# HG changeset patch # User Marcin Kuzminski # Date 2017-02-27 16:15:55 # Node ID a9c54e36f3a73a43c976f99b44416ebc658cfa5b # Parent 7da2c02476d17d53fd969941976d795a5d15d6fe auth-tokens: add scope and show consitent token UI for my account and admin. diff --git a/rhodecode/model/auth_token.py b/rhodecode/model/auth_token.py --- a/rhodecode/model/auth_token.py +++ b/rhodecode/model/auth_token.py @@ -53,7 +53,8 @@ class AuthTokenModel(BaseModel): new_auth_token.user_id = user.user_id new_auth_token.description = description new_auth_token.role = role - new_auth_token.expires = time.time() + (lifetime * 60) if lifetime != -1 else -1 + new_auth_token.expires = time.time() + (lifetime * 60) \ + if lifetime != -1 else -1 Session().add(new_auth_token) return new_auth_token diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py --- a/rhodecode/model/db.py +++ b/rhodecode/model/db.py @@ -974,6 +974,17 @@ class UserApiKeys(Base, BaseModel): def role_humanized(self): return self._get_role_name(self.role) + def _get_scope(self): + if self.repo: + return repr(self.repo) + if self.repo_group: + return repr(self.repo_group) + ' (recursive)' + return 'global' + + @property + def scope_humanized(self): + return self._get_scope() + class UserEmailMap(Base, BaseModel): __tablename__ = 'user_email_map' @@ -1038,6 +1049,7 @@ class UserIpMap(Base, BaseModel): return u"<%s('user_id:%s=>%s')>" % (self.__class__.__name__, self.user_id, self.ip_addr) + class UserLog(Base, BaseModel): __tablename__ = 'user_logs' __table_args__ = ( diff --git a/rhodecode/templates/admin/my_account/my_account_auth_tokens.mako b/rhodecode/templates/admin/my_account/my_account_auth_tokens.mako --- a/rhodecode/templates/admin/my_account/my_account_auth_tokens.mako +++ b/rhodecode/templates/admin/my_account/my_account_auth_tokens.mako @@ -4,25 +4,40 @@

- ${_('Each token can have a role. VCS tokens can be used together with the authtoken auth plugin for git/hg/svn operations.')} + ${_('Each token can have a role. Token with a role can be used only in given context, ' + 'e.g. VCS tokens can be used together with the authtoken auth plugin for git/hg/svn operations only.')} + ${_('Additionally scope for VCS type token can narrow the use to chosen repository.')}

%if c.user_auth_tokens: + + + + + + + + %for auth_token in c.user_auth_tokens: - + + diff --git a/rhodecode/templates/admin/users/user_edit_auth_tokens.mako b/rhodecode/templates/admin/users/user_edit_auth_tokens.mako --- a/rhodecode/templates/admin/users/user_edit_auth_tokens.mako +++ b/rhodecode/templates/admin/users/user_edit_auth_tokens.mako @@ -4,23 +4,37 @@
+

+ ${_('Each token can have a role. Token with a role can be used only in given context, ' + 'e.g. VCS tokens can be used together with the authtoken auth plugin for git/hg/svn operations only.')} + ${_('Additionally scope for VCS type token can narrow the use to chosen repository.')} +

${_('Token')}${_('Scope')}${_('Description')}${_('Role')}${_('Expiration')}${_('Action')}
${auth_token.api_key}
+
+ ${auth_token.api_key} +
+
${auth_token.scope_humanized} ${auth_token.description} ${auth_token.role_humanized} %if auth_token.expires == -1: - ${_('expires')}: ${_('never')} + ${_('never')} %else: %if auth_token.expired: - ${_('expired')}: ${h.age_component(h.time_to_utcdatetime(auth_token.expires))} + ${h.age_component(h.time_to_utcdatetime(auth_token.expires))} %else: - ${_('expires')}: ${h.age_component(h.time_to_utcdatetime(auth_token.expires))} + ${h.age_component(h.time_to_utcdatetime(auth_token.expires))} %endif %endif
+ + + + + + + + %if c.user_auth_tokens: %for auth_token in c.user_auth_tokens: + @@ -48,7 +62,7 @@
- +
${h.text('description', class_='medium', placeholder=_('Description'))}
${_('Token')}${_('Scope')}${_('Description')}${_('Role')}${_('Expiration')}${_('Action')}
${auth_token.api_key}
${auth_token.scope_humanized} ${auth_token.description} ${auth_token.role_humanized} %if auth_token.expires == -1: - ${_('expires')}: ${_('never')} + ${_('never')} %else: %if auth_token.expired: - ${_('expired')}: ${h.age_component(h.time_to_utcdatetime(auth_token.expires))} + ${h.age_component(h.time_to_utcdatetime(auth_token.expires))} %else: - ${_('expires')}: ${h.age_component(h.time_to_utcdatetime(auth_token.expires))} + ${h.age_component(h.time_to_utcdatetime(auth_token.expires))} %endif %endif