kallithea Changeset - 92dfc033ee6f

Changeset - 92dfc033ee6f

Parent rev.

Child rev.

[Not reviewed]

beta

0 2 0

Marcin Kuzminski - 13 years ago 2013-02-05 01:57:37
marcin@python-works.com

forbid removing yourself as beeing an admin of a group

2 files changed with 33 insertions and 0 deletions:

rhodecode/controllers/admin/repos_groups.py

rhodecode/templates/admin/repos_groups/repos_group_edit_perms.html

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/repos_groups.py

➞

Show inline comments

@@ @@ -97,24 +97,33 @@ class ReposGroupsController(BaseControll @@
         # fill repository users
         for p in repo_group.repo_group_to_perm:
             data.update({'u_perm_%s' % p.user.username:
                              p.permission.permission_name})
         # fill repository groups
         for p in repo_group.users_group_to_perm:
             data.update({'g_perm_%s' % p.users_group.users_group_name:
                              p.permission.permission_name})
         return data
     def _revoke_perms_on_yourself(self, form_result):
         _up = filter(lambda u: c.rhodecode_user.username == u[0],
                      form_result['perms_updates'])
         _new = filter(lambda u: c.rhodecode_user.username == u[0],
                       form_result['perms_new'])
         if _new and _new[0][1] != 'group.admin' or _up and _up[0][1] != 'group.admin':
             return True
         return False
     def index(self, format='html'):
         """GET /repos_groups: All items in the collection"""
         # url('repos_groups')
         group_iter = GroupList(RepoGroup.query().all(), perm_set=['group.admin'])
         sk = lambda g: g.parents[0].group_name if g.parents else g.group_name
         c.groups = sorted(group_iter, key=sk)
         return render('admin/repos_groups/repos_groups_show.html')
     def create(self):
         """POST /repos_groups: Create a new item"""
         # url('repos_groups')
@@ @@ -191,24 +200,30 @@ class ReposGroupsController(BaseControll @@
             allow_empty_group = False
         self.__load_defaults(allow_empty_group=allow_empty_group,
                              exclude_group_ids=[c.repos_group.group_id])
         repos_group_form = ReposGroupForm(
             edit=True,
             old_data=c.repos_group.get_dict(),
             available_groups=c.repo_groups_choices,
             can_create_in_root=allow_empty_group,
         )()
         try:
             form_result = repos_group_form.to_python(dict(request.POST))
             if not c.rhodecode_user.is_admin:
                 if self._revoke_perms_on_yourself(form_result):
                     msg = _('Cannot revoke permission for yourself as admin')
                     h.flash(msg, category='warning')
                     raise Exception('revoke admin permission on self')
             new_gr = ReposGroupModel().update(group_name, form_result)
             Session().commit()
             h.flash(_('updated repos group %s') \
                     % form_result['group_name'], category='success')
             # we now have new name !
             group_name = new_gr.group_name
             #TODO: in future action_logger(, '', '', '', self.sa)
         except formencode.Invalid, errors:
             return htmlfill.render(
                 render('admin/repos_groups/repos_groups_edit.html'),
                 defaults=errors.value,
@@ @@ -263,24 +278,29 @@ class ReposGroupsController(BaseControll @@
                       'group %s') % gr.group_name, category='error')
         return redirect(url('repos_groups'))
     @HasReposGroupPermissionAnyDecorator('group.admin')
     def delete_repos_group_user_perm(self, group_name):
         """
         DELETE an existing repositories group permission user
         :param group_name:
         """
         try:
             if not c.rhodecode_user.is_admin:
                 if c.rhodecode_user.user_id == safe_int(request.POST['user_id']):
                     msg = _('Cannot revoke permission for yourself as admin')
                     h.flash(msg, category='warning')
                     raise Exception('revoke admin permission on self')
             recursive = str2bool(request.POST.get('recursive', False))
             ReposGroupModel().delete_permission(
                 repos_group=group_name, obj=request.POST['user_id'],
                 obj_type='user', recursive=recursive
+            )
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of group user'),
                     category='error')
             raise HTTPInternalServerError()

rhodecode/templates/admin/repos_groups/repos_group_edit_perms.html

➞

Show inline comments

 <table id="permissions_manage" class="noborder">
     <tr>
         <td>${_('none')}</td>
         <td>${_('read')}</td>
         <td>${_('write')}</td>
         <td>${_('admin')}</td>
         <td>${_('member')}</td>
         <td></td>
     </tr>
     ## USERS
     %for r2p in c.repos_group.repo_group_to_perm:
         ##forbid revoking permission from yourself
         <tr id="id${id(r2p.user.username)}">
             %if c.rhodecode_user.user_id != r2p.user.user_id or c.rhodecode_user.is_admin:
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.admin')}</td>
             <td style="white-space: nowrap;">
                 <img class="perm-gravatar" src="${h.gravatar_url(r2p.user.email,14)}"/>${r2p.user.username if r2p.user.username != 'default' else _('default')}
             </td>
             <td>
               %if r2p.user.username !='default':
                 <span class="delete_icon action_button" onclick="ajaxActionUser(${r2p.user.user_id},'${'id%s'%id(r2p.user.username)}')">
                 ${_('revoke')}
                 </span>
               %endif
             </td>
             %else:
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none', disabled="disabled")}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read', disabled="disabled")}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write', disabled="disabled")}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.admin', disabled="disabled")}</td>
             <td style="white-space: nowrap;">
                 <img class="perm-gravatar" src="${h.gravatar_url(r2p.user.email,14)}"/>${r2p.user.username if r2p.user.username != 'default' else _('default')}
             </td>
             <td>
             </td>
             %endif
         </tr>
     %endfor
     ## USERS GROUPS
     %for g2p in c.repos_group.users_group_to_perm:
         <tr id="id${id(g2p.users_group.users_group_name)}">
             <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.none')}</td>
             <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.read')}</td>
             <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.write')}</td>
             <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.admin')}</td>
             <td style="white-space: nowrap;">
                 <img class="perm-gravatar" src="${h.url('/images/icons/group.png')}"/>${g2p.users_group.users_group_name}

0 comments (0 inline, 0 general)