kallithea Changeset - 87e6960e250b

Changeset - 87e6960e250b

Parent rev.

Child rev.

[Not reviewed]

beta

0 7 1

Marcin Kuzminski - 13 years ago 2013-04-10 23:15:00
marcin@python-works.com

Iteration on default permissions
- added user groups default
- organized global permission form, and made it common for
users, and user groups
- form improvements and intructions

8 files changed with 178 insertions and 145 deletions:

rhodecode/controllers/admin/users.py

rhodecode/controllers/admin/users_groups.py

rhodecode/model/forms.py

rhodecode/model/user.py

rhodecode/templates/admin/users/user_edit.html

rhodecode/templates/admin/users_groups/users_group_edit.html

rhodecode/templates/base/default_perms_box.html

rhodecode/templates/base/perms_summary.html

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/users.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.admin.users
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Users crud controller for pylons
     :created_on: Apr 4, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 import formencode
 from pylons import response
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url, config
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 import rhodecode
 from rhodecode.lib.exceptions import DefaultUserException, \
     UserOwnsReposException
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     AuthUser
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.db import User, UserEmailMap, UserIpMap
 from rhodecode.model.forms import UserForm
 from rhodecode.model.db import User, UserEmailMap, UserIpMap, UserToPerm
 from rhodecode.model.forms import UserForm, CustomDefaultPermissionsForm
 from rhodecode.model.user import UserModel
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils import action_logger
 from rhodecode.lib.compat import json
 from rhodecode.lib.utils2 import datetime_to_time, str2bool
 log = logging.getLogger(__name__)
 class UsersController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('user', 'users')
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         super(UsersController, self).__before__()
         c.available_permissions = config['available_permissions']
     def index(self, format='html'):
         """GET /users: All items in the collection"""
         # url('users')
         c.users_list = User.query().order_by(User.username).all()
         users_data = []
         total_records = len(c.users_list)
         _tmpl_lookup = rhodecode.CONFIG['pylons.app_globals'].mako_lookup
         template = _tmpl_lookup.get_template('data_table/_dt_elements.html')
         grav_tmpl = lambda user_email, size: (
                 template.get_def("user_gravatar")
                 .render(user_email, size, _=_, h=h, c=c))
         user_lnk = lambda user_id, username: (
                 template.get_def("user_name")
                 .render(user_id, username, _=_, h=h, c=c))
         user_actions = lambda user_id, username: (
                 template.get_def("user_actions")
                 .render(user_id, username, _=_, h=h, c=c))
         for user in c.users_list:
             users_data.append({
                 "gravatar": grav_tmpl(user. email, 24),
                 "raw_username": user.username,
                 "username": user_lnk(user.user_id, user.username),
                 "firstname": user.name,
                 "lastname": user.lastname,
                 "last_login": h.fmt_date(user.last_login),
                 "last_login_raw": datetime_to_time(user.last_login),
                 "active": h.boolicon(user.active),
                 "admin": h.boolicon(user.admin),
                 "ldap": h.boolicon(bool(user.ldap_dn)),
                 "action": user_actions(user.user_id, user.username),
             })
         c.data = json.dumps({
             "totalRecords": total_records,
             "startIndex": 0,
             "sort": None,
             "dir": "asc",
             "records": users_data
         })
         return render('admin/users/users.html')
     def create(self):
         """POST /users: Create a new item"""
         # url('users')
         user_model = UserModel()
         user_form = UserForm()()
         try:
             form_result = user_form.to_python(dict(request.POST))
             user_model.create(form_result)
             usr = form_result['username']
             action_logger(self.rhodecode_user, 'admin_created_user:%s' % usr,
                           None, self.ip_addr, self.sa)
             h.flash(_('Created user %s') % usr,
                     category='success')
             Session().commit()
         except formencode.Invalid, errors:
             return htmlfill.render(
                 render('admin/users/user_add.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('Error occurred during creation of user %s') \
                     % request.POST.get('username'), category='error')
@@ @@ -147,215 +147,213 @@ class UsersController(BaseController): @@
         return render('admin/users/user_add.html')
     def update(self, id):
         """PUT /users/id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('update_user', id=ID),
         #           method='put')
         # url('user', id=ID)
         user_model = UserModel()
         c.user = user_model.get(id)
         c.ldap_dn = c.user.ldap_dn
         c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)
         _form = UserForm(edit=True, old_data={'user_id': id,
                                               'email': c.user.email})()
         form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
             skip_attrs = []
             if c.ldap_dn:
                 #forbid updating username for ldap accounts
                 skip_attrs = ['username']
             user_model.update(id, form_result, skip_attrs=skip_attrs)
             usr = form_result['username']
             action_logger(self.rhodecode_user, 'admin_updated_user:%s' % usr,
                           None, self.ip_addr, self.sa)
             h.flash(_('User updated successfully'), category='success')
             Session().commit()
         except formencode.Invalid, errors:
             c.user_email_map = UserEmailMap.query()\
                             .filter(UserEmailMap.user == c.user).all()
             c.user_ip_map = UserIpMap.query()\
                             .filter(UserIpMap.user == c.user).all()
             defaults = errors.value
             e = errors.error_dict or {}
             defaults.update({
                 'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'),
                 'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),
                 '_method': 'put'
             })
             return htmlfill.render(
                 render('admin/users/user_edit.html'),
                 defaults=defaults,
                 errors=e,
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('Error occurred during update of user %s') \
                     % form_result.get('username'), category='error')
         return redirect(url('edit_user', id=id))
     def delete(self, id):
         """DELETE /users/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('delete_user', id=ID),
         #           method='delete')
         # url('user', id=ID)
         usr = User.get_or_404(id)
         try:
             UserModel().delete(usr)
             Session().commit()
             h.flash(_('Successfully deleted user'), category='success')
         except (UserOwnsReposException, DefaultUserException), e:
             h.flash(e, category='warning')
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of user'),
                     category='error')
         return redirect(url('users'))
     def show(self, id, format='html'):
         """GET /users/id: Show a specific item"""
         # url('user', id=ID)
         User.get_or_404(-1)
     def edit(self, id, format='html'):
         """GET /users/id/edit: Form to edit an existing item"""
         # url('edit_user', id=ID)
         c.user = User.get_or_404(id)
         if c.user.username == 'default':
             h.flash(_("You can't edit this user"), category='warning')
             return redirect(url('users'))
         c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)
         c.user.permissions = {}
         c.granted_permissions = UserModel().fill_perms(c.user)\
             .permissions['global']
         c.user_email_map = UserEmailMap.query()\
                         .filter(UserEmailMap.user == c.user).all()
         c.user_ip_map = UserIpMap.query()\
                         .filter(UserIpMap.user == c.user).all()
-        user_model = UserModel()
+        umodel = UserModel()
         c.ldap_dn = c.user.ldap_dn
         defaults = c.user.get_dict()
         defaults.update({
             'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'),
             'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),
          'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),
          'create_user_group_perm': umodel.has_perm(c.user, 'hg.usergroup.create.true'),
          'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),
         })
         return htmlfill.render(
             render('admin/users/user_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
     def update_perm(self, id):
         """PUT /users_perm/id: Update an existing item"""
         # url('user_perm', id=ID, method='put')
         usr = User.get_or_404(id)
         grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
         grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
         inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))
         user_model = UserModel()
         user = User.get_or_404(id)
         try:
             usr.inherit_default_permissions = inherit_perms
             Session().add(usr)
             form = CustomDefaultPermissionsForm()()
             form_result = form.to_python(request.POST)
             inherit_perms = form_result['inherit_default_permissions']
             user.inherit_default_permissions = inherit_perms
             Session().add(user)
             user_model = UserModel()
             if grant_create_perm:
                 user_model.revoke_perm(usr, 'hg.create.none')
                 user_model.grant_perm(usr, 'hg.create.repository')
                 h.flash(_("Granted 'repository create' permission to user"),
                         category='success')
             defs = UserToPerm.query()\
                 .filter(UserToPerm.user == user)\
                 .all()
             for ug in defs:
                 Session().delete(ug)
             if form_result['create_repo_perm']:
                 user_model.grant_perm(id, 'hg.create.repository')
             else:
                 user_model.revoke_perm(usr, 'hg.create.repository')
                 user_model.grant_perm(usr, 'hg.create.none')
                 h.flash(_("Revoked 'repository create' permission to user"),
                         category='success')
             if grant_fork_perm:
                 user_model.revoke_perm(usr, 'hg.fork.none')
                 user_model.grant_perm(usr, 'hg.fork.repository')
                 h.flash(_("Granted 'repository fork' permission to user"),
                         category='success')
                 user_model.grant_perm(id, 'hg.create.none')
             if form_result['create_user_group_perm']:
                 user_model.grant_perm(id, 'hg.usergroup.create.true')
             else:
                 user_model.revoke_perm(usr, 'hg.fork.repository')
                 user_model.grant_perm(usr, 'hg.fork.none')
                 h.flash(_("Revoked 'repository fork' permission to user"),
                         category='success')
                 user_model.grant_perm(id, 'hg.usergroup.create.false')
             if form_result['fork_repo_perm']:
                 user_model.grant_perm(id, 'hg.fork.repository')
             else:
                 user_model.grant_perm(id, 'hg.fork.none')
             h.flash(_("Updated permissions"), category='success')
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during permissions saving'),
                     category='error')
         return redirect(url('edit_user', id=id))
     def add_email(self, id):
         """POST /user_emails:Add an existing item"""
         # url('user_emails', id=ID, method='put')
         email = request.POST.get('new_email')
         user_model = UserModel()
         try:
             user_model.add_extra_email(id, email)
             Session().commit()
             h.flash(_("Added email %s to user") % email, category='success')
         except formencode.Invalid, error:
             msg = error.error_dict['email']
             h.flash(msg, category='error')
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during email saving'),
                     category='error')
         return redirect(url('edit_user', id=id))
     def delete_email(self, id):
         """DELETE /user_emails_delete/id: Delete an existing item"""
         # url('user_emails_delete', id=ID, method='delete')
         user_model = UserModel()
         user_model.delete_extra_email(id, request.POST.get('del_email'))
         Session().commit()
         h.flash(_("Removed email from user"), category='success')
         return redirect(url('edit_user', id=id))
     def add_ip(self, id):
         """POST /user_ips:Add an existing item"""
         # url('user_ips', id=ID, method='put')
         ip = request.POST.get('new_ip')
         user_model = UserModel()
         try:
             user_model.add_extra_ip(id, ip)
             Session().commit()
             h.flash(_("Added ip %s to user") % ip, category='success')
         except formencode.Invalid, error:
             msg = error.error_dict['ip']
             h.flash(msg, category='error')
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during ip saving'),
                     category='error')
         if 'default_user' in request.POST:
             return redirect(url('edit_permission', id='default'))
         return redirect(url('edit_user', id=id))
     def delete_ip(self, id):
         """DELETE /user_ips_delete/id: Delete an existing item"""
         # url('user_ips_delete', id=ID, method='delete')
         user_model = UserModel()
         user_model.delete_extra_ip(id, request.POST.get('del_ip'))
         Session().commit()
         h.flash(_("Removed ip from user"), category='success')
         if 'default_user' in request.POST:
             return redirect(url('edit_permission', id='default'))
         return redirect(url('edit_user', id=id))

rhodecode/controllers/admin/users_groups.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.admin.users_groups
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     User Groups crud controller for pylons
     :created_on: Jan 25, 2011
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 import formencode
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url, config
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib import helpers as h
 from rhodecode.lib.exceptions import UserGroupsAssignedException
 from rhodecode.lib.utils2 import safe_unicode, str2bool, safe_int
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator,\
     HasUserGroupPermissionAnyDecorator
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.scm import UserGroupList
 from rhodecode.model.users_group import UserGroupModel
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.db import User, UserGroup, UserGroupToPerm,\
     UserGroupRepoToPerm, UserGroupRepoGroupToPerm
 from rhodecode.model.forms import UserGroupForm, UserGroupPermsForm
 from rhodecode.model.forms import UserGroupForm, UserGroupPermsForm,\
     CustomDefaultPermissionsForm
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils import action_logger
 from sqlalchemy.orm import joinedload
 from webob.exc import HTTPInternalServerError
 log = logging.getLogger(__name__)
 class UsersGroupsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('users_group', 'users_groups')
     @LoginRequired()
     def __before__(self):
         super(UsersGroupsController, self).__before__()
         c.available_permissions = config['available_permissions']
     def __load_data(self, user_group_id):
         ugroup_repo_perms = UserGroupRepoToPerm.query()\
             .options(joinedload(UserGroupRepoToPerm.permission))\
             .options(joinedload(UserGroupRepoToPerm.repository))\
             .filter(UserGroupRepoToPerm.users_group_id == user_group_id)\
             .all()
         for gr in ugroup_repo_perms:
             c.users_group.permissions['repositories'][gr.repository.repo_name]  \
                 = gr.permission.permission_name
         ugroup_group_perms = UserGroupRepoGroupToPerm.query()\
             .options(joinedload(UserGroupRepoGroupToPerm.permission))\
             .options(joinedload(UserGroupRepoGroupToPerm.group))\
             .filter(UserGroupRepoGroupToPerm.users_group_id == user_group_id)\
             .all()
         for gr in ugroup_group_perms:
             c.users_group.permissions['repositories_groups'][gr.group.group_name] \
                 = gr.permission.permission_name
         c.group_members_obj = sorted((x.user for x in c.users_group.members),
                                      key=lambda u: u.username.lower())
         c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
         c.available_members = sorted(((x.user_id, x.username) for x in
                                       User.query().all()),
                                      key=lambda u: u[1].lower())
         repo_model = RepoModel()
         c.users_array = repo_model.get_users_js()
         # commented out due to not now supporting assignment for user group
         # on user group
         c.users_groups_array = "[]"  # repo_model.get_users_groups_js()
         c.available_permissions = config['available_permissions']
     def __load_defaults(self, user_group_id):
         """
         Load defaults settings for edit, and update
         :param user_group_id:
         """
         user_group = UserGroup.get_or_404(user_group_id)
         data = user_group.get_dict()
         ug_model = UserGroupModel()
         data.update({
             'create_repo_perm': ug_model.has_perm(user_group,
                                                   'hg.create.repository'),
             'create_user_group_perm': ug_model.has_perm(user_group,
                                                   'hg.usergroup.create.true'),
             'fork_repo_perm': ug_model.has_perm(user_group,
                                                 'hg.fork.repository'),
         })
         # fill user group users
         for p in user_group.user_user_group_to_perm:
             data.update({'u_perm_%s' % p.user.username:
                              p.permission.permission_name})
         return data
     def index(self, format='html'):
         """GET /users_groups: All items in the collection"""
         # url('users_groups')
         group_iter = UserGroupList(UserGroup().query().all(),
                                    perm_set=['usergroup.admin'])
         sk = lambda g: g.users_group_name
         c.users_groups_list = sorted(group_iter, key=sk)
         return render('admin/users_groups/users_groups.html')
     @HasPermissionAllDecorator('hg.admin')
     def create(self):
         """POST /users_groups: Create a new item"""
         # url('users_groups')
         users_group_form = UserGroupForm()()
         try:
             form_result = users_group_form.to_python(dict(request.POST))
             UserGroupModel().create(name=form_result['users_group_name'],
                                     owner=self.rhodecode_user.user_id,
                                     active=form_result['users_group_active'])
             gr = form_result['users_group_name']
             action_logger(self.rhodecode_user,
                           'admin_created_users_group:%s' % gr,
                           None, self.ip_addr, self.sa)
             h.flash(_('Created user group %s') % gr, category='success')
             Session().commit()
         except formencode.Invalid, errors:
             return htmlfill.render(
                 render('admin/users_groups/users_group_add.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('Error occurred during creation of user group %s') \
                     % request.POST.get('users_group_name'), category='error')
         return redirect(url('users_groups'))
     @HasPermissionAllDecorator('hg.admin')
     def new(self, format='html'):
         """GET /users_groups/new: Form to create a new item"""
         # url('new_users_group')
         return render('admin/users_groups/users_group_add.html')
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def update(self, id):
         """PUT /users_groups/id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('users_group', id=ID),
         #           method='put')
         # url('users_group', id=ID)
         c.users_group = UserGroup.get_or_404(id)
         self.__load_data(id)
         available_members = [safe_unicode(x[0]) for x in c.available_members]
         users_group_form = UserGroupForm(edit=True,
                                           old_data=c.users_group.get_dict(),
                                           available_members=available_members)()
         try:
             form_result = users_group_form.to_python(request.POST)
             UserGroupModel().update(c.users_group, form_result)
             gr = form_result['users_group_name']
             action_logger(self.rhodecode_user,
                           'admin_updated_users_group:%s' % gr,
                           None, self.ip_addr, self.sa)
             h.flash(_('Updated user group %s') % gr, category='success')
             Session().commit()
         except formencode.Invalid, errors:
             ug_model = UserGroupModel()
             defaults = errors.value
             e = errors.error_dict or {}
             defaults.update({
                 'create_repo_perm': ug_model.has_perm(id,
                                                       'hg.create.repository'),
                 'fork_repo_perm': ug_model.has_perm(id,
                                                     'hg.fork.repository'),
@@ @@ -233,135 +236,133 @@ class UsersGroupsController(BaseControll @@
         # Or using helpers:
         #    h.form(url('users_group', id=ID),
         #           method='delete')
         # url('users_group', id=ID)
         usr_gr = UserGroup.get_or_404(id)
         try:
             UserGroupModel().delete(usr_gr)
             Session().commit()
             h.flash(_('Successfully deleted user group'), category='success')
         except UserGroupsAssignedException, e:
             h.flash(e, category='error')
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of user group'),
                     category='error')
         return redirect(url('users_groups'))
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def set_user_group_perm_member(self, id):
         """
         grant permission for given usergroup
         :param id:
         """
         user_group = UserGroup.get_or_404(id)
         form = UserGroupPermsForm()().to_python(request.POST)
         # set the permissions !
         UserGroupModel()._update_permissions(user_group, form['perms_new'],
                                             form['perms_updates'])
         #TODO: implement this
         #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions',
         #              repo_name, self.ip_addr, self.sa)
         Session().commit()
         h.flash(_('User Group permissions updated'), category='success')
         return redirect(url('edit_users_group', id=id))
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def delete_user_group_perm_member(self, id):
         """
         DELETE an existing repository group permission user
         :param group_name:
         """
         try:
             obj_type = request.POST.get('obj_type')
             obj_id = None
             if obj_type == 'user':
                 obj_id = safe_int(request.POST.get('user_id'))
             elif obj_type == 'user_group':
                 obj_id = safe_int(request.POST.get('user_group_id'))
             if not c.rhodecode_user.is_admin:
                 if obj_type == 'user' and c.rhodecode_user.user_id == obj_id:
                     msg = _('Cannot revoke permission for yourself as admin')
                     h.flash(msg, category='warning')
                     raise Exception('revoke admin permission on self')
             if obj_type == 'user':
                 UserGroupModel().revoke_user_permission(user_group=id,
                                                         user=obj_id)
             elif obj_type == 'user_group':
                 pass
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during revoking of permission'),
                     category='error')
             raise HTTPInternalServerError()
     def show(self, id, format='html'):
         """GET /users_groups/id: Show a specific item"""
         # url('users_group', id=ID)
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def edit(self, id, format='html'):
         """GET /users_groups/id/edit: Form to edit an existing item"""
         # url('edit_users_group', id=ID)
         c.users_group = UserGroup.get_or_404(id)
         self.__load_data(id)
         defaults = self.__load_defaults(id)
         return htmlfill.render(
             render('admin/users_groups/users_group_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def update_perm(self, id):
         """PUT /users_perm/id: Update an existing item"""
         # url('users_group_perm', id=ID, method='put')
         users_group = UserGroup.get_or_404(id)
         grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
         grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
         inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))
         usergroup_model = UserGroupModel()
         try:
             form = CustomDefaultPermissionsForm()()
             form_result = form.to_python(request.POST)
             inherit_perms = form_result['inherit_default_permissions']
             users_group.inherit_default_permissions = inherit_perms
             Session().add(users_group)
             usergroup_model = UserGroupModel()
             if grant_create_perm:
                 usergroup_model.revoke_perm(id, 'hg.create.none')
                 usergroup_model.grant_perm(id, 'hg.create.repository')
                 h.flash(_("Granted 'repository create' permission to user group"),
                         category='success')
             else:
                 usergroup_model.revoke_perm(id, 'hg.create.repository')
                 usergroup_model.grant_perm(id, 'hg.create.none')
                 h.flash(_("Revoked 'repository create' permission to user group"),
                         category='success')
             defs = UserGroupToPerm.query()\
                 .filter(UserGroupToPerm.users_group == users_group)\
                 .all()
             for ug in defs:
                 Session().delete(ug)
             if grant_fork_perm:
                 usergroup_model.revoke_perm(id, 'hg.fork.none')
                 usergroup_model.grant_perm(id, 'hg.fork.repository')
                 h.flash(_("Granted 'repository fork' permission to user group"),
                         category='success')
             if form_result['create_repo_perm']:
                 usergroup_model.grant_perm(id, 'hg.create.repository')
             else:
                 usergroup_model.grant_perm(id, 'hg.create.none')
             if form_result['create_user_group_perm']:
                 usergroup_model.grant_perm(id, 'hg.usergroup.create.true')
             else:
                 usergroup_model.revoke_perm(id, 'hg.fork.repository')
                 usergroup_model.grant_perm(id, 'hg.usergroup.create.false')
             if form_result['fork_repo_perm']:
                 usergroup_model.grant_perm(id, 'hg.fork.repository')
             else:
                 usergroup_model.grant_perm(id, 'hg.fork.none')
                 h.flash(_("Revoked 'repository fork' permission to user group"),
                         category='success')
             h.flash(_("Updated permissions"), category='success')
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during permissions saving'),
                     category='error')
         return redirect(url('edit_users_group', id=id))

rhodecode/model/forms.py

➞

Show inline comments

@@ @@ -241,166 +241,181 @@ def RepoFieldForm(): @@
     return _RepoFieldForm
 def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
                  repo_groups=[], landing_revs=[]):
     class _RepoForkForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.SlugifyName())
         repo_group = All(v.CanWriteGroup(),
                          v.OneOf(repo_groups, hideList=True))
         repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends))
         description = v.UnicodeString(strip=True, min=1, not_empty=True)
         private = v.StringBoolean(if_missing=False)
         copy_permissions = v.StringBoolean(if_missing=False)
         update_after_clone = v.StringBoolean(if_missing=False)
         fork_parent_id = v.UnicodeString()
         chained_validators = [v.ValidForkName(edit, old_data)]
         landing_rev = v.OneOf(landing_revs, hideList=True)
     return _RepoForkForm
 def ApplicationSettingsForm():
     class _ApplicationSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         rhodecode_title = v.UnicodeString(strip=True, min=1, not_empty=True)
         rhodecode_realm = v.UnicodeString(strip=True, min=1, not_empty=True)
         rhodecode_ga_code = v.UnicodeString(strip=True, min=1, not_empty=False)
     return _ApplicationSettingsForm
 def ApplicationVisualisationForm():
     class _ApplicationVisualisationForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         rhodecode_show_public_icon = v.StringBoolean(if_missing=False)
         rhodecode_show_private_icon = v.StringBoolean(if_missing=False)
         rhodecode_stylify_metatags = v.StringBoolean(if_missing=False)
         rhodecode_lightweight_dashboard = v.StringBoolean(if_missing=False)
         rhodecode_repository_fields = v.StringBoolean(if_missing=False)
         rhodecode_lightweight_journal = v.StringBoolean(if_missing=False)
     return _ApplicationVisualisationForm
 def ApplicationUiSettingsForm():
     class _ApplicationUiSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         web_push_ssl = v.StringBoolean(if_missing=False)
         paths_root_path = All(
             v.ValidPath(),
             v.UnicodeString(strip=True, min=1, not_empty=True)
+        )
         hooks_changegroup_update = v.StringBoolean(if_missing=False)
         hooks_changegroup_repo_size = v.StringBoolean(if_missing=False)
         hooks_changegroup_push_logger = v.StringBoolean(if_missing=False)
         hooks_outgoing_pull_logger = v.StringBoolean(if_missing=False)
         extensions_largefiles = v.StringBoolean(if_missing=False)
         extensions_hgsubversion = v.StringBoolean(if_missing=False)
         extensions_hggit = v.StringBoolean(if_missing=False)
     return _ApplicationUiSettingsForm
 def DefaultPermissionsForm(repo_perms_choices, group_perms_choices,
                            user_group_perms_choices, create_choices,
                            repo_group_create_choices, user_group_create_choices,
                            fork_choices, register_choices):
     class _DefaultPermissionsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         overwrite_default_repo = v.StringBoolean(if_missing=False)
         overwrite_default_group = v.StringBoolean(if_missing=False)
         overwrite_default_user_group = v.StringBoolean(if_missing=False)
         anonymous = v.StringBoolean(if_missing=False)
         default_repo_perm = v.OneOf(repo_perms_choices)
         default_group_perm = v.OneOf(group_perms_choices)
         default_user_group_perm = v.OneOf(user_group_perms_choices)
         default_repo_create = v.OneOf(create_choices)
         default_user_group_create = v.OneOf(user_group_create_choices)
         #default_repo_group_create = v.OneOf(repo_group_create_choices) #not impl. yet
         default_fork = v.OneOf(fork_choices)
         default_register = v.OneOf(register_choices)
     return _DefaultPermissionsForm
 def CustomDefaultPermissionsForm():
     class _CustomDefaultPermissionsForm(formencode.Schema):
         filter_extra_fields = True
         allow_extra_fields = True
         inherit_default_permissions = v.StringBoolean(if_missing=False)
         create_repo_perm = v.StringBoolean(if_missing=False)
         create_user_group_perm = v.StringBoolean(if_missing=False)
         #create_repo_group_perm Impl. later
         fork_repo_perm = v.StringBoolean(if_missing=False)
     return _CustomDefaultPermissionsForm
 def DefaultsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):
     class _DefaultsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         default_repo_type = v.OneOf(supported_backends)
         default_repo_private = v.StringBoolean(if_missing=False)
         default_repo_enable_statistics = v.StringBoolean(if_missing=False)
         default_repo_enable_downloads = v.StringBoolean(if_missing=False)
         default_repo_enable_locking = v.StringBoolean(if_missing=False)
     return _DefaultsForm
 def LdapSettingsForm(tls_reqcert_choices, search_scope_choices,
                      tls_kind_choices):
     class _LdapSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         #pre_validators = [LdapLibValidator]
         ldap_active = v.StringBoolean(if_missing=False)
         ldap_host = v.UnicodeString(strip=True,)
         ldap_port = v.Number(strip=True,)
         ldap_tls_kind = v.OneOf(tls_kind_choices)
         ldap_tls_reqcert = v.OneOf(tls_reqcert_choices)
         ldap_dn_user = v.UnicodeString(strip=True,)
         ldap_dn_pass = v.UnicodeString(strip=True,)
         ldap_base_dn = v.UnicodeString(strip=True,)
         ldap_filter = v.UnicodeString(strip=True,)
         ldap_search_scope = v.OneOf(search_scope_choices)
         ldap_attr_login = v.AttrLoginValidator()(not_empty=True)
         ldap_attr_firstname = v.UnicodeString(strip=True,)
         ldap_attr_lastname = v.UnicodeString(strip=True,)
         ldap_attr_email = v.UnicodeString(strip=True,)
     return _LdapSettingsForm
 def UserExtraEmailForm():
     class _UserExtraEmailForm(formencode.Schema):
         email = All(v.UniqSystemEmail(), v.Email(not_empty=True))
     return _UserExtraEmailForm
 def UserExtraIpForm():
     class _UserExtraIpForm(formencode.Schema):
         ip = v.ValidIp()(not_empty=True)
     return _UserExtraIpForm
 def PullRequestForm(repo_id):
     class _PullRequestForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         user = v.UnicodeString(strip=True, required=True)
         org_repo = v.UnicodeString(strip=True, required=True)
         org_ref = v.UnicodeString(strip=True, required=True)
         other_repo = v.UnicodeString(strip=True, required=True)
         other_ref = v.UnicodeString(strip=True, required=True)
         revisions = All(#v.NotReviewedRevisions(repo_id)(),
                         v.UniqueList(not_empty=True))
         review_members = v.UniqueList(not_empty=True)
         pullrequest_title = v.UnicodeString(strip=True, required=True, min=3)
         pullrequest_desc = v.UnicodeString(strip=True, required=False)
         ancestor_rev = v.UnicodeString(strip=True, required=True)
         merge_rev = v.UnicodeString(strip=True, required=True)
     return _PullRequestForm

rhodecode/model/user.py

➞

Show inline comments

@@ @@ -431,233 +431,238 @@ class UserModel(BaseModel): @@
         user.permissions[GK] = {}
         user.permissions[UK] = {}
         user.permissions[GLOBAL] = set()
         def _choose_perm(new_perm, cur_perm):
             new_perm_val = PERM_WEIGHTS[new_perm]
             cur_perm_val = PERM_WEIGHTS[cur_perm]
             if algo == 'higherwin':
                 if new_perm_val > cur_perm_val:
                     return new_perm
                 return cur_perm
             elif algo == 'lowerwin':
                 if new_perm_val < cur_perm_val:
                     return new_perm
                 return cur_perm
         #======================================================================
         # fetch default permissions
         #======================================================================
         default_user = User.get_by_username('default', cache=True)
         default_user_id = default_user.user_id
         default_repo_perms = Permission.get_default_perms(default_user_id)
         default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
         default_user_group_perms = Permission.get_default_user_group_perms(default_user_id)
         if user.is_admin:
             #==================================================================
             # admin user have all default rights for repositories
             # and groups set to admin
             #==================================================================
             user.permissions[GLOBAL].add('hg.admin')
             # repositories
             for perm in default_repo_perms:
                 r_k = perm.UserRepoToPerm.repository.repo_name
                 p = 'repository.admin'
                 user.permissions[RK][r_k] = p
             # repository groups
             for perm in default_repo_groups_perms:
                 rg_k = perm.UserRepoGroupToPerm.group.group_name
                 p = 'group.admin'
                 user.permissions[GK][rg_k] = p
             # user groups
             for perm in default_user_group_perms:
                 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
                 p = 'usergroup.admin'
                 user.permissions[UK][u_k] = p
             return user
         #==================================================================
         # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS
         #==================================================================
         uid = user.user_id
         # default global permissions taken fron the default user
         default_global_perms = self.sa.query(UserToPerm)\
             .filter(UserToPerm.user_id == default_user_id)
         for perm in default_global_perms:
             user.permissions[GLOBAL].add(perm.permission.permission_name)
         # defaults for repositories, taken from default user
         for perm in default_repo_perms:
             r_k = perm.UserRepoToPerm.repository.repo_name
             if perm.Repository.private and not (perm.Repository.user_id == uid):
                 # disable defaults for private repos,
                 p = 'repository.none'
             elif perm.Repository.user_id == uid:
                 # set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions[RK][r_k] = p
         # defaults for repository groups taken from default user permission
         # on given group
         for perm in default_repo_groups_perms:
             rg_k = perm.UserRepoGroupToPerm.group.group_name
             p = perm.Permission.permission_name
             user.permissions[GK][rg_k] = p
         # defaults for user groups taken from default user permission
         # on given user group
         for perm in default_user_group_perms:
             u_k = perm.UserUserGroupToPerm.user_group.users_group_name
             p = perm.Permission.permission_name
             user.permissions[UK][u_k] = p
         #======================================================================
         # !! OVERRIDE GLOBALS !! with user permissions if any found
         #======================================================================
         # those can be configured from groups or users explicitly
         _configurable = set(['hg.fork.none', 'hg.fork.repository',
                              'hg.create.none', 'hg.create.repository'])
         _configurable = set([
             'hg.fork.none', 'hg.fork.repository',
             'hg.create.none', 'hg.create.repository',
             'hg.usergroup.create.false', 'hg.usergroup.create.true'
         ])
         # USER GROUPS comes first
         # user group global permissions
         user_perms_from_users_groups = self.sa.query(UserGroupToPerm)\
             .options(joinedload(UserGroupToPerm.permission))\
             .join((UserGroupMember, UserGroupToPerm.users_group_id ==
                    UserGroupMember.users_group_id))\
             .filter(UserGroupMember.user_id == uid)\
             .order_by(UserGroupToPerm.users_group_id)\
             .all()
         #need to group here by groups since user can be in more than one group
         _grouped = [[x, list(y)] for x, y in
                     itertools.groupby(user_perms_from_users_groups,
                                       lambda x:x.users_group)]
         for gr, perms in _grouped:
             # since user can be in multiple groups iterate over them and
             # select the lowest permissions first (more explicit)
             ##TODO: do this^^
             if not gr.inherit_default_permissions:
                 # NEED TO IGNORE all configurable permissions and
                 # replace them with explicitly set
                 user.permissions[GLOBAL] = user.permissions[GLOBAL]\
                                                 .difference(_configurable)
             for perm in perms:
                 user.permissions[GLOBAL].add(perm.permission.permission_name)
         # user specific global permissions
         user_perms = self.sa.query(UserToPerm)\
                 .options(joinedload(UserToPerm.permission))\
                 .filter(UserToPerm.user_id == uid).all()
         if not user.inherit_default_permissions:
             # NEED TO IGNORE all configurable permissions and
             # replace them with explicitly set
             user.permissions[GLOBAL] = user.permissions[GLOBAL]\
                                             .difference(_configurable)
             for perm in user_perms:
                 user.permissions[GLOBAL].add(perm.permission.permission_name)
         ## END GLOBAL PERMISSIONS
         #======================================================================
         # !! PERMISSIONS FOR REPOSITORIES !!
         #======================================================================
         #======================================================================
         # check if user is part of user groups for this repository and
         # fill in his permission from it. _choose_perm decides of which
         # permission should be selected based on selected method
         #======================================================================
         # user group for repositories permissions
         user_repo_perms_from_users_groups = \
          self.sa.query(UserGroupRepoToPerm, Permission, Repository,)\
             .join((Repository, UserGroupRepoToPerm.repository_id ==
                    Repository.repo_id))\
             .join((Permission, UserGroupRepoToPerm.permission_id ==
                    Permission.permission_id))\
             .join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==
                    UserGroupMember.users_group_id))\
             .filter(UserGroupMember.user_id == uid)\
             .all()
         multiple_counter = collections.defaultdict(int)
         for perm in user_repo_perms_from_users_groups:
             r_k = perm.UserGroupRepoToPerm.repository.repo_name
             multiple_counter[r_k] += 1
             p = perm.Permission.permission_name
             cur_perm = user.permissions[RK][r_k]
             if perm.Repository.user_id == uid:
                 # set admin if owner
                 p = 'repository.admin'
             else:
                 if multiple_counter[r_k] > 1:
                     p = _choose_perm(p, cur_perm)
             user.permissions[RK][r_k] = p
         # user explicit permissions for repositories, overrides any specified
         # by the group permission
         user_repo_perms = Permission.get_default_perms(uid)
         for perm in user_repo_perms:
             r_k = perm.UserRepoToPerm.repository.repo_name
             cur_perm = user.permissions[RK][r_k]
             # set admin if owner
             if perm.Repository.user_id == uid:
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
                 if not explicit:
                     p = _choose_perm(p, cur_perm)
             user.permissions[RK][r_k] = p
         #======================================================================
         # !! PERMISSIONS FOR REPOSITORY GROUPS !!
         #======================================================================
         #======================================================================
         # check if user is part of user groups for this repository groups and
         # fill in his permission from it. _choose_perm decides of which
         # permission should be selected based on selected method
         #======================================================================
         # user group for repo groups permissions
         user_repo_group_perms_from_users_groups = \
          self.sa.query(UserGroupRepoGroupToPerm, Permission, RepoGroup)\
          .join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\
          .join((Permission, UserGroupRepoGroupToPerm.permission_id
                 == Permission.permission_id))\
          .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id
                 == UserGroupMember.users_group_id))\
          .filter(UserGroupMember.user_id == uid)\
          .all()
         multiple_counter = collections.defaultdict(int)
         for perm in user_repo_group_perms_from_users_groups:
             g_k = perm.UserGroupRepoGroupToPerm.group.group_name
             multiple_counter[g_k] += 1
             p = perm.Permission.permission_name
             cur_perm = user.permissions[GK][g_k]
             if multiple_counter[g_k] > 1:
                 p = _choose_perm(p, cur_perm)
             user.permissions[GK][g_k] = p
         # user explicit permissions for repository groups
         user_repo_groups_perms = Permission.get_default_group_perms(uid)
         for perm in user_repo_groups_perms:
             rg_k = perm.UserRepoGroupToPerm.group.group_name
             p = perm.Permission.permission_name
             cur_perm = user.permissions[GK][rg_k]
             if not explicit:
                 p = _choose_perm(p, cur_perm)
             user.permissions[GK][rg_k] = p
         #======================================================================
         # !! PERMISSIONS FOR USER GROUPS !!
         #======================================================================
         #user explicit permission for user groups
         user_user_groups_perms = Permission.get_default_user_group_perms(uid)

rhodecode/templates/admin/users/user_edit.html

➞

Show inline comments

@@ @@ -56,231 +56,194 @@ @@
                 <div class="label">
                     <label for="username">${_('Username')}:</label>
                 </div>
                 <div class="input">
                     %if c.ldap_dn:
                         ${h.text('username',class_='medium disabled', readonly="readonly")}
                     %else:
                         ${h.text('username',class_='medium')}
                     %endif:
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="ldap_dn">${_('LDAP DN')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('ldap_dn',class_='medium disabled',readonly="readonly")}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="new_password">${_('New password')}:</label>
                 </div>
                 <div class="input">
                     ${h.password('new_password',class_='medium',autocomplete="off")}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="password_confirmation">${_('New password confirmation')}:</label>
                 </div>
                 <div class="input">
                     ${h.password('password_confirmation',class_="medium",autocomplete="off")}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="firstname">${_('First Name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('firstname',class_='medium')}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="lastname">${_('Last Name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('lastname',class_='medium')}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="email">${_('Email')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('email',class_='medium')}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="active">${_('Active')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('active',value=True)}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="admin">${_('Admin')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('admin',value=True)}
                 </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 <div style="min-height:780px" class="box box-right">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Permissions')}</h5>
     </div>
     ${h.form(url('user_perm', id=c.user.user_id),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="inherit_permissions">${_('Inherit default permissions')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('inherit_default_permissions',value=True)}
                 </div>
                 <span class="help-block">${h.literal(_('Select to inherit permissions from %s settings. '
                                              'With this selected below options does not have any action') % h.link_to('default', url('edit_permission', id='default')))}</span>
              </div>
              <div id="inherit_overlay" style="${'opacity:0.3' if c.user.inherit_default_permissions else ''}" >
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="create_repo_perm">${_('Create repositories')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('create_repo_perm',value=True)}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="fork_repo_perm">${_('Fork repositories')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('fork_repo_perm',value=True)}
                 </div>
              </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>
     ${h.end_form()}
     <%namespace name="dpb" file="/base/default_perms_box.html"/>
     ${dpb.default_perms_box(url('user_perm', id=c.user.user_id))}
     ## permissions overview
     <%namespace name="p" file="/base/perms_summary.html"/>
     ${p.perms_summary(c.perm_user.permissions)}
 </div>
 <div class="box box-left" style="clear:left">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Email addresses')}</h5>
     </div>
     <div class="emails_wrap">
       <table class="noborder">
       %for em in c.user_email_map:
         <tr>
             <td><div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(em.user.email,16)}"/> </div></td>
             <td><div class="email">${em.email}</div></td>
             <td>
               ${h.form(url('user_emails_delete', id=c.user.user_id),method='delete')}
                   ${h.hidden('del_email',em.email_id)}
                   ${h.submit('remove_',_('delete'),id="remove_email_%s" % em.email_id,
                   class_="delete_icon action_button", onclick="return  confirm('"+_('Confirm to delete this email: %s') % em.email+"');")}
               ${h.end_form()}
             </td>
         </tr>
       %endfor
       </table>
     </div>
     ${h.form(url('user_emails', id=c.user.user_id),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="label">
                     <label for="new_email">${_('New email address')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('new_email', class_='medium')}
                 </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Add'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 <div class="box box-left" style="clear:left">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Allowed IP addresses')}</h5>
     </div>
     <div class="ips_wrap">
       <table class="noborder">
       %if c.user_ip_map:
         %for ip in c.user_ip_map:
           <tr>
               <td><div class="ip">${ip.ip_addr}</div></td>
               <td><div class="ip">${h.ip_range(ip.ip_addr)}</div></td>
               <td>
                 ${h.form(url('user_ips_delete', id=c.user.user_id),method='delete')}
                     ${h.hidden('del_ip',ip.ip_id)}
                     ${h.submit('remove_',_('delete'),id="remove_ip_%s" % ip.ip_id,
                     class_="delete_icon action_button", onclick="return  confirm('"+_('Confirm to delete this ip: %s') % ip.ip_addr+"');")}
                 ${h.end_form()}
               </td>
           </tr>
         %endfor
        %else:
         <tr><td><div class="ip">${_('All IP addresses are allowed')}</div></td></tr>
        %endif
       </table>
     </div>
     ${h.form(url('user_ips', id=c.user.user_id),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="label">
                     <label for="new_ip">${_('New ip address')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('new_ip', class_='medium')}
                 </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Add'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>

rhodecode/templates/admin/users_groups/users_group_edit.html

➞

Show inline comments

@@ @@ -18,171 +18,133 @@ @@
 </%def>
 <%def name="main()">
 <div class="box box-left" style="clear:left">
     <!-- box / title -->
     <div class="title">
         ${self.breadcrumbs()}
     </div>
     <!-- end box / title -->
     ${h.form(url('users_group', id=c.users_group.users_group_id),method='put', id='edit_users_group')}
     <div class="form">
         <!-- fields -->
             <div class="fields">
                  <div class="field">
                     <div class="label">
                         <label for="users_group_name">${_('Group name')}:</label>
                     </div>
                     <div class="input">
                         ${h.text('users_group_name',class_='small')}
                     </div>
                  </div>
                  <div class="field">
                     <div class="label label-checkbox">
                         <label for="users_group_active">${_('Active')}:</label>
                     </div>
                     <div class="checkboxes">
                         ${h.checkbox('users_group_active',value=True)}
                     </div>
                  </div>
                 <div class="field">
                     <div class="label">
                         <label for="users_group_active">${_('Members')}:</label>
                     </div>
                     <div class="select">
                         <table>
                                 <tr>
                                     <td>
                                         <div>
                                             <div style="float:left">
                                                 <div class="text" style="padding: 0px 0px 6px;">${_('Chosen group members')}</div>
                                                 ${h.select('users_group_members',[x[0] for x in c.group_members],c.group_members,multiple=True,size=8,style="min-width:210px")}
                                                <div id="remove_all_elements" style="cursor:pointer;text-align:center">
                                                    ${_('Remove all elements')}
                                                    <img alt="remove" style="vertical-align:text-bottom" src="${h.url('/images/icons/arrow_right.png')}"/>
                                                </div>
                                             </div>
                                             <div style="float:left;width:20px;padding-top:50px">
                                                 <img alt="add" id="add_element"
                                                     style="padding:2px;cursor:pointer"
                                                     src="${h.url('/images/icons/arrow_left.png')}"/>
                                                 <br />
                                                 <img alt="remove" id="remove_element"
                                                     style="padding:2px;cursor:pointer"
                                                     src="${h.url('/images/icons/arrow_right.png')}"/>
                                             </div>
                                             <div style="float:left">
                                                  <div class="text" style="padding: 0px 0px 6px;">${_('Available members')}</div>
                                                  ${h.select('available_members',[],c.available_members,multiple=True,size=8,style="min-width:210px")}
                                                  <div id="add_all_elements" style="cursor:pointer;text-align:center">
                                                        <img alt="add" style="vertical-align:text-bottom" src="${h.url('/images/icons/arrow_left.png')}"/>
                                                         ${_('Add all elements')}
                                                  </div>
                                             </div>
                                         </div>
                                     </td>
                                 </tr>
                         </table>
                     </div>
                 </div>
                 <div class="buttons">
                   ${h.submit('Save',_('Save'),class_="ui-btn large")}
                 </div>
             </div>
     </div>
 ${h.end_form()}
     <div class="group_members_wrap">
     % if c.group_members_obj:
       <ul class="group_members">
       %for user in c.group_members_obj:
         <li>
           <div class="group_member">
             <div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(user.email,24)}"/> </div>
             <div>${h.link_to(user.username, h.url('edit_user',id=user.user_id))}</div>
             <div>${user.full_name}</div>
           </div>
         </li>
       %endfor
       </ul>
       %else:
         <span class="empty_data">${_('No members yet')}</span>
       %endif
     </div>
 </div>
 <div class="box box-right">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Global Permissions')}</h5>
     </div>
     <%namespace name="dpb" file="/base/default_perms_box.html"/>
     ${dpb.default_perms_box(url('users_group_perm', id=c.users_group.users_group_id))}
 </div>
 <div class="box box-right">
     <div class="title">
         <h5>${_('Permissions')}</h5>
     </div>
     ${h.form(url('set_user_group_perm_member', id=c.users_group.users_group_id),method='post')}
     <div class="form">
        <div class="fields">
             <div class="field">
                 <div class="label">
                     <label for="input">${_('Permissions')}:</label>
                 </div>
                 <div class="input">
                     <%include file="user_group_edit_perms.html"/>
                 </div>
             </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
        </div>
     </div>
     ${h.end_form()}
 </div>
 <div class="box box-right">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Global Permissions')}</h5>
     </div>
     ${h.form(url('users_group_perm', id=c.users_group.users_group_id), method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="inherit_permissions">${_('Inherit default permissions')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('inherit_default_permissions',value=True)}
                 </div>
                 <span class="help-block">${h.literal(_('Select to inherit permissions from %s settings. '
                                              'With this selected below options does not have any action') % h.link_to('default', url('edit_permission', id='default')))}</span>
              </div>
              <div id="inherit_overlay" style="${'opacity:0.3' if c.users_group.inherit_default_permissions else ''}" >
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="create_repo_perm">${_('Create repositories')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('create_repo_perm',value=True)}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="fork_repo_perm">${_('Fork repositories')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('fork_repo_perm',value=True)}
                 </div>
              </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 <script type="text/javascript">
   MultiSelectWidget('users_group_members','available_members','edit_users_group');
 </script>
 </%def>

rhodecode/templates/base/default_perms_box.html

➞

Show inline comments

@@ new file 100644 @@
 ## snippet for displaying default permission box
 ## usage:
 ##    <%namespace name="dpb" file="/base/default_perms_box.html"/>
 ##    ${dpb.default_perms_box(<url_to_form>)}
 <%def name="default_perms_box(form_url)">
 ${h.form(form_url, method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="checkboxes">
                     <label for="inherit_default_permissions">${_('Inherit default permissions')}:</label>
                     ${h.checkbox('inherit_default_permissions',value=True)}
                 </div>
                 <span class="help-block">
                 ${h.literal(_('Select to inherit permissions from %s settings. '
                               'With this selected below options does not apply.')
                               % h.link_to('default', url('edit_permission', id='default')))}
                 </span>
              </div>
              <div id="inherit_overlay">
              <div class="field">
                 <div class="checkboxes">
                     <label for="create_repo_perm">${_('Create repositories')}:</label>
                     ${h.checkbox('create_repo_perm',value=True)}
                 </div>
                 <span class="help-block">
                 ${h.literal(_('Select this option to allow repository creation for this user'))}
                 </span>
              </div>
              <div class="field">
                 <div class="checkboxes">
                     <label for="create_user_group_perm">${_('Create user groups')}:</label>
                     ${h.checkbox('create_user_group_perm',value=True)}
                 </div>
                 <span class="help-block">
                 ${h.literal(_('Select this option to allow user group creation for this user'))}
                 </span>
              </div>
              <div class="field">
                 <div class="checkboxes">
                     <label for="fork_repo_perm">${_('Fork repositories')}:</label>
                     ${h.checkbox('fork_repo_perm',value=True)}
                 </div>
                 <span class="help-block">
                 ${h.literal(_('Select this option to allow repository forking for this user'))}
                 </span>
              </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>
 ${h.end_form()}
 ## JS
 <script>
 YUE.onDOMReady(function(e){
     var show_custom_perms = function(inherit_default){
         if(inherit_default){
             YUD.setStyle('inherit_overlay', 'display', 'none');
+        }
         else{
             YUD.setStyle('inherit_overlay', 'display', '');
+        }
+    }
     var defaults = YUD.get('inherit_default_permissions').checked;
     show_custom_perms(defaults);
     YUE.on('inherit_default_permissions', 'change', function(e){
         if(YUD.get('inherit_default_permissions').checked){
             show_custom_perms(true);
+        }
         else{
             show_custom_perms(false);
+        }
     })
 })
 </script>
 </%def>

rhodecode/templates/base/perms_summary.html

➞

Show inline comments

 ## snippet for displaying permissions overview for users
 ## usage:
 ##    <%namespace name="p" file="/base/perms_summary.html"/>
 ##    ${p.perms_summary(c.perm_user.permissions)}
 <%def name="perms_summary(permissions)">
 <div id="perms" class="table">
      %for section in sorted(permissions.keys()):
         <div class="perms_section_head">${section.replace("_"," ").capitalize()}</div>
         %if not permissions[section]:
             <span class="empty_data">${_('No permissions defined yet')}</span>
         %else:
         <div id='tbl_list_wrap_${section}' class="yui-skin-sam">
          <table id="tbl_list_${section}">
           %if section == 'global':
               <thead>
                   <tr>
                   <th colspan="2" class="left">${_('Permission')}</th>
                   <th class="left">${_('Edit Permission')}</th>
               </thead>
               <tbody>
-              %for k in sorted(permissions[section], key=lambda s: s.lower()):
               %for k in permissions[section]:
                   <tr>
                       <td colspan="2">
                           ${h.get_permission_name(k)}
                       </td>
                       <td>
                            <a href="${h.url('edit_permission', id='default')}">${_('edit')}</a>
                       </td>
                   </tr>
               %endfor
               </tbody>
           %else:
               <thead>
                   <tr>
                   <th class="left">${_('Name')}</th>
                   <th class="left">${_('Permission')}</th>
                   <th class="left">${_('Edit Permission')}</th>
               </thead>
               <tbody>
               %for k, section_perm in sorted(permissions[section].items(), key=lambda s: s[1]+s[0].lower()):
                   <tr>
                       <td>
                           %if section == 'repositories':
                               <a href="${h.url('summary_home',repo_name=k)}">${k}</a>
                           %elif section == 'repositories_groups':
                               <a href="${h.url('repos_group_home',group_name=k)}">${k}</a>
                           %elif section == 'user_groups':
                               ##<a href="${h.url('edit_users_group',id=k)}">${k}</a>
                               ${k}
                           %endif
                       </td>
                       <td>
                            <span class="perm_tag ${section_perm.split('.')[-1]}">${section_perm}</span>
                       </td>
                       <td>
                           %if section == 'repositories':
                               <a href="${h.url('edit_repo',repo_name=k,anchor='permissions_manage')}">${_('edit')}</a>
                           %elif section == 'repositories_groups':
                               <a href="${h.url('edit_repos_group',group_name=k,anchor='permissions_manage')}">${_('edit')}</a>
                           %elif section == 'user_groups':
                               ##<a href="${h.url('edit_users_group',id=k)}">${_('edit')}</a>
                           %endif
                       </td>
                   </tr>
               %endfor
               </tbody>
           %endif
          </table>
         </div>
         %endif
      %endfor
 </div>
 </%def>

0 comments (0 inline, 0 general)