kallithea Changeset - 8f3cc21d83e6

Changeset - 8f3cc21d83e6

Parent rev.

Child rev.

[Not reviewed]

beta

0 3 0

Marcin Kuzminski - 13 years ago 2013-01-28 21:14:46
marcin@python-works.com

fixes issue #739 Delete/Edit repositories should only point to admin links if the user is an super admin.

3 files changed with 24 insertions and 10 deletions:

rhodecode/controllers/admin/repos.py

rhodecode/model/repo.py

rhodecode/templates/data_table/_dt_elements.html

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/repos.py

➞

Show inline comments

@@ @@ -117,49 +117,50 @@ class ReposController(BaseController): @@
         else:
             c.stats_percentage = '%.2f' % ((float((last_rev)) /
                                             c.repo_last_rev) * 100)
         defaults = RepoModel()._get_defaults(repo_name)
         c.repos_list = [('', _('--REMOVE FORK--'))]
         c.repos_list += [(x.repo_id, x.repo_name) for x in
                     Repository.query().order_by(Repository.repo_name).all()
                     if x.repo_id != c.repo_info.repo_id]
         defaults['id_fork_of'] = db_repo.fork.repo_id if db_repo.fork else ''
         return defaults
     @HasPermissionAllDecorator('hg.admin')
     def index(self, format='html'):
         """GET /repos: All items in the collection"""
         # url('repos')
         c.repos_list = Repository.query()\
                         .order_by(func.lower(Repository.repo_name))\
                         .all()
         repos_data = RepoModel().get_repos_as_dict(repos_list=c.repos_list,
                                                    admin=True)
                                                    admin=True,
                                                    super_user_actions=True)
         #json used to render the grid
         c.data = json.dumps(repos_data)
         return render('admin/repos/repos.html')
     @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
     def create(self):
         """
         POST /repos: Create a new item"""
         # url('repos')
         self.__load_defaults()
         form_result = {}
         try:
             form_result = RepoForm(repo_groups=c.repo_groups_choices,
                                    landing_revs=c.landing_revs_choices)()\
                             .to_python(dict(request.POST))
             new_repo = RepoModel().create(form_result,
                                           self.rhodecode_user.user_id)
             if form_result['clone_uri']:
                 h.flash(_('created repository %s from %s') \
                     % (form_result['repo_name'], form_result['clone_uri']),
                     category='success')
             else:

rhodecode/model/repo.py

➞

Show inline comments

@@ @@ -122,81 +122,82 @@ class RepoModel(BaseModel): @@
         users_groups = self.sa.query(UsersGroup)\
             .filter(UsersGroup.users_group_active == True).all()
         return json.dumps([
+            {
              'id': gr.users_group_id,
              'grname': gr.users_group_name,
              'grmembers': len(gr.members),
             } for gr in users_groups]
+        )
     @classmethod
     def _render_datatable(cls, tmpl, *args, **kwargs):
         import rhodecode
         from pylons import tmpl_context as c
         from pylons.i18n.translation import _
         _tmpl_lookup = rhodecode.CONFIG['pylons.app_globals'].mako_lookup
         template = _tmpl_lookup.get_template('data_table/_dt_elements.html')
         tmpl = template.get_def(tmpl)
         kwargs.update(dict(_=_, h=h, c=c))
         return tmpl.render(*args, **kwargs)
     def get_repos_as_dict(self, repos_list=None, admin=False, perm_check=True):
     def get_repos_as_dict(self, repos_list=None, admin=False, perm_check=True,
                           super_user_actions=False):
         _render = self._render_datatable
         def quick_menu(repo_name):
             return _render('quick_menu', repo_name)
         def repo_lnk(name, rtype, private, fork_of):
             return _render('repo_name', name, rtype, private, fork_of,
                            short_name=not admin, admin=False)
         def last_change(last_change):
             return _render("last_change", last_change)
         def rss_lnk(repo_name):
             return _render("rss", repo_name)
         def atom_lnk(repo_name):
             return _render("atom", repo_name)
         def last_rev(repo_name, cs_cache):
             return _render('revision', repo_name, cs_cache.get('revision'),
                            cs_cache.get('raw_id'), cs_cache.get('author'),
                            cs_cache.get('message'))
         def desc(desc):
             from pylons import tmpl_context as c
             if c.visual.stylify_metatags:
                 return h.urlify_text(h.desc_stylize(h.truncate(desc, 60)))
             else:
                 return h.urlify_text(h.truncate(desc, 60))
         def repo_actions(repo_name):
             return _render('repo_actions', repo_name)
+            return _render('repo_actions', repo_name, super_user_actions)
         def owner_actions(user_id, username):
             return _render('user_name', user_id, username)
         repos_data = []
         for repo in repos_list:
             if perm_check:
                 # check permission at this level
                 if not HasRepoPermissionAny(
                     'repository.read', 'repository.write', 'repository.admin'
                 )(repo.repo_name, 'get_repos_as_dict check'):
                     continue
             cs_cache = repo.changeset_cache
             row = {
                 "menu": quick_menu(repo.repo_name),
                 "raw_name": repo.repo_name.lower(),
                 "name": repo_lnk(repo.repo_name, repo.repo_type,
                                  repo.private, repo.fork),
                 "last_change": last_change(repo.last_db_change),
                 "last_changeset": last_rev(repo.repo_name, cs_cache),
                 "raw_tip": cs_cache.get('revision'),
                 "desc": desc(repo.description),
                 "owner": h.person(repo.user.username),
                 "rss": rss_lnk(repo.repo_name),

rhodecode/templates/data_table/_dt_elements.html

➞

Show inline comments

@@ @@ -89,55 +89,67 @@ @@
   %endif
   </div>
 </%def>
 <%def name="rss(name)">
   %if c.rhodecode_user.username != 'default':
     <a title="${_('Subscribe to %s rss feed')% name}" class="rss_icon"  href="${h.url('rss_feed_home',repo_name=name,api_key=c.rhodecode_user.api_key)}"></a>
   %else:
     <a title="${_('Subscribe to %s rss feed')% name}" class="rss_icon"  href="${h.url('rss_feed_home',repo_name=name)}"></a>
   %endif
 </%def>
 <%def name="atom(name)">
   %if c.rhodecode_user.username != 'default':
     <a title="${_('Subscribe to %s atom feed')% name}"  class="atom_icon" href="${h.url('atom_feed_home',repo_name=name,api_key=c.rhodecode_user.api_key)}"></a>
   %else:
     <a title="${_('Subscribe to %s atom feed')% name}"  class="atom_icon" href="${h.url('atom_feed_home',repo_name=name)}"></a>
   %endif
 </%def>
 <%def name="user_gravatar(email, size=24)">
     <div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(email, size)}"/> </div>
 </%def>
 <%def name="repo_actions(repo_name)">
+<%def name="repo_actions(repo_name, super_user=True)">
   <div>
     <div style="float:left">
     <a href="${h.url('repo_settings_home',repo_name=repo_name)}" title="${_('edit')}">
       ${h.submit('edit_%s' % repo_name,_('edit'),class_="edit_icon action_button")}
     </a>
     %if super_user:
       <a href="${h.url('edit_repo',repo_name=repo_name)}" title="${_('edit')}">
         ${h.submit('edit_%s' % repo_name,_('edit'),class_="edit_icon action_button")}
       </a>
     %else:
       <a href="${h.url('repo_settings_home',repo_name=repo_name)}" title="${_('edit')}">
         ${h.submit('edit_%s' % repo_name,_('edit'),class_="edit_icon action_button")}
       </a>
     %endif
     </div>
     <div style="float:left">
     ${h.form(h.url('repo', repo_name=repo_name),method='delete')}
       ${h.submit('remove_%s' % repo_name,_('delete'),class_="delete_icon action_button",onclick="return confirm('"+_('Confirm to delete this repository: %s') % repo_name+"');")}
     ${h.end_form()}
     %if super_user:
       ${h.form(h.url('repo', repo_name=repo_name),method='delete')}
         ${h.submit('remove_%s' % repo_name,_('delete'),class_="delete_icon action_button",onclick="return confirm('"+_('Confirm to delete this repository: %s') % repo_name+"');")}
       ${h.end_form()}
     %else:
       ${h.form(h.url('repo_settings_delete', repo_name=repo_name),method='delete')}
         ${h.submit('remove_%s' % repo_name,_('delete'),class_="delete_icon action_button",onclick="return confirm('"+_('Confirm to delete this repository: %s') % repo_name+"');")}
       ${h.end_form()}
     %endif
     </div>
   </div>
 </%def>
 <%def name="user_actions(user_id, username)">
   ${h.form(h.url('delete_user', id=user_id),method='delete')}
       ${h.submit('remove_',_('delete'),id="remove_user_%s" % user_id,
       class_="delete_icon action_button",onclick="return confirm('"+_('Confirm to delete this user: %s') % username+"');")}
   ${h.end_form()}
 </%def>
 <%def name="user_name(user_id, username)">
     ${h.link_to(username,h.url('edit_user', id=user_id))}
 </%def>
 <%def name="toggle_follow(repo_id)">
   <span id="follow_toggle_${repo_id}" class="following" title="${_('Stop following this repository')}"
         onclick="javascript:toggleFollowingRepo(this, ${repo_id},'${str(h.get_token())}')">
   </span>
 </%def>

0 comments (0 inline, 0 general)