Changeset - bacc854a3853
Parent rev.
Child rev.
[Not reviewed]
default
0 4 0
Søren Løvborg - 9 years ago 2017-03-15 20:39:38
sorenl@unity3d.com
templates: addPermAction JS escaping bugfix (by eliminating expansion bugfix)

In 33b71a130b16, the addPermAction template was incorrectly escaped via
h.jshtml, where it should've been plain h.js.

Instead of merely fixing the escaping, refactor the code to completely
remove the need for escaping anything, by avoiding the template variable
expansion inside the JavaScript.
4 files changed with 21 insertions and 56 deletions:
kallithea/public/js/base.js
15
2
kallithea/templates/admin/repo_groups/repo_group_edit_perms.html
2
18
kallithea/templates/admin/repos/repo_edit_permissions.html
2
18
kallithea/templates/admin/user_groups/user_group_edit_perms.html
2
18
0 comments (0 inline, 0 general)
kallithea/public/js/base.js
Show inline comments
 
@@ -1288,100 +1288,113 @@ var addReviewMember = function(id,fname,
 
        '             <i class="icon-minus-circled"></i>\n'+
 
        '         </a> (add not saved)\n'+
 
        '       </span>\n'+
 
        '     </li>\n'
 
        ).format(gravatarelm, displayname, id);
 
    // check if we don't have this ID already in
 
    var ids = [];
 
    $('#review_members').find('li').each(function() {
 
            ids.push(this.id);
 
        });
 
    if(ids.indexOf('reviewer_'+id) == -1){
 
        //only add if it's not there
 
        $('#review_members').append(element);
 
    }
 
}
 

			




	
	
	
		
 
var removeReviewMember = function(reviewer_id, repo_name, pull_request_id){

			




	
	
	
		
 
    var $li = $('#reviewer_{0}'.format(reviewer_id));

			




	
	
	
		
 
    $li.find('div div').css("text-decoration", "line-through");

			




	
	
	
		
 
    $li.find('input').prop('name', 'review_members_removed');

			




	
	
	
		
 
    $li.find('.reviewer_member_remove').replaceWith('&nbsp;(remove not saved)');

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
/* activate auto completion of users as PR reviewers */

			




	
	
	
		
 
var PullRequestAutoComplete = function ($inputElement, $container, users_list) {

			




	
	
	
		
 

			




	
	
	
		
 
    var matchUsers = function (sQuery) {

			




	
	
	
		
 
        return autocompleteMatchUsers(sQuery, users_list);

			




	
	
	
		
 
    };

			




	
	
	
		
 

			




	
	
	
		
 
    var reviewerAC = autocompleteCreate($inputElement, $container, matchUsers);

			




	
	
	
		
 
    reviewerAC.suppressInputUpdate = true;

			




	
	
	
		
 

			




	
	
	
		
 
    // Handler for selection of an entry

			




	
	
	
		
 
    if(reviewerAC.itemSelectEvent){

			




	
	
	
		
 
        reviewerAC.itemSelectEvent.subscribe(function (sType, aArgs) {

			




	
	
	
		
 
            var myAC = aArgs[0]; // reference back to the AC instance

			




	
	
	
		
 
            var elLI = aArgs[1]; // reference to the selected LI element

			




	
	
	
		
 
            var oData = aArgs[2]; // object literal of selected item's result data

			




	
	
	
		
 

			




	
	
	
		
 
            addReviewMember(oData.id, oData.fname, oData.lname, oData.nname,

			




	
	
	
		
 
                            oData.gravatar_lnk, oData.gravatar_size);

			




	
	
	
		
 
            myAC.getInputEl().value = '';

			




	
	
	
		
 
        });

			




	
	
	
		
 
    }

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
var addPermAction = function(_html, users_list, groups_list){

			




	
	
	
		
 
function addPermAction(perm_type, users_list, groups_list) {

			




	
	
	
		
 
    var template =

			




	
	
	
		
 
        '<td><input type="radio" value="{1}.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td>' +

			




	
	
	
		
 
        '<td><input type="radio" value="{1}.read" checked="checked" name="perm_new_member_{0}" id="perm_new_member_{0}"></td>' +

			




	
	
	
		
 
        '<td><input type="radio" value="{1}.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td>' +

			




	
	
	
		
 
        '<td><input type="radio" value="{1}.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td>' +

			




	
	
	
		
 
        '<td class="ac">' +

			




	
	
	
		
 
            '<div class="perm_ac" id="perm_ac_{0}">' +

			




	
	
	
		
 
                '<input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text">' +

			




	
	
	
		
 
                '<input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden">' +

			




	
	
	
		
 
                '<div id="perm_container_{0}"></div>' +

			




	
	
	
		
 
            '</div>' +

			




	
	
	
		
 
        '</td>' +

			




	
	
	
		
 
        '<td></td>';

			




	
	
	
		
 
    var $last_node = $('.last_new_member').last(); // empty tr between last and add

			




	
	
	
		
 
    var next_id = $('.new_members').length;

			




	
	
	
		
 
    $last_node.before($('<tr class="new_members">').append(_html.format(next_id)));

			




	
	
	
		
 
    $last_node.before($('<tr class="new_members">').append(template.format(next_id, perm_type)));

			




	
	
	
		
 
    MembersAutoComplete($("#perm_new_member_name_"+next_id),

			




	
	
	
		
 
            $("#perm_container_"+next_id), users_list, groups_list);

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
function ajaxActionRevokePermission(url, obj_id, obj_type, field_id, extra_data) {

			




	
	
	
		
 
    var success = function (o) {

			




	
	
	
		
 
            $('#' + field_id).remove();

			




	
	
	
		
 
        };

			




	
	
	
		
 
    var failure = function (o) {

			




	
	
	
		
 
            alert(_TM['Failed to revoke permission'] + ": " + o.status);

			




	
	
	
		
 
        };

			




	
	
	
		
 
    var query_params = {};

			




	
	
	
		
 
    // put extra data into POST

			




	
	
	
		
 
    if (extra_data !== undefined && (typeof extra_data === 'object')){

			




	
	
	
		
 
        for(var k in extra_data){

			




	
	
	
		
 
            query_params[k] = extra_data[k];

			




	
	
	
		
 
        }

			




	
	
	
		
 
    }

			




	
	
	
		
 

			




	
	
	
		
 
    if (obj_type=='user'){

			




	
	
	
		
 
        query_params['user_id'] = obj_id;

			




	
	
	
		
 
        query_params['obj_type'] = 'user';

			




	
	
	
		
 
    }

			




	
	
	
		
 
    else if (obj_type=='user_group'){

			




	
	
	
		
 
        query_params['user_group_id'] = obj_id;

			




	
	
	
		
 
        query_params['obj_type'] = 'user_group';

			




	
	
	
		
 
    }

			




	
	
	
		
 

			




	
	
	
		
 
    ajaxPOST(url, query_params, success, failure);

			




	
	
	
		
 
};

			




	
	
	
		
 

			




	
	
	
		
 
/* Multi selectors */

			




	
	
	
		
 

			




	
	
	
		
 
var MultiSelectWidget = function(selected_id, available_id, form_id){

			




	
	
	
		
 
    var $availableselect = $('#' + available_id);

			




	
	
	
		
 
    var $selectedselect = $('#' + selected_id);

			




	
	
	
		
 

			




	
	
	
		
 
    //fill available only with those not in selected

			




	
	
	
		
 
    var $selectedoptions = $selectedselect.children('option');

			




	
	
	
		
 
    $availableselect.children('option').filter(function(i, e){

			




	
	
	
		
 
            for(var j = 0, node; node = $selectedoptions[j]; j++){

			




	
	
	
		
 
                if(node.value == e.value){

			




	
	
	
		
 
                    return true;

			




	
	
	
		
 
                }

			




	
	
	
		
 
            }

			




	
	
	
		
 
            return false;

			




	
	
	
		
 
        }).remove();

			




	
	
	
		
 

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/repo_groups/repo_group_edit_perms.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -28,112 +28,96 @@ ${h.form(url('edit_repo_group_perms', gr

			




	
	
	
		
 
                             ${r2p.user.username if r2p.user.username != 'default' else _('Default')}

			




	
	
	
		
 
                            %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                          %if r2p.user.username !='default':

			




	
	
	
		
 
                            <span style="color:#da4f49" class="btn btn-default btn-xs" onclick="ajaxActionRevoke(${r2p.user.user_id}, 'user', '${'id%s'%id(r2p.user.username)}', '${r2p.user.username}')">

			




	
	
	
		
 
                             <i class="icon-minus-circled"></i> ${_('Revoke')}

			




	
	
	
		
 
                            </span>

			




	
	
	
		
 
                          %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                      %else:

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.admin', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            ${h.gravatar(r2p.user.email, cls="perm-gravatar", size=14)}

			




	
	
	
		
 
                            ${r2p.user.username if r2p.user.username != 'default' else _('Default')}

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td><i class="icon-user"></i> ${_('Admin')}</td>

			




	
	
	
		
 
                      %endif

			




	
	
	
		
 
                    </tr>

			




	
	
	
		
 
                %endfor

			




	
	
	
		
 

			




	
	
	
		
 
                ## USER GROUPS

			




	
	
	
		
 
                %for g2p in c.repo_group.users_group_to_perm:

			




	
	
	
		
 
                    <tr id="id${id(g2p.users_group.users_group_name)}">

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.none')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.read')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.write')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.admin')}</td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            <i class="icon-users"></i>

			




	
	
	
		
 
                            %if h.HasPermissionAny('hg.admin')():

			




	
	
	
		
 
                             <a href="${h.url('edit_users_group',id=g2p.users_group.users_group_id)}">

			




	
	
	
		
 
                                 ${g2p.users_group.users_group_name}

			




	
	
	
		
 
                             </a>

			




	
	
	
		
 
                            %else:

			




	
	
	
		
 
                             ${g2p.users_group.users_group_name}

			




	
	
	
		
 
                            %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            <span style="color:#da4f49" class="btn btn-default btn-xs" onclick="ajaxActionRevoke(${g2p.users_group.users_group_id}, 'user_group', '${'id%s'%id(g2p.users_group.users_group_name)}', '${g2p.users_group.users_group_name}')">

			




	
	
	
		
 
                            <i class="icon-minus-circled"></i> ${_('Revoke')}

			




	
	
	
		
 
                            </span>

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                    </tr>

			




	
	
	
		
 
                %endfor

			




	
	
	
		
 

			




	
	
	
		
 
                <%

			




	
	
	
		
 
                _tmpl = """\

			




	
	
	
		
 
                    <td><input type="radio" value="group.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="group.read" checked="checked" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="group.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="group.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td class="ac"> \

			




	
	
	
		
 
                        <div class="perm_ac" id="perm_ac_{0}"> \

			




	
	
	
		
 
                            <input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text"> \

			




	
	
	
		
 
                            <input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden">  \

			




	
	
	
		
 
                            <div id="perm_container_{0}"></div> \

			




	
	
	
		
 
                        </div> \

			




	
	
	
		
 
                    </td> \

			




	
	
	
		
 
                    <td></td>"""

			




	
	
	
		
 
                %>

			




	
	
	
		
 
                ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl'

			




	
	
	
		
 
                ## New entries added by addPermAction here.

			




	
	
	
		
 
                <tr class="new_members last_new_member" id="add_perm_input"><td colspan="6"></td></tr>

			




	
	
	
		
 
                <tr>

			




	
	
	
		
 
                    <td colspan="6">

			




	
	
	
		
 
                        <span id="add_perm" style="cursor: pointer;">

			




	
	
	
		
 
                            <i class="icon-plus"></i> ${_('Add new')}

			




	
	
	
		
 
                        </span>

			




	
	
	
		
 
                    </td>

			




	
	
	
		
 
                </tr>

			




	
	
	
		
 
                <tr>

			




	
	
	
		
 
                    <td colspan="6">

			




	
	
	
		
 
                       ${_('Apply to children')}:

			




	
	
	
		
 
                       ${h.radio('recursive', 'none', label=_('None'), checked="checked")}

			




	
	
	
		
 
                       ${h.radio('recursive', 'groups', label=_('Repository Groups'))}

			




	
	
	
		
 
                       ${h.radio('recursive', 'repos', label=_('Repositories'))}

			




	
	
	
		
 
                       ${h.radio('recursive', 'all', label=_('Both'))}

			




	
	
	
		
 
                       <span class="help-block">${_('Set or revoke permission to all children of that group, including non-private repositories and other groups if selected.')}</span>

			




	
	
	
		
 
                    </td>

			




	
	
	
		
 
                </tr>

			




	
	
	
		
 
            </table>

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
        <div class="buttons">

			




	
	
	
		
 
            ${h.submit('save',_('Save'),class_="btn btn-default")}

			




	
	
	
		
 
            ${h.reset('reset',_('Reset'),class_="btn btn-default")}

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
</div>

			




	
	
	
		
 
${h.end_form()}

			




	
	
	
		
 

			




	
	
	
		
 
<script type="text/javascript">

			




	
	
	
		
 
    function ajaxActionRevoke(obj_id, obj_type, field_id, obj_name) {

			




	
	
	
		
 
        url = ${h.jshtml(h.url('edit_repo_group_perms_delete', group_name=c.repo_group.group_name))};

			




	
	
	
		
 
        var revoke_msg = _TM['Confirm to revoke permission for {0}: {1} ?'].format(obj_type.replace('_', ' '), obj_name);

			




	
	
	
		
 
        if (confirm(revoke_msg)){

			




	
	
	
		
 
            var recursive = $('input[name=recursive]:checked').val();

			




	
	
	
		
 
            ajaxActionRevokePermission(url, obj_id, obj_type, field_id, {recursive:recursive});

			




	
	
	
		
 
        }

			




	
	
	
		
 
    };

			




	
	
	
		
 

			




	
	
	
		
 
    $(document).ready(function () {

			




	
	
	
		
 
        if (!$('#perm_new_member_name').hasClass('error')) {

			




	
	
	
		
 
            $('#add_perm_input').hide();

			




	
	
	
		
 
        }

			




	
	
	
		
 
        $('#add_perm').click(function () {

			




	
	
	
		
 
            addPermAction(${h.jshtml(_tmpl)}, ${h.js(c.users_array)}, ${h.js(c.user_groups_array)});

			




	
	
	
		
 
            addPermAction('group', ${h.js(c.users_array)}, ${h.js(c.user_groups_array)});

			




	
	
	
		
 
        });

			




	
	
	
		
 
    });

			




	
	
	
		
 
</script>

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/repos/repo_edit_permissions.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -25,101 +25,85 @@ ${h.form(url('edit_repo_perms_update', r

			




	
	
	
		
 
                        </tr>

			




	
	
	
		
 
                    %else:

			




	
	
	
		
 
                    <tr id="id${id(r2p.user.username)}">

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'repository.none')}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'repository.read')}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'repository.write')}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'repository.admin')}</td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            ${h.gravatar(r2p.user.email, size=14)}

			




	
	
	
		
 
                            %if h.HasPermissionAny('hg.admin')() and r2p.user.username != 'default':

			




	
	
	
		
 
                             <a href="${h.url('edit_user',id=r2p.user.user_id)}">${r2p.user.username}</a>

			




	
	
	
		
 
                            %else:

			




	
	
	
		
 
                             ${r2p.user.username if r2p.user.username != 'default' else _('Default')}

			




	
	
	
		
 
                            %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                          %if r2p.user.username !='default':

			




	
	
	
		
 
                            <span style="color:#da4f49" class="btn btn-default btn-xs" onclick="ajaxActionRevoke(${r2p.user.user_id}, 'user', '${'id%s'%id(r2p.user.username)}', '${r2p.user.username}')">

			




	
	
	
		
 
                            <i class="icon-minus-circled"></i> ${_('Revoke')}

			




	
	
	
		
 
                            </span>

			




	
	
	
		
 
                          %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                    </tr>

			




	
	
	
		
 
                    %endif

			




	
	
	
		
 
                %endfor

			




	
	
	
		
 

			




	
	
	
		
 
                ## USER GROUPS

			




	
	
	
		
 
                %for g2p in sorted(c.repo_info.users_group_to_perm, key=lambda x:x.users_group.users_group_name):

			




	
	
	
		
 
                    <tr id="id${id(g2p.users_group.users_group_name)}">

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'repository.none')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'repository.read')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'repository.write')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'repository.admin')}</td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            <i class="icon-users"></i>

			




	
	
	
		
 
                            %if h.HasPermissionAny('hg.admin')():

			




	
	
	
		
 
                             <a href="${h.url('edit_users_group',id=g2p.users_group.users_group_id)}">${g2p.users_group.users_group_name}</a>

			




	
	
	
		
 
                            %else:

			




	
	
	
		
 
                             ${g2p.users_group.users_group_name}

			




	
	
	
		
 
                            %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            <span style="color:#da4f49" class="btn btn-default btn-xs" onclick="ajaxActionRevoke(${g2p.users_group.users_group_id}, 'user_group', '${'id%s'%id(g2p.users_group.users_group_name)}', '${g2p.users_group.users_group_name}')">

			




	
	
	
		
 
                            <i class="icon-minus-circled"></i> ${_('Revoke')}

			




	
	
	
		
 
                            </span>

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                    </tr>

			




	
	
	
		
 
                %endfor

			




	
	
	
		
 

			




	
	
	
		
 
                <%

			




	
	
	
		
 
                _tmpl = """\

			




	
	
	
		
 
                    <td><input type="radio" value="repository.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="repository.read" checked="checked" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="repository.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="repository.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td class="ac"> \

			




	
	
	
		
 
                        <div class="perm_ac" id="perm_ac_{0}"> \

			




	
	
	
		
 
                            <input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text"> \

			




	
	
	
		
 
                            <input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden">  \

			




	
	
	
		
 
                            <div id="perm_container_{0}"></div> \

			




	
	
	
		
 
                        </div> \

			




	
	
	
		
 
                    </td> \

			




	
	
	
		
 
                    <td></td>"""

			




	
	
	
		
 
                %>

			




	
	
	
		
 
                ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl'

			




	
	
	
		
 
                ## New entries added by addPermAction here.

			




	
	
	
		
 
                <tr class="new_members last_new_member" id="add_perm_input"><td colspan="6"></td></tr>

			




	
	
	
		
 
                <tr>

			




	
	
	
		
 
                    <td colspan="6">

			




	
	
	
		
 
                        <span id="add_perm" style="cursor: pointer;">

			




	
	
	
		
 
                            <i class="icon-plus"></i> ${_('Add new')}

			




	
	
	
		
 
                        </span>

			




	
	
	
		
 
                    </td>

			




	
	
	
		
 
                </tr>

			




	
	
	
		
 
            </table>

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
        <div class="form-group">

			




	
	
	
		
 
            ${h.submit('save',_('Save'),class_="btn btn-default")}

			




	
	
	
		
 
            ${h.reset('reset',_('Reset'),class_="btn btn-default")}

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
</div>

			




	
	
	
		
 
${h.end_form()}

			




	
	
	
		
 

			




	
	
	
		
 
<script type="text/javascript">

			




	
	
	
		
 
    function ajaxActionRevoke(obj_id, obj_type, field_id, obj_name) {

			




	
	
	
		
 
        url = ${h.js(h.url('edit_repo_perms_revoke',repo_name=c.repo_name))};

			




	
	
	
		
 
        var revoke_msg = _TM['Confirm to revoke permission for {0}: {1} ?'].format(obj_type.replace('_', ' '), obj_name);

			




	
	
	
		
 
        if (confirm(revoke_msg)){

			




	
	
	
		
 
            ajaxActionRevokePermission(url, obj_id, obj_type, field_id);

			




	
	
	
		
 
        }

			




	
	
	
		
 
    };

			




	
	
	
		
 

			




	
	
	
		
 
    $(document).ready(function () {

			




	
	
	
		
 
        if (!$('#perm_new_member_name').hasClass('error')) {

			




	
	
	
		
 
            $('#add_perm_input').hide();

			




	
	
	
		
 
        }

			




	
	
	
		
 
        $('#add_perm').click(function () {

			




	
	
	
		
 
            addPermAction(${h.jshtml(_tmpl)}, ${h.js(c.users_array)}, ${h.js(c.user_groups_array)});

			




	
	
	
		
 
            addPermAction('repository', ${h.js(c.users_array)}, ${h.js(c.user_groups_array)});

			




	
	
	
		
 
        });

			




	
	
	
		
 
    });

			




	
	
	
		
 
</script>

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/user_groups/user_group_edit_perms.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -28,101 +28,85 @@ ${h.form(url('edit_user_group_perms_upda

			




	
	
	
		
 
                             ${r2p.user.username if r2p.user.username != 'default' else _('Default')}

			




	
	
	
		
 
                            %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                          %if r2p.user.username !='default':

			




	
	
	
		
 
                            <span style="color:#da4f49" class="btn btn-default btn-xs" onclick="ajaxActionRevoke(${r2p.user.user_id}, 'user', '${'id%s'%id(r2p.user.username)}', '${r2p.user.username}')">

			




	
	
	
		
 
                             <i class="icon-minus-circled"></i> ${_('Revoke')}

			




	
	
	
		
 
                            </span>

			




	
	
	
		
 
                          %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                      %else:

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.none', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.read', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.write', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.admin', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            ${h.gravatar(r2p.user.email, cls="perm-gravatar", size=14)}

			




	
	
	
		
 
                            ${r2p.user.username if r2p.user.username != 'default' else _('Default')}

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td><i class="icon-user"></i> ${_('Admin')}</td>

			




	
	
	
		
 
                      %endif

			




	
	
	
		
 
                    </tr>

			




	
	
	
		
 
                %endfor

			




	
	
	
		
 

			




	
	
	
		
 
                ## USER GROUPS

			




	
	
	
		
 
                %for g2p in c.user_group.user_group_user_group_to_perm:

			




	
	
	
		
 
                    <tr id="id${id(g2p.user_group.users_group_name)}">

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.none')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.read')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.write')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.admin')}</td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            <i class="icon-users"></i>

			




	
	
	
		
 
                            %if h.HasPermissionAny('hg.admin')():

			




	
	
	
		
 
                             <a href="${h.url('edit_users_group',id=g2p.user_group.users_group_id)}">

			




	
	
	
		
 
                                 ${g2p.user_group.users_group_name}

			




	
	
	
		
 
                             </a>

			




	
	
	
		
 
                            %else:

			




	
	
	
		
 
                             ${g2p.user_group.users_group_name}

			




	
	
	
		
 
                            %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            <span style="color:#da4f49" class="btn btn-default btn-xs" onclick="ajaxActionRevoke(${g2p.user_group.users_group_id}, 'user_group', '${'id%s'%id(g2p.user_group.users_group_name)}', '${g2p.user_group.users_group_name}')">

			




	
	
	
		
 
                            <i class="icon-minus-circled"></i> ${_('Revoke')}

			




	
	
	
		
 
                            </span>

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                    </tr>

			




	
	
	
		
 
                %endfor

			




	
	
	
		
 

			




	
	
	
		
 
                <%

			




	
	
	
		
 
                _tmpl = """\

			




	
	
	
		
 
                    <td><input type="radio" value="usergroup.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="usergroup.read" checked="checked" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="usergroup.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="usergroup.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td class="ac"> \

			




	
	
	
		
 
                        <div class="perm_ac" id="perm_ac_{0}"> \

			




	
	
	
		
 
                            <input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text"> \

			




	
	
	
		
 
                            <input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden">  \

			




	
	
	
		
 
                            <div id="perm_container_{0}"></div> \

			




	
	
	
		
 
                        </div> \

			




	
	
	
		
 
                    </td> \

			




	
	
	
		
 
                    <td></td>"""

			




	
	
	
		
 
                %>

			




	
	
	
		
 
                ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl'

			




	
	
	
		
 
                ## New entries added by addPermAction here.

			




	
	
	
		
 
                <tr class="new_members last_new_member" id="add_perm_input"><td colspan="6"></td></tr>

			




	
	
	
		
 
                <tr>

			




	
	
	
		
 
                    <td colspan="6">

			




	
	
	
		
 
                        <span id="add_perm" class="btn">

			




	
	
	
		
 
                            <i class="icon-plus"></i> ${_('Add new')}

			




	
	
	
		
 
                        </span>

			




	
	
	
		
 
                    </td>

			




	
	
	
		
 
                </tr>

			




	
	
	
		
 
            </table>

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
        <div class="buttons">

			




	
	
	
		
 
            ${h.submit('save',_('Save'),class_="btn btn-default")}

			




	
	
	
		
 
            ${h.reset('reset',_('Reset'),class_="btn btn-default")}

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
   </div>

			




	
	
	
		
 
</div>

			




	
	
	
		
 
${h.end_form()}

			




	
	
	
		
 

			




	
	
	
		
 
<script type="text/javascript">

			




	
	
	
		
 
    function ajaxActionRevoke(obj_id, obj_type, field_id, obj_name) {

			




	
	
	
		
 
        url = ${h.js(h.url('edit_user_group_perms_delete', id=c.user_group.users_group_id))};

			




	
	
	
		
 
        var revoke_msg = _TM['Confirm to revoke permission for {0}: {1} ?'].format(obj_type.replace('_', ' '), obj_name);

			




	
	
	
		
 
        if (confirm(revoke_msg)){

			




	
	
	
		
 
            ajaxActionRevokePermission(url, obj_id, obj_type, field_id);

			




	
	
	
		
 
        }

			




	
	
	
		
 
    };

			




	
	
	
		
 

			




	
	
	
		
 
    $(document).ready(function () {

			




	
	
	
		
 
        if (!$('#perm_new_member_name').hasClass('error')) {

			




	
	
	
		
 
            $('#add_perm_input').hide();

			




	
	
	
		
 
        }

			




	
	
	
		
 
        $('#add_perm').click(function () {

			




	
	
	
		
 
            addPermAction(${h.jshtml(_tmpl)}, ${h.js(c.users_array)}, ${h.js(c.user_groups_array)});

			




	
	
	
		
 
            addPermAction('usergroup', ${h.js(c.users_array)}, ${h.js(c.user_groups_array)});

			




	
	
	
		
 
        });

			




	
	
	
		
 
    });

			




	
	
	
		
 
</script>

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.