# HG changeset patch # User Marcin Kuzminski # Date 2018-08-29 22:47:01 # Node ID de0780ef8837b0cf188cee15196f2d5c85c0e476 # Parent 2b092458f6122a682a7221a0a905388aea782145 branch-permissions: handle cases for revoking regular permissions when branch permissions are set: - DB cascade delete fliushing branch when repository is deleted - forbid lowering permissions if it's used for branch diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py --- a/rhodecode/model/db.py +++ b/rhodecode/model/db.py @@ -3079,6 +3079,7 @@ class UserGroupRepoToPerm(Base, BaseMode users_group = relationship('UserGroup') permission = relationship('Permission') repository = relationship('Repository') + user_group_branch_perms = relationship('UserGroupToRepoBranchPermission', cascade='all') @classmethod def create(cls, users_group, repository, permission): diff --git a/rhodecode/templates/admin/repos/repo_edit_permissions.mako b/rhodecode/templates/admin/repos/repo_edit_permissions.mako --- a/rhodecode/templates/admin/repos/repo_edit_permissions.mako +++ b/rhodecode/templates/admin/repos/repo_edit_permissions.mako @@ -73,9 +73,10 @@ %else: + <% used_by_n_rules = len(getattr(_user, 'branch_rules', None) or []) %> - ${h.radio('u_perm_%s' % _user.user_id,'repository.none', checked=_user.permission=='repository.none')} - ${h.radio('u_perm_%s' % _user.user_id,'repository.read', checked=_user.permission=='repository.read')} + ${h.radio('u_perm_%s' % _user.user_id,'repository.none', checked=_user.permission=='repository.none', disabled="disabled" if (used_by_n_rules and _user.username != h.DEFAULT_USER) else None)} + ${h.radio('u_perm_%s' % _user.user_id,'repository.read', checked=_user.permission=='repository.read', disabled="disabled" if (used_by_n_rules and _user.username != h.DEFAULT_USER) else None)} ${h.radio('u_perm_%s' % _user.user_id,'repository.write', checked=_user.permission=='repository.write')} ${h.radio('u_perm_%s' % _user.user_id,'repository.admin', checked=_user.permission=='repository.admin')} @@ -89,11 +90,10 @@ (${_('inactive duplicate')}) %endif %if getattr(_user, 'branch_rules', None): - <% used_by_n_rules = len(_user.branch_rules) %> % if used_by_n_rules == 1: - (${_('used by {} branch rule').format(used_by_n_rules)}) + (${_('used by {} branch rule, requires write+ permissions').format(used_by_n_rules)}) % else: - (${_('used by {} branch rules').format(used_by_n_rules)}) + (${_('used by {} branch rules, requires write+ permissions').format(used_by_n_rules)}) % endif %endif % endif