rhodecode-enterprise-ce Commit - r1943:089c11e9

permissions: expose new view that lists all available views for usage in whitelist access.

marcink -

r1943:089c11e9 default

parent child

rhodecode/templates/admin/permissions/permissions_auth_token_access.mako

0 created 644 +61 0

@@ -0,0 +1,61 b''
	1
	2
	3	<div class="panel panel-default">
	4	<div class="panel-heading">
	5	<h3 class="panel-title">${_('View whitelist')}</h3>
	6	</div>
	7	<div class="panel-body">
	8	<div class="">
	9
	10	<p class="pr-description">
	11	View white list defines a set of views that can be accessed using auth token without the need to login.
	12	Adding ?auth_token = SECRET_TOKEN to the url authenticates this request as if it
	13	came from the the logged in user who owns this authentication token.
	14
	15	E.g. adding `RepoFilesView.repo_file_raw` allows to access a raw diff using such url:
	16	http[s]://server.com/{repo_name}/raw/{commit_id}/{file_path}?auth_token=SECRET_TOKEN
	17
	18	White list can be defined inside `${c.whitelist_file}` under `${c.whitelist_key}=` setting
	19
	20	Currently under this settings following views are set:
	21	</p>
	22
	23	<pre>
	24	% for entry in c.whitelist_views:
	25	${entry}
	26	% endfor
	27	</pre>
	28
	29	</div>
	30
	31	</div>
	32	</div>
	33
	34
	35	<div class="panel panel-default">
	36	<div class="panel-heading">
	37	<h3 class="panel-title">${_('List of views available for usage in whitelist access')}</h3>
	38	</div>
	39	<div class="panel-body">
	40	<div class="">
	41
	42
	43	<table class="rctable ip-whitelist">
	44	<tr>
	45	<th>Active</th>
	46	<th>View FQN</th>
	47	<th>URL pattern</th>
	48	</tr>
	49
	50	% for route_name, view_fqn, view_url, active in c.view_data:
	51	<tr>
	52	<td class="td-x">${h.bool2icon(active)}</td>
	53	<td class="td-x">${view_fqn}</td>
	54	<td class="td-x" title="${route_name}">${view_url}</td>
	55	</tr>
	56	% endfor
	57	</table>
	58	</div>
	59
	60	</div>
	61	</div>

configs/development.ini

0 +9 -10

             ################################################################################
             ##                 RHODECODE COMMUNITY EDITION CONFIGURATION                  ##
             # The %(here)s variable will be replaced with the parent directory of this file#
             ################################################################################
             [DEFAULT]
             debug = true
             ################################################################################
             ##                            EMAIL CONFIGURATION                             ##
             ## Uncomment and replace with the email address which should receive          ##
             ## any error reports after an application crash                               ##
             ## Additionally these settings will be used by the RhodeCode mailing system   ##
             ################################################################################
             ## prefix all emails subjects with given prefix, helps filtering out emails
             #email_prefix = [RhodeCode]
             ## email FROM address all mails will be sent
             #app_email_from = rhodecode-noreply@localhost
             ## Uncomment and replace with the address which should receive any error report
             ## note: using appenlight for error handling doesn't need this to be uncommented
             #email_to = admin@localhost
             ## in case of Application errors, sent an error email form
             #error_email_from = rhodecode_error@localhost
             ## additional error message to be send in case of server crash
             #error_message =
             #smtp_server = mail.server.com
             #smtp_username =
             #smtp_password =
             #smtp_port =
             #smtp_use_tls = false
             #smtp_use_ssl = true
             ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
             #smtp_auth =
             [server:main]
             ## COMMON ##
             host = 127.0.0.1
             port = 5000
             ##################################
             ##     WAITRESS WSGI SERVER     ##
             ## Recommended for Development  ##
             ##################################
             use = egg:waitress#main
             ## number of worker threads
             threads = 5
             ## MAX BODY SIZE 100GB
             max_request_body_size = 107374182400
             ## Use poll instead of select, fixes file descriptors limits problems.
             ## May not work on old windows systems.
             asyncore_use_poll = true
             ##########################
             ## GUNICORN WSGI SERVER ##
             ##########################
             ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
             #use = egg:gunicorn#main
             ## Sets the number of process workers. You must set `instance_id = *`
             ## when this option is set to more than one worker, recommended
             ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
             ## The `instance_id = *` must be set in the [app:main] section below
             #workers = 2
             ## number of threads for each of the worker, must be set to 1 for gevent
             ## generally recommened to be at 1
             #threads = 1
             ## process name
             #proc_name = rhodecode
             ## type of worker class, one of sync, gevent
             ## recommended for bigger setup is using of of other than sync one
             #worker_class = sync
             ## The maximum number of simultaneous clients. Valid only for Gevent
             #worker_connections = 10
             ## max number of requests that worker will handle before being gracefully
             ## restarted, could prevent memory leaks
             #max_requests = 1000
             #max_requests_jitter = 30
             ## amount of time a worker can spend with handling a request before it
             ## gets killed and restarted. Set to 6hrs
             #timeout = 21600
             ## prefix middleware for RhodeCode.
             ## recommended when using proxy setup.
             ## allows to set RhodeCode under a prefix in server.
             ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
             ## And set your prefix like: `prefix = /custom_prefix`
             ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
             ## to make your cookies only work on prefix url
             [filter:proxy-prefix]
             use = egg:PasteDeploy#prefix
             prefix = /
             [app:main]
             use = egg:rhodecode-enterprise-ce
             ## enable proxy prefix middleware, defined above
             #filter-with = proxy-prefix
             # During development the we want to have the debug toolbar enabled
             pyramid.includes =
                 pyramid_debugtoolbar
                 rhodecode.utils.debugtoolbar
                 rhodecode.lib.middleware.request_wrapper
             pyramid.reload_templates = true
             debugtoolbar.hosts = 0.0.0.0/0
             debugtoolbar.exclude_prefixes =
                 /css
                 /fonts
                 /images
                 /js
             ## RHODECODE PLUGINS ##
             rhodecode.includes =
                 rhodecode.api
             # api prefix url
             rhodecode.api.url = /_admin/api
             ## END RHODECODE PLUGINS ##
             ## encryption key used to encrypt social plugin tokens,
             ## remote_urls with credentials etc, if not set it defaults to
             ## `beaker.session.secret`
             #rhodecode.encrypted_values.secret =
             ## decryption strict mode (enabled by default). It controls if decryption raises
             ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
             #rhodecode.encrypted_values.strict = false
             ## return gzipped responses from Rhodecode (static files/application)
             gzip_responses = false
             ## autogenerate javascript routes file on startup
             generate_js_files = false
             ## Optional Languages
             ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
             lang = en
             ## perform a full repository scan on each server start, this should be
             ## set to false after first startup, to allow faster server restarts.
             startup.import_repos = false
             ## Uncomment and set this path to use archive download cache.
             ## Once enabled, generated archives will be cached at this location
             ## and served from the cache during subsequent requests for the same archive of
             ## the repository.
             #archive_cache_dir = /tmp/tarballcache
             ## change this to unique ID for security
             app_instance_uuid = rc-production
             ## cut off limit for large diffs (size in bytes)
             cut_off_limit_diff = 1024000
             cut_off_limit_file = 256000
             ## use cache version of scm repo everywhere
             vcs_full_cache = true
             ## force https in RhodeCode, fixes https redirects, assumes it's always https
             ## Normally this is controlled by proper http flags sent from http server
             force_https = false
             ## use Strict-Transport-Security headers
             use_htsts = false
             ## number of commits stats will parse on each iteration
             commit_parse_limit = 25
             ## git rev filter option, --all is the default filter, if you need to
             ## hide all refs in changelog switch this to --branches --tags
             git_rev_filter = --branches --tags
             # Set to true if your repos are exposed using the dumb protocol
             git_update_server_info = false
             ## RSS/ATOM feed options
             rss_cut_off_limit = 256000
             rss_items_per_page = 10
             rss_include_diff = false
             ## gist URL alias, used to create nicer urls for gist. This should be an
             ## url that does rewrites to _admin/gists/{gistid}.
             ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
             ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
             gist_alias_url =
-            ## List of controllers (using glob pattern syntax) that AUTH TOKENS could be
+            ## List of views (using glob pattern syntax) that AUTH TOKENS could be
             ## used for access.
             ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
             ## came from the the logged in user who own this authentication token.
             ##
-            ## Syntax is ControllerClass:function_pattern.
+            ## list of all views can be found under `_admin/permissions/auth_token_access`
-            ## To enable access to raw_files put `FilesController:raw`.
-            ## To enable access to patches add `ChangesetController:changeset_patch`.
             ## The list should be "," separated and on a single line.
             ##
-            ## Recommended controllers to enable:
+            ## Most common views to enable:
-            #    ChangesetController:changeset_patch,
+            #    ChangesetController:changeset_patch
-            #    ChangesetController:changeset_raw,
+            #    ChangesetController:changeset_raw
-            #    FilesController:raw,
+            #    RepoFilesView.repo_files_diff
-            #    FilesController:archivefile,
+            #    RepoFilesView.repo_archivefile
-            #    GistsController:*,
+            #    RepoFilesView.repo_file_raw
+            #    GistView:*
             api_access_controllers_whitelist =
             ## default encoding used to convert from and to unicode
             ## can be also a comma separated list of encoding in case of mixed encodings
             default_encoding = UTF-8
             ## instance-id prefix
             ## a prefix key for this instance used for cache invalidation when running
             ## multiple instances of rhodecode, make sure it's globally unique for
             ## all running rhodecode instances. Leave empty if you don't use it
             instance_id =
             ## Fallback authentication plugin. Set this to a plugin ID to force the usage
             ## of an authentication plugin also if it is disabled by it's settings.
             ## This could be useful if you are unable to log in to the system due to broken
             ## authentication settings. Then you can enable e.g. the internal rhodecode auth
             ## module to log in again and fix the settings.
             ##
             ## Available builtin plugin IDs (hash is part of the ID):
             ## egg:rhodecode-enterprise-ce#rhodecode
             ## egg:rhodecode-enterprise-ce#pam
             ## egg:rhodecode-enterprise-ce#ldap
             ## egg:rhodecode-enterprise-ce#jasig_cas
             ## egg:rhodecode-enterprise-ce#headers
             ## egg:rhodecode-enterprise-ce#crowd
             #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
             ## alternative return HTTP header for failed authentication. Default HTTP
             ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
             ## handling that causing a series of failed authentication calls.
             ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
             ## This will be served instead of default 401 on bad authnetication
             auth_ret_code =
             ## use special detection method when serving auth_ret_code, instead of serving
             ## ret_code directly, use 401 initially (Which triggers credentials prompt)
             ## and then serve auth_ret_code to clients
             auth_ret_code_detection = false
             ## locking return code. When repository is locked return this HTTP code. 2XX
             ## codes don't break the transactions while 4XX codes do
             lock_ret_code = 423
             ## allows to change the repository location in settings page
             allow_repo_location_change = true
             ## allows to setup custom hooks in settings page
             allow_custom_hooks_settings = true
             ## generated license token, goto license page in RhodeCode settings to obtain
             ## new token
             license_token =
             ## supervisor connection uri, for managing supervisor and logs.
             supervisor.uri =
             ## supervisord group name/id we only want this RC instance to handle
             supervisor.group_id = dev
             ## Display extended labs settings
             labs_settings_active = true
             ####################################
             ###        CELERY CONFIG        ####
             ####################################
             use_celery = false
             broker.host = localhost
             broker.vhost = rabbitmqhost
             broker.port = 5672
             broker.user = rabbitmq
             broker.password = qweqwe
             celery.imports = rhodecode.lib.celerylib.tasks
             celery.result.backend = amqp
             celery.result.dburi = amqp://
             celery.result.serialier = json
             #celery.send.task.error.emails = true
             #celery.amqp.task.result.expires = 18000
             celeryd.concurrency = 2
             #celeryd.log.file = celeryd.log
             celeryd.log.level = debug
             celeryd.max.tasks.per.child = 1
             ## tasks will never be sent to the queue, but executed locally instead.
             celery.always.eager = false
             ####################################
             ###         BEAKER CACHE        ####
             ####################################
             # default cache dir for templates.  Putting this into a ramdisk
             ## can boost performance, eg. %(here)s/data_ramdisk
             cache_dir = %(here)s/data
             ## locking and default file storage for Beaker. Putting this into a ramdisk
             ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
             beaker.cache.data_dir = %(here)s/data/cache/beaker_data
             beaker.cache.lock_dir = %(here)s/data/cache/beaker_lock
             beaker.cache.regions = super_short_term, short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long
             beaker.cache.super_short_term.type = memory
             beaker.cache.super_short_term.expire = 10
             beaker.cache.super_short_term.key_length = 256
             beaker.cache.short_term.type = memory
             beaker.cache.short_term.expire = 60
             beaker.cache.short_term.key_length = 256
             beaker.cache.long_term.type = memory
             beaker.cache.long_term.expire = 36000
             beaker.cache.long_term.key_length = 256
             beaker.cache.sql_cache_short.type = memory
             beaker.cache.sql_cache_short.expire = 10
             beaker.cache.sql_cache_short.key_length = 256
             ## default is memory cache, configure only if required
             ## using multi-node or multi-worker setup
             #beaker.cache.auth_plugins.type = ext:database
             #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
             #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
             #beaker.cache.auth_plugins.url = mysql://root:secret@127.0.0.1/rhodecode
             #beaker.cache.auth_plugins.sa.pool_recycle = 3600
             #beaker.cache.auth_plugins.sa.pool_size = 10
             #beaker.cache.auth_plugins.sa.max_overflow = 0
             beaker.cache.repo_cache_long.type = memorylru_base
             beaker.cache.repo_cache_long.max_items = 4096
             beaker.cache.repo_cache_long.expire = 2592000
             ## default is memorylru_base cache, configure only if required
             ## using multi-node or multi-worker setup
             #beaker.cache.repo_cache_long.type = ext:memcached
             #beaker.cache.repo_cache_long.url = localhost:11211
             #beaker.cache.repo_cache_long.expire = 1209600
             #beaker.cache.repo_cache_long.key_length = 256
             ####################################
             ###       BEAKER SESSION        ####
             ####################################
             ## .session.type is type of storage options for the session, current allowed
             ## types are file, ext:memcached, ext:database, and memory (default).
             beaker.session.type = file
             beaker.session.data_dir = %(here)s/data/sessions/data
             ## db based session, fast, and allows easy management over logged in users
             #beaker.session.type = ext:database
             #beaker.session.table_name = db_session
             #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
             #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
             #beaker.session.sa.pool_recycle = 3600
             #beaker.session.sa.echo = false
             beaker.session.key = rhodecode
             beaker.session.secret = develop-rc-uytcxaz
             beaker.session.lock_dir = %(here)s/data/sessions/lock
             ## Secure encrypted cookie. Requires AES and AES python libraries
             ## you must disable beaker.session.secret to use this
             #beaker.session.encrypt_key = key_for_encryption
             #beaker.session.validate_key = validation_key
             ## sets session as invalid(also logging out user) if it haven not been
             ## accessed for given amount of time in seconds
             beaker.session.timeout = 2592000
             beaker.session.httponly = true
             ## Path to use for the cookie. Set to prefix if you use prefix middleware
             #beaker.session.cookie_path = /custom_prefix
             ## uncomment for https secure cookie
             beaker.session.secure = false
             ## auto save the session to not to use .save()
             beaker.session.auto = false
             ## default cookie expiration time in seconds, set to `true` to set expire
             ## at browser close
             #beaker.session.cookie_expires = 3600
             ###################################
             ## SEARCH INDEXING CONFIGURATION ##
             ###################################
             ## Full text search indexer is available in rhodecode-tools under
             ## `rhodecode-tools index` command
             ## WHOOSH Backend, doesn't require additional services to run
             ## it works good with few dozen repos
             search.module = rhodecode.lib.index.whoosh
             search.location = %(here)s/data/index
             ########################################
             ###    CHANNELSTREAM CONFIG         ####
             ########################################
             ## channelstream enables persistent connections and live notification
             ## in the system. It's also used by the chat system
             channelstream.enabled = false
             ## server address for channelstream server on the backend
             channelstream.server = 127.0.0.1:9800
             ## location of the channelstream server from outside world
             ## use ws:// for http or wss:// for https. This address needs to be handled
             ## by external HTTP server such as Nginx or Apache
             ## see nginx/apache configuration examples in our docs
             channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
             channelstream.secret = secret
             channelstream.history.location = %(here)s/channelstream_history
             ## Internal application path that Javascript uses to connect into.
             ## If you use proxy-prefix the prefix should be added before /_channelstream
             channelstream.proxy_path = /_channelstream
             ###################################
             ##       APPENLIGHT CONFIG       ##
             ###################################
             ## Appenlight is tailored to work with RhodeCode, see
             ## http://appenlight.com for details how to obtain an account
             ## appenlight integration enabled
             appenlight = false
             appenlight.server_url = https://api.appenlight.com
             appenlight.api_key = YOUR_API_KEY
             #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
             # used for JS client
             appenlight.api_public_key = YOUR_API_PUBLIC_KEY
             ## TWEAK AMOUNT OF INFO SENT HERE
             ## enables 404 error logging (default False)
             appenlight.report_404 = false
             ## time in seconds after request is considered being slow (default 1)
             appenlight.slow_request_time = 1
             ## record slow requests in application
             ## (needs to be enabled for slow datastore recording and time tracking)
             appenlight.slow_requests = true
             ## enable hooking to application loggers
             appenlight.logging = true
             ## minimum log level for log capture
             appenlight.logging.level = WARNING
             ## send logs only from erroneous/slow requests
             ## (saves API quota for intensive logging)
             appenlight.logging_on_error = false
             ## list of additonal keywords that should be grabbed from environ object
             ## can be string with comma separated list of words in lowercase
             ## (by default client will always send following info:
             ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
             ## start with HTTP* this list be extended with additional keywords here
             appenlight.environ_keys_whitelist =
             ## list of keywords that should be blanked from request object
             ## can be string with comma separated list of words in lowercase
             ## (by default client will always blank keys that contain following words
             ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
             ## this list be extended with additional keywords set here
             appenlight.request_keys_blacklist =
             ## list of namespaces that should be ignores when gathering log entries
             ## can be string with comma separated list of namespaces
             ## (by default the client ignores own entries: appenlight_client.client)
             appenlight.log_namespace_blacklist =
             ################################################################################
             ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*  ##
             ## Debug mode will enable the interactive debugging tool, allowing ANYONE to  ##
             ## execute malicious code after an exception is raised.                       ##
             ################################################################################
             #set debug = false
             ##############
             ## STYLING  ##
             ##############
             debug_style = true
             ###########################################
             ###   MAIN RHODECODE DATABASE CONFIG    ###
             ###########################################
             #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
             #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
             #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
             sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
             # see sqlalchemy docs for other advanced settings
             ## print the sql statements to output
             sqlalchemy.db1.echo = false
             ## recycle the connections after this amount of seconds
             sqlalchemy.db1.pool_recycle = 3600
             sqlalchemy.db1.convert_unicode = true
             ## the number of connections to keep open inside the connection pool.
             ## 0 indicates no limit
             #sqlalchemy.db1.pool_size = 5
             ## the number of connections to allow in connection pool "overflow", that is
             ## connections that can be opened above and beyond the pool_size setting,
             ## which defaults to five.
             #sqlalchemy.db1.max_overflow = 10
             ##################
             ### VCS CONFIG ###
             ##################
             vcs.server.enable = true
             vcs.server = localhost:9900
             ## Web server connectivity protocol, responsible for web based VCS operatations
             ## Available protocols are:
             ## `http` - use http-rpc backend (default)
             vcs.server.protocol = http
             ## Push/Pull operations protocol, available options are:
             ## `http` - use http-rpc backend (default)
             ##
             vcs.scm_app_implementation = http
             ## Push/Pull operations hooks protocol, available options are:
             ## `http` - use http-rpc backend (default)
             vcs.hooks.protocol = http
             vcs.server.log_level = debug
             ## Start VCSServer with this instance as a subprocess, usefull for development
             vcs.start_server = true
             ## List of enabled VCS backends, available options are:
             ## `hg`  - mercurial
             ## `git` - git
             ## `svn` - subversion
             vcs.backends = hg, git, svn
             vcs.connection_timeout = 3600
             ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
             ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible
             #vcs.svn.compatible_version = pre-1.8-compatible
             ############################################################
             ### Subversion proxy support (mod_dav_svn)               ###
             ### Maps RhodeCode repo groups into SVN paths for Apache ###
             ############################################################
             ## Enable or disable the config file generation.
             svn.proxy.generate_config = false
             ## Generate config file with `SVNListParentPath` set to `On`.
             svn.proxy.list_parent_path = true
             ## Set location and file name of generated config file.
             svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
             ## Used as a prefix to the `Location` block in the generated config file.
             ## In most cases it should be set to `/`.
             svn.proxy.location_root = /
             ## Command to reload the mod dav svn configuration on change.
             ## Example: `/etc/init.d/apache2 reload`
             #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
             ## If the timeout expires before the reload command finishes, the command will
             ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
             #svn.proxy.reload_timeout = 10
             ## Dummy marker to add new entries after.
             ## Add any custom entries below. Please don't remove.
             custom.conf = 1
             ################################
             ### LOGGING CONFIGURATION   ####
             ################################
             [loggers]
             keys = root, routes, rhodecode, sqlalchemy, beaker, templates
             [handlers]
             keys = console, console_sql
             [formatters]
             keys = generic, color_formatter, color_formatter_sql
             #############
             ## LOGGERS ##
             #############
             [logger_root]
             level = NOTSET
             handlers = console
             [logger_routes]
             level = DEBUG
             handlers =
             qualname = routes.middleware
             ## "level = DEBUG" logs the route matched and routing variables.
             propagate = 1
             [logger_beaker]
             level = DEBUG
             handlers =
             qualname = beaker.container
             propagate = 1
             [logger_templates]
             level = INFO
             handlers =
             qualname = pylons.templating
             propagate = 1
             [logger_rhodecode]
             level = DEBUG
             handlers =
             qualname = rhodecode
             propagate = 1
             [logger_sqlalchemy]
             level = INFO
             handlers = console_sql
             qualname = sqlalchemy.engine
             propagate = 0
             ##############
             ## HANDLERS ##
             ##############
             [handler_console]
             class = StreamHandler
             args = (sys.stderr, )
             level = DEBUG
             formatter = color_formatter
             [handler_console_sql]
             class = StreamHandler
             args = (sys.stderr, )
             level = DEBUG
             formatter = color_formatter_sql
             ################
             ## FORMATTERS ##
             ################
             [formatter_generic]
             class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
             format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S
             [formatter_color_formatter]
             class = rhodecode.lib.logging_formatter.ColorFormatter
             format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S
             [formatter_color_formatter_sql]
             class = rhodecode.lib.logging_formatter.ColorFormatterSql
             format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S

configs/production.ini

0 +9 -10

             ################################################################################
             ##                 RHODECODE COMMUNITY EDITION CONFIGURATION                  ##
             # The %(here)s variable will be replaced with the parent directory of this file#
             ################################################################################
             [DEFAULT]
             debug = true
             ################################################################################
             ##                            EMAIL CONFIGURATION                             ##
             ## Uncomment and replace with the email address which should receive          ##
             ## any error reports after an application crash                               ##
             ## Additionally these settings will be used by the RhodeCode mailing system   ##
             ################################################################################
             ## prefix all emails subjects with given prefix, helps filtering out emails
             #email_prefix = [RhodeCode]
             ## email FROM address all mails will be sent
             #app_email_from = rhodecode-noreply@localhost
             ## Uncomment and replace with the address which should receive any error report
             ## note: using appenlight for error handling doesn't need this to be uncommented
             #email_to = admin@localhost
             ## in case of Application errors, sent an error email form
             #error_email_from = rhodecode_error@localhost
             ## additional error message to be send in case of server crash
             #error_message =
             #smtp_server = mail.server.com
             #smtp_username =
             #smtp_password =
             #smtp_port =
             #smtp_use_tls = false
             #smtp_use_ssl = true
             ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
             #smtp_auth =
             [server:main]
             ## COMMON ##
             host = 127.0.0.1
             port = 5000
             ##################################
             ##     WAITRESS WSGI SERVER     ##
             ## Recommended for Development  ##
             ##################################
             #use = egg:waitress#main
             ## number of worker threads
             #threads = 5
             ## MAX BODY SIZE 100GB
             #max_request_body_size = 107374182400
             ## Use poll instead of select, fixes file descriptors limits problems.
             ## May not work on old windows systems.
             #asyncore_use_poll = true
             ##########################
             ## GUNICORN WSGI SERVER ##
             ##########################
             ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
             use = egg:gunicorn#main
             ## Sets the number of process workers. You must set `instance_id = *`
             ## when this option is set to more than one worker, recommended
             ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
             ## The `instance_id = *` must be set in the [app:main] section below
             workers = 2
             ## number of threads for each of the worker, must be set to 1 for gevent
             ## generally recommened to be at 1
             #threads = 1
             ## process name
             proc_name = rhodecode
             ## type of worker class, one of sync, gevent
             ## recommended for bigger setup is using of of other than sync one
             worker_class = sync
             ## The maximum number of simultaneous clients. Valid only for Gevent
             #worker_connections = 10
             ## max number of requests that worker will handle before being gracefully
             ## restarted, could prevent memory leaks
             max_requests = 1000
             max_requests_jitter = 30
             ## amount of time a worker can spend with handling a request before it
             ## gets killed and restarted. Set to 6hrs
             timeout = 21600
             ## prefix middleware for RhodeCode.
             ## recommended when using proxy setup.
             ## allows to set RhodeCode under a prefix in server.
             ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
             ## And set your prefix like: `prefix = /custom_prefix`
             ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
             ## to make your cookies only work on prefix url
             [filter:proxy-prefix]
             use = egg:PasteDeploy#prefix
             prefix = /
             [app:main]
             use = egg:rhodecode-enterprise-ce
             ## enable proxy prefix middleware, defined above
             #filter-with = proxy-prefix
             ## encryption key used to encrypt social plugin tokens,
             ## remote_urls with credentials etc, if not set it defaults to
             ## `beaker.session.secret`
             #rhodecode.encrypted_values.secret =
             ## decryption strict mode (enabled by default). It controls if decryption raises
             ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
             #rhodecode.encrypted_values.strict = false
             ## return gzipped responses from Rhodecode (static files/application)
             gzip_responses = false
             ## autogenerate javascript routes file on startup
             generate_js_files = false
             ## Optional Languages
             ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
             lang = en
             ## perform a full repository scan on each server start, this should be
             ## set to false after first startup, to allow faster server restarts.
             startup.import_repos = false
             ## Uncomment and set this path to use archive download cache.
             ## Once enabled, generated archives will be cached at this location
             ## and served from the cache during subsequent requests for the same archive of
             ## the repository.
             #archive_cache_dir = /tmp/tarballcache
             ## change this to unique ID for security
             app_instance_uuid = rc-production
             ## cut off limit for large diffs (size in bytes)
             cut_off_limit_diff = 1024000
             cut_off_limit_file = 256000
             ## use cache version of scm repo everywhere
             vcs_full_cache = true
             ## force https in RhodeCode, fixes https redirects, assumes it's always https
             ## Normally this is controlled by proper http flags sent from http server
             force_https = false
             ## use Strict-Transport-Security headers
             use_htsts = false
             ## number of commits stats will parse on each iteration
             commit_parse_limit = 25
             ## git rev filter option, --all is the default filter, if you need to
             ## hide all refs in changelog switch this to --branches --tags
             git_rev_filter = --branches --tags
             # Set to true if your repos are exposed using the dumb protocol
             git_update_server_info = false
             ## RSS/ATOM feed options
             rss_cut_off_limit = 256000
             rss_items_per_page = 10
             rss_include_diff = false
             ## gist URL alias, used to create nicer urls for gist. This should be an
             ## url that does rewrites to _admin/gists/{gistid}.
             ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
             ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
             gist_alias_url =
-            ## List of controllers (using glob pattern syntax) that AUTH TOKENS could be
+            ## List of views (using glob pattern syntax) that AUTH TOKENS could be
             ## used for access.
             ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
             ## came from the the logged in user who own this authentication token.
             ##
-            ## Syntax is ControllerClass:function_pattern.
+            ## list of all views can be found under `_admin/permissions/auth_token_access`
-            ## To enable access to raw_files put `FilesController:raw`.
-            ## To enable access to patches add `ChangesetController:changeset_patch`.
             ## The list should be "," separated and on a single line.
             ##
-            ## Recommended controllers to enable:
+            ## Most common views to enable:
-            #    ChangesetController:changeset_patch,
+            #    ChangesetController:changeset_patch
-            #    ChangesetController:changeset_raw,
+            #    ChangesetController:changeset_raw
-            #    FilesController:raw,
+            #    RepoFilesView.repo_files_diff
-            #    FilesController:archivefile,
+            #    RepoFilesView.repo_archivefile
-            #    GistsController:*,
+            #    RepoFilesView.repo_file_raw
+            #    GistView:*
             api_access_controllers_whitelist =
             ## default encoding used to convert from and to unicode
             ## can be also a comma separated list of encoding in case of mixed encodings
             default_encoding = UTF-8
             ## instance-id prefix
             ## a prefix key for this instance used for cache invalidation when running
             ## multiple instances of rhodecode, make sure it's globally unique for
             ## all running rhodecode instances. Leave empty if you don't use it
             instance_id =
             ## Fallback authentication plugin. Set this to a plugin ID to force the usage
             ## of an authentication plugin also if it is disabled by it's settings.
             ## This could be useful if you are unable to log in to the system due to broken
             ## authentication settings. Then you can enable e.g. the internal rhodecode auth
             ## module to log in again and fix the settings.
             ##
             ## Available builtin plugin IDs (hash is part of the ID):
             ## egg:rhodecode-enterprise-ce#rhodecode
             ## egg:rhodecode-enterprise-ce#pam
             ## egg:rhodecode-enterprise-ce#ldap
             ## egg:rhodecode-enterprise-ce#jasig_cas
             ## egg:rhodecode-enterprise-ce#headers
             ## egg:rhodecode-enterprise-ce#crowd
             #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
             ## alternative return HTTP header for failed authentication. Default HTTP
             ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
             ## handling that causing a series of failed authentication calls.
             ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
             ## This will be served instead of default 401 on bad authnetication
             auth_ret_code =
             ## use special detection method when serving auth_ret_code, instead of serving
             ## ret_code directly, use 401 initially (Which triggers credentials prompt)
             ## and then serve auth_ret_code to clients
             auth_ret_code_detection = false
             ## locking return code. When repository is locked return this HTTP code. 2XX
             ## codes don't break the transactions while 4XX codes do
             lock_ret_code = 423
             ## allows to change the repository location in settings page
             allow_repo_location_change = true
             ## allows to setup custom hooks in settings page
             allow_custom_hooks_settings = true
             ## generated license token, goto license page in RhodeCode settings to obtain
             ## new token
             license_token =
             ## supervisor connection uri, for managing supervisor and logs.
             supervisor.uri =
             ## supervisord group name/id we only want this RC instance to handle
             supervisor.group_id = prod
             ## Display extended labs settings
             labs_settings_active = true
             ####################################
             ###        CELERY CONFIG        ####
             ####################################
             use_celery = false
             broker.host = localhost
             broker.vhost = rabbitmqhost
             broker.port = 5672
             broker.user = rabbitmq
             broker.password = qweqwe
             celery.imports = rhodecode.lib.celerylib.tasks
             celery.result.backend = amqp
             celery.result.dburi = amqp://
             celery.result.serialier = json
             #celery.send.task.error.emails = true
             #celery.amqp.task.result.expires = 18000
             celeryd.concurrency = 2
             #celeryd.log.file = celeryd.log
             celeryd.log.level = debug
             celeryd.max.tasks.per.child = 1
             ## tasks will never be sent to the queue, but executed locally instead.
             celery.always.eager = false
             ####################################
             ###         BEAKER CACHE        ####
             ####################################
             # default cache dir for templates.  Putting this into a ramdisk
             ## can boost performance, eg. %(here)s/data_ramdisk
             cache_dir = %(here)s/data
             ## locking and default file storage for Beaker. Putting this into a ramdisk
             ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
             beaker.cache.data_dir = %(here)s/data/cache/beaker_data
             beaker.cache.lock_dir = %(here)s/data/cache/beaker_lock
             beaker.cache.regions = super_short_term, short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long
             beaker.cache.super_short_term.type = memory
             beaker.cache.super_short_term.expire = 10
             beaker.cache.super_short_term.key_length = 256
             beaker.cache.short_term.type = memory
             beaker.cache.short_term.expire = 60
             beaker.cache.short_term.key_length = 256
             beaker.cache.long_term.type = memory
             beaker.cache.long_term.expire = 36000
             beaker.cache.long_term.key_length = 256
             beaker.cache.sql_cache_short.type = memory
             beaker.cache.sql_cache_short.expire = 10
             beaker.cache.sql_cache_short.key_length = 256
             ## default is memory cache, configure only if required
             ## using multi-node or multi-worker setup
             #beaker.cache.auth_plugins.type = ext:database
             #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
             #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
             #beaker.cache.auth_plugins.url = mysql://root:secret@127.0.0.1/rhodecode
             #beaker.cache.auth_plugins.sa.pool_recycle = 3600
             #beaker.cache.auth_plugins.sa.pool_size = 10
             #beaker.cache.auth_plugins.sa.max_overflow = 0
             beaker.cache.repo_cache_long.type = memorylru_base
             beaker.cache.repo_cache_long.max_items = 4096
             beaker.cache.repo_cache_long.expire = 2592000
             ## default is memorylru_base cache, configure only if required
             ## using multi-node or multi-worker setup
             #beaker.cache.repo_cache_long.type = ext:memcached
             #beaker.cache.repo_cache_long.url = localhost:11211
             #beaker.cache.repo_cache_long.expire = 1209600
             #beaker.cache.repo_cache_long.key_length = 256
             ####################################
             ###       BEAKER SESSION        ####
             ####################################
             ## .session.type is type of storage options for the session, current allowed
             ## types are file, ext:memcached, ext:database, and memory (default).
             beaker.session.type = file
             beaker.session.data_dir = %(here)s/data/sessions/data
             ## db based session, fast, and allows easy management over logged in users
             #beaker.session.type = ext:database
             #beaker.session.table_name = db_session
             #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
             #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
             #beaker.session.sa.pool_recycle = 3600
             #beaker.session.sa.echo = false
             beaker.session.key = rhodecode
             beaker.session.secret = production-rc-uytcxaz
             beaker.session.lock_dir = %(here)s/data/sessions/lock
             ## Secure encrypted cookie. Requires AES and AES python libraries
             ## you must disable beaker.session.secret to use this
             #beaker.session.encrypt_key = key_for_encryption
             #beaker.session.validate_key = validation_key
             ## sets session as invalid(also logging out user) if it haven not been
             ## accessed for given amount of time in seconds
             beaker.session.timeout = 2592000
             beaker.session.httponly = true
             ## Path to use for the cookie. Set to prefix if you use prefix middleware
             #beaker.session.cookie_path = /custom_prefix
             ## uncomment for https secure cookie
             beaker.session.secure = false
             ## auto save the session to not to use .save()
             beaker.session.auto = false
             ## default cookie expiration time in seconds, set to `true` to set expire
             ## at browser close
             #beaker.session.cookie_expires = 3600
             ###################################
             ## SEARCH INDEXING CONFIGURATION ##
             ###################################
             ## Full text search indexer is available in rhodecode-tools under
             ## `rhodecode-tools index` command
             ## WHOOSH Backend, doesn't require additional services to run
             ## it works good with few dozen repos
             search.module = rhodecode.lib.index.whoosh
             search.location = %(here)s/data/index
             ########################################
             ###    CHANNELSTREAM CONFIG         ####
             ########################################
             ## channelstream enables persistent connections and live notification
             ## in the system. It's also used by the chat system
             channelstream.enabled = false
             ## server address for channelstream server on the backend
             channelstream.server = 127.0.0.1:9800
             ## location of the channelstream server from outside world
             ## use ws:// for http or wss:// for https. This address needs to be handled
             ## by external HTTP server such as Nginx or Apache
             ## see nginx/apache configuration examples in our docs
             channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
             channelstream.secret = secret
             channelstream.history.location = %(here)s/channelstream_history
             ## Internal application path that Javascript uses to connect into.
             ## If you use proxy-prefix the prefix should be added before /_channelstream
             channelstream.proxy_path = /_channelstream
             ###################################
             ##       APPENLIGHT CONFIG       ##
             ###################################
             ## Appenlight is tailored to work with RhodeCode, see
             ## http://appenlight.com for details how to obtain an account
             ## appenlight integration enabled
             appenlight = false
             appenlight.server_url = https://api.appenlight.com
             appenlight.api_key = YOUR_API_KEY
             #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
             # used for JS client
             appenlight.api_public_key = YOUR_API_PUBLIC_KEY
             ## TWEAK AMOUNT OF INFO SENT HERE
             ## enables 404 error logging (default False)
             appenlight.report_404 = false
             ## time in seconds after request is considered being slow (default 1)
             appenlight.slow_request_time = 1
             ## record slow requests in application
             ## (needs to be enabled for slow datastore recording and time tracking)
             appenlight.slow_requests = true
             ## enable hooking to application loggers
             appenlight.logging = true
             ## minimum log level for log capture
             appenlight.logging.level = WARNING
             ## send logs only from erroneous/slow requests
             ## (saves API quota for intensive logging)
             appenlight.logging_on_error = false
             ## list of additonal keywords that should be grabbed from environ object
             ## can be string with comma separated list of words in lowercase
             ## (by default client will always send following info:
             ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
             ## start with HTTP* this list be extended with additional keywords here
             appenlight.environ_keys_whitelist =
             ## list of keywords that should be blanked from request object
             ## can be string with comma separated list of words in lowercase
             ## (by default client will always blank keys that contain following words
             ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
             ## this list be extended with additional keywords set here
             appenlight.request_keys_blacklist =
             ## list of namespaces that should be ignores when gathering log entries
             ## can be string with comma separated list of namespaces
             ## (by default the client ignores own entries: appenlight_client.client)
             appenlight.log_namespace_blacklist =
             ################################################################################
             ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*  ##
             ## Debug mode will enable the interactive debugging tool, allowing ANYONE to  ##
             ## execute malicious code after an exception is raised.                       ##
             ################################################################################
             set debug = false
             ###########################################
             ###   MAIN RHODECODE DATABASE CONFIG    ###
             ###########################################
             #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
             #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
             #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
             sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
             # see sqlalchemy docs for other advanced settings
             ## print the sql statements to output
             sqlalchemy.db1.echo = false
             ## recycle the connections after this amount of seconds
             sqlalchemy.db1.pool_recycle = 3600
             sqlalchemy.db1.convert_unicode = true
             ## the number of connections to keep open inside the connection pool.
             ## 0 indicates no limit
             #sqlalchemy.db1.pool_size = 5
             ## the number of connections to allow in connection pool "overflow", that is
             ## connections that can be opened above and beyond the pool_size setting,
             ## which defaults to five.
             #sqlalchemy.db1.max_overflow = 10
             ##################
             ### VCS CONFIG ###
             ##################
             vcs.server.enable = true
             vcs.server = localhost:9900
             ## Web server connectivity protocol, responsible for web based VCS operatations
             ## Available protocols are:
             ## `http` - use http-rpc backend (default)
             vcs.server.protocol = http
             ## Push/Pull operations protocol, available options are:
             ## `http` - use http-rpc backend (default)
             ##
             vcs.scm_app_implementation = http
             ## Push/Pull operations hooks protocol, available options are:
             ## `http` - use http-rpc backend (default)
             vcs.hooks.protocol = http
             vcs.server.log_level = info
             ## Start VCSServer with this instance as a subprocess, usefull for development
             vcs.start_server = false
             ## List of enabled VCS backends, available options are:
             ## `hg`  - mercurial
             ## `git` - git
             ## `svn` - subversion
             vcs.backends = hg, git, svn
             vcs.connection_timeout = 3600
             ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
             ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible
             #vcs.svn.compatible_version = pre-1.8-compatible
             ############################################################
             ### Subversion proxy support (mod_dav_svn)               ###
             ### Maps RhodeCode repo groups into SVN paths for Apache ###
             ############################################################
             ## Enable or disable the config file generation.
             svn.proxy.generate_config = false
             ## Generate config file with `SVNListParentPath` set to `On`.
             svn.proxy.list_parent_path = true
             ## Set location and file name of generated config file.
             svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
             ## Used as a prefix to the `Location` block in the generated config file.
             ## In most cases it should be set to `/`.
             svn.proxy.location_root = /
             ## Command to reload the mod dav svn configuration on change.
             ## Example: `/etc/init.d/apache2 reload`
             #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
             ## If the timeout expires before the reload command finishes, the command will
             ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
             #svn.proxy.reload_timeout = 10
             ## Dummy marker to add new entries after.
             ## Add any custom entries below. Please don't remove.
             custom.conf = 1
             ################################
             ### LOGGING CONFIGURATION   ####
             ################################
             [loggers]
             keys = root, routes, rhodecode, sqlalchemy, beaker, templates
             [handlers]
             keys = console, console_sql
             [formatters]
             keys = generic, color_formatter, color_formatter_sql
             #############
             ## LOGGERS ##
             #############
             [logger_root]
             level = NOTSET
             handlers = console
             [logger_routes]
             level = DEBUG
             handlers =
             qualname = routes.middleware
             ## "level = DEBUG" logs the route matched and routing variables.
             propagate = 1
             [logger_beaker]
             level = DEBUG
             handlers =
             qualname = beaker.container
             propagate = 1
             [logger_templates]
             level = INFO
             handlers =
             qualname = pylons.templating
             propagate = 1
             [logger_rhodecode]
             level = DEBUG
             handlers =
             qualname = rhodecode
             propagate = 1
             [logger_sqlalchemy]
             level = INFO
             handlers = console_sql
             qualname = sqlalchemy.engine
             propagate = 0
             ##############
             ## HANDLERS ##
             ##############
             [handler_console]
             class = StreamHandler
             args = (sys.stderr, )
             level = INFO
             formatter = generic
             [handler_console_sql]
             class = StreamHandler
             args = (sys.stderr, )
             level = WARN
             formatter = generic
             ################
             ## FORMATTERS ##
             ################
             [formatter_generic]
             class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
             format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S
             [formatter_color_formatter]
             class = rhodecode.lib.logging_formatter.ColorFormatter
             format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S
             [formatter_color_formatter_sql]
             class = rhodecode.lib.logging_formatter.ColorFormatterSql
             format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S

rhodecode/apps/admin/__init__.py

0 +4 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2017  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             from rhodecode.apps.admin.navigation import NavigationRegistry
             from rhodecode.config.routing import ADMIN_PREFIX
             from rhodecode.lib.utils2 import str2bool
             def admin_routes(config):
                 """
                 Admin prefixed routes
                 """
                 config.add_route(
                     name='admin_audit_logs',
                     pattern='/audit_logs')
                 config.add_route(
                     name='pull_requests_global_0',  # backward compat
                     pattern='/pull_requests/{pull_request_id:[0-9]+}')
                 config.add_route(
                     name='pull_requests_global_1',  # backward compat
                     pattern='/pull-requests/{pull_request_id:[0-9]+}')
                 config.add_route(
                     name='pull_requests_global',
                     pattern='/pull-request/{pull_request_id:[0-9]+}')
                 config.add_route(
                     name='admin_settings_open_source',
                     pattern='/settings/open_source')
                 config.add_route(
                     name='admin_settings_vcs_svn_generate_cfg',
                     pattern='/settings/vcs/svn_generate_cfg')
                 config.add_route(
                     name='admin_settings_system',
                     pattern='/settings/system')
                 config.add_route(
                     name='admin_settings_system_update',
                     pattern='/settings/system/updates')
                 config.add_route(
                     name='admin_settings_sessions',
                     pattern='/settings/sessions')
                 config.add_route(
                     name='admin_settings_sessions_cleanup',
                     pattern='/settings/sessions/cleanup')
                 config.add_route(
                     name='admin_settings_process_management',
                     pattern='/settings/process_management')
                 config.add_route(
                     name='admin_settings_process_management_signal',
                     pattern='/settings/process_management/signal')
                 # global permissions
                 config.add_route(
                     name='admin_permissions_application',
                     pattern='/permissions/application')
                 config.add_route(
                     name='admin_permissions_application_update',
                     pattern='/permissions/application/update')
                 config.add_route(
                     name='admin_permissions_global',
                     pattern='/permissions/global')
                 config.add_route(
                     name='admin_permissions_global_update',
                     pattern='/permissions/global/update')
                 config.add_route(
                     name='admin_permissions_object',
                     pattern='/permissions/object')
                 config.add_route(
                     name='admin_permissions_object_update',
                     pattern='/permissions/object/update')
                 config.add_route(
                     name='admin_permissions_ips',
                     pattern='/permissions/ips')
                 config.add_route(
                     name='admin_permissions_overview',
                     pattern='/permissions/overview')
+                config.add_route(
+                    name='admin_permissions_auth_token_access',
+                    pattern='/permissions/auth_token_access')
                 # users admin
                 config.add_route(
                     name='users',
                     pattern='/users')
                 config.add_route(
                     name='users_data',
                     pattern='/users_data')
                 # user auth tokens
                 config.add_route(
                     name='edit_user_auth_tokens',
                     pattern='/users/{user_id:\d+}/edit/auth_tokens')
                 config.add_route(
                     name='edit_user_auth_tokens_add',
                     pattern='/users/{user_id:\d+}/edit/auth_tokens/new')
                 config.add_route(
                     name='edit_user_auth_tokens_delete',
                     pattern='/users/{user_id:\d+}/edit/auth_tokens/delete')
                 # user emails
                 config.add_route(
                     name='edit_user_emails',
                     pattern='/users/{user_id:\d+}/edit/emails')
                 config.add_route(
                     name='edit_user_emails_add',
                     pattern='/users/{user_id:\d+}/edit/emails/new')
                 config.add_route(
                     name='edit_user_emails_delete',
                     pattern='/users/{user_id:\d+}/edit/emails/delete')
                 # user IPs
                 config.add_route(
                     name='edit_user_ips',
                     pattern='/users/{user_id:\d+}/edit/ips')
                 config.add_route(
                     name='edit_user_ips_add',
                     pattern='/users/{user_id:\d+}/edit/ips/new')
                 config.add_route(
                     name='edit_user_ips_delete',
                     pattern='/users/{user_id:\d+}/edit/ips/delete')
                 # user groups management
                 config.add_route(
                     name='edit_user_groups_management',
                     pattern='/users/{user_id:\d+}/edit/groups_management')
                 config.add_route(
                     name='edit_user_groups_management_updates',
                     pattern='/users/{user_id:\d+}/edit/edit_user_groups_management/updates')
                 # user audit logs
                 config.add_route(
                     name='edit_user_audit_logs',
                     pattern='/users/{user_id:\d+}/edit/audit')
             def includeme(config):
                 settings = config.get_settings()
                 # Create admin navigation registry and add it to the pyramid registry.
                 labs_active = str2bool(settings.get('labs_settings_active', False))
                 navigation_registry = NavigationRegistry(labs_active=labs_active)
                 config.registry.registerUtility(navigation_registry)
                 # main admin routes
                 config.add_route(name='admin_home', pattern=ADMIN_PREFIX)
                 config.include(admin_routes, route_prefix=ADMIN_PREFIX)
                 # Scan module for configuration decorators.
                 config.scan()

rhodecode/apps/admin/views/permissions.py

0 +59 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2017  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
+            import re
             import logging
             import formencode
+            from pyramid.interfaces import IRoutesMapper
             from pyramid.view import view_config
             from pyramid.httpexceptions import HTTPFound
             from pyramid.renderers import render
             from pyramid.response import Response
             from rhodecode.apps._base import BaseAppView
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, CSRFRequired)
+            from rhodecode.lib.utils2 import aslist
             from rhodecode.model.db import User, UserIpMap
             from rhodecode.model.forms import (
                 ApplicationPermissionsForm, ObjectPermissionsForm, UserPermissionsForm)
             from rhodecode.model.meta import Session
             from rhodecode.model.permission import PermissionModel
             from rhodecode.model.settings import SettingsModel
             log = logging.getLogger(__name__)
             class AdminPermissionsView(BaseAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     self._register_global_c(c)
                     PermissionModel().set_global_permission_choices(
                         c, gettext_translator=self.request.translate)
                     return c
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_permissions_application', request_method='GET',
                     renderer='rhodecode:templates/admin/permissions/permissions.mako')
                 def permissions_application(self):
                     c = self.load_default_context()
                     c.active = 'application'
                     c.user = User.get_default_user(refresh=True)
                     app_settings = SettingsModel().get_all_settings()
                     defaults = {
                         'anonymous': c.user.active,
                         'default_register_message': app_settings.get(
                             'rhodecode_register_message')
                     }
                     defaults.update(c.user.get_default_perms())
                     data = render('rhodecode:templates/admin/permissions/permissions.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_permissions_application_update', request_method='POST',
                     renderer='rhodecode:templates/admin/permissions/permissions.mako')
                 def permissions_application_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'application'
                     _form = ApplicationPermissionsForm(
                         [x[0] for x in c.register_choices],
                         [x[0] for x in c.password_reset_choices],
                         [x[0] for x in c.extern_activate_choices])()
                     try:
                         form_result = _form.to_python(dict(self.request.POST))
                         form_result.update({'perm_user_name': User.DEFAULT_USER})
                         PermissionModel().update_application_permissions(form_result)
                         settings = [
                             ('register_message', 'default_register_message'),
                         ]
                         for setting, form_key in settings:
                             sett = SettingsModel().create_or_update_setting(
                                 setting, form_result[form_key])
                             Session().add(sett)
                         Session().commit()
                         h.flash(_('Application permissions updated successfully'),
                                 category='success')
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         data = render(
                             'rhodecode:templates/admin/permissions/permissions.mako',
                             self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=defaults,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     except Exception:
                         log.exception("Exception during update of permissions")
                         h.flash(_('Error occurred during update of permissions'),
                                 category='error')
                     raise HTTPFound(h.route_path('admin_permissions_application'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_permissions_object', request_method='GET',
                     renderer='rhodecode:templates/admin/permissions/permissions.mako')
                 def permissions_objects(self):
                     c = self.load_default_context()
                     c.active = 'objects'
                     c.user = User.get_default_user(refresh=True)
                     defaults = {}
                     defaults.update(c.user.get_default_perms())
                     data = render(
                         'rhodecode:templates/admin/permissions/permissions.mako',
                         self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_permissions_object_update', request_method='POST',
                     renderer='rhodecode:templates/admin/permissions/permissions.mako')
                 def permissions_objects_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'objects'
                     _form = ObjectPermissionsForm(
                         [x[0] for x in c.repo_perms_choices],
                         [x[0] for x in c.group_perms_choices],
                         [x[0] for x in c.user_group_perms_choices])()
                     try:
                         form_result = _form.to_python(dict(self.request.POST))
                         form_result.update({'perm_user_name': User.DEFAULT_USER})
                         PermissionModel().update_object_permissions(form_result)
                         Session().commit()
                         h.flash(_('Object permissions updated successfully'),
                                 category='success')
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         data = render(
                             'rhodecode:templates/admin/permissions/permissions.mako',
                             self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=defaults,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     except Exception:
                         log.exception("Exception during update of permissions")
                         h.flash(_('Error occurred during update of permissions'),
                                 category='error')
                     raise HTTPFound(h.route_path('admin_permissions_object'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_permissions_global', request_method='GET',
                     renderer='rhodecode:templates/admin/permissions/permissions.mako')
                 def permissions_global(self):
                     c = self.load_default_context()
                     c.active = 'global'
                     c.user = User.get_default_user(refresh=True)
                     defaults = {}
                     defaults.update(c.user.get_default_perms())
                     data = render(
                         'rhodecode:templates/admin/permissions/permissions.mako',
                         self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_permissions_global_update', request_method='POST',
                     renderer='rhodecode:templates/admin/permissions/permissions.mako')
                 def permissions_global_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'global'
                     _form = UserPermissionsForm(
                         [x[0] for x in c.repo_create_choices],
                         [x[0] for x in c.repo_create_on_write_choices],
                         [x[0] for x in c.repo_group_create_choices],
                         [x[0] for x in c.user_group_create_choices],
                         [x[0] for x in c.fork_choices],
                         [x[0] for x in c.inherit_default_permission_choices])()
                     try:
                         form_result = _form.to_python(dict(self.request.POST))
                         form_result.update({'perm_user_name': User.DEFAULT_USER})
                         PermissionModel().update_user_permissions(form_result)
                         Session().commit()
                         h.flash(_('Global permissions updated successfully'),
                                 category='success')
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         data = render(
                             'rhodecode:templates/admin/permissions/permissions.mako',
                             self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=defaults,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     except Exception:
                         log.exception("Exception during update of permissions")
                         h.flash(_('Error occurred during update of permissions'),
                                 category='error')
                     raise HTTPFound(h.route_path('admin_permissions_global'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_permissions_ips', request_method='GET',
                     renderer='rhodecode:templates/admin/permissions/permissions.mako')
                 def permissions_ips(self):
                     c = self.load_default_context()
                     c.active = 'ips'
                     c.user = User.get_default_user(refresh=True)
                     c.user_ip_map = (
                         UserIpMap.query().filter(UserIpMap.user == c.user).all())
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_permissions_overview', request_method='GET',
                     renderer='rhodecode:templates/admin/permissions/permissions.mako')
                 def permissions_overview(self):
                     c = self.load_default_context()
                     c.active = 'perms'
                     c.user = User.get_default_user(refresh=True)
                     c.perm_user = c.user.AuthUser
                     return self._get_template_context(c)
+                @LoginRequired()
+                @HasPermissionAllDecorator('hg.admin')
+                @view_config(
+                    route_name='admin_permissions_auth_token_access', request_method='GET',
+                    renderer='rhodecode:templates/admin/permissions/permissions.mako')
+                def auth_token_access(self):
+                    from rhodecode import CONFIG
+                    c = self.load_default_context()
+                    c.active = 'auth_token_access'
+                    c.user = User.get_default_user(refresh=True)
+                    c.perm_user = c.user.AuthUser
+                    mapper = self.request.registry.queryUtility(IRoutesMapper)
+                    c.view_data = []
+                    _argument_prog = re.compile('\{(.*?)\}|:\((.*)\)')
+                    introspector = self.request.registry.introspector
+                    view_intr = {}
+                    for view_data in introspector.get_category('views'):
+                        intr = view_data['introspectable']
+                        if 'route_name' in intr and intr['attr']:
+                            view_intr[intr['route_name']] = '{}.{}'.format(
+                                str(intr['derived_callable'].func_name), intr['attr']
+                            )
+                    c.whitelist_key = 'api_access_controllers_whitelist'
+                    c.whitelist_file = CONFIG.get('__file__')
+                    whitelist_views = aslist(
+                        CONFIG.get(c.whitelist_key), sep=',')
+                    for route_info in mapper.get_routes():
+                        if not route_info.name.startswith('__'):
+                            routepath = route_info.pattern
+                            def replace(matchobj):
+                                if matchobj.group(1):
+                                    return "{%s}" % matchobj.group(1).split(':')[0]
+                                else:
+                                    return "{%s}" % matchobj.group(2)
+                            routepath = _argument_prog.sub(replace, routepath)
+                            if not routepath.startswith('/'):
+                                routepath = '/' + routepath
+                            view_fqn = view_intr.get(route_info.name, 'NOT AVAILABLE')
+                            active = view_fqn in whitelist_views
+                            c.view_data.append((route_info.name, view_fqn, routepath, active))
+                    c.whitelist_views = whitelist_views
+                    return self._get_template_context(c)

rhodecode/public/js/rhodecode/routes.js

0 +2 -1

             /******************************************************************************
              *                                                                            *
              *                      DO NOT CHANGE THIS FILE MANUALLY                      *
              *                                                                            *
              *                                                                            *
              *        This file is automatically generated when the app starts up with    *
              *                         generate_js_files = true                           *
              *                                                                            *
              *  To add a route here pass jsroute=True to the route definition in the app  *
              *                                                                            *
              ******************************************************************************/
             function registerRCRoutes() {
                 // routes registration
                 pyroutes.register('new_repo', '/_admin/create_repository', []);
                 pyroutes.register('edit_user', '/_admin/users/%(user_id)s/edit', ['user_id']);
                 pyroutes.register('edit_user_group_members', '/_admin/user_groups/%(user_group_id)s/edit/members', ['user_group_id']);
                 pyroutes.register('changeset_home', '/%(repo_name)s/changeset/%(revision)s', ['repo_name', 'revision']);
                 pyroutes.register('changeset_comment', '/%(repo_name)s/changeset/%(revision)s/comment', ['repo_name', 'revision']);
                 pyroutes.register('changeset_comment_preview', '/%(repo_name)s/changeset/comment/preview', ['repo_name']);
                 pyroutes.register('changeset_comment_delete', '/%(repo_name)s/changeset/comment/%(comment_id)s/delete', ['repo_name', 'comment_id']);
                 pyroutes.register('changeset_info', '/%(repo_name)s/changeset_info/%(revision)s', ['repo_name', 'revision']);
                 pyroutes.register('compare_url', '/%(repo_name)s/compare/%(source_ref_type)s@%(source_ref)s...%(target_ref_type)s@%(target_ref)s', ['repo_name', 'source_ref_type', 'source_ref', 'target_ref_type', 'target_ref']);
                 pyroutes.register('pullrequest_home', '/%(repo_name)s/pull-request/new', ['repo_name']);
                 pyroutes.register('pullrequest', '/%(repo_name)s/pull-request/new', ['repo_name']);
                 pyroutes.register('pullrequest_repo_refs', '/%(repo_name)s/pull-request/refs/%(target_repo_name)s', ['repo_name', 'target_repo_name']);
                 pyroutes.register('pullrequest_repo_destinations', '/%(repo_name)s/pull-request/repo-destinations', ['repo_name']);
                 pyroutes.register('pullrequest_show', '/%(repo_name)s/pull-request/%(pull_request_id)s', ['repo_name', 'pull_request_id']);
                 pyroutes.register('pullrequest_update', '/%(repo_name)s/pull-request/%(pull_request_id)s', ['repo_name', 'pull_request_id']);
                 pyroutes.register('pullrequest_comment', '/%(repo_name)s/pull-request-comment/%(pull_request_id)s', ['repo_name', 'pull_request_id']);
                 pyroutes.register('pullrequest_comment_delete', '/%(repo_name)s/pull-request-comment/%(comment_id)s/delete', ['repo_name', 'comment_id']);
                 pyroutes.register('favicon', '/favicon.ico', []);
                 pyroutes.register('robots', '/robots.txt', []);
                 pyroutes.register('auth_home', '/_admin/auth*traverse', []);
                 pyroutes.register('global_integrations_new', '/_admin/integrations/new', []);
                 pyroutes.register('global_integrations_home', '/_admin/integrations', []);
                 pyroutes.register('global_integrations_list', '/_admin/integrations/%(integration)s', ['integration']);
                 pyroutes.register('global_integrations_create', '/_admin/integrations/%(integration)s/new', ['integration']);
                 pyroutes.register('global_integrations_edit', '/_admin/integrations/%(integration)s/%(integration_id)s', ['integration', 'integration_id']);
                 pyroutes.register('repo_group_integrations_home', '/%(repo_group_name)s/settings/integrations', ['repo_group_name']);
                 pyroutes.register('repo_group_integrations_list', '/%(repo_group_name)s/settings/integrations/%(integration)s', ['repo_group_name', 'integration']);
                 pyroutes.register('repo_group_integrations_new', '/%(repo_group_name)s/settings/integrations/new', ['repo_group_name']);
                 pyroutes.register('repo_group_integrations_create', '/%(repo_group_name)s/settings/integrations/%(integration)s/new', ['repo_group_name', 'integration']);
                 pyroutes.register('repo_group_integrations_edit', '/%(repo_group_name)s/settings/integrations/%(integration)s/%(integration_id)s', ['repo_group_name', 'integration', 'integration_id']);
                 pyroutes.register('repo_integrations_home', '/%(repo_name)s/settings/integrations', ['repo_name']);
                 pyroutes.register('repo_integrations_list', '/%(repo_name)s/settings/integrations/%(integration)s', ['repo_name', 'integration']);
                 pyroutes.register('repo_integrations_new', '/%(repo_name)s/settings/integrations/new', ['repo_name']);
                 pyroutes.register('repo_integrations_create', '/%(repo_name)s/settings/integrations/%(integration)s/new', ['repo_name', 'integration']);
                 pyroutes.register('repo_integrations_edit', '/%(repo_name)s/settings/integrations/%(integration)s/%(integration_id)s', ['repo_name', 'integration', 'integration_id']);
                 pyroutes.register('ops_ping', '/_admin/ops/ping', []);
                 pyroutes.register('ops_error_test', '/_admin/ops/error', []);
                 pyroutes.register('ops_redirect_test', '/_admin/ops/redirect', []);
                 pyroutes.register('admin_home', '/_admin', []);
                 pyroutes.register('admin_audit_logs', '/_admin/audit_logs', []);
                 pyroutes.register('pull_requests_global_0', '/_admin/pull_requests/%(pull_request_id)s', ['pull_request_id']);
                 pyroutes.register('pull_requests_global_1', '/_admin/pull-requests/%(pull_request_id)s', ['pull_request_id']);
                 pyroutes.register('pull_requests_global', '/_admin/pull-request/%(pull_request_id)s', ['pull_request_id']);
                 pyroutes.register('admin_settings_open_source', '/_admin/settings/open_source', []);
                 pyroutes.register('admin_settings_vcs_svn_generate_cfg', '/_admin/settings/vcs/svn_generate_cfg', []);
                 pyroutes.register('admin_settings_system', '/_admin/settings/system', []);
                 pyroutes.register('admin_settings_system_update', '/_admin/settings/system/updates', []);
                 pyroutes.register('admin_settings_sessions', '/_admin/settings/sessions', []);
                 pyroutes.register('admin_settings_sessions_cleanup', '/_admin/settings/sessions/cleanup', []);
                 pyroutes.register('admin_settings_process_management', '/_admin/settings/process_management', []);
                 pyroutes.register('admin_settings_process_management_signal', '/_admin/settings/process_management/signal', []);
                 pyroutes.register('admin_permissions_application', '/_admin/permissions/application', []);
                 pyroutes.register('admin_permissions_application_update', '/_admin/permissions/application/update', []);
                 pyroutes.register('admin_permissions_global', '/_admin/permissions/global', []);
                 pyroutes.register('admin_permissions_global_update', '/_admin/permissions/global/update', []);
                 pyroutes.register('admin_permissions_object', '/_admin/permissions/object', []);
                 pyroutes.register('admin_permissions_object_update', '/_admin/permissions/object/update', []);
                 pyroutes.register('admin_permissions_ips', '/_admin/permissions/ips', []);
                 pyroutes.register('admin_permissions_overview', '/_admin/permissions/overview', []);
+                pyroutes.register('admin_permissions_auth_token_access', '/_admin/permissions/auth_token_access', []);
                 pyroutes.register('users', '/_admin/users', []);
                 pyroutes.register('users_data', '/_admin/users_data', []);
                 pyroutes.register('edit_user_auth_tokens', '/_admin/users/%(user_id)s/edit/auth_tokens', ['user_id']);
                 pyroutes.register('edit_user_auth_tokens_add', '/_admin/users/%(user_id)s/edit/auth_tokens/new', ['user_id']);
                 pyroutes.register('edit_user_auth_tokens_delete', '/_admin/users/%(user_id)s/edit/auth_tokens/delete', ['user_id']);
                 pyroutes.register('edit_user_emails', '/_admin/users/%(user_id)s/edit/emails', ['user_id']);
                 pyroutes.register('edit_user_emails_add', '/_admin/users/%(user_id)s/edit/emails/new', ['user_id']);
                 pyroutes.register('edit_user_emails_delete', '/_admin/users/%(user_id)s/edit/emails/delete', ['user_id']);
                 pyroutes.register('edit_user_ips', '/_admin/users/%(user_id)s/edit/ips', ['user_id']);
                 pyroutes.register('edit_user_ips_add', '/_admin/users/%(user_id)s/edit/ips/new', ['user_id']);
                 pyroutes.register('edit_user_ips_delete', '/_admin/users/%(user_id)s/edit/ips/delete', ['user_id']);
                 pyroutes.register('edit_user_groups_management', '/_admin/users/%(user_id)s/edit/groups_management', ['user_id']);
                 pyroutes.register('edit_user_groups_management_updates', '/_admin/users/%(user_id)s/edit/edit_user_groups_management/updates', ['user_id']);
                 pyroutes.register('edit_user_audit_logs', '/_admin/users/%(user_id)s/edit/audit', ['user_id']);
                 pyroutes.register('channelstream_connect', '/_admin/channelstream/connect', []);
                 pyroutes.register('channelstream_subscribe', '/_admin/channelstream/subscribe', []);
                 pyroutes.register('channelstream_proxy', '/_channelstream', []);
                 pyroutes.register('login', '/_admin/login', []);
                 pyroutes.register('logout', '/_admin/logout', []);
                 pyroutes.register('register', '/_admin/register', []);
                 pyroutes.register('reset_password', '/_admin/password_reset', []);
                 pyroutes.register('reset_password_confirmation', '/_admin/password_reset_confirmation', []);
                 pyroutes.register('home', '/', []);
                 pyroutes.register('user_autocomplete_data', '/_users', []);
                 pyroutes.register('user_group_autocomplete_data', '/_user_groups', []);
                 pyroutes.register('repo_list_data', '/_repos', []);
                 pyroutes.register('goto_switcher_data', '/_goto_data', []);
                 pyroutes.register('journal', '/_admin/journal', []);
                 pyroutes.register('journal_rss', '/_admin/journal/rss', []);
                 pyroutes.register('journal_atom', '/_admin/journal/atom', []);
                 pyroutes.register('journal_public', '/_admin/public_journal', []);
                 pyroutes.register('journal_public_atom', '/_admin/public_journal/atom', []);
                 pyroutes.register('journal_public_atom_old', '/_admin/public_journal_atom', []);
                 pyroutes.register('journal_public_rss', '/_admin/public_journal/rss', []);
                 pyroutes.register('journal_public_rss_old', '/_admin/public_journal_rss', []);
                 pyroutes.register('toggle_following', '/_admin/toggle_following', []);
                 pyroutes.register('repo_summary_explicit', '/%(repo_name)s/summary', ['repo_name']);
                 pyroutes.register('repo_summary_commits', '/%(repo_name)s/summary-commits', ['repo_name']);
                 pyroutes.register('repo_commit', '/%(repo_name)s/changeset/%(commit_id)s', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_archivefile', '/%(repo_name)s/archive/%(fname)s', ['repo_name', 'fname']);
                 pyroutes.register('repo_files_diff', '/%(repo_name)s/diff/%(f_path)s', ['repo_name', 'f_path']);
                 pyroutes.register('repo_files_diff_2way_redirect', '/%(repo_name)s/diff-2way/%(f_path)s', ['repo_name', 'f_path']);
                 pyroutes.register('repo_files', '/%(repo_name)s/files/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files:default_path', '/%(repo_name)s/files/%(commit_id)s/', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_files:default_commit', '/%(repo_name)s/files', ['repo_name']);
                 pyroutes.register('repo_files:rendered', '/%(repo_name)s/render/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files:annotated', '/%(repo_name)s/annotate/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files:annotated_previous', '/%(repo_name)s/annotate-previous/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_nodetree_full', '/%(repo_name)s/nodetree_full/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_nodetree_full:default_path', '/%(repo_name)s/nodetree_full/%(commit_id)s/', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_files_nodelist', '/%(repo_name)s/nodelist/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_file_raw', '/%(repo_name)s/raw/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_file_download', '/%(repo_name)s/download/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_file_download:legacy', '/%(repo_name)s/rawfile/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_file_history', '/%(repo_name)s/history/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_file_authors', '/%(repo_name)s/authors/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files_remove_file', '/%(repo_name)s/remove_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files_delete_file', '/%(repo_name)s/delete_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files_edit_file', '/%(repo_name)s/edit_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files_update_file', '/%(repo_name)s/update_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files_add_file', '/%(repo_name)s/add_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files_create_file', '/%(repo_name)s/create_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_refs_data', '/%(repo_name)s/refs-data', ['repo_name']);
                 pyroutes.register('repo_refs_changelog_data', '/%(repo_name)s/refs-data-changelog', ['repo_name']);
                 pyroutes.register('repo_stats', '/%(repo_name)s/repo_stats/%(commit_id)s', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_changelog', '/%(repo_name)s/changelog', ['repo_name']);
                 pyroutes.register('repo_changelog_file', '/%(repo_name)s/changelog/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_changelog_elements', '/%(repo_name)s/changelog_elements', ['repo_name']);
                 pyroutes.register('tags_home', '/%(repo_name)s/tags', ['repo_name']);
                 pyroutes.register('branches_home', '/%(repo_name)s/branches', ['repo_name']);
                 pyroutes.register('bookmarks_home', '/%(repo_name)s/bookmarks', ['repo_name']);
                 pyroutes.register('pullrequest_show', '/%(repo_name)s/pull-request/%(pull_request_id)s', ['repo_name', 'pull_request_id']);
                 pyroutes.register('pullrequest_show_all', '/%(repo_name)s/pull-request', ['repo_name']);
                 pyroutes.register('pullrequest_show_all_data', '/%(repo_name)s/pull-request-data', ['repo_name']);
                 pyroutes.register('changeset_home', '/%(repo_name)s/changeset/%(revision)s', ['repo_name', 'revision']);
                 pyroutes.register('changeset_children', '/%(repo_name)s/changeset_children/%(revision)s', ['repo_name', 'revision']);
                 pyroutes.register('changeset_parents', '/%(repo_name)s/changeset_parents/%(revision)s', ['repo_name', 'revision']);
                 pyroutes.register('edit_repo', '/%(repo_name)s/settings', ['repo_name']);
                 pyroutes.register('edit_repo_advanced', '/%(repo_name)s/settings/advanced', ['repo_name']);
                 pyroutes.register('edit_repo_advanced_delete', '/%(repo_name)s/settings/advanced/delete', ['repo_name']);
                 pyroutes.register('edit_repo_advanced_locking', '/%(repo_name)s/settings/advanced/locking', ['repo_name']);
                 pyroutes.register('edit_repo_advanced_journal', '/%(repo_name)s/settings/advanced/journal', ['repo_name']);
                 pyroutes.register('edit_repo_advanced_fork', '/%(repo_name)s/settings/advanced/fork', ['repo_name']);
                 pyroutes.register('edit_repo_caches', '/%(repo_name)s/settings/caches', ['repo_name']);
                 pyroutes.register('edit_repo_perms', '/%(repo_name)s/settings/permissions', ['repo_name']);
                 pyroutes.register('repo_reviewers', '/%(repo_name)s/settings/review/rules', ['repo_name']);
                 pyroutes.register('repo_default_reviewers_data', '/%(repo_name)s/settings/review/default-reviewers', ['repo_name']);
                 pyroutes.register('repo_maintenance', '/%(repo_name)s/settings/maintenance', ['repo_name']);
                 pyroutes.register('repo_maintenance_execute', '/%(repo_name)s/settings/maintenance/execute', ['repo_name']);
                 pyroutes.register('strip', '/%(repo_name)s/settings/strip', ['repo_name']);
                 pyroutes.register('strip_check', '/%(repo_name)s/settings/strip_check', ['repo_name']);
                 pyroutes.register('strip_execute', '/%(repo_name)s/settings/strip_execute', ['repo_name']);
                 pyroutes.register('rss_feed_home', '/%(repo_name)s/feed/rss', ['repo_name']);
                 pyroutes.register('atom_feed_home', '/%(repo_name)s/feed/atom', ['repo_name']);
                 pyroutes.register('repo_summary', '/%(repo_name)s', ['repo_name']);
                 pyroutes.register('repo_summary_slash', '/%(repo_name)s/', ['repo_name']);
                 pyroutes.register('repo_group_home', '/%(repo_group_name)s', ['repo_group_name']);
                 pyroutes.register('repo_group_home_slash', '/%(repo_group_name)s/', ['repo_group_name']);
                 pyroutes.register('search', '/_admin/search', []);
                 pyroutes.register('search_repo', '/%(repo_name)s/search', ['repo_name']);
                 pyroutes.register('user_profile', '/_profiles/%(username)s', ['username']);
                 pyroutes.register('my_account_profile', '/_admin/my_account/profile', []);
                 pyroutes.register('my_account_edit', '/_admin/my_account/edit', []);
                 pyroutes.register('my_account_update', '/_admin/my_account/update', []);
                 pyroutes.register('my_account_password', '/_admin/my_account/password', []);
-                pyroutes.register('my_account_password_update', '/_admin/my_account/password', []);
+                pyroutes.register('my_account_password_update', '/_admin/my_account/password/update', []);
                 pyroutes.register('my_account_auth_tokens', '/_admin/my_account/auth_tokens', []);
                 pyroutes.register('my_account_auth_tokens_add', '/_admin/my_account/auth_tokens/new', []);
                 pyroutes.register('my_account_auth_tokens_delete', '/_admin/my_account/auth_tokens/delete', []);
                 pyroutes.register('my_account_emails', '/_admin/my_account/emails', []);
                 pyroutes.register('my_account_emails_add', '/_admin/my_account/emails/new', []);
                 pyroutes.register('my_account_emails_delete', '/_admin/my_account/emails/delete', []);
                 pyroutes.register('my_account_repos', '/_admin/my_account/repos', []);
                 pyroutes.register('my_account_watched', '/_admin/my_account/watched', []);
                 pyroutes.register('my_account_perms', '/_admin/my_account/perms', []);
                 pyroutes.register('my_account_notifications', '/_admin/my_account/notifications', []);
                 pyroutes.register('my_account_notifications_toggle_visibility', '/_admin/my_account/toggle_visibility', []);
                 pyroutes.register('my_account_pullrequests', '/_admin/my_account/pull_requests', []);
                 pyroutes.register('my_account_pullrequests_data', '/_admin/my_account/pull_requests/data', []);
                 pyroutes.register('notifications_show_all', '/_admin/notifications', []);
                 pyroutes.register('notifications_mark_all_read', '/_admin/notifications/mark_all_read', []);
                 pyroutes.register('notifications_show', '/_admin/notifications/%(notification_id)s', ['notification_id']);
                 pyroutes.register('notifications_update', '/_admin/notifications/%(notification_id)s/update', ['notification_id']);
                 pyroutes.register('notifications_delete', '/_admin/notifications/%(notification_id)s/delete', ['notification_id']);
                 pyroutes.register('my_account_notifications_test_channelstream', '/_admin/my_account/test_channelstream', []);
                 pyroutes.register('gists_show', '/_admin/gists', []);
                 pyroutes.register('gists_new', '/_admin/gists/new', []);
                 pyroutes.register('gists_create', '/_admin/gists/create', []);
                 pyroutes.register('gist_show', '/_admin/gists/%(gist_id)s', ['gist_id']);
                 pyroutes.register('gist_delete', '/_admin/gists/%(gist_id)s/delete', ['gist_id']);
                 pyroutes.register('gist_edit', '/_admin/gists/%(gist_id)s/edit', ['gist_id']);
                 pyroutes.register('gist_edit_check_revision', '/_admin/gists/%(gist_id)s/edit/check_revision', ['gist_id']);
                 pyroutes.register('gist_update', '/_admin/gists/%(gist_id)s/update', ['gist_id']);
                 pyroutes.register('gist_show_rev', '/_admin/gists/%(gist_id)s/%(revision)s', ['gist_id', 'revision']);
                 pyroutes.register('gist_show_formatted', '/_admin/gists/%(gist_id)s/%(revision)s/%(format)s', ['gist_id', 'revision', 'format']);
                 pyroutes.register('gist_show_formatted_path', '/_admin/gists/%(gist_id)s/%(revision)s/%(format)s/%(f_path)s', ['gist_id', 'revision', 'format', 'f_path']);
                 pyroutes.register('debug_style_home', '/_admin/debug_style', []);
                 pyroutes.register('debug_style_template', '/_admin/debug_style/t/%(t_path)s', ['t_path']);
                 pyroutes.register('apiv2', '/_admin/api', []);
             }

rhodecode/templates/admin/permissions/permissions.mako

0 +3 0

             ## -*- coding: utf-8 -*-
             <%inherit file="/base/base.mako"/>
             <%def name="title()">
                 ${_('Permissions Administration')}
                 %if c.rhodecode_name:
                     &middot; ${h.branding(c.rhodecode_name)}
                 %endif
             </%def>
             <%def name="breadcrumbs_links()">
                 ${h.link_to(_('Admin'),h.route_path('admin_home'))}
                 &raquo;
                 ${_('Permissions')}
             </%def>
             <%def name="menu_bar_nav()">
                 ${self.menu_items(active='admin')}
             </%def>
             <%def name="main()">
             <div class="box">
               <div class="title">
                   ${self.breadcrumbs()}
               </div>
               <div class="sidebar-col-wrapper scw-small">
                 ##main
                 <div class="sidebar">
                     <ul class="nav nav-pills nav-stacked">
                       <li class="${'active' if c.active=='application' else ''}">
                         <a href="${h.route_path('admin_permissions_application')}">${_('Application')}</a>
                       </li>
                       <li class="${'active' if c.active=='global' else ''}">
                         <a href="${h.route_path('admin_permissions_global')}">${_('Global')}</a>
                       </li>
                       <li class="${'active' if c.active=='objects' else ''}">
                         <a href="${h.route_path('admin_permissions_object')}">${_('Object')}</a>
                       </li>
                       <li class="${'active' if c.active=='ips' else ''}">
                         <a href="${h.route_path('admin_permissions_ips')}">${_('IP Whitelist')}</a>
                       </li>
+                      <li class="${'active' if c.active=='auth_token_access' else ''}">
+                        <a href="${h.route_path('admin_permissions_auth_token_access')}">${_('AuthToken Access')}</a>
+                      </li>
                       <li class="${'active' if c.active=='perms' else ''}">
                         <a href="${h.route_path('admin_permissions_overview')}">${_('Overview')}</a>
                       </li>
                     </ul>
                 </div>
                 <div class="main-content-full-width">
                     <%include file="/admin/permissions/permissions_${c.active}.mako"/>
                 </div>
               </div>
             </div>
             </%def>

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages