_name):
         """
         DELETE an existing repository permission user
         :param repo_name:
         """
         try:
             RepoModel().revoke_user_permission(repo=repo_name,
                                                user=request.POST['user_id'])
             obj_type = request.POST.get('obj_type')
             obj_id = None
             if obj_type == 'user':
                 obj_id = safe_int(request.POST.get('user_id'))
             elif obj_type == 'user_group':
                 obj_id = safe_int(request.POST.get('user_group_id'))
             if obj_type == 'user':
                 RepoModel().revoke_user_permission(repo=repo_name, user=obj_id)
             elif obj_type == 'user_group':
                 RepoModel().revoke_users_group_permission(
                     repo=repo_name, group_name=obj_id
+                )
             #TODO: implement this
             #action_logger(self.rhodecode_user, 'admin_revoked_repo_permissions',
             #              repo_name, self.ip_addr, self.sa)
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of repository user'),
                     category='error')
             raise HTTPInternalServerError()
     @HasRepoPermissionAllDecorator('repository.admin')
     def delete_perm_users_group(self, repo_name):
         """
         DELETE an existing repository permission user group
         :param repo_name:
         """
         try:
             RepoModel().revoke_users_group_permission(
                 repo=repo_name, group_name=request.POST['users_group_id']
+            )
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of repository'
                       ' user groups'),
             h.flash(_('An error occurred during revoking of permission'),
                     category='error')
             raise HTTPInternalServerError()
     @HasRepoPermissionAllDecorator('repository.admin')
     def repo_stats(self, repo_name):
         """

rhodecode/controllers/admin/repos_groups.py

➞

Show inline comments

@@ @@ -291,55 +291,47 @@ class ReposGroupsController(BaseControll @@
         #              repo_name, self.ip_addr, self.sa)
         Session().commit()
         h.flash(_('Repository Group permissions updated'), category='success')
         return redirect(url('edit_repos_group', group_name=group_name))
     @HasReposGroupPermissionAnyDecorator('group.admin')
-    def delete_repos_group_user_perm(self, group_name):
+    def delete_repo_group_perm_member(self, group_name):
         """
         DELETE an existing repository group permission user
         :param group_name:
         """
         try:
             obj_type = request.POST.get('obj_type')
             obj_id = None
             if obj_type == 'user':
                 obj_id = safe_int(request.POST.get('user_id'))
             elif obj_type == 'user_group':
                 obj_id = safe_int(request.POST.get('user_group_id'))
             if not c.rhodecode_user.is_admin:
-                if c.rhodecode_user.user_id == safe_int(request.POST['user_id']):
+                if obj_type == 'user' and c.rhodecode_user.user_id == obj_id:
                     msg = _('Cannot revoke permission for yourself as admin')
                     h.flash(msg, category='warning')
                     raise Exception('revoke admin permission on self')
             recursive = str2bool(request.POST.get('recursive', False))
             if obj_type == 'user':
             ReposGroupModel().delete_permission(
-                repos_group=group_name, obj=request.POST['user_id'],
+                    repos_group=group_name, obj=obj_id,
                 obj_type='user', recursive=recursive
+            )
             elif obj_type == 'user_group':
                 ReposGroupModel().delete_permission(
                     repos_group=group_name, obj=obj_id,
                     obj_type='users_group', recursive=recursive
+                )
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of group user'),
                     category='error')
             raise HTTPInternalServerError()
     @HasReposGroupPermissionAnyDecorator('group.admin')
     def delete_repos_group_users_group_perm(self, group_name):
         """
         DELETE an existing repository group permission user group
         :param group_name:
         """
         try:
             recursive = str2bool(request.POST.get('recursive', False))
             ReposGroupModel().delete_permission(
                 repos_group=group_name, obj=request.POST['users_group_id'],
                 obj_type='users_group', recursive=recursive
+            )
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of group'
                       ' user groups'),
             h.flash(_('An error occurred during revoking of permission'),
                     category='error')
             raise HTTPInternalServerError()
     def show_by_name(self, group_name):
         """
         This is a proxy that does a lookup group_name -> id, and shows

rhodecode/controllers/admin/users_groups.py

➞

Show inline comments

@@ @@ -292,13 +292,13 @@ class UsersGroupsController(BaseControll @@
                                                         user=obj_id)
             elif obj_type == 'user_group':
                 pass
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
-            h.flash(_('An error occurred during deletion of group user'),
+            h.flash(_('An error occurred during revoking of permission'),
                     category='error')
             raise HTTPInternalServerError()
     def show(self, id, format='html'):
         """GET /users_groups/id: Show a specific item"""
         # url('users_group', id=ID)

rhodecode/public/js/rhodecode.js

➞

Show inline comments

@@ @@ -365,12 +365,26 @@ var _run_callbacks = function(callbacks) @@
+            }
+        }
+    }
+}
 /**
  * turns objects into GET query string
  */
 var toQueryString = function(o) {
     if(typeof o !== 'object') {
         return false;
+    }
     var _p, _qs = [];
     for(_p in o) {
         _qs.push(encodeURIComponent(_p) + '=' + encodeURIComponent(o[_p]));
+    }
     return _qs.join('&');
 };
 /**
  * Partial Ajax Implementation
+ *
  * @param url: defines url to make partial request
  * @param container: defines id of container to input partial result
  * @param s_call: success callback function that takes o as arg
  *  o.tId
@@ @@ -438,23 +452,12 @@ var ajaxGET = function(url,success) { @@
 var ajaxPOST = function(url,postData,success) {
     // Set special header for ajax == HTTP_X_PARTIAL_XHR
     YUC.initHeader('X-PARTIAL-XHR',true);
     var toQueryString = function(o) {
         if(typeof o !== 'object') {
             return false;
+        }
         var _p, _qs = [];
         for(_p in o) {
             _qs.push(encodeURIComponent(_p) + '=' + encodeURIComponent(o[_p]));
+        }
         return _qs.join('&');
     };
     var sUrl = url;
     var callback = {
         success: success,
         failure: function (o) {
             alert("error");
         },
@@ @@ -2032,13 +2035,44 @@ var addPermAction = function(_html, user @@
        el.id = 'add_perm_input';
        YUD.addClass(el,'last_new_member');
        YUD.addClass(el,'new_members');
        YUD.insertAfter(el, last_node);
+    }
+}
 function ajaxActionRevokePermission(url, obj_id, obj_type, field_id, extra_data) {
     var callback = {
         success: function (o) {
             var tr = YUD.get(String(field_id));
             tr.parentNode.removeChild(tr);
         },
         failure: function (o) {
             alert(_TM['Failed to remoke permission'] + ": " + o.status);
         },
     };
     query_params = {
         '_method': 'delete'
+    }
     // put extra data into POST
     if (extra_data !== undefined && (typeof extra_data === 'object')){
         for(k in extra_data){
             query_params[k] = extra_data[k];
+        }
+    }
     if (obj_type=='user'){
         query_params['user_id'] = obj_id;
         query_params['obj_type'] = 'user';
+    }
     else if (obj_type=='user_group'){
         query_params['user_group_id'] = obj_id;
         query_params['obj_type'] = 'user_group';
+    }
     var request = YAHOO.util.Connect.asyncRequest('POST', url, callback,
             toQueryString(query_params));
 };
 /* Multi selectors */
 var MultiSelectWidget = function(selected_id, available_id, form_id){
     //definition of containers ID's

rhodecode/templates/admin/repos/repo_edit_perms.html

➞

Show inline comments

@@ @@ -84,34 +84,15 @@ @@
             </span>
         </td>
     </tr>
 </table>
 <script type="text/javascript">
 function ajaxActionRevoke(obj_id, obj_type, field_id) {
     var callback = {
         success: function (o) {
             var tr = YUD.get(String(field_id));
             tr.parentNode.removeChild(tr);
         },
         failure: function (o) {
             alert(_TM['Failed to remoke permission'] + ": " + o.status);
         },
     url = "${h.url('delete_repo_perm_member',repo_name=c.repo_name)}";
     ajaxActionRevokePermission(url, obj_id, obj_type, field_id);
     };
     if (obj_type=='user'){
         var sUrl = "${h.url('delete_repo_user',repo_name=c.repo_name)}";
         var postData = '_method=delete&user_id={0}&obj_type=user'.format(obj_id);
+    }
     else if (obj_type=='user_group'){
         var sUrl = "${h.url('delete_repo_users_group',repo_name=c.repo_name)}";
         var postData = '_method=delete&users_group_id={0}&obj_type=user_group'.format(obj_id);
+    }
     var request = YAHOO.util.Connect.asyncRequest('POST', sUrl, callback, postData);
 };
 YUE.onDOMReady(function () {
     if (!YUD.hasClass('perm_new_member_name', 'error')) {
         YUD.setStyle('add_perm_input', 'display', 'none');
+    }
     YAHOO.util.Event.addListener('add_perm', 'click', function () {

rhodecode/templates/admin/repos_groups/repos_group_edit_perms.html

➞

Show inline comments

@@ @@ -87,34 +87,15 @@ @@
            <span class="help-block">${_('Set or revoke permission to all children of that group, including non-private repositories and other groups')}</span>
         </td>
     </tr>
 </table>
 <script type="text/javascript">
 function ajaxActionRevoke(obj_id, obj_type, field_id) {
     var callback = {
         success: function (o) {
             var tr = YUD.get(String(field_id));
             tr.parentNode.removeChild(tr);
         },
         failure: function (o) {
             alert(_TM['Failed to remoke permission'] + ": " + o.status);
         },
     url = "${h.url('delete_repo_group_perm_member', group_name=c.repos_group.group_name)}";
     ajaxActionRevokePermission(url, obj_id, obj_type, field_id, {recursive:YUD.get('recursive').checked});
     };
     var recursive = YUD.get('recursive').checked;
     if (obj_type=='user'){
         var sUrl = "${h.url('delete_repos_group_user_perm',group_name=c.repos_group.group_name)}";
         var postData = '_method=delete&recursive={0}&user_id={1}&obj_type=user'.format(recursive,obj_id);
+    }
     else if (obj_type=='user_group'){
         var sUrl = "${h.url('delete_repos_group_users_group_perm',group_name=c.repos_group.group_name)}";
         var postData = '_method=delete&recursive={0}&users_group_id={0}&obj_type=user_group'.format(recursive,obj_id);
+    }
     var request = YAHOO.util.Connect.asyncRequest('POST', sUrl, callback, postData);
 };
 YUE.onDOMReady(function () {
     if (!YUD.hasClass('perm_new_member_name', 'error')) {
         YUD.setStyle('add_perm_input', 'display', 'none');
+    }
     YAHOO.util.Event.addListener('add_perm', 'click', function () {

rhodecode/templates/admin/users_groups/user_group_edit_perms.html

➞

Show inline comments

@@ @@ -64,32 +64,15 @@ @@
             </span>
         </td>
     </tr>
 </table>
 <script type="text/javascript">
 function ajaxActionRevoke(obj_id, obj_type, field_id) {
     var callback = {
         success: function (o) {
             var tr = YUD.get(String(field_id));
             tr.parentNode.removeChild(tr);
         },
         failure: function (o) {
             alert(_TM['Failed to remoke permission'] + ": " + o.status);
         },
     url = "${h.url('delete_user_group_perm_member', id=c.users_group.users_group_id)}";
     ajaxActionRevokePermission(url, obj_id, obj_type, field_id);
     };
     var sUrl = "${h.url('delete_user_group_perm_member', id=c.users_group.users_group_id)}";
     if (obj_type=='user'){
         var postData = '_method=delete&user_id={0}&obj_type=user'.format(obj_id);
+    }
     else if (obj_type=='user_group'){
         var postData = '_method=delete&user_group_id={0}&obj_type=user_group'.format(obj_id);
+    }
     var request = YAHOO.util.Connect.asyncRequest('POST', sUrl, callback, postData);
 };
 YUE.onDOMReady(function () {
     if (!YUD.hasClass('perm_new_member_name', 'error')) {
         YUD.setStyle('add_perm_input', 'display', 'none');
+    }
     YAHOO.util.Event.addListener('add_perm', 'click', function () {

0 comments (0 inline, 0 general)