Changeset - 8aad6a324739
Parent rev.
Child rev.
[Not reviewed]
stable
0 2 0
Mads Kiilerich - 10 years ago 2015-07-07 02:25:54
madski@unity3d.com
permissions: clarify what the default options actually mean
2 files changed with 38 insertions and 34 deletions:
kallithea/model/db.py
26
26
kallithea/templates/admin/permissions/permissions_globals.html
12
8
0 comments (0 inline, 0 general)
kallithea/model/db.py
Show inline comments
 
@@ -1630,84 +1630,84 @@ class RepoGroup(Base, BaseModel):
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        group = self

			




	
	
	
		
 
        data = dict(

			




	
	
	
		
 
            group_id=group.group_id,

			




	
	
	
		
 
            group_name=group.group_name,

			




	
	
	
		
 
            group_description=group.group_description,

			




	
	
	
		
 
            parent_group=group.parent_group.group_name if group.parent_group else None,

			




	
	
	
		
 
            repositories=[x.repo_name for x in group.repositories],

			




	
	
	
		
 
            owner=group.user.username

			




	
	
	
		
 
        )

			




	
	
	
		
 
        return data

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class Permission(Base, BaseModel):

			




	
	
	
		
 
    __tablename__ = 'permissions'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        Index('p_perm_name_idx', 'permission_name'),

			




	
	
	
		
 
        {'extend_existing': True, 'mysql_engine': 'InnoDB',

			




	
	
	
		
 
         'mysql_charset': 'utf8', 'sqlite_autoincrement': True},

			




	
	
	
		
 
    )

			




	
	
	
		
 
    PERMS = [

			




	
	
	
		
 
        ('hg.admin', _('Kallithea Administrator')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('repository.none', _('Repository no access')),

			




	
	
	
		
 
        ('repository.read', _('Repository read access')),

			




	
	
	
		
 
        ('repository.write', _('Repository write access')),

			




	
	
	
		
 
        ('repository.admin', _('Repository admin access')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('group.none', _('Repository group no access')),

			




	
	
	
		
 
        ('group.read', _('Repository group read access')),

			




	
	
	
		
 
        ('group.write', _('Repository group write access')),

			




	
	
	
		
 
        ('group.admin', _('Repository group admin access')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('usergroup.none', _('User group no access')),

			




	
	
	
		
 
        ('usergroup.read', _('User group read access')),

			




	
	
	
		
 
        ('usergroup.write', _('User group write access')),

			




	
	
	
		
 
        ('usergroup.admin', _('User group admin access')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.repogroup.create.false', _('Repository Group creation disabled')),

			




	
	
	
		
 
        ('hg.repogroup.create.true', _('Repository Group creation enabled')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.usergroup.create.false', _('User Group creation disabled')),

			




	
	
	
		
 
        ('hg.usergroup.create.true', _('User Group creation enabled')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.create.none', _('Repository creation disabled')),

			




	
	
	
		
 
        ('hg.create.repository', _('Repository creation enabled')),

			




	
	
	
		
 
        ('repository.none', _('Default user has no access to new Repositories')),

			




	
	
	
		
 
        ('repository.read', _('Default user has read access to new Repositories')),

			




	
	
	
		
 
        ('repository.write', _('Default user has write access to new Repositories')),

			




	
	
	
		
 
        ('repository.admin', _('Default user has admin access to new Repositories')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('group.none', _('Default user has no access to new Repository Groups')),

			




	
	
	
		
 
        ('group.read', _('Default user has read access to new Repository Groups')),

			




	
	
	
		
 
        ('group.write', _('Default user has write access to new Repository Groups')),

			




	
	
	
		
 
        ('group.admin', _('Default user has admin access to new Repository Groups')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('usergroup.none', _('Default user has no access to new User Groups')),

			




	
	
	
		
 
        ('usergroup.read', _('Default user has read access to new User Groups')),

			




	
	
	
		
 
        ('usergroup.write', _('Default user has write access to new User Groups')),

			




	
	
	
		
 
        ('usergroup.admin', _('Default user has admin access to new User Groups')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.repogroup.create.false', _('Only admins can create Repository Groups')),

			




	
	
	
		
 
        ('hg.repogroup.create.true', _('Non-admins can create Repository Groups')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.usergroup.create.false', _('Only admins can create User Groups')),

			




	
	
	
		
 
        ('hg.usergroup.create.true', _('Non-admins can create User Groups')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.create.none', _('Only admins can create top level Repositories')),

			




	
	
	
		
 
        ('hg.create.repository', _('Non-admins can create top level Repositories')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.create.write_on_repogroup.true', _('Repository creation enabled with write permission to a repository group')),

			




	
	
	
		
 
        ('hg.create.write_on_repogroup.false', _('Repository creation disabled with write permission to a repository group')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.fork.none', _('Repository forking disabled')),

			




	
	
	
		
 
        ('hg.fork.repository', _('Repository forking enabled')),

			




	
	
	
		
 
        ('hg.fork.none', _('Only admins can fork repositories')),

			




	
	
	
		
 
        ('hg.fork.repository', _('Non-admins can can fork repositories')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.register.none', _('Registration disabled')),

			




	
	
	
		
 
        ('hg.register.manual_activate', _('User Registration with manual account activation')),

			




	
	
	
		
 
        ('hg.register.auto_activate', _('User Registration with automatic account activation')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.extern_activate.manual', _('Manual activation of external account')),

			




	
	
	
		
 
        ('hg.extern_activate.auto', _('Automatic activation of external account')),

			




	
	
	
		
 

			




	
	
	
		
 
    ]

			




	
	
	
		
 

			




	
	
	
		
 
    #definition of system default permissions for DEFAULT user

			




	
	
	
		
 
    DEFAULT_USER_PERMISSIONS = [

			




	
	
	
		
 
        'repository.read',

			




	
	
	
		
 
        'group.read',

			




	
	
	
		
 
        'usergroup.read',

			




	
	
	
		
 
        'hg.create.repository',

			




	
	
	
		
 
        'hg.create.write_on_repogroup.true',

			




	
	
	
		
 
        'hg.fork.repository',

			




	
	
	
		
 
        'hg.register.manual_activate',

			




	
	
	
		
 
        'hg.extern_activate.auto',

			




	
	
	
		
 
    ]

			




	
	
	
		
 

			




	
	
	
		
 
    # defines which permissions are more important higher the more important

			




	
	
	
		
 
    # Weight defines which permissions are more important.

			




	
	
	
		
 
    # The higher number the more important.

			




	
	
	
		
 
    PERM_WEIGHTS = {

			




	
	
	
		
 
        'repository.none': 0,

			




	
	
	
		
 
        'repository.read': 1,

			




	
	
	
		
 
        'repository.write': 3,

			




	
	
	
		
 
        'repository.admin': 4,

			




	
	
	
		
 

			




	
	
	
		
 
        'group.none': 0,

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/permissions/permissions_globals.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
${h.form(url('admin_permissions'), method='post')}

			




	
	
	
		
 
    <div class="form">

			




	
	
	
		
 
        <!-- fields -->

			




	
	
	
		
 
        <div class="fields">

			




	
	
	
		
 
            <div class="field">

			




	
	
	
		
 
                <div class="label label-checkbox">

			




	
	
	
		
 
                    <label for="anonymous">${_('Anonymous access')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="checkboxes">

			




	
	
	
		
 
                    <div class="checkbox">

			




	
	
	
		
 
                        ${h.checkbox('anonymous',True)}

			




	
	
	
		
 
                    </div>

			




	
	
	
		
 
                     <span class="help-block">${h.literal(_('Allow access to Kallithea without needing to log in. Anonymous users use %s user permissions.' % (h.link_to('*default*',h.url('admin_permissions_perms')))))}</span>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
            </div>

			




	
	
	
		
 
            <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="default_repo_perm">${_('Repository')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="select">

			




	
	
	
		
 
                    ${h.select('default_repo_perm','',c.repo_perms_choices)}

			




	
	
	
		
 

			




	
	
	
		
 
                    ${h.checkbox('overwrite_default_repo','true')}

			




	
	
	
		
 
                    <label for="overwrite_default_repo">

			




	
	
	
		
 
                    <span class="tooltip"

			




	
	
	
		
 
                    title="${h.tooltip(_('All default permissions on each repository will be reset to chosen permission, note that all custom default permission on repositories will be lost'))}">

			




	
	
	
		
 
                    ${_('Overwrite existing settings')}</span> </label>

			




	
	
	
		
 
                    ${_('Apply to all existing repositories')}</span> </label>

			




	
	
	
		
 
                    <span class="help-block">${_('Permissions for the Default user on new repositories.')}</span>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
            </div>

			




	
	
	
		
 
            <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="default_group_perm">${_('Repository group')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="select">

			




	
	
	
		
 
                    ${h.select('default_group_perm','',c.group_perms_choices)}

			




	
	
	
		
 
                    ${h.checkbox('overwrite_default_group','true')}

			




	
	
	
		
 
                    <label for="overwrite_default_group">

			




	
	
	
		
 
                    <span class="tooltip"

			




	
	
	
		
 
                    title="${h.tooltip(_('All default permissions on each repository group will be reset to chosen permission, note that all custom default permission on repository groups will be lost'))}">

			




	
	
	
		
 
                    ${_('Overwrite existing settings')}</span> </label>

			




	
	
	
		
 

			




	
	
	
		
 
                    ${_('Apply to all existing repository groups')}</span> </label>

			




	
	
	
		
 
                    <span class="help-block">${_('Permissions for the Default user on new repository groups.')}</span>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
            </div>

			




	
	
	
		
 
            <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="default_group_perm">${_('User group')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="select">

			




	
	
	
		
 
                    ${h.select('default_user_group_perm','',c.user_group_perms_choices)}

			




	
	
	
		
 
                    ${h.checkbox('overwrite_default_user_group','true')}

			




	
	
	
		
 
                    <label for="overwrite_default_user_group">

			




	
	
	
		
 
                    <span class="tooltip"

			




	
	
	
		
 
                    title="${h.tooltip(_('All default permissions on each user group will be reset to chosen permission, note that all custom default permission on repository groups will be lost'))}">

			




	
	
	
		
 
                    ${_('Overwrite existing settings')}</span> </label>

			




	
	
	
		
 

			




	
	
	
		
 
                    ${_('Apply to all existing user groups')}</span></label>

			




	
	
	
		
 
                    <span class="help-block">${_('Permissions for the Default user on new user groups.')}</span>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
            </div>

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="default_repo_create">${_('Repository creation')}:</label>

			




	
	
	
		
 
                    <label for="default_repo_create">${_('Top level repository creation')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="select">

			




	
	
	
		
 
                    ${h.select('default_repo_create','',c.repo_create_choices)}

			




	
	
	
		
 
                    <span class="help-block">${_('Enable this to allow non-admins to create repositories at the top level.')}</span>

			




	
	
	
		
 
                    <span class="help-block">${_('Note: This will also give all users API access to create repositories everywhere. That might change in future versions.')}</span>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 
            <div class="field">

			




	
	
	
		
 
                <div class="label label-checkbox">

			




	
	
	
		
 
                    <label for="create_on_write">${_('Repository creation with group write access')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="select">

			




	
	
	
		
 
                    ${h.select('create_on_write','',c.repo_create_on_write_choices)}

			




	
	
	
		
 
                    <span class="help-block">${_('Write permission to a repository group allows creating repositories inside that group.')}</span>

			




	
	
	
		
 
                    <span class="help-block">${_('With this, write permission to a repository group allows creating repositories inside that group. Without this, group write permissions mean nothing.')}</span>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
            </div>

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="default_user_group_create">${_('User group creation')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="select">

			




	
	
	
		
 
                    ${h.select('default_user_group_create','',c.user_group_create_choices)}

			




	
	
	
		
 
                    <span class="help-block">${_('Enable this to allow non-admins to create user groups.')}</span>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="default_fork">${_('Repository forking')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="select">

			




	
	
	
		
 
                    ${h.select('default_fork','',c.fork_choices)}

			




	
	
	
		
 
                    <span class="help-block">${_('Enable this to allow non-admins to fork repositories.')}</span>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="default_register">${_('Registration')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="select">

			




	
	
	
		
 
                    ${h.select('default_register','',c.register_choices)}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="default_extern_activate">${_('External auth account activation')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="select">

			




	
	
	
		
 
                    ${h.select('default_extern_activate','',c.extern_activate_choices)}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 
            <div class="buttons">

			




	
	
	
		
 
              ${h.submit('save',_('Save'),class_="btn")}

			




	
	
	
		
 
              ${h.reset('reset',_('Reset'),class_="btn")}

			




	
	
	
		
 
            </div>

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
    </div>

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.