kallithea Changeset - ca54622e39a1

Changeset - ca54622e39a1

Parent rev.

Child rev.

[Not reviewed]

default

0 7 1

Marcin Kuzminski - 15 years ago 2010-08-01 17:08:58
marcin@python-works.com

Added separate create repository views for non administrative users.
Fixed permission issue with private repos

8 files changed with 103 insertions and 20 deletions:

pylons_app/__init__.py

pylons_app/config/routing.py

pylons_app/controllers/admin/repos.py

pylons_app/controllers/admin/settings.py

pylons_app/lib/auth.py

pylons_app/templates/admin/repos/repo_add_create_repository.html

pylons_app/templates/base/base.html

pylons_app/templates/index.html

0 comments (0 inline, 0 general)

pylons_app/__init__.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # Hg app, a web based mercurial repository managment based on pylons
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 9, 2010
 Hg app, a web based mercurial repository managment based on pylons
 @author: marcink
 """
 VERSION = (0, 8, 0, 'beta')
 __version__ = '.'.join((str(each) for each in VERSION[:4]))
 def get_version():
     """
     Returns shorter version (digit parts only) as string.
     """
     return '.'.join((str(each) for each in VERSION[:3]))

pylons_app/config/routing.py

➞

Show inline comments

@@ @@ -55,96 +55,98 @@ def make_map(config): @@
              action="edit", conditions=dict(method=["GET"],
                                             function=check_repo))
         m.connect("formatted_edit_repo", "/repos/{repo_name:.*}.{format}/edit",
              action="edit", conditions=dict(method=["GET"],
                                             function=check_repo))
         m.connect("repo", "/repos/{repo_name:.*}",
              action="show", conditions=dict(method=["GET"],
                                             function=check_repo))
         m.connect("formatted_repo", "/repos/{repo_name:.*}.{format}",
              action="show", conditions=dict(method=["GET"],
                                             function=check_repo))
         #ajax delete repo perm user
         m.connect('delete_repo_user', "/repos_delete_user/{repo_name:.*}",
              action="delete_perm_user", conditions=dict(method=["DELETE"],
                                                         function=check_repo))
     map.resource('user', 'users', controller='admin/users', path_prefix='/_admin')
     map.resource('permission', 'permissions', controller='admin/permissions', path_prefix='/_admin')
     #map.resource('setting', 'settings', controller='admin/settings', path_prefix='/_admin', name_prefix='admin_')
     #REST SETTINGS MAP
     with map.submapper(path_prefix='/_admin', controller='admin/settings') as m:
         m.connect("admin_settings", "/settings",
              action="create", conditions=dict(method=["POST"]))
         m.connect("admin_settings", "/settings",
              action="index", conditions=dict(method=["GET"]))
         m.connect("admin_formatted_settings", "/settings.{format}",
              action="index", conditions=dict(method=["GET"]))
         m.connect("admin_new_setting", "/settings/new",
              action="new", conditions=dict(method=["GET"]))
         m.connect("admin_formatted_new_setting", "/settings/new.{format}",
              action="new", conditions=dict(method=["GET"]))
         m.connect("/settings/{setting_id}",
              action="update", conditions=dict(method=["PUT"]))
         m.connect("/settings/{setting_id}",
              action="delete", conditions=dict(method=["DELETE"]))
         m.connect("admin_edit_setting", "/settings/{setting_id}/edit",
              action="edit", conditions=dict(method=["GET"]))
         m.connect("admin_formatted_edit_setting", "/settings/{setting_id}.{format}/edit",
              action="edit", conditions=dict(method=["GET"]))
         m.connect("admin_setting", "/settings/{setting_id}",
              action="show", conditions=dict(method=["GET"]))
         m.connect("admin_formatted_setting", "/settings/{setting_id}.{format}",
              action="show", conditions=dict(method=["GET"]))
         m.connect("admin_settings_my_account", "/my_account",
              action="my_account", conditions=dict(method=["GET"]))
         m.connect("admin_settings_my_account_update", "/my_account_update",
              action="my_account_update", conditions=dict(method=["PUT"]))
         m.connect("admin_settings_create_repository", "/create_repository",
              action="create_repository", conditions=dict(method=["GET"]))
     #ADMIN
     with map.submapper(path_prefix='/_admin', controller='admin/admin') as m:
         m.connect('admin_home', '', action='index')#main page
         m.connect('admin_add_repo', '/add_repo/{new_repo:[a-z0-9\. _-]*}',
                   action='add_repo')
     #LOGIN/LOGOUT
     map.connect('login_home', '/_admin/login', controller='login')
     map.connect('logout_home', '/_admin/logout', controller='login', action='logout')
     map.connect('register', '/_admin/register', controller='login', action='register')
     #FEEDS
     map.connect('rss_feed_home', '/{repo_name:.*}/feed/rss',
                 controller='feed', action='rss',
                 conditions=dict(function=check_repo))
     map.connect('atom_feed_home', '/{repo_name:.*}/feed/atom',
                 controller='feed', action='atom',
                 conditions=dict(function=check_repo))
     #OTHERS
     map.connect('changeset_home', '/{repo_name:.*}/changeset/{revision}',
                 controller='changeset', revision='tip',
                 conditions=dict(function=check_repo))
     map.connect('summary_home', '/{repo_name:.*}/summary',
                 controller='summary', conditions=dict(function=check_repo))
     map.connect('shortlog_home', '/{repo_name:.*}/shortlog',
                 controller='shortlog', conditions=dict(function=check_repo))
     map.connect('branches_home', '/{repo_name:.*}/branches',
                 controller='branches', conditions=dict(function=check_repo))
     map.connect('tags_home', '/{repo_name:.*}/tags',
                 controller='tags', conditions=dict(function=check_repo))
     map.connect('changelog_home', '/{repo_name:.*}/changelog',
                 controller='changelog', conditions=dict(function=check_repo))
     map.connect('files_home', '/{repo_name:.*}/files/{revision}/{f_path:.*}',
                 controller='files', revision='tip', f_path='',
                 conditions=dict(function=check_repo))
     map.connect('files_diff_home', '/{repo_name:.*}/diff/{f_path:.*}',
                 controller='files', action='diff', revision='tip', f_path='',
                 conditions=dict(function=check_repo))
     map.connect('files_raw_home', '/{repo_name:.*}/rawfile/{revision}/{f_path:.*}',
                 controller='files', action='rawfile', revision='tip', f_path='',
                 conditions=dict(function=check_repo))
     map.connect('files_annotate_home', '/{repo_name:.*}/annotate/{revision}/{f_path:.*}',
                 controller='files', action='annotate', revision='tip', f_path='',
                 conditions=dict(function=check_repo))
     map.connect('files_archive_home', '/{repo_name:.*}/archive/{revision}/{fileformat}',

pylons_app/controllers/admin/repos.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # repos controller for pylons
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 7, 2010
 admin controller for pylons
 @author: marcink
 """
 from formencode import htmlfill
 from operator import itemgetter
 from paste.httpexceptions import HTTPInternalServerError
 from pylons import request, response, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from pylons_app.lib import helpers as h
 from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator
 from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator
 from pylons_app.lib.base import BaseController, render
 from pylons_app.lib.utils import invalidate_cache
 from pylons_app.model.db import User
 from pylons_app.model.forms import RepoForm
 from pylons_app.model.hg_model import HgModel
 from pylons_app.model.repo_model import RepoModel
 import formencode
 import logging
 import traceback
 log = logging.getLogger(__name__)
 class ReposController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('repo', 'repos')
     @LoginRequired()
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin', 'repository.create')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(ReposController, self).__before__()
     @HasPermissionAllDecorator('hg.admin')
     def index(self, format='html'):
         """GET /repos: All items in the collection"""
         # url('repos')
         cached_repo_list = HgModel().get_repos()
         c.repos_list = sorted(cached_repo_list, key=itemgetter('name_sort'))
         return render('admin/repos/repos.html')
     @HasPermissionAnyDecorator('hg.admin', 'repository.create')
     def create(self):
         """POST /repos: Create a new item"""
         # url('repos')
         repo_model = RepoModel()
         _form = RepoForm()()
         form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
             repo_model.create(form_result, c.hg_app_user)
             invalidate_cache('cached_repo_list')
             h.flash(_('created repository %s') % form_result['repo_name'],
                     category='success')
         except formencode.Invalid as errors:
             c.new_repo = errors.value['repo_name']
             if request.POST.get('user_created'):
                 r = render('admin/repos/repo_add_create_repository.html')
             else:
                 r = render('admin/repos/repo_add.html')
             return htmlfill.render(
-                render('admin/repos/repo_add.html'),
+                r,
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             msg = _('error occured during creation of repository %s') \
                     % form_result.get('repo_name')
             h.flash(msg, category='error')
         return redirect('repos')
         if request.POST.get('user_created'):
             return redirect(url('hg_home'))
         return redirect(url('repos'))
     @HasPermissionAllDecorator('hg.admin')
     def new(self, format='html'):
         """GET /repos/new: Form to create a new item"""
         new_repo = request.GET.get('repo', '')
         c.new_repo = h.repo_name_slug(new_repo)
         return render('admin/repos/repo_add.html')
     @HasPermissionAllDecorator('hg.admin')
     def update(self, repo_name):
         """PUT /repos/repo_name: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('repo', repo_name=ID),
         #           method='put')
         # url('repo', repo_name=ID)
         repo_model = RepoModel()
         changed_name = repo_name
         _form = RepoForm(edit=True, old_data={'repo_name':repo_name})()
         try:
             form_result = _form.to_python(dict(request.POST))
             repo_model.update(repo_name, form_result)
             invalidate_cache('cached_repo_list')
             h.flash(_('Repository %s updated succesfully' % repo_name),
                     category='success')
             changed_name = form_result['repo_name']
         except formencode.Invalid as errors:
             c.repo_info = repo_model.get(repo_name)
             c.users_array = repo_model.get_users_js()
             errors.value.update({'user':c.repo_info.user.username})
             return htmlfill.render(
                 render('admin/repos/repo_edit.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occured during update of repository %s') \
                     % repo_name, category='error')
         return redirect(url('edit_repo', repo_name=changed_name))
     @HasPermissionAllDecorator('hg.admin')
     def delete(self, repo_name):
         """DELETE /repos/repo_name: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('repo', repo_name=ID),
         #           method='delete')
         # url('repo', repo_name=ID)
         repo_model = RepoModel()
         repo = repo_model.get(repo_name)
         if not repo:
             h.flash(_('%s repository is not mapped to db perhaps'
                       ' it was moved or renamed  from the filesystem'
                       ' please run the application again'
                       ' in order to rescan repositories') % repo_name,
                       category='error')
             return redirect(url('repos'))
         try:
             repo_model.delete(repo)
             invalidate_cache('cached_repo_list')
             h.flash(_('deleted repository %s') % repo_name, category='success')
         except Exception:
             h.flash(_('An error occured during deletion of %s') % repo_name,
                     category='error')
         return redirect(url('repos'))
     @HasPermissionAllDecorator('hg.admin')
     def delete_perm_user(self, repo_name):
         """
         DELETE an existing repository permission user
         @param repo_name:
         """
         try:
             repo_model = RepoModel()
             repo_model.delete_perm_user(request.POST, repo_name)
         except Exception as e:
             h.flash(_('An error occured during deletion of repository user'),
                     category='error')
             raise HTTPInternalServerError()
     @HasPermissionAllDecorator('hg.admin')
     def show(self, repo_name, format='html'):
         """GET /repos/repo_name: Show a specific item"""
         # url('repo', repo_name=ID)
     @HasPermissionAllDecorator('hg.admin')
     def edit(self, repo_name, format='html'):
         """GET /repos/repo_name/edit: Form to edit an existing item"""
         # url('edit_repo', repo_name=ID)
         repo_model = RepoModel()
         c.repo_info = repo = repo_model.get(repo_name)
         if not repo:
             h.flash(_('%s repository is not mapped to db perhaps'
                       ' it was created or renamed from the filesystem'
                       ' please run the application again'
                       ' in order to rescan repositories') % repo_name,
                       category='error')
             return redirect(url('repos'))
         defaults = c.repo_info.__dict__
         if c.repo_info.user:
             defaults.update({'user':c.repo_info.user.username})
         else:
             replacement_user = self.sa.query(User)\
             .filter(User.admin == True).first().username
             defaults.update({'user':replacement_user})
         c.users_array = repo_model.get_users_js()
         for p in c.repo_info.repo2perm:
             defaults.update({'perm_%s' % p.user.username:
                              p.permission.permission_name})
         return htmlfill.render(
             render('admin/repos/repo_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )

pylons_app/controllers/admin/settings.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # settings controller for pylons
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on July 14, 2010
 settings controller for pylons
 @author: marcink
 """
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url, app_globals as g, \
     config
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from pylons_app.lib import helpers as h
 from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator
 from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator
 from pylons_app.lib.base import BaseController, render
 from pylons_app.lib.utils import repo2db_mapper, invalidate_cache, \
     set_hg_app_config
 from pylons_app.model.db import User, UserLog, HgAppSettings
 from pylons_app.model.forms import UserForm, ApplicationSettingsForm
 from pylons_app.model.hg_model import HgModel
 from pylons_app.model.user_model import UserModel
 import formencode
 import logging
 import traceback
 log = logging.getLogger(__name__)
 class SettingsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('setting', 'settings', controller='admin/settings',
     #         path_prefix='/admin', name_prefix='admin_')
     @LoginRequired()
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(SettingsController, self).__before__()
     @HasPermissionAllDecorator('hg.admin')
     def index(self, format='html'):
         """GET /admin/settings: All items in the collection"""
         # url('admin_settings')
         hgsettings = self.sa.query(HgAppSettings).scalar()
         defaults = hgsettings.__dict__ if hgsettings else {}
         return htmlfill.render(
             render('admin/settings/settings.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
     @HasPermissionAllDecorator('hg.admin')
     def create(self):
         """POST /admin/settings: Create a new item"""
         # url('admin_settings')
@@ @@ -164,49 +165,56 @@ class SettingsController(BaseController) @@
         """
         # url('admin_settings_my_account')
         c.user = self.sa.query(User).get(c.hg_app_user.user_id)
         if c.user.username == 'default':
             h.flash(_("You can't edit this user since it's"
               " crucial for entire application"), category='warning')
             return redirect(url('users'))
         defaults = c.user.__dict__
         return htmlfill.render(
             render('admin/users/user_edit_my_account.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
     def my_account_update(self):
         """PUT /_admin/my_account_update: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('admin_settings_my_account_update'),
         #           method='put')
         # url('admin_settings_my_account_update', id=ID)
         user_model = UserModel()
         uid = c.hg_app_user.user_id
         _form = UserForm(edit=True, old_data={'user_id':uid})()
         form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
             user_model.update_my_account(uid, form_result)
             h.flash(_('Your account was updated succesfully'), category='success')
         except formencode.Invalid as errors:
             #c.user = self.sa.query(User).get(c.hg_app_user.user_id)
             return htmlfill.render(
                 render('admin/users/user_edit_my_account.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occured during update of user %s') \
                     % form_result.get('username'), category='error')
         return redirect(url('my_account'))
     @HasPermissionAnyDecorator('repository.create', 'hg.admin')
     def create_repository(self):
         """GET /_admin/create_repository: Form to create a new item"""
         new_repo = request.GET.get('repo', '')
         c.new_repo = h.repo_name_slug(new_repo)
         return render('admin/repos/repo_add_create_repository.html')

pylons_app/lib/auth.py

➞

Show inline comments

@@ @@ -95,142 +95,143 @@ def set_available_permissions(config): @@
     """
     log.info('getting information about all available permissions')
     try:
         sa = meta.Session
         all_perms = sa.query(Permission).all()
     finally:
         meta.Session.remove()
     config['available_permissions'] = [x.permission_name for x in all_perms]
 def set_base_path(config):
     config['base_path'] = config['pylons.app_globals'].base_path
 def fill_data(user):
     """
     Fills user data with those from database
     @param user:
     """
     sa = meta.Session
     dbuser = sa.query(User).get(user.user_id)
     user.username = dbuser.username
     user.is_admin = dbuser.admin
     user.name = dbuser.name
     user.lastname = dbuser.lastname
     meta.Session.remove()
     return user
 def fill_perms(user):
     """
     Fills user permission attribute with permissions taken from database
     @param user:
     """
     sa = meta.Session
     user.permissions['repositories'] = {}
     user.permissions['global'] = set()
     #first fetch default permissions
     default_perms = sa.query(Repo2Perm, Repository, Permission)\
         .join((Repository, Repo2Perm.repository_id == Repository.repo_id))\
         .join((Permission, Repo2Perm.permission_id == Permission.permission_id))\
         .filter(Repo2Perm.user_id == sa.query(User).filter(User.username ==
                                             'default').one().user_id).all()
     if user.is_admin:
         user.permissions['global'].add('hg.admin')
-        #admin have all rights full
+        #admin have all rights set to admin
         for perm in default_perms:
             p = 'repository.admin'
             user.permissions['repositories'][perm.Repo2Perm.repository.repo_name] = p
     else:
         user.permissions['global'].add('repository.create')
         for perm in default_perms:
             if perm.Repository.private:
+            if perm.Repository.private and not perm.Repository.user_id == user.user_id:
                 #disable defaults for private repos,
                 p = 'repository.none'
             elif perm.Repository.user_id == user.user_id:
                 #set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions['repositories'][perm.Repo2Perm.repository.repo_name] = p
         user_perms = sa.query(Repo2Perm, Permission, Repository)\
             .join((Repository, Repo2Perm.repository_id == Repository.repo_id))\
             .join((Permission, Repo2Perm.permission_id == Permission.permission_id))\
             .filter(Repo2Perm.user_id == user.user_id).all()
         #overwrite userpermissions with defaults
         for perm in user_perms:
             #set write if owner
             if perm.Repository.user_id == user.user_id:
                 p = 'repository.write'
             else:
                 p = perm.Permission.permission_name
             user.permissions['repositories'][perm.Repo2Perm.repository.repo_name] = p
     meta.Session.remove()
     return user
 def get_user(session):
     """
     Gets user from session, and wraps permissions into user
     @param session:
     """
     user = session.get('hg_app_user', AuthUser())
     if user.is_authenticated:
         user = fill_data(user)
         user = fill_perms(user)
     session['hg_app_user'] = user
     session.save()
     print user.permissions
     return user
 #===============================================================================
 # CHECK DECORATORS
 #===============================================================================
 class LoginRequired(object):
     """Must be logged in to execute this function else redirect to login page"""
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         user = session.get('hg_app_user', AuthUser())
         log.debug('Checking login required for user:%s', user.username)
         if user.is_authenticated:
             log.debug('user %s is authenticated', user.username)
             return func(*fargs, **fkwargs)
         else:
             log.warn('user %s not authenticated', user.username)
             log.debug('redirecting to login page')
             return redirect(url('login_home'))
 class PermsDecorator(object):
     """Base class for decorators"""
     def __init__(self, *required_perms):
         available_perms = config['available_permissions']
         for perm in required_perms:
             if perm not in available_perms:
                 raise Exception("'%s' permission is not defined" % perm)
         self.required_perms = set(required_perms)
         self.user_perms = None
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
 #        _wrapper.__name__ = func.__name__
 #        _wrapper.__dict__.update(func.__dict__)
 #        _wrapper.__doc__ = func.__doc__
         self.user_perms = session.get('hg_app_user', AuthUser()).permissions
         log.debug('checking %s permissions %s for %s',
            self.__class__.__name__, self.required_perms, func.__name__)
         if self.check_permissions():
             log.debug('Permission granted for %s', func.__name__)

pylons_app/templates/admin/repos/repo_add_create_repository.html

➞

Show inline comments

@@ new file 100644 @@
 ## -*- coding: utf-8 -*-
 <%inherit file="/base/base.html"/>
 <%def name="title()">
     ${_('Repositories administration')}
 </%def>
 <%def name="breadcrumbs_links()">
 	${_('add new repository')}
 </%def>
 <%def name="page_nav()">
 	${self.menu('admin')}
 </%def>
 <%def name="main()">
 <div class="box">
     <!-- box / title -->
     <div class="title">
         ${self.breadcrumbs()}
     </div>
     ${h.form(url('repos'))}
     <div class="form">
         <!-- fields -->
         <div class="fields">
             <div class="field">
 	            <div class="label">
 	                <label for="repo_name">${_('Name')}:</label>
 	            </div>
 	            <div class="input">
 	                ${h.text('repo_name',c.new_repo)}
 	                ${h.hidden('user_created','True')}
 	            </div>
              </div>
             <div class="field">
                 <div class="label label-textarea">
                     <label for="description">${_('Description')}:</label>
                 </div>
                 <div class="textarea text-area editor">
                     ${h.textarea('description',cols=23,rows=5)}
                 </div>
              </div>
             <div class="field">
                 <div class="label label-checkbox">
                     <label for="private">${_('Private')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('private',value="True")}
                 </div>
              </div>
 	        <div class="buttons">
 	          ${h.submit('add','add',class_="ui-button ui-widget ui-state-default ui-corner-all")}
 	        </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 </%def>

pylons_app/templates/base/base.html

➞

Show inline comments

@@ @@ -159,82 +159,82 @@ @@
                    <span class="icon">
                        <img src="/images/icons/tag_blue.png" alt="${_('Tags')}" />
                    </span>
                    <span>${_('Tags')}</span>
                    </a>
                 </li>
                 <li ${is_current('files')}>
                    <a title="${_('Files')}" href="${h.url('files_home',repo_name=c.repo_name)}">
                    <span class="icon">
                        <img src="/images/icons/file.png" alt="${_('Files')}" />
                    </span>
                    <span>${_('Files')}</span>
                    </a>
                 </li>
 				%if h.HasRepoPermissionAll('repository.admin')(c.repo_name):
                 <li ${is_current('settings')}>
                    <a title="${_('Settings')}" href="${h.url('repo_settings_home',repo_name=c.repo_name)}">
                    <span class="icon">
                        <img src="/images/icons/cog_edit.png" alt="${_('Settings')}" />
                    </span>
                    <span>${_('Settings')}</span>
                    </a>
                 </li>
 				%endif
 	        </ul>
 		%else:
 		    ##ROOT MENU
             <ul id="quick">
                 <li>
                     <a title="${_('Home')}"  href="${h.url('hg_home')}">
                     <span class="icon">
                         <img src="/images/icons/home_16.png" alt="${_('Home')}" />
                     </span>
                     <span>${_('Home')}</span>
                     </a>
                 </li>
 				%if h.HasPermissionAll('hg.admin')('access admin main page'):
                 <li ${is_current('admin')}>
                    <a title="${_('Admin')}" href="${h.url('admin_home')}">
                    <span class="icon">
                        <img src="/images/icons/cog_edit.png" alt="${_('Admin')}" />
                    </span>
                    <span>${_('Admin')}</span>
                    </a>
 				    <ul>
 				        <li>${h.link_to(_('repositories'),h.url('repos'),class_='repos')}</li>
 				        <li>${h.link_to(_('users'),h.url('users'),class_='users')}</li>
-				        ##<li>${h.link_to(_('permissions'),h.url('permissions'),class_='permissions')}</li>
 				        <li>${h.link_to(_('permissions'),h.url('permissions'),class_='permissions')}</li>
 				        <li>${h.link_to(_('settings'),h.url('admin_settings'),class_='settings')}</li>
 				    </ul>
                 </li>
 				%endif
 			</ul>
 		%endif
 </%def>
 <%def name="css()">
 <link rel="stylesheet" type="text/css" href="/css/reset.css" />
 <link rel="stylesheet" type="text/css" href="/css/style.css" media="screen" />
 <link rel="stylesheet" type="text/css" href="/css/style_full.css" />
 <link id="color" rel="stylesheet" type="text/css" href="/css/colors/blue.css" />
 <link rel="stylesheet" type="text/css" href="/css/pygments.css"  />
 <link rel="stylesheet" type="text/css" href="/css/diff.css"  />
 </%def>
 <%def name="js()">
 <script type="text/javascript" src="/js/yui/utilities/utilities.js"></script>
 <!--[if IE]><script language="javascript" type="text/javascript" src="/js/excanvas.min.js"></script><![endif]-->
 <script type="text/javascript" src="/js/yui/container/container-min.js"></script>
 <script type="text/javascript" src="/js/yui/datasource/datasource-min.js"></script>
 <script type="text/javascript" src="/js/yui/autocomplete/autocomplete-min.js"></script>
 <script type="text/javascript" src="/js/yui.flot.js"></script>
 </%def>
 <%def name="breadcrumbs()">
     <div class="breadcrumbs">
     ${self.breadcrumbs_links()}
     </div>
 </%def>
@@ \ No newline at end of file @@

pylons_app/templates/index.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <%inherit file="base/base.html"/>
 <%def name="title()">
     ${c.hg_app_name}
 </%def>
 <%def name="breadcrumbs()">
 	${c.hg_app_name}
 </%def>
 <%def name="page_nav()">
 	${self.menu('home')}
 </%def>
 <%def name="main()">
 	<%def name="get_sort(name)">
 		<%name_slug = name.lower().replace(' ','_') %>
 		%if name_slug == c.cs_slug:
 			<span style="font-weight: bold;text-decoration: underline;">${name}</span>
 		%else:
 			<span style="font-weight: bold">${name}</span>
 		%endif
 		<a href="?sort=${name_slug}">&darr;</a>
 		<a href="?sort=-${name_slug}">&uarr;</a>
 	</%def>
     <div class="box">
 	    <!-- box / title -->
 	    <div class="title">
 	        <h5>${_('Dashboard')}</h5>
-	        ##%if h.HasPermissionAll('repository.create')():
+	        %if h.HasPermissionAny('repository.create','hg.admin')():
 	        <ul class="links">
 	          <li>
-	            <span>${h.link_to(u'ADD NEW REPOSITORY',h.url('new_repo'),class_="add_icon")}</span>
+	            <span>${h.link_to(u'ADD NEW REPOSITORY',h.url('admin_settings_create_repository'),class_="add_icon")}</span>
 	          </li>
 	        </ul>
-	        ##%endif
 	        %endif
 	    </div>
 	    <!-- end box / title -->
         <div class="table">
                     <table>
             <thead>
 	            <tr>
 			        <th class="left">${get_sort(_('Name'))}</th>
 			        <th class="left">${get_sort(_('Description'))}</th>
 			        <th class="left">${get_sort(_('Last change'))}</th>
 			        <th class="left">${get_sort(_('Tip'))}</th>
 			        <th class="left">${get_sort(_('Contact'))}</th>
 			        <th class="left">${_('RSS')}</th>
 			        <th class="left">${_('Atom')}</th>
 	            </tr>
             </thead>
                         <tbody>
 					    %for cnt,repo in enumerate(c.repos_list):
 					        %if h.HasRepoPermissionAny('repository.write','repository.read','repository.admin')(repo['name'],'main page check'):
 					        <tr class="parity${cnt%2}">
 					            <td>
 					             %if repo['repo'].dbrepo.private:
 					                <img alt="${_('private')}" src="/images/icons/lock.png"/>
 					             %else:
 					                <img alt="${_('public')}" src="/images/icons/lock_open.png"/>
 					             %endif
 					            ${h.link_to(repo['name'],
 					                h.url('summary_home',repo_name=repo['name']))}</td>
 					            <td title="${repo['description']}">${h.truncate(repo['description'],60)}</td>
 					            <td>${h.age(repo['last_change'])}</td>
 					            <td>${h.link_to_if(repo['rev']>=0,'r%s:%s' % (repo['rev'],repo['tip']),
 					                h.url('changeset_home',repo_name=repo['name'],revision=repo['tip']),
 					                class_="tooltip",
 					                tooltip_title=h.tooltip(repo['last_msg']))}</td>
 					            <td title="${repo['contact']}">${h.person(repo['contact'])}</td>
 					            <td>
 					                <a title="${_('Subscribe to %s rss feed')%repo['name']}" class="rss_icon"  href="${h.url('rss_feed_home',repo_name=repo['name'])}"></a>
 					            </td>
 					            <td>
 					                <a title="${_('Subscribe to %s atom feed')%repo['name']}"  class="atom_icon" href="${h.url('atom_feed_home',repo_name=repo['name'])}"></a>
 					            </td>
 					        </tr>
 					        %endif
 					    %endfor
                         </tbody>
                     </table>
             </div>
     </div>
 </%def>

0 comments (0 inline, 0 general)