kallithea Changeset - 87e6960e250b

Changeset - 87e6960e250b

Parent rev.

Child rev.

[Not reviewed]

beta

0 7 1

Marcin Kuzminski - 13 years ago 2013-04-10 23:15:00
marcin@python-works.com

Iteration on default permissions
- added user groups default
- organized global permission form, and made it common for
users, and user groups
- form improvements and intructions

8 files changed with 178 insertions and 145 deletions:

rhodecode/controllers/admin/users.py

rhodecode/controllers/admin/users_groups.py

rhodecode/model/forms.py

rhodecode/model/user.py

rhodecode/templates/admin/users/user_edit.html

rhodecode/templates/admin/users_groups/users_group_edit.html

rhodecode/templates/base/default_perms_box.html

rhodecode/templates/base/perms_summary.html

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/users.py

➞

Show inline comments

@@ @@ -38,14 +38,14 @@ from rhodecode.lib.exceptions import Def @@
     UserOwnsReposException
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     AuthUser
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.db import User, UserEmailMap, UserIpMap
 from rhodecode.model.forms import UserForm
 from rhodecode.model.db import User, UserEmailMap, UserIpMap, UserToPerm
 from rhodecode.model.forms import UserForm, CustomDefaultPermissionsForm
 from rhodecode.model.user import UserModel
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils import action_logger
 from rhodecode.lib.compat import json
 from rhodecode.lib.utils2 import datetime_to_time, str2bool
@@ @@ -237,63 +237,61 @@ class UsersController(BaseController): @@
         c.granted_permissions = UserModel().fill_perms(c.user)\
             .permissions['global']
         c.user_email_map = UserEmailMap.query()\
                         .filter(UserEmailMap.user == c.user).all()
         c.user_ip_map = UserIpMap.query()\
                         .filter(UserIpMap.user == c.user).all()
-        user_model = UserModel()
+        umodel = UserModel()
         c.ldap_dn = c.user.ldap_dn
         defaults = c.user.get_dict()
         defaults.update({
             'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'),
             'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),
          'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),
          'create_user_group_perm': umodel.has_perm(c.user, 'hg.usergroup.create.true'),
          'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),
         })
         return htmlfill.render(
             render('admin/users/user_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
     def update_perm(self, id):
         """PUT /users_perm/id: Update an existing item"""
         # url('user_perm', id=ID, method='put')
         usr = User.get_or_404(id)
         grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
         grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
         inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))
         user_model = UserModel()
         user = User.get_or_404(id)
         try:
             usr.inherit_default_permissions = inherit_perms
             Session().add(usr)
             form = CustomDefaultPermissionsForm()()
             form_result = form.to_python(request.POST)
             inherit_perms = form_result['inherit_default_permissions']
             user.inherit_default_permissions = inherit_perms
             Session().add(user)
             user_model = UserModel()
             if grant_create_perm:
                 user_model.revoke_perm(usr, 'hg.create.none')
                 user_model.grant_perm(usr, 'hg.create.repository')
                 h.flash(_("Granted 'repository create' permission to user"),
                         category='success')
             defs = UserToPerm.query()\
                 .filter(UserToPerm.user == user)\
                 .all()
             for ug in defs:
                 Session().delete(ug)
             if form_result['create_repo_perm']:
                 user_model.grant_perm(id, 'hg.create.repository')
             else:
                 user_model.revoke_perm(usr, 'hg.create.repository')
                 user_model.grant_perm(usr, 'hg.create.none')
                 h.flash(_("Revoked 'repository create' permission to user"),
                         category='success')
             if grant_fork_perm:
                 user_model.revoke_perm(usr, 'hg.fork.none')
                 user_model.grant_perm(usr, 'hg.fork.repository')
                 h.flash(_("Granted 'repository fork' permission to user"),
                         category='success')
                 user_model.grant_perm(id, 'hg.create.none')
             if form_result['create_user_group_perm']:
                 user_model.grant_perm(id, 'hg.usergroup.create.true')
             else:
                 user_model.revoke_perm(usr, 'hg.fork.repository')
                 user_model.grant_perm(usr, 'hg.fork.none')
                 h.flash(_("Revoked 'repository fork' permission to user"),
                         category='success')
                 user_model.grant_perm(id, 'hg.usergroup.create.false')
             if form_result['fork_repo_perm']:
                 user_model.grant_perm(id, 'hg.fork.repository')
             else:
                 user_model.grant_perm(id, 'hg.fork.none')
             h.flash(_("Updated permissions"), category='success')
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during permissions saving'),
                     category='error')
         return redirect(url('edit_user', id=id))

rhodecode/controllers/admin/users_groups.py

➞

Show inline comments

@@ @@ -40,13 +40,14 @@ from rhodecode.lib.auth import LoginRequ @@
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.scm import UserGroupList
 from rhodecode.model.users_group import UserGroupModel
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.db import User, UserGroup, UserGroupToPerm,\
     UserGroupRepoToPerm, UserGroupRepoGroupToPerm
 from rhodecode.model.forms import UserGroupForm, UserGroupPermsForm
 from rhodecode.model.forms import UserGroupForm, UserGroupPermsForm,\
     CustomDefaultPermissionsForm
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils import action_logger
 from sqlalchemy.orm import joinedload
 from webob.exc import HTTPInternalServerError
 log = logging.getLogger(__name__)
@@ @@ -110,12 +111,14 @@ class UsersGroupsController(BaseControll @@
         ug_model = UserGroupModel()
         data.update({
             'create_repo_perm': ug_model.has_perm(user_group,
                                                   'hg.create.repository'),
             'create_user_group_perm': ug_model.has_perm(user_group,
                                                   'hg.usergroup.create.true'),
             'fork_repo_perm': ug_model.has_perm(user_group,
                                                 'hg.fork.repository'),
         })
         # fill user group users
         for p in user_group.user_user_group_to_perm:
@@ @@ -323,44 +326,42 @@ class UsersGroupsController(BaseControll @@
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def update_perm(self, id):
         """PUT /users_perm/id: Update an existing item"""
         # url('users_group_perm', id=ID, method='put')
         users_group = UserGroup.get_or_404(id)
         grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
         grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
         inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))
         usergroup_model = UserGroupModel()
         try:
             form = CustomDefaultPermissionsForm()()
             form_result = form.to_python(request.POST)
             inherit_perms = form_result['inherit_default_permissions']
             users_group.inherit_default_permissions = inherit_perms
             Session().add(users_group)
             usergroup_model = UserGroupModel()
             if grant_create_perm:
                 usergroup_model.revoke_perm(id, 'hg.create.none')
                 usergroup_model.grant_perm(id, 'hg.create.repository')
                 h.flash(_("Granted 'repository create' permission to user group"),
                         category='success')
             else:
                 usergroup_model.revoke_perm(id, 'hg.create.repository')
                 usergroup_model.grant_perm(id, 'hg.create.none')
                 h.flash(_("Revoked 'repository create' permission to user group"),
                         category='success')
             defs = UserGroupToPerm.query()\
                 .filter(UserGroupToPerm.users_group == users_group)\
                 .all()
             for ug in defs:
                 Session().delete(ug)
             if grant_fork_perm:
                 usergroup_model.revoke_perm(id, 'hg.fork.none')
                 usergroup_model.grant_perm(id, 'hg.fork.repository')
                 h.flash(_("Granted 'repository fork' permission to user group"),
                         category='success')
             if form_result['create_repo_perm']:
                 usergroup_model.grant_perm(id, 'hg.create.repository')
             else:
                 usergroup_model.grant_perm(id, 'hg.create.none')
             if form_result['create_user_group_perm']:
                 usergroup_model.grant_perm(id, 'hg.usergroup.create.true')
             else:
                 usergroup_model.revoke_perm(id, 'hg.fork.repository')
                 usergroup_model.grant_perm(id, 'hg.usergroup.create.false')
             if form_result['fork_repo_perm']:
                 usergroup_model.grant_perm(id, 'hg.fork.repository')
             else:
                 usergroup_model.grant_perm(id, 'hg.fork.none')
                 h.flash(_("Revoked 'repository fork' permission to user group"),
                         category='success')
             h.flash(_("Updated permissions"), category='success')
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during permissions saving'),
                     category='error')

rhodecode/model/forms.py

➞

Show inline comments

@@ @@ -331,12 +331,27 @@ def DefaultPermissionsForm(repo_perms_ch @@
         default_fork = v.OneOf(fork_choices)
         default_register = v.OneOf(register_choices)
     return _DefaultPermissionsForm
 def CustomDefaultPermissionsForm():
     class _CustomDefaultPermissionsForm(formencode.Schema):
         filter_extra_fields = True
         allow_extra_fields = True
         inherit_default_permissions = v.StringBoolean(if_missing=False)
         create_repo_perm = v.StringBoolean(if_missing=False)
         create_user_group_perm = v.StringBoolean(if_missing=False)
         #create_repo_group_perm Impl. later
         fork_repo_perm = v.StringBoolean(if_missing=False)
     return _CustomDefaultPermissionsForm
 def DefaultsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):
     class _DefaultsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         default_repo_type = v.OneOf(supported_backends)
         default_repo_private = v.StringBoolean(if_missing=False)

rhodecode/model/user.py

➞

Show inline comments

@@ @@ -521,14 +521,17 @@ class UserModel(BaseModel): @@
             user.permissions[UK][u_k] = p
         #======================================================================
         # !! OVERRIDE GLOBALS !! with user permissions if any found
         #======================================================================
         # those can be configured from groups or users explicitly
         _configurable = set(['hg.fork.none', 'hg.fork.repository',
                              'hg.create.none', 'hg.create.repository'])
         _configurable = set([
             'hg.fork.none', 'hg.fork.repository',
             'hg.create.none', 'hg.create.repository',
             'hg.usergroup.create.false', 'hg.usergroup.create.true'
         ])
         # USER GROUPS comes first
         # user group global permissions
         user_perms_from_users_groups = self.sa.query(UserGroupToPerm)\
             .options(joinedload(UserGroupToPerm.permission))\
             .join((UserGroupMember, UserGroupToPerm.users_group_id ==
@@ @@ -562,12 +565,14 @@ class UserModel(BaseModel): @@
             # replace them with explicitly set
             user.permissions[GLOBAL] = user.permissions[GLOBAL]\
                                             .difference(_configurable)
             for perm in user_perms:
                 user.permissions[GLOBAL].add(perm.permission.permission_name)
         ## END GLOBAL PERMISSIONS
         #======================================================================
         # !! PERMISSIONS FOR REPOSITORIES !!
         #======================================================================
         #======================================================================
         # check if user is part of user groups for this repository and

rhodecode/templates/admin/users/user_edit.html

➞

Show inline comments

@@ @@ -146,51 +146,14 @@ @@
 </div>
 <div style="min-height:780px" class="box box-right">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Permissions')}</h5>
     </div>
     ${h.form(url('user_perm', id=c.user.user_id),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="inherit_permissions">${_('Inherit default permissions')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('inherit_default_permissions',value=True)}
                 </div>
                 <span class="help-block">${h.literal(_('Select to inherit permissions from %s settings. '
                                              'With this selected below options does not have any action') % h.link_to('default', url('edit_permission', id='default')))}</span>
              </div>
              <div id="inherit_overlay" style="${'opacity:0.3' if c.user.inherit_default_permissions else ''}" >
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="create_repo_perm">${_('Create repositories')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('create_repo_perm',value=True)}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="fork_repo_perm">${_('Fork repositories')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('fork_repo_perm',value=True)}
                 </div>
              </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>
     ${h.end_form()}
     <%namespace name="dpb" file="/base/default_perms_box.html"/>
     ${dpb.default_perms_box(url('user_perm', id=c.user.user_id))}
     ## permissions overview
     <%namespace name="p" file="/base/perms_summary.html"/>
     ${p.perms_summary(c.perm_user.permissions)}
 </div>

rhodecode/templates/admin/users_groups/users_group_edit.html

➞

Show inline comments

@@ @@ -108,12 +108,20 @@ ${h.end_form()} @@
       %else:
         <span class="empty_data">${_('No members yet')}</span>
       %endif
     </div>
 </div>
 <div class="box box-right">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Global Permissions')}</h5>
     </div>
     <%namespace name="dpb" file="/base/default_perms_box.html"/>
     ${dpb.default_perms_box(url('users_group_perm', id=c.users_group.users_group_id))}
 </div>
 <div class="box box-right">
     <div class="title">
         <h5>${_('Permissions')}</h5>
     </div>
     ${h.form(url('set_user_group_perm_member', id=c.users_group.users_group_id),method='post')}
@@ @@ -133,56 +141,10 @@ ${h.end_form()} @@
             </div>
        </div>
     </div>
     ${h.end_form()}
 </div>
 <div class="box box-right">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Global Permissions')}</h5>
     </div>
     ${h.form(url('users_group_perm', id=c.users_group.users_group_id), method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="inherit_permissions">${_('Inherit default permissions')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('inherit_default_permissions',value=True)}
                 </div>
                 <span class="help-block">${h.literal(_('Select to inherit permissions from %s settings. '
                                              'With this selected below options does not have any action') % h.link_to('default', url('edit_permission', id='default')))}</span>
              </div>
              <div id="inherit_overlay" style="${'opacity:0.3' if c.users_group.inherit_default_permissions else ''}" >
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="create_repo_perm">${_('Create repositories')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('create_repo_perm',value=True)}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="fork_repo_perm">${_('Fork repositories')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('fork_repo_perm',value=True)}
                 </div>
              </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 <script type="text/javascript">
   MultiSelectWidget('users_group_members','available_members','edit_users_group');
 </script>
 </%def>

rhodecode/templates/base/default_perms_box.html

➞

Show inline comments

@@ new file 100644 @@
 ## snippet for displaying default permission box
 ## usage:
 ##    <%namespace name="dpb" file="/base/default_perms_box.html"/>
 ##    ${dpb.default_perms_box(<url_to_form>)}
 <%def name="default_perms_box(form_url)">
 ${h.form(form_url, method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="checkboxes">
                     <label for="inherit_default_permissions">${_('Inherit default permissions')}:</label>
                     ${h.checkbox('inherit_default_permissions',value=True)}
                 </div>
                 <span class="help-block">
                 ${h.literal(_('Select to inherit permissions from %s settings. '
                               'With this selected below options does not apply.')
                               % h.link_to('default', url('edit_permission', id='default')))}
                 </span>
              </div>
              <div id="inherit_overlay">
              <div class="field">
                 <div class="checkboxes">
                     <label for="create_repo_perm">${_('Create repositories')}:</label>
                     ${h.checkbox('create_repo_perm',value=True)}
                 </div>
                 <span class="help-block">
                 ${h.literal(_('Select this option to allow repository creation for this user'))}
                 </span>
              </div>
              <div class="field">
                 <div class="checkboxes">
                     <label for="create_user_group_perm">${_('Create user groups')}:</label>
                     ${h.checkbox('create_user_group_perm',value=True)}
                 </div>
                 <span class="help-block">
                 ${h.literal(_('Select this option to allow user group creation for this user'))}
                 </span>
              </div>
              <div class="field">
                 <div class="checkboxes">
                     <label for="fork_repo_perm">${_('Fork repositories')}:</label>
                     ${h.checkbox('fork_repo_perm',value=True)}
                 </div>
                 <span class="help-block">
                 ${h.literal(_('Select this option to allow repository forking for this user'))}
                 </span>
              </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>
 ${h.end_form()}
 ## JS
 <script>
 YUE.onDOMReady(function(e){
     var show_custom_perms = function(inherit_default){
         if(inherit_default){
             YUD.setStyle('inherit_overlay', 'display', 'none');
+        }
         else{
             YUD.setStyle('inherit_overlay', 'display', '');
+        }
+    }
     var defaults = YUD.get('inherit_default_permissions').checked;
     show_custom_perms(defaults);
     YUE.on('inherit_default_permissions', 'change', function(e){
         if(YUD.get('inherit_default_permissions').checked){
             show_custom_perms(true);
+        }
         else{
             show_custom_perms(false);
+        }
     })
 })
 </script>
 </%def>

rhodecode/templates/base/perms_summary.html

➞

Show inline comments

 ## snippet for displaying permissions overview for users
 ## usage:
 ##    <%namespace name="p" file="/base/perms_summary.html"/>
 ##    ${p.perms_summary(c.perm_user.permissions)}
 <%def name="perms_summary(permissions)">
 <div id="perms" class="table">
      %for section in sorted(permissions.keys()):
         <div class="perms_section_head">${section.replace("_"," ").capitalize()}</div>
         %if not permissions[section]:
@@ @@ -13,13 +16,13 @@ @@
               <thead>
                   <tr>
                   <th colspan="2" class="left">${_('Permission')}</th>
                   <th class="left">${_('Edit Permission')}</th>
               </thead>
               <tbody>
-              %for k in sorted(permissions[section], key=lambda s: s.lower()):
               %for k in permissions[section]:
                   <tr>
                       <td colspan="2">
                           ${h.get_permission_name(k)}
                       </td>
                       <td>
                            <a href="${h.url('edit_permission', id='default')}">${_('edit')}</a>

0 comments (0 inline, 0 general)