# HG changeset patch # User Marcin Kuzminski # Date 2018-08-22 14:06:52 # Node ID b8a47c7e1867aae2dfa90d63d1ebda863197aec9 # Parent 2d612d183d521b124d8b0dd65b2227912f698de8 permissions: add links to permissions summary for each permission pages diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py --- a/rhodecode/model/db.py +++ b/rhodecode/model/db.py @@ -1376,6 +1376,32 @@ class UserGroup(Base, BaseModel): return user_group.get(user_group_id) def permissions(self, with_admins=True, with_owner=True): + """ + Permissions for user groups + """ + _admin_perm = 'usergroup.admin' + + owner_row = [] + if with_owner: + usr = AttributeDict(self.user.get_dict()) + usr.owner_row = True + usr.permission = _admin_perm + owner_row.append(usr) + + super_admin_ids = [] + super_admin_rows = [] + if with_admins: + for usr in User.get_all_super_admins(): + super_admin_ids.append(usr.user_id) + # if this admin is also owner, don't double the record + if usr.user_id == owner_row[0].user_id: + owner_row[0].admin_row = True + else: + usr = AttributeDict(usr.get_dict()) + usr.admin_row = True + usr.permission = _admin_perm + super_admin_rows.append(usr) + q = UserUserGroupToPerm.query().filter(UserUserGroupToPerm.user_group == self) q = q.options(joinedload(UserUserGroupToPerm.user_group), joinedload(UserUserGroupToPerm.user), @@ -1389,6 +1415,9 @@ class UserGroup(Base, BaseModel): perm_rows = [] for _usr in q.all(): usr = AttributeDict(_usr.user.get_dict()) + # if this user is also owner/admin, mark as duplicate record + if usr.user_id == owner_row[0].user_id or usr.user_id in super_admin_ids: + usr.duplicate_perm = True usr.permission = _usr.permission.permission_name perm_rows.append(usr) @@ -1397,26 +1426,6 @@ class UserGroup(Base, BaseModel): # each group perm_rows = sorted(perm_rows, key=display_user_sort) - _admin_perm = 'usergroup.admin' - owner_row = [] - if with_owner: - usr = AttributeDict(self.user.get_dict()) - usr.owner_row = True - usr.permission = _admin_perm - owner_row.append(usr) - - super_admin_rows = [] - if with_admins: - for usr in User.get_all_super_admins(): - # if this admin is also owner, don't double the record - if usr.user_id == owner_row[0].user_id: - owner_row[0].admin_row = True - else: - usr = AttributeDict(usr.get_dict()) - usr.admin_row = True - usr.permission = _admin_perm - super_admin_rows.append(usr) - return super_admin_rows + owner_row + perm_rows def permission_user_groups(self): @@ -1899,6 +1908,34 @@ class Repository(Base, BaseModel): return make_db_config(clear_session=False, repo=self) def permissions(self, with_admins=True, with_owner=True): + """ + Permissions for repositories + """ + _admin_perm = 'repository.admin' + + owner_row = [] + if with_owner: + usr = AttributeDict(self.user.get_dict()) + usr.owner_row = True + usr.permission = _admin_perm + usr.permission_id = None + owner_row.append(usr) + + super_admin_ids = [] + super_admin_rows = [] + if with_admins: + for usr in User.get_all_super_admins(): + super_admin_ids.append(usr.user_id) + # if this admin is also owner, don't double the record + if usr.user_id == owner_row[0].user_id: + owner_row[0].admin_row = True + else: + usr = AttributeDict(usr.get_dict()) + usr.admin_row = True + usr.permission = _admin_perm + usr.permission_id = None + super_admin_rows.append(usr) + q = UserRepoToPerm.query().filter(UserRepoToPerm.repository == self) q = q.options(joinedload(UserRepoToPerm.repository), joinedload(UserRepoToPerm.user), @@ -1912,6 +1949,9 @@ class Repository(Base, BaseModel): perm_rows = [] for _usr in q.all(): usr = AttributeDict(_usr.user.get_dict()) + # if this user is also owner/admin, mark as duplicate record + if usr.user_id == owner_row[0].user_id or usr.user_id in super_admin_ids: + usr.duplicate_perm = True usr.permission = _usr.permission.permission_name usr.permission_id = _usr.repo_to_perm_id perm_rows.append(usr) @@ -1921,28 +1961,6 @@ class Repository(Base, BaseModel): # each group perm_rows = sorted(perm_rows, key=display_user_sort) - _admin_perm = 'repository.admin' - owner_row = [] - if with_owner: - usr = AttributeDict(self.user.get_dict()) - usr.owner_row = True - usr.permission = _admin_perm - usr.permission_id = None - owner_row.append(usr) - - super_admin_rows = [] - if with_admins: - for usr in User.get_all_super_admins(): - # if this admin is also owner, don't double the record - if usr.user_id == owner_row[0].user_id: - owner_row[0].admin_row = True - else: - usr = AttributeDict(usr.get_dict()) - usr.admin_row = True - usr.permission = _admin_perm - usr.permission_id = None - super_admin_rows.append(usr) - return super_admin_rows + owner_row + perm_rows def permission_user_groups(self): @@ -2597,6 +2615,32 @@ class RepoGroup(Base, BaseModel): return RepoGroup.url_sep().join(path_prefix + [group_name]) def permissions(self, with_admins=True, with_owner=True): + """ + Permissions for repository groups + """ + _admin_perm = 'group.admin' + + owner_row = [] + if with_owner: + usr = AttributeDict(self.user.get_dict()) + usr.owner_row = True + usr.permission = _admin_perm + owner_row.append(usr) + + super_admin_ids = [] + super_admin_rows = [] + if with_admins: + for usr in User.get_all_super_admins(): + super_admin_ids.append(usr.user_id) + # if this admin is also owner, don't double the record + if usr.user_id == owner_row[0].user_id: + owner_row[0].admin_row = True + else: + usr = AttributeDict(usr.get_dict()) + usr.admin_row = True + usr.permission = _admin_perm + super_admin_rows.append(usr) + q = UserRepoGroupToPerm.query().filter(UserRepoGroupToPerm.group == self) q = q.options(joinedload(UserRepoGroupToPerm.group), joinedload(UserRepoGroupToPerm.user), @@ -2610,6 +2654,9 @@ class RepoGroup(Base, BaseModel): perm_rows = [] for _usr in q.all(): usr = AttributeDict(_usr.user.get_dict()) + # if this user is also owner/admin, mark as duplicate record + if usr.user_id == owner_row[0].user_id or usr.user_id in super_admin_ids: + usr.duplicate_perm = True usr.permission = _usr.permission.permission_name perm_rows.append(usr) @@ -2618,30 +2665,11 @@ class RepoGroup(Base, BaseModel): # each group perm_rows = sorted(perm_rows, key=display_user_sort) - _admin_perm = 'group.admin' - owner_row = [] - if with_owner: - usr = AttributeDict(self.user.get_dict()) - usr.owner_row = True - usr.permission = _admin_perm - owner_row.append(usr) - - super_admin_rows = [] - if with_admins: - for usr in User.get_all_super_admins(): - # if this admin is also owner, don't double the record - if usr.user_id == owner_row[0].user_id: - owner_row[0].admin_row = True - else: - usr = AttributeDict(usr.get_dict()) - usr.admin_row = True - usr.permission = _admin_perm - super_admin_rows.append(usr) - return super_admin_rows + owner_row + perm_rows def permission_user_groups(self): - q = UserGroupRepoGroupToPerm.query().filter(UserGroupRepoGroupToPerm.group == self) + q = UserGroupRepoGroupToPerm.query().filter( + UserGroupRepoGroupToPerm.group == self) q = q.options(joinedload(UserGroupRepoGroupToPerm.group), joinedload(UserGroupRepoGroupToPerm.users_group), joinedload(UserGroupRepoGroupToPerm.permission),) diff --git a/rhodecode/public/js/src/rhodecode/permissions.js b/rhodecode/public/js/src/rhodecode/permissions.js --- a/rhodecode/public/js/src/rhodecode/permissions.js +++ b/rhodecode/public/js/src/rhodecode/permissions.js @@ -32,6 +32,7 @@ var addNewPermInput = function(node, per ' '+ ''+ ''+ + ''+ ''; var _next_id = 'new'+$('.new_members').length; _html = _html.format(_next_id, permission_type); diff --git a/rhodecode/templates/admin/repo_groups/repo_group_edit_permissions.mako b/rhodecode/templates/admin/repo_groups/repo_group_edit_permissions.mako --- a/rhodecode/templates/admin/repo_groups/repo_group_edit_permissions.mako +++ b/rhodecode/templates/admin/repo_groups/repo_group_edit_permissions.mako @@ -14,9 +14,11 @@ ${_('Admin')} ${_('User/User Group')} + ## USERS %for _user in c.repo_group.permissions(): + ## super admin/owner row %if getattr(_user, 'admin_row', None) or getattr(_user, 'owner_row', None): ${h.radio('admin_perm_%s' % _user.user_id,'repository.none', disabled="disabled")} @@ -34,6 +36,11 @@ %endif + + % if c.rhodecode_user.is_admin: + ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))} + % endif + %else: @@ -50,6 +57,9 @@ ${h.DEFAULT_USER} - ${_('permission for all other users')} % else: ${h.link_to_user(_user.username)} + %if getattr(_user, 'duplicate_perm', None): + (${_('inactive duplicate')}) + %endif % endif @@ -61,8 +71,17 @@ %endif + + % if c.rhodecode_user.is_admin: + % if _user.username == h.DEFAULT_USER: + ${h.link_to('show permissions', h.route_path('admin_permissions_overview', _anchor='repositories-permissions'))} + % else: + ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))} + % endif + % endif + %else: - ## special case for current user permissions, we make sure he cannot take his own permissions + ## special case for currently logged-in user permissions, we make sure he cannot take his own permissions ${h.radio('u_perm_%s' % _user.user_id,'group.none', disabled="disabled")} ${h.radio('u_perm_%s' % _user.user_id,'group.read', disabled="disabled")} ${h.radio('u_perm_%s' % _user.user_id,'group.write', disabled="disabled")} @@ -74,11 +93,19 @@ ${h.DEFAULT_USER} - ${_('permission for all other users')} % else: ${h.link_to_user(_user.username)} + %if getattr(_user, 'duplicate_perm', None): + (${_('inactive duplicate')}) + %endif % endif (${_('delegated admin')}) + + % if c.rhodecode_user.is_admin: + ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))} + % endif + %endif %endif @@ -107,6 +134,11 @@ ${_('Revoke')} + + % if c.rhodecode_user.is_admin: + ${h.link_to('show permissions', h.route_path('edit_user_group_perms_summary', user_group_id=_user_group.users_group_id, _anchor='repositories-permissions'))} + % endif + %endfor @@ -122,6 +154,7 @@ ${_('Add user/user group')} + diff --git a/rhodecode/templates/admin/repos/repo_edit_permissions.mako b/rhodecode/templates/admin/repos/repo_edit_permissions.mako --- a/rhodecode/templates/admin/repos/repo_edit_permissions.mako +++ b/rhodecode/templates/admin/repos/repo_edit_permissions.mako @@ -14,6 +14,7 @@ ${_('Admin')} ${_('User/User Group')} + ## USERS %for _user in c.rhodecode_db_repo.permissions(): @@ -34,6 +35,11 @@ %endif + + % if c.rhodecode_user.is_admin: + ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))} + % endif + %elif _user.username == h.DEFAULT_USER and c.rhodecode_db_repo.private: @@ -46,6 +52,11 @@ ${base.gravatar(h.DEFAULT_USER_EMAIL, 16)} ${h.DEFAULT_USER} - ${_('only users/user groups explicitly added here will have access')} + + % if c.rhodecode_user.is_admin: + ${h.link_to('show permissions', h.route_path('admin_permissions_overview', _anchor='repositories-permissions'))} + % endif + %else: @@ -60,6 +71,9 @@ ${h.DEFAULT_USER} - ${_('permission for all other users')} % else: ${h.link_to_user(_user.username)} + %if getattr(_user, 'duplicate_perm', None): + (${_('inactive duplicate')}) + %endif % endif @@ -71,6 +85,15 @@ %endif + + % if c.rhodecode_user.is_admin: + % if _user.username == h.DEFAULT_USER: + ${h.link_to('show permissions', h.route_path('admin_permissions_overview', _anchor='repositories-permissions'))} + % else: + ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))} + % endif + % endif + %endif %endfor @@ -98,6 +121,11 @@ ${_('Revoke')} + + % if c.rhodecode_user.is_admin: + ${h.link_to('show permissions', h.route_path('edit_user_group_perms_summary', user_group_id=_user_group.users_group_id, _anchor='repositories-permissions'))} + % endif + %endfor @@ -113,6 +141,7 @@ ${_('Add user/user group')} + diff --git a/rhodecode/templates/admin/user_groups/user_group_edit_perms.mako b/rhodecode/templates/admin/user_groups/user_group_edit_perms.mako --- a/rhodecode/templates/admin/user_groups/user_group_edit_perms.mako +++ b/rhodecode/templates/admin/user_groups/user_group_edit_perms.mako @@ -14,9 +14,11 @@ ${_('Admin')} ${_('User/User Group')} + ## USERS %for _user in c.user_group.permissions(): + ## super admin/owner row %if getattr(_user, 'admin_row', None) or getattr(_user, 'owner_row', None): ${h.radio('admin_perm_%s' % _user.user_id,'repository.none', disabled="disabled")} @@ -36,6 +38,11 @@ + + % if c.rhodecode_user.is_admin: + ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))} + % endif + %else: ##forbid revoking permission from yourself, except if you're an super admin @@ -52,6 +59,9 @@ ${h.DEFAULT_USER} - ${_('permission for all other users')} % else: ${h.link_to_user(_user.username)} + %if getattr(_user, 'duplicate_perm', None): + (${_('inactive duplicate')}) + %endif % endif @@ -63,8 +73,17 @@ %endif + + % if c.rhodecode_user.is_admin: + % if _user.username == h.DEFAULT_USER: + ${h.link_to('show permissions', h.route_path('admin_permissions_overview', _anchor='repositories-permissions'))} + % else: + ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))} + % endif + % endif + %else: - ## special case for current user permissions, we make sure he cannot take his own permissions + ## special case for currently logged-in user permissions, we make sure he cannot take his own permissions ${h.radio('u_perm_%s' % _user.user_id,'usergroup.none', disabled="disabled")} ${h.radio('u_perm_%s' % _user.user_id,'usergroup.read', disabled="disabled")} ${h.radio('u_perm_%s' % _user.user_id,'usergroup.write', disabled="disabled")} @@ -76,11 +95,19 @@ ${h.DEFAULT_USER} - ${_('permission for all other users')} % else: ${h.link_to_user(_user.username)} + %if getattr(_user, 'duplicate_perm', None): + (${_('inactive duplicate')}) + %endif % endif (${_('delegated admin')}) + + % if c.rhodecode_user.is_admin: + ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))} + % endif + %endif %endif @@ -109,6 +136,11 @@ ${_('Revoke')} + + % if c.rhodecode_user.is_admin: + ${h.link_to('show permissions', h.route_path('edit_user_group_perms_summary', user_group_id=_user_group.users_group_id, _anchor='repositories-permissions'))} + % endif + %endfor @@ -123,6 +155,7 @@ ${_('Add user/user group')} +