diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py
--- a/rhodecode/model/db.py
+++ b/rhodecode/model/db.py
@@ -1376,6 +1376,32 @@ class UserGroup(Base, BaseModel):
return user_group.get(user_group_id)
def permissions(self, with_admins=True, with_owner=True):
+ """
+ Permissions for user groups
+ """
+ _admin_perm = 'usergroup.admin'
+
+ owner_row = []
+ if with_owner:
+ usr = AttributeDict(self.user.get_dict())
+ usr.owner_row = True
+ usr.permission = _admin_perm
+ owner_row.append(usr)
+
+ super_admin_ids = []
+ super_admin_rows = []
+ if with_admins:
+ for usr in User.get_all_super_admins():
+ super_admin_ids.append(usr.user_id)
+ # if this admin is also owner, don't double the record
+ if usr.user_id == owner_row[0].user_id:
+ owner_row[0].admin_row = True
+ else:
+ usr = AttributeDict(usr.get_dict())
+ usr.admin_row = True
+ usr.permission = _admin_perm
+ super_admin_rows.append(usr)
+
q = UserUserGroupToPerm.query().filter(UserUserGroupToPerm.user_group == self)
q = q.options(joinedload(UserUserGroupToPerm.user_group),
joinedload(UserUserGroupToPerm.user),
@@ -1389,6 +1415,9 @@ class UserGroup(Base, BaseModel):
perm_rows = []
for _usr in q.all():
usr = AttributeDict(_usr.user.get_dict())
+ # if this user is also owner/admin, mark as duplicate record
+ if usr.user_id == owner_row[0].user_id or usr.user_id in super_admin_ids:
+ usr.duplicate_perm = True
usr.permission = _usr.permission.permission_name
perm_rows.append(usr)
@@ -1397,26 +1426,6 @@ class UserGroup(Base, BaseModel):
# each group
perm_rows = sorted(perm_rows, key=display_user_sort)
- _admin_perm = 'usergroup.admin'
- owner_row = []
- if with_owner:
- usr = AttributeDict(self.user.get_dict())
- usr.owner_row = True
- usr.permission = _admin_perm
- owner_row.append(usr)
-
- super_admin_rows = []
- if with_admins:
- for usr in User.get_all_super_admins():
- # if this admin is also owner, don't double the record
- if usr.user_id == owner_row[0].user_id:
- owner_row[0].admin_row = True
- else:
- usr = AttributeDict(usr.get_dict())
- usr.admin_row = True
- usr.permission = _admin_perm
- super_admin_rows.append(usr)
-
return super_admin_rows + owner_row + perm_rows
def permission_user_groups(self):
@@ -1899,6 +1908,34 @@ class Repository(Base, BaseModel):
return make_db_config(clear_session=False, repo=self)
def permissions(self, with_admins=True, with_owner=True):
+ """
+ Permissions for repositories
+ """
+ _admin_perm = 'repository.admin'
+
+ owner_row = []
+ if with_owner:
+ usr = AttributeDict(self.user.get_dict())
+ usr.owner_row = True
+ usr.permission = _admin_perm
+ usr.permission_id = None
+ owner_row.append(usr)
+
+ super_admin_ids = []
+ super_admin_rows = []
+ if with_admins:
+ for usr in User.get_all_super_admins():
+ super_admin_ids.append(usr.user_id)
+ # if this admin is also owner, don't double the record
+ if usr.user_id == owner_row[0].user_id:
+ owner_row[0].admin_row = True
+ else:
+ usr = AttributeDict(usr.get_dict())
+ usr.admin_row = True
+ usr.permission = _admin_perm
+ usr.permission_id = None
+ super_admin_rows.append(usr)
+
q = UserRepoToPerm.query().filter(UserRepoToPerm.repository == self)
q = q.options(joinedload(UserRepoToPerm.repository),
joinedload(UserRepoToPerm.user),
@@ -1912,6 +1949,9 @@ class Repository(Base, BaseModel):
perm_rows = []
for _usr in q.all():
usr = AttributeDict(_usr.user.get_dict())
+ # if this user is also owner/admin, mark as duplicate record
+ if usr.user_id == owner_row[0].user_id or usr.user_id in super_admin_ids:
+ usr.duplicate_perm = True
usr.permission = _usr.permission.permission_name
usr.permission_id = _usr.repo_to_perm_id
perm_rows.append(usr)
@@ -1921,28 +1961,6 @@ class Repository(Base, BaseModel):
# each group
perm_rows = sorted(perm_rows, key=display_user_sort)
- _admin_perm = 'repository.admin'
- owner_row = []
- if with_owner:
- usr = AttributeDict(self.user.get_dict())
- usr.owner_row = True
- usr.permission = _admin_perm
- usr.permission_id = None
- owner_row.append(usr)
-
- super_admin_rows = []
- if with_admins:
- for usr in User.get_all_super_admins():
- # if this admin is also owner, don't double the record
- if usr.user_id == owner_row[0].user_id:
- owner_row[0].admin_row = True
- else:
- usr = AttributeDict(usr.get_dict())
- usr.admin_row = True
- usr.permission = _admin_perm
- usr.permission_id = None
- super_admin_rows.append(usr)
-
return super_admin_rows + owner_row + perm_rows
def permission_user_groups(self):
@@ -2597,6 +2615,32 @@ class RepoGroup(Base, BaseModel):
return RepoGroup.url_sep().join(path_prefix + [group_name])
def permissions(self, with_admins=True, with_owner=True):
+ """
+ Permissions for repository groups
+ """
+ _admin_perm = 'group.admin'
+
+ owner_row = []
+ if with_owner:
+ usr = AttributeDict(self.user.get_dict())
+ usr.owner_row = True
+ usr.permission = _admin_perm
+ owner_row.append(usr)
+
+ super_admin_ids = []
+ super_admin_rows = []
+ if with_admins:
+ for usr in User.get_all_super_admins():
+ super_admin_ids.append(usr.user_id)
+ # if this admin is also owner, don't double the record
+ if usr.user_id == owner_row[0].user_id:
+ owner_row[0].admin_row = True
+ else:
+ usr = AttributeDict(usr.get_dict())
+ usr.admin_row = True
+ usr.permission = _admin_perm
+ super_admin_rows.append(usr)
+
q = UserRepoGroupToPerm.query().filter(UserRepoGroupToPerm.group == self)
q = q.options(joinedload(UserRepoGroupToPerm.group),
joinedload(UserRepoGroupToPerm.user),
@@ -2610,6 +2654,9 @@ class RepoGroup(Base, BaseModel):
perm_rows = []
for _usr in q.all():
usr = AttributeDict(_usr.user.get_dict())
+ # if this user is also owner/admin, mark as duplicate record
+ if usr.user_id == owner_row[0].user_id or usr.user_id in super_admin_ids:
+ usr.duplicate_perm = True
usr.permission = _usr.permission.permission_name
perm_rows.append(usr)
@@ -2618,30 +2665,11 @@ class RepoGroup(Base, BaseModel):
# each group
perm_rows = sorted(perm_rows, key=display_user_sort)
- _admin_perm = 'group.admin'
- owner_row = []
- if with_owner:
- usr = AttributeDict(self.user.get_dict())
- usr.owner_row = True
- usr.permission = _admin_perm
- owner_row.append(usr)
-
- super_admin_rows = []
- if with_admins:
- for usr in User.get_all_super_admins():
- # if this admin is also owner, don't double the record
- if usr.user_id == owner_row[0].user_id:
- owner_row[0].admin_row = True
- else:
- usr = AttributeDict(usr.get_dict())
- usr.admin_row = True
- usr.permission = _admin_perm
- super_admin_rows.append(usr)
-
return super_admin_rows + owner_row + perm_rows
def permission_user_groups(self):
- q = UserGroupRepoGroupToPerm.query().filter(UserGroupRepoGroupToPerm.group == self)
+ q = UserGroupRepoGroupToPerm.query().filter(
+ UserGroupRepoGroupToPerm.group == self)
q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
joinedload(UserGroupRepoGroupToPerm.users_group),
joinedload(UserGroupRepoGroupToPerm.permission),)
diff --git a/rhodecode/public/js/src/rhodecode/permissions.js b/rhodecode/public/js/src/rhodecode/permissions.js
--- a/rhodecode/public/js/src/rhodecode/permissions.js
+++ b/rhodecode/public/js/src/rhodecode/permissions.js
@@ -32,6 +32,7 @@ var addNewPermInput = function(node, per
' '+
''+
' | '+
+ ' | '+
'';
var _next_id = 'new'+$('.new_members').length;
_html = _html.format(_next_id, permission_type);
diff --git a/rhodecode/templates/admin/repo_groups/repo_group_edit_permissions.mako b/rhodecode/templates/admin/repo_groups/repo_group_edit_permissions.mako
--- a/rhodecode/templates/admin/repo_groups/repo_group_edit_permissions.mako
+++ b/rhodecode/templates/admin/repo_groups/repo_group_edit_permissions.mako
@@ -14,9 +14,11 @@
${_('Admin')} |
${_('User/User Group')} |
|
+ |
## USERS
%for _user in c.repo_group.permissions():
+ ## super admin/owner row
%if getattr(_user, 'admin_row', None) or getattr(_user, 'owner_row', None):
| ${h.radio('admin_perm_%s' % _user.user_id,'repository.none', disabled="disabled")} |
@@ -34,6 +36,11 @@
%endif
|
+
+ % if c.rhodecode_user.is_admin:
+ ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))}
+ % endif
+ |
%else:
@@ -50,6 +57,9 @@
${h.DEFAULT_USER} - ${_('permission for all other users')}
% else:
${h.link_to_user(_user.username)}
+ %if getattr(_user, 'duplicate_perm', None):
+ (${_('inactive duplicate')})
+ %endif
% endif
@@ -61,8 +71,17 @@
%endif
+ |
+ % if c.rhodecode_user.is_admin:
+ % if _user.username == h.DEFAULT_USER:
+ ${h.link_to('show permissions', h.route_path('admin_permissions_overview', _anchor='repositories-permissions'))}
+ % else:
+ ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))}
+ % endif
+ % endif
+ |
%else:
- ## special case for current user permissions, we make sure he cannot take his own permissions
+ ## special case for currently logged-in user permissions, we make sure he cannot take his own permissions
${h.radio('u_perm_%s' % _user.user_id,'group.none', disabled="disabled")} |
${h.radio('u_perm_%s' % _user.user_id,'group.read', disabled="disabled")} |
${h.radio('u_perm_%s' % _user.user_id,'group.write', disabled="disabled")} |
@@ -74,11 +93,19 @@
${h.DEFAULT_USER} - ${_('permission for all other users')}
% else:
${h.link_to_user(_user.username)}
+ %if getattr(_user, 'duplicate_perm', None):
+ (${_('inactive duplicate')})
+ %endif
% endif
(${_('delegated admin')})
|
+
+ % if c.rhodecode_user.is_admin:
+ ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))}
+ % endif
+ |
%endif
%endif
@@ -107,6 +134,11 @@
${_('Revoke')}
+
+ % if c.rhodecode_user.is_admin:
+ ${h.link_to('show permissions', h.route_path('edit_user_group_perms_summary', user_group_id=_user_group.users_group_id, _anchor='repositories-permissions'))}
+ % endif
+ |
%endfor
@@ -122,6 +154,7 @@
${_('Add user/user group')}
+ |
diff --git a/rhodecode/templates/admin/repos/repo_edit_permissions.mako b/rhodecode/templates/admin/repos/repo_edit_permissions.mako
--- a/rhodecode/templates/admin/repos/repo_edit_permissions.mako
+++ b/rhodecode/templates/admin/repos/repo_edit_permissions.mako
@@ -14,6 +14,7 @@
${_('Admin')} |
${_('User/User Group')} |
|
+ |
## USERS
%for _user in c.rhodecode_db_repo.permissions():
@@ -34,6 +35,11 @@
%endif
|
+
+ % if c.rhodecode_user.is_admin:
+ ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))}
+ % endif
+ |
%elif _user.username == h.DEFAULT_USER and c.rhodecode_db_repo.private:
@@ -46,6 +52,11 @@
${base.gravatar(h.DEFAULT_USER_EMAIL, 16)}
${h.DEFAULT_USER} - ${_('only users/user groups explicitly added here will have access')}
|
+
+ % if c.rhodecode_user.is_admin:
+ ${h.link_to('show permissions', h.route_path('admin_permissions_overview', _anchor='repositories-permissions'))}
+ % endif
+ |
%else:
@@ -60,6 +71,9 @@
${h.DEFAULT_USER} - ${_('permission for all other users')}
% else:
${h.link_to_user(_user.username)}
+ %if getattr(_user, 'duplicate_perm', None):
+ (${_('inactive duplicate')})
+ %endif
% endif
@@ -71,6 +85,15 @@
%endif
+ |
+ % if c.rhodecode_user.is_admin:
+ % if _user.username == h.DEFAULT_USER:
+ ${h.link_to('show permissions', h.route_path('admin_permissions_overview', _anchor='repositories-permissions'))}
+ % else:
+ ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))}
+ % endif
+ % endif
+ |
%endif
%endfor
@@ -98,6 +121,11 @@
${_('Revoke')}
+
+ % if c.rhodecode_user.is_admin:
+ ${h.link_to('show permissions', h.route_path('edit_user_group_perms_summary', user_group_id=_user_group.users_group_id, _anchor='repositories-permissions'))}
+ % endif
+ |
%endfor
|
@@ -113,6 +141,7 @@
${_('Add user/user group')}
+ |
diff --git a/rhodecode/templates/admin/user_groups/user_group_edit_perms.mako b/rhodecode/templates/admin/user_groups/user_group_edit_perms.mako
--- a/rhodecode/templates/admin/user_groups/user_group_edit_perms.mako
+++ b/rhodecode/templates/admin/user_groups/user_group_edit_perms.mako
@@ -14,9 +14,11 @@
${_('Admin')} |
${_('User/User Group')} |
|
+ |
## USERS
%for _user in c.user_group.permissions():
+ ## super admin/owner row
%if getattr(_user, 'admin_row', None) or getattr(_user, 'owner_row', None):
| ${h.radio('admin_perm_%s' % _user.user_id,'repository.none', disabled="disabled")} |
@@ -36,6 +38,11 @@
|
+
+ % if c.rhodecode_user.is_admin:
+ ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))}
+ % endif
+ |
%else:
##forbid revoking permission from yourself, except if you're an super admin
@@ -52,6 +59,9 @@
${h.DEFAULT_USER} - ${_('permission for all other users')}
% else:
${h.link_to_user(_user.username)}
+ %if getattr(_user, 'duplicate_perm', None):
+ (${_('inactive duplicate')})
+ %endif
% endif
@@ -63,8 +73,17 @@
%endif
+
+ % if c.rhodecode_user.is_admin:
+ % if _user.username == h.DEFAULT_USER:
+ ${h.link_to('show permissions', h.route_path('admin_permissions_overview', _anchor='repositories-permissions'))}
+ % else:
+ ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))}
+ % endif
+ % endif
+ |
%else:
- ## special case for current user permissions, we make sure he cannot take his own permissions
+ ## special case for currently logged-in user permissions, we make sure he cannot take his own permissions
${h.radio('u_perm_%s' % _user.user_id,'usergroup.none', disabled="disabled")} |
${h.radio('u_perm_%s' % _user.user_id,'usergroup.read', disabled="disabled")} |
${h.radio('u_perm_%s' % _user.user_id,'usergroup.write', disabled="disabled")} |
@@ -76,11 +95,19 @@
${h.DEFAULT_USER} - ${_('permission for all other users')}
% else:
${h.link_to_user(_user.username)}
+ %if getattr(_user, 'duplicate_perm', None):
+ (${_('inactive duplicate')})
+ %endif
% endif
(${_('delegated admin')})
|
+
+ % if c.rhodecode_user.is_admin:
+ ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))}
+ % endif
+ |
%endif
%endif
@@ -109,6 +136,11 @@
${_('Revoke')}
+
+ % if c.rhodecode_user.is_admin:
+ ${h.link_to('show permissions', h.route_path('edit_user_group_perms_summary', user_group_id=_user_group.users_group_id, _anchor='repositories-permissions'))}
+ % endif
+ |
%endfor
|
@@ -123,6 +155,7 @@
${_('Add user/user group')}
+ |