# HG changeset patch
# User Daniel Dourvaris <daniel@rhodecode.com>
# Date 2020-07-01 10:44:50
# Node ID 524f9e6acb77139b4456c7e7234aafce3c34048a
# Parent  8708d303e06eddc2c47d2397ddf3f2f06e29f7cb

permissions: explain better what is inactive duplicate in permissions, sort them to last positions, and make them less visible.

diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py
--- a/rhodecode/model/db.py
+++ b/rhodecode/model/db.py
@@ -103,7 +103,12 @@ def display_user_sort(obj):
     if obj.username == User.DEFAULT_USER:
         return '#####'
     prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
-    return prefix + obj.username
+    extra_sort_num = '1'  # default
+
+    # NOTE(dan): inactive duplicates goes last
+    if getattr(obj, 'duplicate_perm', None):
+        extra_sort_num = '9'
+    return prefix + extra_sort_num + obj.username
 
 
 def display_user_group_sort(obj):
diff --git a/rhodecode/public/css/tables.less b/rhodecode/public/css/tables.less
--- a/rhodecode/public/css/tables.less
+++ b/rhodecode/public/css/tables.less
@@ -33,6 +33,12 @@ table.dataTable {
       .rc-user {
         white-space: nowrap;
       }
+      .user-perm-duplicate {
+          color: @grey4;
+          a {
+            color: @grey4;
+          }
+      }
     }
 
     .td-email {
diff --git a/rhodecode/templates/admin/repo_groups/repo_group_edit_permissions.mako b/rhodecode/templates/admin/repo_groups/repo_group_edit_permissions.mako
--- a/rhodecode/templates/admin/repo_groups/repo_group_edit_permissions.mako
+++ b/rhodecode/templates/admin/repo_groups/repo_group_edit_permissions.mako
@@ -68,10 +68,15 @@
                                         <span class="user-perm-help-text"> - ${_('permission for other logged in users')}</span>
                                     % endif
                                 % else:
-                                    ${h.link_to_user(_user.username)}
-                                    %if getattr(_user, 'duplicate_perm', None):
-                                        (${_('inactive duplicate')})
-                                    %endif
+                                    % if getattr(_user, 'duplicate_perm', None):
+                                        <span class="user-perm-duplicate">
+                                            ${h.link_to_user(_user.username)}
+                                            <span class="tooltip" title="${_('This entry is a duplicate, most probably left-over from previously set permission. This user has a higher permission set, so this entry is inactive. Please revoke this permission manually.')}">(${_('inactive duplicate')})
+                                            </span>
+                                        </span>
+                                    % else:
+                                        ${h.link_to_user(_user.username)}
+                                    % endif
                                 % endif
                             </span>
                         </td>
@@ -116,10 +121,15 @@
                                             <span class="user-perm-help-text"> - ${_('permission for other logged in users')}</span>
                                         % endif
                                     % else:
-                                        ${h.link_to_user(_user.username)}
-                                        %if getattr(_user, 'duplicate_perm', None):
-                                            (${_('inactive duplicate')})
-                                        %endif
+                                        % if getattr(_user, 'duplicate_perm', None):
+                                            <span class="user-perm-duplicate">
+                                                ${h.link_to_user(_user.username)}
+                                                <span class="tooltip" title="${_('This entry is a duplicate, most probably left-over from previously set permission. This user has a higher permission set, so this entry is inactive. Please revoke this permission manually.')}">(${_('inactive duplicate')})
+                                                </span>
+                                            </span>
+                                        % else:
+                                            ${h.link_to_user(_user.username)}
+                                        % endif
                                     % endif
                                     <span class="user-perm-help-text">(${_('delegated admin')})</span>
                                 </span>
diff --git a/rhodecode/templates/admin/repos/repo_edit_permissions.mako b/rhodecode/templates/admin/repos/repo_edit_permissions.mako
--- a/rhodecode/templates/admin/repos/repo_edit_permissions.mako
+++ b/rhodecode/templates/admin/repos/repo_edit_permissions.mako
@@ -94,10 +94,16 @@
                                         <span class="user-perm-help-text"> - ${_('permission for other logged in users')}</span>
                                     % endif
                                 % else:
-                                    ${h.link_to_user(_user.username)}
-                                    %if getattr(_user, 'duplicate_perm', None):
-                                        (${_('inactive duplicate')})
-                                    %endif
+                                    % if getattr(_user, 'duplicate_perm', None):
+                                        <span class="user-perm-duplicate">
+                                            ${h.link_to_user(_user.username)}
+                                            <span class="tooltip" title="${_('This entry is a duplicate, most probably left-over from previously set permission. This user has a higher permission set, so this entry is inactive. Please revoke this permission manually.')}">(${_('inactive duplicate')})
+                                            </span>
+                                        </span>
+                                    % else:
+                                        ${h.link_to_user(_user.username)}
+                                    % endif
+
                                     %if getattr(_user, 'branch_rules', None):
                                         % if used_by_n_rules == 1:
                                             (${_('used by {} branch rule, requires write+ permissions').format(used_by_n_rules)})
diff --git a/rhodecode/templates/admin/user_groups/user_group_edit_perms.mako b/rhodecode/templates/admin/user_groups/user_group_edit_perms.mako
--- a/rhodecode/templates/admin/user_groups/user_group_edit_perms.mako
+++ b/rhodecode/templates/admin/user_groups/user_group_edit_perms.mako
@@ -74,10 +74,15 @@
                                         <span class="user-perm-help-text"> - ${_('permission for other logged in users')}</span>
                                     % endif
                                 % else:
-                                    ${h.link_to_user(_user.username)}
-                                    %if getattr(_user, 'duplicate_perm', None):
-                                        (${_('inactive duplicate')})
-                                    %endif
+                                    % if getattr(_user, 'duplicate_perm', None):
+                                        <span class="user-perm-duplicate">
+                                            ${h.link_to_user(_user.username)}
+                                            <span class="tooltip" title="${_('This entry is a duplicate, most probably left-over from previously set permission. This user has a higher permission set, so this entry is inactive. Please revoke this permission manually.')}">(${_('inactive duplicate')})
+                                            </span>
+                                        </span>
+                                    % else:
+                                        ${h.link_to_user(_user.username)}
+                                    % endif
                                 % endif
                             </span>
                         </td>
@@ -122,10 +127,15 @@
                                         <span class="user-perm-help-text"> - ${_('permission for other logged in users')}</span>
                                     % endif
                                 % else:
-                                    ${h.link_to_user(_user.username)}
-                                    %if getattr(_user, 'duplicate_perm', None):
-                                        (${_('inactive duplicate')})
-                                    %endif
+                                    % if getattr(_user, 'duplicate_perm', None):
+                                        <span class="user-perm-duplicate">
+                                            ${h.link_to_user(_user.username)}
+                                            <span class="tooltip" title="${_('This entry is a duplicate, most probably left-over from previously set permission. This user has a higher permission set, so this entry is inactive. Please revoke this permission manually.')}">(${_('inactive duplicate')})
+                                            </span>
+                                        </span>
+                                    % else:
+                                        ${h.link_to_user(_user.username)}
+                                    % endif
                                 % endif
                                 <span class="user-perm-help-text">(${_('delegated admin')})</span>
                             </span>