Changeset - 4fde4ce6a403
Parent rev.
Child rev.
[Not reviewed]
default
0 2 0
Mads Kiilerich - 9 years ago 2016-08-04 14:23:36
madski@unity3d.com
routing: use POST to 'edit_user_group_perms_update' instead of PUT
2 files changed with 3 insertions and 3 deletions:
kallithea/config/routing.py
2
2
kallithea/templates/admin/user_groups/user_group_edit_perms.html
1
1
0 comments (0 inline, 0 general)
kallithea/config/routing.py
Show inline comments
 
@@ -195,98 +195,98 @@ def make_map(config):
 
        m.connect("edit_user_api_keys_delete", "/users/{id}/edit/api_keys/delete",
 
                  action="delete_api_key", conditions=dict(method=["POST"]))
 

			




	
	
	
		
 
        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

			




	
	
	
		
 
                  action="edit_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

			




	
	
	
		
 
                  action="update_perms", conditions=dict(method=["PUT"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_emails", "/users/{id}/edit/emails",

			




	
	
	
		
 
                  action="edit_emails", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_emails_update", "/users/{id}/edit/emails",

			




	
	
	
		
 
                  action="add_email", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_emails_delete", "/users/{id}/edit/emails/delete",

			




	
	
	
		
 
                  action="delete_email", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_ips", "/users/{id}/edit/ips",

			




	
	
	
		
 
                  action="edit_ips", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_ips_update", "/users/{id}/edit/ips",

			




	
	
	
		
 
                  action="add_ip", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_ips_delete", "/users/{id}/edit/ips/delete",

			




	
	
	
		
 
                  action="delete_ip", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN USER GROUPS REST ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/user_groups') as m:

			




	
	
	
		
 
        m.connect("users_groups", "/user_groups",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("users_groups", "/user_groups",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_users_group", "/user_groups/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_users_group", "/user_groups/{id}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("delete_users_group", "/user_groups/{id}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_users_group", "/user_groups/{id}/edit",

			




	
	
	
		
 
                  action="edit", conditions=dict(method=["GET"]),

			




	
	
	
		
 
                  function=check_user_group)

			




	
	
	
		
 

			




	
	
	
		
 
        #EXTRAS USER GROUP ROUTES

			




	
	
	
		
 
        m.connect("edit_user_group_default_perms", "/user_groups/{id}/edit/default_perms",

			




	
	
	
		
 
                  action="edit_default_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_group_default_perms", "/user_groups/{id}/edit/default_perms",

			




	
	
	
		
 
                  action="update_default_perms", conditions=dict(method=["PUT"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_group_perms", "/user_groups/{id}/edit/perms",

			




	
	
	
		
 
                  action="edit_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_group_perms", "/user_groups/{id}/edit/perms",

			




	
	
	
		
 
                  action="update_perms", conditions=dict(method=["PUT"]))

			




	
	
	
		
 
        m.connect("edit_user_group_perms_update", "/user_groups/{id}/edit/perms",

			




	
	
	
		
 
                  action="update_perms", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_group_perms_delete", "/user_groups/{id}/edit/perms/delete",

			




	
	
	
		
 
                  action="delete_perms", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_group_advanced", "/user_groups/{id}/edit/advanced",

			




	
	
	
		
 
                  action="edit_advanced", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_group_members", "/user_groups/{id}/edit/members",

			




	
	
	
		
 
                  action="edit_members", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN PERMISSIONS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/permissions') as m:

			




	
	
	
		
 
        m.connect("admin_permissions", "/permissions",

			




	
	
	
		
 
                  action="permission_globals", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_permissions", "/permissions",

			




	
	
	
		
 
                  action="permission_globals", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_permissions_ips", "/permissions/ips",

			




	
	
	
		
 
                  action="permission_ips", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_permissions_perms", "/permissions/perms",

			




	
	
	
		
 
                  action="permission_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN DEFAULTS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/defaults') as m:

			




	
	
	
		
 
        m.connect('defaults', 'defaults',

			




	
	
	
		
 
                  action="index")

			




	
	
	
		
 
        m.connect('defaults_update', 'defaults/{id}/update',

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN AUTH SETTINGS

			




	
	
	
		
 
    rmap.connect('auth_settings', '%s/auth' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='admin/auth_settings', action='auth_settings',

			




	
	
	
		
 
                 conditions=dict(method=["POST"]))

			




	
	
	
		
 
    rmap.connect('auth_home', '%s/auth' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='admin/auth_settings')

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN SETTINGS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/settings') as m:

			




	
	
	
		
 
        m.connect("admin_settings", "/settings",

			




	
	
	
		
 
                  action="settings_vcs", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings", "/settings",

			




	
	
	
		
 
                  action="settings_vcs", conditions=dict(method=["GET"]))

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/user_groups/user_group_edit_perms.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
${h.form(url('edit_user_group_perms', id=c.user_group.users_group_id),method='put')}

			




	
	
	
		
 
${h.form(url('edit_user_group_perms_update', id=c.user_group.users_group_id))}

			




	
	
	
		
 
<div class="form">

			




	
	
	
		
 
   <div class="fields">

			




	
	
	
		
 
        <div class="field">

			




	
	
	
		
 
            <table id="permissions_manage" class="noborder">

			




	
	
	
		
 
                <tr>

			




	
	
	
		
 
                    <td>${_('None')}</td>

			




	
	
	
		
 
                    <td>${_('Read')}</td>

			




	
	
	
		
 
                    <td>${_('Write')}</td>

			




	
	
	
		
 
                    <td>${_('Admin')}</td>

			




	
	
	
		
 
                    <td>${_('User/User Group')}</td>

			




	
	
	
		
 
                    <td></td>

			




	
	
	
		
 
                </tr>

			




	
	
	
		
 
                ## USERS

			




	
	
	
		
 
                %for r2p in c.user_group.user_user_group_to_perm:

			




	
	
	
		
 
                    ##forbid revoking permission from yourself, except if you're an super admin

			




	
	
	
		
 
                    <tr id="id${id(r2p.user.username)}">

			




	
	
	
		
 
                      %if c.authuser.user_id != r2p.user.user_id or c.authuser.is_admin:

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.none')}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.read')}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.write')}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.admin')}</td>

			




	
	
	
		
 
                        <td style="white-space: nowrap;">

			




	
	
	
		
 
                            ${h.gravatar(r2p.user.email, cls="perm-gravatar", size=14)}

			




	
	
	
		
 
                            %if h.HasPermissionAny('hg.admin')() and r2p.user.username != 'default':

			




	
	
	
		
 
                             <a href="${h.url('edit_user',id=r2p.user.user_id)}">${r2p.user.username}</a>

			




	
	
	
		
 
                            %else:

			




	
	
	
		
 
                             ${r2p.user.username if r2p.user.username != 'default' else _('Default')}

			




	
	
	
		
 
                            %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                          %if r2p.user.username !='default':

			




	
	
	
		
 
                            <span style="color:#da4f49" class="action_button" onclick="ajaxActionRevoke(${r2p.user.user_id}, 'user', '${'id%s'%id(r2p.user.username)}', '${r2p.user.username}')">

			




	
	
	
		
 
                             <i class="icon-minus-circled"></i> ${_('Revoke')}

			




	
	
	
		
 
                            </span>

			




	
	
	
		
 
                          %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                      %else:

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.none', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.read', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.write', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.admin', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td style="white-space: nowrap;">

			




	
	
	
		
 
                            ${h.gravatar(r2p.user.email, cls="perm-gravatar", size=14)}

			




	
	
	
		
 
                            ${r2p.user.username if r2p.user.username != 'default' else _('Default')}

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td><i class="icon-user"></i> ${_('Admin')}</td>

			




	
	
	
		
 
                      %endif

			




	
	
	
		
 
                    </tr>

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.