##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
repo-permissions: add set/un-set of private repository from permissions page....
dan -
r4189:021154b4 stable
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,132 +1,135 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2011-2019 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import logging
22 22
23 23 from pyramid.httpexceptions import HTTPFound
24 24 from pyramid.view import view_config
25 25
26 26 from rhodecode.apps._base import RepoAppView
27 27 from rhodecode.lib import helpers as h
28 28 from rhodecode.lib import audit_logger
29 29 from rhodecode.lib.auth import (
30 30 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
31 from rhodecode.lib.utils2 import str2bool
31 32 from rhodecode.model.db import User
32 33 from rhodecode.model.forms import RepoPermsForm
33 34 from rhodecode.model.meta import Session
34 35 from rhodecode.model.permission import PermissionModel
35 36 from rhodecode.model.repo import RepoModel
36 37
37 38 log = logging.getLogger(__name__)
38 39
39 40
40 41 class RepoSettingsPermissionsView(RepoAppView):
41 42
42 43 def load_default_context(self):
43 44 c = self._get_local_tmpl_context()
44 45 return c
45 46
46 47 @LoginRequired()
47 48 @HasRepoPermissionAnyDecorator('repository.admin')
48 49 @view_config(
49 50 route_name='edit_repo_perms', request_method='GET',
50 51 renderer='rhodecode:templates/admin/repos/repo_edit.mako')
51 52 def edit_permissions(self):
52 53 _ = self.request.translate
53 54 c = self.load_default_context()
54 55 c.active = 'permissions'
55 56 if self.request.GET.get('branch_permissions'):
56 57 h.flash(_('Explicitly add user or user group with write+ '
57 58 'permission to modify their branch permissions.'),
58 59 category='notice')
59 60 return self._get_template_context(c)
60 61
61 62 @LoginRequired()
62 63 @HasRepoPermissionAnyDecorator('repository.admin')
63 64 @CSRFRequired()
64 65 @view_config(
65 66 route_name='edit_repo_perms', request_method='POST',
66 67 renderer='rhodecode:templates/admin/repos/repo_edit.mako')
67 68 def edit_permissions_update(self):
68 69 _ = self.request.translate
69 70 c = self.load_default_context()
70 71 c.active = 'permissions'
71 72 data = self.request.POST
72 73 # store private flag outside of HTML to verify if we can modify
73 74 # default user permissions, prevents submission of FAKE post data
74 75 # into the form for private repos
75 76 data['repo_private'] = self.db_repo.private
76 77 form = RepoPermsForm(self.request.translate)().to_python(data)
77 78 changes = RepoModel().update_permissions(
78 79 self.db_repo_name, form['perm_additions'], form['perm_updates'],
79 80 form['perm_deletions'])
80 81
81 82 action_data = {
82 83 'added': changes['added'],
83 84 'updated': changes['updated'],
84 85 'deleted': changes['deleted'],
85 86 }
86 87 audit_logger.store_web(
87 88 'repo.edit.permissions', action_data=action_data,
88 89 user=self._rhodecode_user, repo=self.db_repo)
89 90
90 91 Session().commit()
91 92 h.flash(_('Repository access permissions updated'), category='success')
92 93
93 94 affected_user_ids = None
94 95 if changes.get('default_user_changed', False):
95 96 # if we change the default user, we need to flush everyone permissions
96 97 affected_user_ids = [x.user_id for x in User.get_all()]
97 98 PermissionModel().flush_user_permission_caches(
98 99 changes, affected_user_ids=affected_user_ids)
99 100
100 101 raise HTTPFound(
101 102 h.route_path('edit_repo_perms', repo_name=self.db_repo_name))
102 103
103 104 @LoginRequired()
104 105 @HasRepoPermissionAnyDecorator('repository.admin')
105 106 @CSRFRequired()
106 107 @view_config(
107 108 route_name='edit_repo_perms_set_private', request_method='POST',
108 109 renderer='json_ext')
109 110 def edit_permissions_set_private_repo(self):
110 111 _ = self.request.translate
111 112 self.load_default_context()
112 113
114 private_flag = str2bool(self.request.POST.get('private'))
115
113 116 try:
114 117 RepoModel().update(
115 self.db_repo, **{'repo_private': True, 'repo_name': self.db_repo_name})
118 self.db_repo, **{'repo_private': private_flag, 'repo_name': self.db_repo_name})
116 119 Session().commit()
117 120
118 121 h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name),
119 122 category='success')
120 123 except Exception:
121 124 log.exception("Exception during update of repository")
122 125 h.flash(_('Error occurred during update of repository {}').format(
123 126 self.db_repo_name), category='error')
124 127
125 128 # NOTE(dan): we change repo private mode we need to notify all USERS
126 129 affected_user_ids = [x.user_id for x in User.get_all()]
127 130 PermissionModel().trigger_permission_flush(affected_user_ids)
128 131
129 132 return {
130 133 'redirect_url': h.route_path('edit_repo_perms', repo_name=self.db_repo_name),
131 'private': True
134 'private': private_flag
132 135 }
Show file before | Show file after | Hide comments
@@ -1,222 +1,227 b''
1 1 <%namespace name="base" file="/base/base.mako"/>
2 2
3 3 <div class="panel panel-default">
4 4 <div class="panel-heading">
5 5 <h3 class="panel-title">${_('Repository Access Permissions')}</h3>
6 6 </div>
7 7 <div class="panel-body">
8 8 ${h.secure_form(h.route_path('edit_repo_perms', repo_name=c.repo_name), request=request)}
9 9 <table id="permissions_manage" class="rctable permissions">
10 10 <tr>
11 11 <th class="td-radio">${_('None')}</th>
12 12 <th class="td-radio">${_('Read')}</th>
13 13 <th class="td-radio">${_('Write')}</th>
14 14 <th class="td-radio">${_('Admin')}</th>
15 15 <th class="td-owner">${_('User/User Group')}</th>
16 16 <th class="td-action"></th>
17 17 <th class="td-action"></th>
18 18 </tr>
19 19 ## USERS
20 20 %for _user in c.rhodecode_db_repo.permissions():
21 21 %if getattr(_user, 'admin_row', None) or getattr(_user, 'owner_row', None):
22 22 <tr class="perm_admin_row">
23 23 <td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.none', disabled="disabled")}</td>
24 24 <td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.read', disabled="disabled")}</td>
25 25 <td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.write', disabled="disabled")}</td>
26 26 <td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.admin', 'repository.admin', disabled="disabled")}</td>
27 27 <td class="td-user">
28 28 ${base.gravatar(_user.email, 16, user=_user, tooltip=True)}
29 29 ${h.link_to_user(_user.username)}
30 30 %if getattr(_user, 'admin_row', None):
31 31 (${_('super-admin')})
32 32 %endif
33 33 %if getattr(_user, 'owner_row', None):
34 34 (${_('owner')})
35 35 %endif
36 36 </td>
37 37 <td></td>
38 38 <td class="quick_repo_menu">
39 39 % if c.rhodecode_user.is_admin:
40 40 <i class="icon-more"></i>
41 41 <div class="menu_items_container" style="display: none;">
42 42 <ul class="menu_items">
43 43 <li>
44 44 ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))}
45 45 </li>
46 46 </ul>
47 47 </div>
48 48 % endif
49 49 </td>
50 50 </tr>
51 51 %elif _user.username == h.DEFAULT_USER and c.rhodecode_db_repo.private:
52 52 <tr>
53 53 <td colspan="4">
54 54 <span class="private_repo_msg">
55 55 <strong title="${h.tooltip(_user.permission)}">${_('private repository')}</strong>
56 56 </span>
57 57 </td>
58 58 <td class="private_repo_msg">
59 59 ${base.gravatar(h.DEFAULT_USER_EMAIL, 16)}
60 60 ${h.DEFAULT_USER} - ${_('only users/user groups explicitly added here will have access')}</td>
61 <td></td>
61 <td class="td-action">
62 <span class="tooltip btn btn-link btn-default" onclick="setPrivateRepo(false); return false" title="${_('Private repositories are only visible to people explicitly added as collaborators. Default permissions wont apply')}">
63 ${_('un-set private mode')}
64 </span>
65 </td>
62 66 <td class="quick_repo_menu">
63 67 % if c.rhodecode_user.is_admin:
64 68 <i class="icon-more"></i>
65 69 <div class="menu_items_container" style="display: none;">
66 70 <ul class="menu_items">
67 71 <li>
68 72 ${h.link_to('show permissions', h.route_path('admin_permissions_overview', _anchor='repositories-permissions'))}
69 73 </li>
70 74 </ul>
71 75 </div>
72 76 % endif
73 77 </td>
74 78 </tr>
75 79 %else:
76 80 <% used_by_n_rules = len(getattr(_user, 'branch_rules', None) or []) %>
77 81 <tr>
78 82 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'repository.none', checked=_user.permission=='repository.none', disabled="disabled" if (used_by_n_rules and _user.username != h.DEFAULT_USER) else None)}</td>
79 83 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'repository.read', checked=_user.permission=='repository.read', disabled="disabled" if (used_by_n_rules and _user.username != h.DEFAULT_USER) else None)}</td>
80 84 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'repository.write', checked=_user.permission=='repository.write')}</td>
81 85 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'repository.admin', checked=_user.permission=='repository.admin')}</td>
82 86 <td class="td-user">
83 87 ${base.gravatar(_user.email, 16, user=_user, tooltip=True)}
84 88 <span class="user">
85 89 % if _user.username == h.DEFAULT_USER:
86 90 ${h.DEFAULT_USER} <span class="user-perm-help-text"> - ${_('permission for all other users')}</span>
87 91 % else:
88 92 ${h.link_to_user(_user.username)}
89 93 %if getattr(_user, 'duplicate_perm', None):
90 94 (${_('inactive duplicate')})
91 95 %endif
92 96 %if getattr(_user, 'branch_rules', None):
93 97 % if used_by_n_rules == 1:
94 98 (${_('used by {} branch rule, requires write+ permissions').format(used_by_n_rules)})
95 99 % else:
96 100 (${_('used by {} branch rules, requires write+ permissions').format(used_by_n_rules)})
97 101 % endif
98 102 %endif
99 103 % endif
100 104 </span>
101 105 </td>
102 106 <td class="td-action">
103 107 %if _user.username != h.DEFAULT_USER and getattr(_user, 'branch_rules', None) is None:
104 108 <span class="btn btn-link btn-danger revoke_perm"
105 109 member="${_user.user_id}" member_type="user">
106 110 ${_('Remove')}
107 111 </span>
108 112 %elif _user.username == h.DEFAULT_USER:
109 <span class="tooltip btn btn-link btn-default" onclick="enablePrivateRepo(); return false" title="${_('Private repositories are only visible to people explicitly added as collaborators.')}">
113 <span class="tooltip btn btn-link btn-default" onclick="setPrivateRepo(true); return false" title="${_('Private repositories are only visible to people explicitly added as collaborators. Default permissions wont apply')}">
110 114 ${_('set private mode')}
111 115 </span>
112 116 %endif
113 117 </td>
114 118 <td class="quick_repo_menu">
115 119 % if c.rhodecode_user.is_admin:
116 120 <i class="icon-more"></i>
117 121 <div class="menu_items_container" style="display: none;">
118 122 <ul class="menu_items">
119 123 <li>
120 124 % if _user.username == h.DEFAULT_USER:
121 125 ${h.link_to('show permissions', h.route_path('admin_permissions_overview', _anchor='repositories-permissions'))}
122 126 % else:
123 127 ${h.link_to('show permissions', h.route_path('edit_user_perms_summary', user_id=_user.user_id, _anchor='repositories-permissions'))}
124 128 % endif
125 129 </li>
126 130 </ul>
127 131 </div>
128 132 % endif
129 133 </td>
130 134 </tr>
131 135 %endif
132 136 %endfor
133 137
134 138 ## USER GROUPS
135 139 %for _user_group in c.rhodecode_db_repo.permission_user_groups(with_members=True):
136 140 <tr>
137 141 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.none', checked=_user_group.permission=='repository.none')}</td>
138 142 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.read', checked=_user_group.permission=='repository.read')}</td>
139 143 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.write', checked=_user_group.permission=='repository.write')}</td>
140 144 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.admin', checked=_user_group.permission=='repository.admin')}</td>
141 145 <td class="td-componentname">
142 146 ${base.user_group_icon(_user_group, tooltip=True)}
143 147 %if c.is_super_admin:
144 148 <a href="${h.route_path('edit_user_group',user_group_id=_user_group.users_group_id)}">
145 149 ${_user_group.users_group_name}
146 150 </a>
147 151 %else:
148 152 ${h.link_to_group(_user_group.users_group_name)}
149 153 %endif
150 154 (${_('members')}: ${len(_user_group.members)})
151 155 </td>
152 156 <td class="td-action">
153 157 <span class="btn btn-link btn-danger revoke_perm"
154 158 member="${_user_group.users_group_id}" member_type="user_group">
155 159 ${_('Remove')}
156 160 </span>
157 161 </td>
158 162 <td class="quick_repo_menu">
159 163 % if c.rhodecode_user.is_admin:
160 164 <i class="icon-more"></i>
161 165 <div class="menu_items_container" style="display: none;">
162 166 <ul class="menu_items">
163 167 <li>
164 168 ${h.link_to('show permissions', h.route_path('edit_user_group_perms_summary', user_group_id=_user_group.users_group_id, _anchor='repositories-permissions'))}
165 169 </li>
166 170 </ul>
167 171 </div>
168 172 % endif
169 173 </td>
170 174 </tr>
171 175 %endfor
172 176 <tr class="new_members" id="add_perm_input"></tr>
173 177
174 178 <tr>
175 179 <td></td>
176 180 <td></td>
177 181 <td></td>
178 182 <td></td>
179 183 <td></td>
180 184 <td>
181 185 <span id="add_perm" class="link">
182 186 ${_('Add user/user group')}
183 187 </span>
184 188 </td>
185 189 <td></td>
186 190 </tr>
187 191
188 192 </table>
189 193
190 194 <div class="buttons">
191 195 ${h.submit('save',_('Save'),class_="btn btn-primary")}
192 196 ${h.reset('reset',_('Reset'),class_="btn btn-danger")}
193 197 </div>
194 198 ${h.end_form()}
195 199 </div>
196 200 </div>
197 201
198 202 <script type="text/javascript">
199 203 $('#add_perm').on('click', function(e){
200 204 addNewPermInput($(this), 'repository');
201 205 });
202 206 $('.revoke_perm').on('click', function(e){
203 207 markRevokePermInput($(this), 'repository');
204 208 });
205 209 quick_repo_menu();
206 210
207 var enablePrivateRepo = function () {
211 var setPrivateRepo = function (private) {
208 212 var postData = {
209 'csrf_token': CSRF_TOKEN
213 'csrf_token': CSRF_TOKEN,
214 'private': private
210 215 };
211 216
212 217 var success = function(o) {
213 218 var defaultUrl = pyroutes.url('edit_repo_perms', {"repo_name": templateContext.repo_name});
214 219 window.location = o.redirect_url || defaultUrl;
215 220 };
216 221
217 222 ajaxPOST(
218 223 pyroutes.url('edit_repo_perms_set_private', {"repo_name": templateContext.repo_name}),
219 224 postData,
220 225 success);
221 226 }
222 227 </script>
General Comments 0
You need to be logged in to leave comments. Login now