Changeset - bacc854a3853
Parent rev.
Child rev.
[Not reviewed]
default
0 4 0
Søren Løvborg - 9 years ago 2017-03-15 20:39:38
sorenl@unity3d.com
templates: addPermAction JS escaping bugfix (by eliminating expansion bugfix)

In 33b71a130b16, the addPermAction template was incorrectly escaped via
h.jshtml, where it should've been plain h.js.

Instead of merely fixing the escaping, refactor the code to completely
remove the need for escaping anything, by avoiding the template variable
expansion inside the JavaScript.
4 files changed with 21 insertions and 56 deletions:
kallithea/public/js/base.js
15
2
kallithea/templates/admin/repo_groups/repo_group_edit_perms.html
2
18
kallithea/templates/admin/repos/repo_edit_permissions.html
2
18
kallithea/templates/admin/user_groups/user_group_edit_perms.html
2
18
0 comments (0 inline, 0 general)
kallithea/public/js/base.js
Show inline comments
 
@@ -1240,196 +1240,209 @@ var MentionsAutoComplete = function ($in
 
        chunks.push(org.substr(max_pos));  // postfix chunk
 

			




	
	
	
		
 
        // clean up msg2 for filtering and regex match

			




	
	
	
		
 
        var msg2 = msg2.lstrip(' ').lstrip('\n');

			




	
	
	
		
 

			




	
	
	
		
 
        if(re.test(msg2)){

			




	
	
	
		
 
            var unam = re.exec(msg2)[1];

			




	
	
	
		
 
            return [unam, chunks];

			




	
	
	
		
 
        }

			




	
	
	
		
 
        return [null, null];

			




	
	
	
		
 
    };

			




	
	
	
		
 

			




	
	
	
		
 
    $inputElement.keyup(function(e){

			




	
	
	
		
 
            var currentMessage = $inputElement.val();

			




	
	
	
		
 
            var currentCaretPosition = $inputElement[0].selectionStart;

			




	
	
	
		
 

			




	
	
	
		
 
            var unam = mentionsAC.get_mention(currentMessage, currentCaretPosition);

			




	
	
	
		
 
            var curr_search = null;

			




	
	
	
		
 
            if(unam[0]){

			




	
	
	
		
 
                curr_search = unam[0];

			




	
	
	
		
 
            }

			




	
	
	
		
 

			




	
	
	
		
 
            mentionsAC.dataSource.chunks = unam[1];

			




	
	
	
		
 
            mentionsAC.dataSource.mentionQuery = curr_search;

			




	
	
	
		
 
        });

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
var addReviewMember = function(id,fname,lname,nname,gravatar_link,gravatar_size){

			




	
	
	
		
 
    var displayname = nname;

			




	
	
	
		
 
    if ((fname != "") && (lname != "")) {

			




	
	
	
		
 
        displayname = "{0} {1} ({2})".format(fname, lname, nname);

			




	
	
	
		
 
    }

			




	
	
	
		
 
    var gravatarelm = gravatar(gravatar_link, gravatar_size, "");

			




	
	
	
		
 
    // WARNING: the HTML below is duplicate with

			




	
	
	
		
 
    // kallithea/templates/pullrequests/pullrequest_show.html

			




	
	
	
		
 
    // If you change something here it should be reflected in the template too.

			




	
	
	
		
 
    var element = (

			




	
	
	
		
 
        '     <li id="reviewer_{2}">\n'+

			




	
	
	
		
 
        '       <span class="reviewers_member">\n'+

			




	
	
	
		
 
        '         <span class="reviewer_status" data-toggle="tooltip" title="not_reviewed">\n'+

			




	
	
	
		
 
        '             <i class="icon-circle changeset-status-not_reviewed"></i>\n'+

			




	
	
	
		
 
        '         </span>\n'+

			




	
	
	
		
 
        (gravatarelm ?

			




	
	
	
		
 
        '         {0}\n' :

			




	
	
	
		
 
        '')+

			




	
	
	
		
 
        '         <span>{1}</span>\n'+

			




	
	
	
		
 
        '         <input type="hidden" value="{2}" name="review_members" />\n'+

			




	
	
	
		
 
        '         <a href="#" class="reviewer_member_remove" onclick="removeReviewMember({2})">\n'+

			




	
	
	
		
 
        '             <i class="icon-minus-circled"></i>\n'+

			




	
	
	
		
 
        '         </a> (add not saved)\n'+

			




	
	
	
		
 
        '       </span>\n'+

			




	
	
	
		
 
        '     </li>\n'

			




	
	
	
		
 
        ).format(gravatarelm, displayname, id);

			




	
	
	
		
 
    // check if we don't have this ID already in

			




	
	
	
		
 
    var ids = [];

			




	
	
	
		
 
    $('#review_members').find('li').each(function() {

			




	
	
	
		
 
            ids.push(this.id);

			




	
	
	
		
 
        });

			




	
	
	
		
 
    if(ids.indexOf('reviewer_'+id) == -1){

			




	
	
	
		
 
        //only add if it's not there

			




	
	
	
		
 
        $('#review_members').append(element);

			




	
	
	
		
 
    }

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
var removeReviewMember = function(reviewer_id, repo_name, pull_request_id){

			




	
	
	
		
 
    var $li = $('#reviewer_{0}'.format(reviewer_id));

			




	
	
	
		
 
    $li.find('div div').css("text-decoration", "line-through");

			




	
	
	
		
 
    $li.find('input').prop('name', 'review_members_removed');

			




	
	
	
		
 
    $li.find('.reviewer_member_remove').replaceWith('&nbsp;(remove not saved)');

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
/* activate auto completion of users as PR reviewers */

			




	
	
	
		
 
var PullRequestAutoComplete = function ($inputElement, $container, users_list) {

			




	
	
	
		
 

			




	
	
	
		
 
    var matchUsers = function (sQuery) {

			




	
	
	
		
 
        return autocompleteMatchUsers(sQuery, users_list);

			




	
	
	
		
 
    };

			




	
	
	
		
 

			




	
	
	
		
 
    var reviewerAC = autocompleteCreate($inputElement, $container, matchUsers);

			




	
	
	
		
 
    reviewerAC.suppressInputUpdate = true;

			




	
	
	
		
 

			




	
	
	
		
 
    // Handler for selection of an entry

			




	
	
	
		
 
    if(reviewerAC.itemSelectEvent){

			




	
	
	
		
 
        reviewerAC.itemSelectEvent.subscribe(function (sType, aArgs) {

			




	
	
	
		
 
            var myAC = aArgs[0]; // reference back to the AC instance

			




	
	
	
		
 
            var elLI = aArgs[1]; // reference to the selected LI element

			




	
	
	
		
 
            var oData = aArgs[2]; // object literal of selected item's result data

			




	
	
	
		
 

			




	
	
	
		
 
            addReviewMember(oData.id, oData.fname, oData.lname, oData.nname,

			




	
	
	
		
 
                            oData.gravatar_lnk, oData.gravatar_size);

			




	
	
	
		
 
            myAC.getInputEl().value = '';

			




	
	
	
		
 
        });

			




	
	
	
		
 
    }

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
var addPermAction = function(_html, users_list, groups_list){

			




	
	
	
		
 
function addPermAction(perm_type, users_list, groups_list) {

			




	
	
	
		
 
    var template =

			




	
	
	
		
 
        '<td><input type="radio" value="{1}.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td>' +

			




	
	
	
		
 
        '<td><input type="radio" value="{1}.read" checked="checked" name="perm_new_member_{0}" id="perm_new_member_{0}"></td>' +

			




	
	
	
		
 
        '<td><input type="radio" value="{1}.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td>' +

			




	
	
	
		
 
        '<td><input type="radio" value="{1}.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td>' +

			




	
	
	
		
 
        '<td class="ac">' +

			




	
	
	
		
 
            '<div class="perm_ac" id="perm_ac_{0}">' +

			




	
	
	
		
 
                '<input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text">' +

			




	
	
	
		
 
                '<input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden">' +

			




	
	
	
		
 
                '<div id="perm_container_{0}"></div>' +

			




	
	
	
		
 
            '</div>' +

			




	
	
	
		
 
        '</td>' +

			




	
	
	
		
 
        '<td></td>';

			




	
	
	
		
 
    var $last_node = $('.last_new_member').last(); // empty tr between last and add

			




	
	
	
		
 
    var next_id = $('.new_members').length;

			




	
	
	
		
 
    $last_node.before($('<tr class="new_members">').append(_html.format(next_id)));

			




	
	
	
		
 
    $last_node.before($('<tr class="new_members">').append(template.format(next_id, perm_type)));

			




	
	
	
		
 
    MembersAutoComplete($("#perm_new_member_name_"+next_id),

			




	
	
	
		
 
            $("#perm_container_"+next_id), users_list, groups_list);

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
function ajaxActionRevokePermission(url, obj_id, obj_type, field_id, extra_data) {

			




	
	
	
		
 
    var success = function (o) {

			




	
	
	
		
 
            $('#' + field_id).remove();

			




	
	
	
		
 
        };

			




	
	
	
		
 
    var failure = function (o) {

			




	
	
	
		
 
            alert(_TM['Failed to revoke permission'] + ": " + o.status);

			




	
	
	
		
 
        };

			




	
	
	
		
 
    var query_params = {};

			




	
	
	
		
 
    // put extra data into POST

			




	
	
	
		
 
    if (extra_data !== undefined && (typeof extra_data === 'object')){

			




	
	
	
		
 
        for(var k in extra_data){

			




	
	
	
		
 
            query_params[k] = extra_data[k];

			




	
	
	
		
 
        }

			




	
	
	
		
 
    }

			




	
	
	
		
 

			




	
	
	
		
 
    if (obj_type=='user'){

			




	
	
	
		
 
        query_params['user_id'] = obj_id;

			




	
	
	
		
 
        query_params['obj_type'] = 'user';

			




	
	
	
		
 
    }

			




	
	
	
		
 
    else if (obj_type=='user_group'){

			




	
	
	
		
 
        query_params['user_group_id'] = obj_id;

			




	
	
	
		
 
        query_params['obj_type'] = 'user_group';

			




	
	
	
		
 
    }

			




	
	
	
		
 

			




	
	
	
		
 
    ajaxPOST(url, query_params, success, failure);

			




	
	
	
		
 
};

			




	
	
	
		
 

			




	
	
	
		
 
/* Multi selectors */

			




	
	
	
		
 

			




	
	
	
		
 
var MultiSelectWidget = function(selected_id, available_id, form_id){

			




	
	
	
		
 
    var $availableselect = $('#' + available_id);

			




	
	
	
		
 
    var $selectedselect = $('#' + selected_id);

			




	
	
	
		
 

			




	
	
	
		
 
    //fill available only with those not in selected

			




	
	
	
		
 
    var $selectedoptions = $selectedselect.children('option');

			




	
	
	
		
 
    $availableselect.children('option').filter(function(i, e){

			




	
	
	
		
 
            for(var j = 0, node; node = $selectedoptions[j]; j++){

			




	
	
	
		
 
                if(node.value == e.value){

			




	
	
	
		
 
                    return true;

			




	
	
	
		
 
                }

			




	
	
	
		
 
            }

			




	
	
	
		
 
            return false;

			




	
	
	
		
 
        }).remove();

			




	
	
	
		
 

			




	
	
	
		
 
    $('#add_element').click(function(e){

			




	
	
	
		
 
            $selectedselect.append($availableselect.children('option:selected'));

			




	
	
	
		
 
        });

			




	
	
	
		
 
    $('#remove_element').click(function(e){

			




	
	
	
		
 
            $availableselect.append($selectedselect.children('option:selected'));

			




	
	
	
		
 
        });

			




	
	
	
		
 

			




	
	
	
		
 
    $('#'+form_id).submit(function(){

			




	
	
	
		
 
            $selectedselect.children('option').each(function(i, e){

			




	
	
	
		
 
                e.selected = 'selected';

			




	
	
	
		
 
            });

			




	
	
	
		
 
        });

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
/**

			




	
	
	
		
 
 Branch Sorting callback for select2, modifying the filtered result so prefix

			




	
	
	
		
 
 matches come before matches in the line.

			




	
	
	
		
 
 **/

			




	
	
	
		
 
var branchSort = function(results, container, query) {

			




	
	
	
		
 
    if (query.term) {

			




	
	
	
		
 
        return results.sort(function (a, b) {

			




	
	
	
		
 
            // Put closed branches after open ones (a bit of a hack ...)

			




	
	
	
		
 
            var aClosed = a.text.indexOf("(closed)") > -1,

			




	
	
	
		
 
                bClosed = b.text.indexOf("(closed)") > -1;

			




	
	
	
		
 
            if (aClosed && !bClosed) {

			




	
	
	
		
 
                return 1;

			




	
	
	
		
 
            }

			




	
	
	
		
 
            if (bClosed && !aClosed) {

			




	
	
	
		
 
                return -1;

			




	
	
	
		
 
            }

			




	
	
	
		
 

			




	
	
	
		
 
            // Put early (especially prefix) matches before later matches

			




	
	
	
		
 
            var aPos = a.text.toLowerCase().indexOf(query.term.toLowerCase()),

			




	
	
	
		
 
                bPos = b.text.toLowerCase().indexOf(query.term.toLowerCase());

			




	
	
	
		
 
            if (aPos < bPos) {

			




	
	
	
		
 
                return -1;

			




	
	
	
		
 
            }

			




	
	
	
		
 
            if (bPos < aPos) {

			




	
	
	
		
 
                return 1;

			




	
	
	
		
 
            }

			




	
	
	
		
 

			




	
	
	
		
 
            // Default sorting

			




	
	
	
		
 
            if (a.text > b.text) {

			




	
	
	
		
 
                return 1;

			




	
	
	
		
 
            }

			




	
	
	
		
 
            if (a.text < b.text) {

			




	
	
	
		
 
                return -1;

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/repo_groups/repo_group_edit_perms.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
${h.form(url('edit_repo_group_perms', group_name=c.repo_group.group_name))}

			




	
	
	
		
 
<div class="form">

			




	
	
	
		
 
    <div>

			




	
	
	
		
 
        <div>

			




	
	
	
		
 
            <table id="permissions_manage" class="table">

			




	
	
	
		
 
                <tr>

			




	
	
	
		
 
                    <td>${_('None')}<br />(${_('Not visible')})</td>

			




	
	
	
		
 
                    <td>${_('Read')}<br />(${_('Visible')})</td>

			




	
	
	
		
 
                    <td>${_('Write')}<br />(${_('Add repos')})</td>

			




	
	
	
		
 
                    <td>${_('Admin')}<br />(${_('Add/Edit groups')})</td>

			




	
	
	
		
 
                    <td>${_('User/User Group')}</td>

			




	
	
	
		
 
                    <td></td>

			




	
	
	
		
 
                </tr>

			




	
	
	
		
 
                ## USERS

			




	
	
	
		
 
                %for r2p in c.repo_group.repo_group_to_perm:

			




	
	
	
		
 
                    ##forbid revoking permission from yourself, except if you're an super admin

			




	
	
	
		
 
                    <tr id="id${id(r2p.user.username)}">

			




	
	
	
		
 
                      %if request.authuser.user_id != r2p.user.user_id or request.authuser.is_admin:

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none')}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read')}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write')}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.admin')}</td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            ${h.gravatar(r2p.user.email, cls="perm-gravatar", size=14)}

			




	
	
	
		
 
                            %if h.HasPermissionAny('hg.admin')() and r2p.user.username != 'default':

			




	
	
	
		
 
                             <a href="${h.url('edit_user',id=r2p.user.user_id)}">${r2p.user.username}</a>

			




	
	
	
		
 
                            %else:

			




	
	
	
		
 
                             ${r2p.user.username if r2p.user.username != 'default' else _('Default')}

			




	
	
	
		
 
                            %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                          %if r2p.user.username !='default':

			




	
	
	
		
 
                            <span style="color:#da4f49" class="btn btn-default btn-xs" onclick="ajaxActionRevoke(${r2p.user.user_id}, 'user', '${'id%s'%id(r2p.user.username)}', '${r2p.user.username}')">

			




	
	
	
		
 
                             <i class="icon-minus-circled"></i> ${_('Revoke')}

			




	
	
	
		
 
                            </span>

			




	
	
	
		
 
                          %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                      %else:

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.admin', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            ${h.gravatar(r2p.user.email, cls="perm-gravatar", size=14)}

			




	
	
	
		
 
                            ${r2p.user.username if r2p.user.username != 'default' else _('Default')}

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td><i class="icon-user"></i> ${_('Admin')}</td>

			




	
	
	
		
 
                      %endif

			




	
	
	
		
 
                    </tr>

			




	
	
	
		
 
                %endfor

			




	
	
	
		
 

			




	
	
	
		
 
                ## USER GROUPS

			




	
	
	
		
 
                %for g2p in c.repo_group.users_group_to_perm:

			




	
	
	
		
 
                    <tr id="id${id(g2p.users_group.users_group_name)}">

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.none')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.read')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.write')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.admin')}</td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            <i class="icon-users"></i>

			




	
	
	
		
 
                            %if h.HasPermissionAny('hg.admin')():

			




	
	
	
		
 
                             <a href="${h.url('edit_users_group',id=g2p.users_group.users_group_id)}">

			




	
	
	
		
 
                                 ${g2p.users_group.users_group_name}

			




	
	
	
		
 
                             </a>

			




	
	
	
		
 
                            %else:

			




	
	
	
		
 
                             ${g2p.users_group.users_group_name}

			




	
	
	
		
 
                            %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            <span style="color:#da4f49" class="btn btn-default btn-xs" onclick="ajaxActionRevoke(${g2p.users_group.users_group_id}, 'user_group', '${'id%s'%id(g2p.users_group.users_group_name)}', '${g2p.users_group.users_group_name}')">

			




	
	
	
		
 
                            <i class="icon-minus-circled"></i> ${_('Revoke')}

			




	
	
	
		
 
                            </span>

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                    </tr>

			




	
	
	
		
 
                %endfor

			




	
	
	
		
 

			




	
	
	
		
 
                <%

			




	
	
	
		
 
                _tmpl = """\

			




	
	
	
		
 
                    <td><input type="radio" value="group.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="group.read" checked="checked" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="group.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="group.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td class="ac"> \

			




	
	
	
		
 
                        <div class="perm_ac" id="perm_ac_{0}"> \

			




	
	
	
		
 
                            <input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text"> \

			




	
	
	
		
 
                            <input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden">  \

			




	
	
	
		
 
                            <div id="perm_container_{0}"></div> \

			




	
	
	
		
 
                        </div> \

			




	
	
	
		
 
                    </td> \

			




	
	
	
		
 
                    <td></td>"""

			




	
	
	
		
 
                %>

			




	
	
	
		
 
                ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl'

			




	
	
	
		
 
                ## New entries added by addPermAction here.

			




	
	
	
		
 
                <tr class="new_members last_new_member" id="add_perm_input"><td colspan="6"></td></tr>

			




	
	
	
		
 
                <tr>

			




	
	
	
		
 
                    <td colspan="6">

			




	
	
	
		
 
                        <span id="add_perm" style="cursor: pointer;">

			




	
	
	
		
 
                            <i class="icon-plus"></i> ${_('Add new')}

			




	
	
	
		
 
                        </span>

			




	
	
	
		
 
                    </td>

			




	
	
	
		
 
                </tr>

			




	
	
	
		
 
                <tr>

			




	
	
	
		
 
                    <td colspan="6">

			




	
	
	
		
 
                       ${_('Apply to children')}:

			




	
	
	
		
 
                       ${h.radio('recursive', 'none', label=_('None'), checked="checked")}

			




	
	
	
		
 
                       ${h.radio('recursive', 'groups', label=_('Repository Groups'))}

			




	
	
	
		
 
                       ${h.radio('recursive', 'repos', label=_('Repositories'))}

			




	
	
	
		
 
                       ${h.radio('recursive', 'all', label=_('Both'))}

			




	
	
	
		
 
                       <span class="help-block">${_('Set or revoke permission to all children of that group, including non-private repositories and other groups if selected.')}</span>

			




	
	
	
		
 
                    </td>

			




	
	
	
		
 
                </tr>

			




	
	
	
		
 
            </table>

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
        <div class="buttons">

			




	
	
	
		
 
            ${h.submit('save',_('Save'),class_="btn btn-default")}

			




	
	
	
		
 
            ${h.reset('reset',_('Reset'),class_="btn btn-default")}

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
</div>

			




	
	
	
		
 
${h.end_form()}

			




	
	
	
		
 

			




	
	
	
		
 
<script type="text/javascript">

			




	
	
	
		
 
    function ajaxActionRevoke(obj_id, obj_type, field_id, obj_name) {

			




	
	
	
		
 
        url = ${h.jshtml(h.url('edit_repo_group_perms_delete', group_name=c.repo_group.group_name))};

			




	
	
	
		
 
        var revoke_msg = _TM['Confirm to revoke permission for {0}: {1} ?'].format(obj_type.replace('_', ' '), obj_name);

			




	
	
	
		
 
        if (confirm(revoke_msg)){

			




	
	
	
		
 
            var recursive = $('input[name=recursive]:checked').val();

			




	
	
	
		
 
            ajaxActionRevokePermission(url, obj_id, obj_type, field_id, {recursive:recursive});

			




	
	
	
		
 
        }

			




	
	
	
		
 
    };

			




	
	
	
		
 

			




	
	
	
		
 
    $(document).ready(function () {

			




	
	
	
		
 
        if (!$('#perm_new_member_name').hasClass('error')) {

			




	
	
	
		
 
            $('#add_perm_input').hide();

			




	
	
	
		
 
        }

			




	
	
	
		
 
        $('#add_perm').click(function () {

			




	
	
	
		
 
            addPermAction(${h.jshtml(_tmpl)}, ${h.js(c.users_array)}, ${h.js(c.user_groups_array)});

			




	
	
	
		
 
            addPermAction('group', ${h.js(c.users_array)}, ${h.js(c.user_groups_array)});

			




	
	
	
		
 
        });

			




	
	
	
		
 
    });

			




	
	
	
		
 
</script>

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/repos/repo_edit_permissions.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
${h.form(url('edit_repo_perms_update', repo_name=c.repo_name))}

			




	
	
	
		
 
<div class="form">

			




	
	
	
		
 
    <div class="form-horizontal">

			




	
	
	
		
 
        <div class="form-group">

			




	
	
	
		
 
            ${h.hidden('repo_private')}

			




	
	
	
		
 
            <table id="permissions_manage" class="table table-condensed">

			




	
	
	
		
 
                <tr>

			




	
	
	
		
 
                    <td>${_('None')}</td>

			




	
	
	
		
 
                    <td>${_('Read')}</td>

			




	
	
	
		
 
                    <td>${_('Write')}</td>

			




	
	
	
		
 
                    <td>${_('Admin')}</td>

			




	
	
	
		
 
                    <td>${_('User/User Group')}</td>

			




	
	
	
		
 
                    <td></td>

			




	
	
	
		
 
                </tr>

			




	
	
	
		
 
                ## USERS

			




	
	
	
		
 
                %for r2p in sorted(c.repo_info.repo_to_perm, key=lambda x: x.user.username != 'default' and x.user.username):

			




	
	
	
		
 
                    %if r2p.user.username =='default' and c.repo_info.private:

			




	
	
	
		
 
                        <tr>

			




	
	
	
		
 
                            <td colspan="4">

			




	
	
	
		
 
                                <span class="private_repo_msg">

			




	
	
	
		
 
                                ${_('Private Repository')}

			




	
	
	
		
 
                                </span>

			




	
	
	
		
 
                            </td>

			




	
	
	
		
 
                            <td class="private_repo_msg"><i class="icon-user"></i> ${_('Default')}</td>

			




	
	
	
		
 
                        </tr>

			




	
	
	
		
 
                    %else:

			




	
	
	
		
 
                    <tr id="id${id(r2p.user.username)}">

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'repository.none')}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'repository.read')}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'repository.write')}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'repository.admin')}</td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            ${h.gravatar(r2p.user.email, size=14)}

			




	
	
	
		
 
                            %if h.HasPermissionAny('hg.admin')() and r2p.user.username != 'default':

			




	
	
	
		
 
                             <a href="${h.url('edit_user',id=r2p.user.user_id)}">${r2p.user.username}</a>

			




	
	
	
		
 
                            %else:

			




	
	
	
		
 
                             ${r2p.user.username if r2p.user.username != 'default' else _('Default')}

			




	
	
	
		
 
                            %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                          %if r2p.user.username !='default':

			




	
	
	
		
 
                            <span style="color:#da4f49" class="btn btn-default btn-xs" onclick="ajaxActionRevoke(${r2p.user.user_id}, 'user', '${'id%s'%id(r2p.user.username)}', '${r2p.user.username}')">

			




	
	
	
		
 
                            <i class="icon-minus-circled"></i> ${_('Revoke')}

			




	
	
	
		
 
                            </span>

			




	
	
	
		
 
                          %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                    </tr>

			




	
	
	
		
 
                    %endif

			




	
	
	
		
 
                %endfor

			




	
	
	
		
 

			




	
	
	
		
 
                ## USER GROUPS

			




	
	
	
		
 
                %for g2p in sorted(c.repo_info.users_group_to_perm, key=lambda x:x.users_group.users_group_name):

			




	
	
	
		
 
                    <tr id="id${id(g2p.users_group.users_group_name)}">

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'repository.none')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'repository.read')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'repository.write')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'repository.admin')}</td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            <i class="icon-users"></i>

			




	
	
	
		
 
                            %if h.HasPermissionAny('hg.admin')():

			




	
	
	
		
 
                             <a href="${h.url('edit_users_group',id=g2p.users_group.users_group_id)}">${g2p.users_group.users_group_name}</a>

			




	
	
	
		
 
                            %else:

			




	
	
	
		
 
                             ${g2p.users_group.users_group_name}

			




	
	
	
		
 
                            %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            <span style="color:#da4f49" class="btn btn-default btn-xs" onclick="ajaxActionRevoke(${g2p.users_group.users_group_id}, 'user_group', '${'id%s'%id(g2p.users_group.users_group_name)}', '${g2p.users_group.users_group_name}')">

			




	
	
	
		
 
                            <i class="icon-minus-circled"></i> ${_('Revoke')}

			




	
	
	
		
 
                            </span>

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                    </tr>

			




	
	
	
		
 
                %endfor

			




	
	
	
		
 

			




	
	
	
		
 
                <%

			




	
	
	
		
 
                _tmpl = """\

			




	
	
	
		
 
                    <td><input type="radio" value="repository.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="repository.read" checked="checked" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="repository.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="repository.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td class="ac"> \

			




	
	
	
		
 
                        <div class="perm_ac" id="perm_ac_{0}"> \

			




	
	
	
		
 
                            <input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text"> \

			




	
	
	
		
 
                            <input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden">  \

			




	
	
	
		
 
                            <div id="perm_container_{0}"></div> \

			




	
	
	
		
 
                        </div> \

			




	
	
	
		
 
                    </td> \

			




	
	
	
		
 
                    <td></td>"""

			




	
	
	
		
 
                %>

			




	
	
	
		
 
                ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl'

			




	
	
	
		
 
                ## New entries added by addPermAction here.

			




	
	
	
		
 
                <tr class="new_members last_new_member" id="add_perm_input"><td colspan="6"></td></tr>

			




	
	
	
		
 
                <tr>

			




	
	
	
		
 
                    <td colspan="6">

			




	
	
	
		
 
                        <span id="add_perm" style="cursor: pointer;">

			




	
	
	
		
 
                            <i class="icon-plus"></i> ${_('Add new')}

			




	
	
	
		
 
                        </span>

			




	
	
	
		
 
                    </td>

			




	
	
	
		
 
                </tr>

			




	
	
	
		
 
            </table>

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
        <div class="form-group">

			




	
	
	
		
 
            ${h.submit('save',_('Save'),class_="btn btn-default")}

			




	
	
	
		
 
            ${h.reset('reset',_('Reset'),class_="btn btn-default")}

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
</div>

			




	
	
	
		
 
${h.end_form()}

			




	
	
	
		
 

			




	
	
	
		
 
<script type="text/javascript">

			




	
	
	
		
 
    function ajaxActionRevoke(obj_id, obj_type, field_id, obj_name) {

			




	
	
	
		
 
        url = ${h.js(h.url('edit_repo_perms_revoke',repo_name=c.repo_name))};

			




	
	
	
		
 
        var revoke_msg = _TM['Confirm to revoke permission for {0}: {1} ?'].format(obj_type.replace('_', ' '), obj_name);

			




	
	
	
		
 
        if (confirm(revoke_msg)){

			




	
	
	
		
 
            ajaxActionRevokePermission(url, obj_id, obj_type, field_id);

			




	
	
	
		
 
        }

			




	
	
	
		
 
    };

			




	
	
	
		
 

			




	
	
	
		
 
    $(document).ready(function () {

			




	
	
	
		
 
        if (!$('#perm_new_member_name').hasClass('error')) {

			




	
	
	
		
 
            $('#add_perm_input').hide();

			




	
	
	
		
 
        }

			




	
	
	
		
 
        $('#add_perm').click(function () {

			




	
	
	
		
 
            addPermAction(${h.jshtml(_tmpl)}, ${h.js(c.users_array)}, ${h.js(c.user_groups_array)});

			




	
	
	
		
 
            addPermAction('repository', ${h.js(c.users_array)}, ${h.js(c.user_groups_array)});

			




	
	
	
		
 
        });

			




	
	
	
		
 
    });

			




	
	
	
		
 
</script>

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/user_groups/user_group_edit_perms.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
${h.form(url('edit_user_group_perms_update', id=c.user_group.users_group_id))}

			




	
	
	
		
 
<div class="form">

			




	
	
	
		
 
   <div>

			




	
	
	
		
 
        <div>

			




	
	
	
		
 
            <table id="permissions_manage" class="table">

			




	
	
	
		
 
                <tr>

			




	
	
	
		
 
                    <td>${_('None')}</td>

			




	
	
	
		
 
                    <td>${_('Read')}</td>

			




	
	
	
		
 
                    <td>${_('Write')}</td>

			




	
	
	
		
 
                    <td>${_('Admin')}</td>

			




	
	
	
		
 
                    <td>${_('User/User Group')}</td>

			




	
	
	
		
 
                    <td></td>

			




	
	
	
		
 
                </tr>

			




	
	
	
		
 
                ## USERS

			




	
	
	
		
 
                %for r2p in c.user_group.user_user_group_to_perm:

			




	
	
	
		
 
                    ##forbid revoking permission from yourself, except if you're an super admin

			




	
	
	
		
 
                    <tr id="id${id(r2p.user.username)}">

			




	
	
	
		
 
                      %if request.authuser.user_id != r2p.user.user_id or request.authuser.is_admin:

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.none')}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.read')}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.write')}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.admin')}</td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            ${h.gravatar(r2p.user.email, cls="perm-gravatar", size=14)}

			




	
	
	
		
 
                            %if h.HasPermissionAny('hg.admin')() and r2p.user.username != 'default':

			




	
	
	
		
 
                             <a href="${h.url('edit_user',id=r2p.user.user_id)}">${r2p.user.username}</a>

			




	
	
	
		
 
                            %else:

			




	
	
	
		
 
                             ${r2p.user.username if r2p.user.username != 'default' else _('Default')}

			




	
	
	
		
 
                            %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                          %if r2p.user.username !='default':

			




	
	
	
		
 
                            <span style="color:#da4f49" class="btn btn-default btn-xs" onclick="ajaxActionRevoke(${r2p.user.user_id}, 'user', '${'id%s'%id(r2p.user.username)}', '${r2p.user.username}')">

			




	
	
	
		
 
                             <i class="icon-minus-circled"></i> ${_('Revoke')}

			




	
	
	
		
 
                            </span>

			




	
	
	
		
 
                          %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                      %else:

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.none', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.read', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.write', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.admin', disabled="disabled")}</td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            ${h.gravatar(r2p.user.email, cls="perm-gravatar", size=14)}

			




	
	
	
		
 
                            ${r2p.user.username if r2p.user.username != 'default' else _('Default')}

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td><i class="icon-user"></i> ${_('Admin')}</td>

			




	
	
	
		
 
                      %endif

			




	
	
	
		
 
                    </tr>

			




	
	
	
		
 
                %endfor

			




	
	
	
		
 

			




	
	
	
		
 
                ## USER GROUPS

			




	
	
	
		
 
                %for g2p in c.user_group.user_group_user_group_to_perm:

			




	
	
	
		
 
                    <tr id="id${id(g2p.user_group.users_group_name)}">

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.none')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.read')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.write')}</td>

			




	
	
	
		
 
                        <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.admin')}</td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            <i class="icon-users"></i>

			




	
	
	
		
 
                            %if h.HasPermissionAny('hg.admin')():

			




	
	
	
		
 
                             <a href="${h.url('edit_users_group',id=g2p.user_group.users_group_id)}">

			




	
	
	
		
 
                                 ${g2p.user_group.users_group_name}

			




	
	
	
		
 
                             </a>

			




	
	
	
		
 
                            %else:

			




	
	
	
		
 
                             ${g2p.user_group.users_group_name}

			




	
	
	
		
 
                            %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            <span style="color:#da4f49" class="btn btn-default btn-xs" onclick="ajaxActionRevoke(${g2p.user_group.users_group_id}, 'user_group', '${'id%s'%id(g2p.user_group.users_group_name)}', '${g2p.user_group.users_group_name}')">

			




	
	
	
		
 
                            <i class="icon-minus-circled"></i> ${_('Revoke')}

			




	
	
	
		
 
                            </span>

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                    </tr>

			




	
	
	
		
 
                %endfor

			




	
	
	
		
 

			




	
	
	
		
 
                <%

			




	
	
	
		
 
                _tmpl = """\

			




	
	
	
		
 
                    <td><input type="radio" value="usergroup.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="usergroup.read" checked="checked" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="usergroup.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td><input type="radio" value="usergroup.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \

			




	
	
	
		
 
                    <td class="ac"> \

			




	
	
	
		
 
                        <div class="perm_ac" id="perm_ac_{0}"> \

			




	
	
	
		
 
                            <input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text"> \

			




	
	
	
		
 
                            <input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden">  \

			




	
	
	
		
 
                            <div id="perm_container_{0}"></div> \

			




	
	
	
		
 
                        </div> \

			




	
	
	
		
 
                    </td> \

			




	
	
	
		
 
                    <td></td>"""

			




	
	
	
		
 
                %>

			




	
	
	
		
 
                ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl'

			




	
	
	
		
 
                ## New entries added by addPermAction here.

			




	
	
	
		
 
                <tr class="new_members last_new_member" id="add_perm_input"><td colspan="6"></td></tr>

			




	
	
	
		
 
                <tr>

			




	
	
	
		
 
                    <td colspan="6">

			




	
	
	
		
 
                        <span id="add_perm" class="btn">

			




	
	
	
		
 
                            <i class="icon-plus"></i> ${_('Add new')}

			




	
	
	
		
 
                        </span>

			




	
	
	
		
 
                    </td>

			




	
	
	
		
 
                </tr>

			




	
	
	
		
 
            </table>

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
        <div class="buttons">

			




	
	
	
		
 
            ${h.submit('save',_('Save'),class_="btn btn-default")}

			




	
	
	
		
 
            ${h.reset('reset',_('Reset'),class_="btn btn-default")}

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
   </div>

			




	
	
	
		
 
</div>

			




	
	
	
		
 
${h.end_form()}

			




	
	
	
		
 

			




	
	
	
		
 
<script type="text/javascript">

			




	
	
	
		
 
    function ajaxActionRevoke(obj_id, obj_type, field_id, obj_name) {

			




	
	
	
		
 
        url = ${h.js(h.url('edit_user_group_perms_delete', id=c.user_group.users_group_id))};

			




	
	
	
		
 
        var revoke_msg = _TM['Confirm to revoke permission for {0}: {1} ?'].format(obj_type.replace('_', ' '), obj_name);

			




	
	
	
		
 
        if (confirm(revoke_msg)){

			




	
	
	
		
 
            ajaxActionRevokePermission(url, obj_id, obj_type, field_id);

			




	
	
	
		
 
        }

			




	
	
	
		
 
    };

			




	
	
	
		
 

			




	
	
	
		
 
    $(document).ready(function () {

			




	
	
	
		
 
        if (!$('#perm_new_member_name').hasClass('error')) {

			




	
	
	
		
 
            $('#add_perm_input').hide();

			




	
	
	
		
 
        }

			




	
	
	
		
 
        $('#add_perm').click(function () {

			




	
	
	
		
 
            addPermAction(${h.jshtml(_tmpl)}, ${h.js(c.users_array)}, ${h.js(c.user_groups_array)});

			




	
	
	
		
 
            addPermAction('usergroup', ${h.js(c.users_array)}, ${h.js(c.user_groups_array)});

			




	
	
	
		
 
        });

			




	
	
	
		
 
    });

			




	
	
	
		
 
</script>

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.