##// END OF EJS Templates
security: fix XSS in repo strip view.
security: fix XSS in repo strip view.

File last commit:

r2105:4ad1a937 default
r2155:a81b6ebb default
Show More
repo_edit_permissions.mako
123 lines | 6.7 KiB | application/x-mako | MakoHtmlLexer
/ rhodecode / templates / admin / repos / repo_edit_permissions.mako
templating: use .mako as extensions for template files.
r1282 <%namespace name="base" file="/base/base.mako"/>
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">${_('Repository Permissions')}</h3>
</div>
<div class="panel-body">
forms: unified usage of h.secure_form. Make sure we ALWAYS pass in...
r2105 ${h.secure_form(h.route_path('edit_repo_perms', repo_name=c.repo_name), request=request)}
templating: use .mako as extensions for template files.
r1282 <table id="permissions_manage" class="rctable permissions">
<tr>
<th class="td-radio">${_('None')}</th>
<th class="td-radio">${_('Read')}</th>
<th class="td-radio">${_('Write')}</th>
<th class="td-radio">${_('Admin')}</th>
<th class="td-owner">${_('User/User Group')}</th>
<th></th>
</tr>
## USERS
apps: removed deprecated usage of c.repo_info
r2081 %for _user in c.rhodecode_db_repo.permissions():
templating: use .mako as extensions for template files.
r1282 %if getattr(_user, 'admin_row', None) or getattr(_user, 'owner_row', None):
<tr class="perm_admin_row">
<td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.none', disabled="disabled")}</td>
<td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.read', disabled="disabled")}</td>
<td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.write', disabled="disabled")}</td>
<td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.admin', 'repository.admin', disabled="disabled")}</td>
<td class="td-user">
${base.gravatar(_user.email, 16)}
${h.link_to_user(_user.username)}
%if getattr(_user, 'admin_row', None):
(${_('super admin')})
%endif
%if getattr(_user, 'owner_row', None):
(${_('owner')})
%endif
</td>
<td></td>
</tr>
apps: removed deprecated usage of c.repo_info
r2081 %elif _user.username == h.DEFAULT_USER and c.rhodecode_db_repo.private:
templating: use .mako as extensions for template files.
r1282 <tr>
<td colspan="4">
<span class="private_repo_msg">
dan
tooltip: use consistent h.tooltip usage to set tooltips.
r1843 <strong title="${h.tooltip(_user.permission)}">${_('private repository')}</strong>
templating: use .mako as extensions for template files.
r1282 </span>
</td>
<td class="private_repo_msg">
${base.gravatar(h.DEFAULT_USER_EMAIL, 16)}
${h.DEFAULT_USER} - ${_('only users/user groups explicitly added here will have access')}</td>
<td></td>
</tr>
%else:
<tr>
repo-permissions: moved permissions into pyramid....
r1734 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'repository.none', checked=_user.permission=='repository.none')}</td>
<td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'repository.read', checked=_user.permission=='repository.read')}</td>
<td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'repository.write', checked=_user.permission=='repository.write')}</td>
<td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'repository.admin', checked=_user.permission=='repository.admin')}</td>
templating: use .mako as extensions for template files.
r1282 <td class="td-user">
${base.gravatar(_user.email, 16)}
<span class="user">
% if _user.username == h.DEFAULT_USER:
${h.DEFAULT_USER} <span class="user-perm-help-text"> - ${_('permission for all other users')}</span>
% else:
${h.link_to_user(_user.username)}
% endif
</span>
</td>
<td class="td-action">
%if _user.username != h.DEFAULT_USER:
<span class="btn btn-link btn-danger revoke_perm"
member="${_user.user_id}" member_type="user">
<i class="icon-remove"></i> ${_('Revoke')}
</span>
%endif
</td>
</tr>
%endif
%endfor
## USER GROUPS
apps: removed deprecated usage of c.repo_info
r2081 %for _user_group in c.rhodecode_db_repo.permission_user_groups():
templating: use .mako as extensions for template files.
r1282 <tr>
repo-permissions: moved permissions into pyramid....
r1734 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.none', checked=_user_group.permission=='repository.none')}</td>
<td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.read', checked=_user_group.permission=='repository.read')}</td>
<td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.write', checked=_user_group.permission=='repository.write')}</td>
<td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.admin', checked=_user_group.permission=='repository.admin')}</td>
templating: use .mako as extensions for template files.
r1282 <td class="td-componentname">
<i class="icon-group" ></i>
%if h.HasPermissionAny('hg.admin')():
user-groups: rewrote the app to pyramid...
r2068 <a href="${h.route_path('edit_user_group',user_group_id=_user_group.users_group_id)}">
templating: use .mako as extensions for template files.
r1282 ${_user_group.users_group_name}
</a>
%else:
${_user_group.users_group_name}
%endif
</td>
<td class="td-action">
<span class="btn btn-link btn-danger revoke_perm"
member="${_user_group.users_group_id}" member_type="user_group">
<i class="icon-remove"></i> ${_('Revoke')}
</span>
</td>
</tr>
%endfor
<tr class="new_members" id="add_perm_input"></tr>
</table>
<div id="add_perm" class="link">
${_('Add new')}
</div>
<div class="buttons">
${h.submit('save',_('Save'),class_="btn btn-primary")}
${h.reset('reset',_('Reset'),class_="btn btn-danger")}
</div>
${h.end_form()}
</div>
</div>
<script type="text/javascript">
$('#add_perm').on('click', function(e){
addNewPermInput($(this), 'repository');
});
$('.revoke_perm').on('click', function(e){
markRevokePermInput($(this), 'repository');
});
</script>