##// END OF EJS Templates
permissions: expose new view that lists all available views for usage in whitelist access.
marcink -
r1943:089c11e9 default
parent child Browse files
Show More
@@ -0,0 +1,61 b''
1
2
3 <div class="panel panel-default">
4 <div class="panel-heading">
5 <h3 class="panel-title">${_('View whitelist')}</h3>
6 </div>
7 <div class="panel-body">
8 <div class="">
9
10 <p class="pr-description">
11 View white list defines a set of views that can be accessed using auth token without the need to login.
12 Adding ?auth_token = SECRET_TOKEN to the url authenticates this request as if it
13 came from the the logged in user who owns this authentication token.
14
15 E.g. adding `RepoFilesView.repo_file_raw` allows to access a raw diff using such url:
16 http[s]://server.com/{repo_name}/raw/{commit_id}/{file_path}?auth_token=SECRET_TOKEN
17
18 White list can be defined inside `${c.whitelist_file}` under `${c.whitelist_key}=` setting
19
20 Currently under this settings following views are set:
21 </p>
22
23 <pre>
24 % for entry in c.whitelist_views:
25 ${entry}
26 % endfor
27 </pre>
28
29 </div>
30
31 </div>
32 </div>
33
34
35 <div class="panel panel-default">
36 <div class="panel-heading">
37 <h3 class="panel-title">${_('List of views available for usage in whitelist access')}</h3>
38 </div>
39 <div class="panel-body">
40 <div class="">
41
42
43 <table class="rctable ip-whitelist">
44 <tr>
45 <th>Active</th>
46 <th>View FQN</th>
47 <th>URL pattern</th>
48 </tr>
49
50 % for route_name, view_fqn, view_url, active in c.view_data:
51 <tr>
52 <td class="td-x">${h.bool2icon(active)}</td>
53 <td class="td-x">${view_fqn}</td>
54 <td class="td-x" title="${route_name}">${view_url}</td>
55 </tr>
56 % endfor
57 </table>
58 </div>
59
60 </div>
61 </div>
@@ -1,678 +1,677 b''
1 1
2 2
3 3 ################################################################################
4 4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 5 # The %(here)s variable will be replaced with the parent directory of this file#
6 6 ################################################################################
7 7
8 8 [DEFAULT]
9 9 debug = true
10 10
11 11 ################################################################################
12 12 ## EMAIL CONFIGURATION ##
13 13 ## Uncomment and replace with the email address which should receive ##
14 14 ## any error reports after an application crash ##
15 15 ## Additionally these settings will be used by the RhodeCode mailing system ##
16 16 ################################################################################
17 17
18 18 ## prefix all emails subjects with given prefix, helps filtering out emails
19 19 #email_prefix = [RhodeCode]
20 20
21 21 ## email FROM address all mails will be sent
22 22 #app_email_from = rhodecode-noreply@localhost
23 23
24 24 ## Uncomment and replace with the address which should receive any error report
25 25 ## note: using appenlight for error handling doesn't need this to be uncommented
26 26 #email_to = admin@localhost
27 27
28 28 ## in case of Application errors, sent an error email form
29 29 #error_email_from = rhodecode_error@localhost
30 30
31 31 ## additional error message to be send in case of server crash
32 32 #error_message =
33 33
34 34
35 35 #smtp_server = mail.server.com
36 36 #smtp_username =
37 37 #smtp_password =
38 38 #smtp_port =
39 39 #smtp_use_tls = false
40 40 #smtp_use_ssl = true
41 41 ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
42 42 #smtp_auth =
43 43
44 44 [server:main]
45 45 ## COMMON ##
46 46 host = 127.0.0.1
47 47 port = 5000
48 48
49 49 ##################################
50 50 ## WAITRESS WSGI SERVER ##
51 51 ## Recommended for Development ##
52 52 ##################################
53 53
54 54 use = egg:waitress#main
55 55 ## number of worker threads
56 56 threads = 5
57 57 ## MAX BODY SIZE 100GB
58 58 max_request_body_size = 107374182400
59 59 ## Use poll instead of select, fixes file descriptors limits problems.
60 60 ## May not work on old windows systems.
61 61 asyncore_use_poll = true
62 62
63 63
64 64 ##########################
65 65 ## GUNICORN WSGI SERVER ##
66 66 ##########################
67 67 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
68 68
69 69 #use = egg:gunicorn#main
70 70 ## Sets the number of process workers. You must set `instance_id = *`
71 71 ## when this option is set to more than one worker, recommended
72 72 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
73 73 ## The `instance_id = *` must be set in the [app:main] section below
74 74 #workers = 2
75 75 ## number of threads for each of the worker, must be set to 1 for gevent
76 76 ## generally recommened to be at 1
77 77 #threads = 1
78 78 ## process name
79 79 #proc_name = rhodecode
80 80 ## type of worker class, one of sync, gevent
81 81 ## recommended for bigger setup is using of of other than sync one
82 82 #worker_class = sync
83 83 ## The maximum number of simultaneous clients. Valid only for Gevent
84 84 #worker_connections = 10
85 85 ## max number of requests that worker will handle before being gracefully
86 86 ## restarted, could prevent memory leaks
87 87 #max_requests = 1000
88 88 #max_requests_jitter = 30
89 89 ## amount of time a worker can spend with handling a request before it
90 90 ## gets killed and restarted. Set to 6hrs
91 91 #timeout = 21600
92 92
93 93
94 94 ## prefix middleware for RhodeCode.
95 95 ## recommended when using proxy setup.
96 96 ## allows to set RhodeCode under a prefix in server.
97 97 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
98 98 ## And set your prefix like: `prefix = /custom_prefix`
99 99 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
100 100 ## to make your cookies only work on prefix url
101 101 [filter:proxy-prefix]
102 102 use = egg:PasteDeploy#prefix
103 103 prefix = /
104 104
105 105 [app:main]
106 106 use = egg:rhodecode-enterprise-ce
107 107
108 108 ## enable proxy prefix middleware, defined above
109 109 #filter-with = proxy-prefix
110 110
111 111 # During development the we want to have the debug toolbar enabled
112 112 pyramid.includes =
113 113 pyramid_debugtoolbar
114 114 rhodecode.utils.debugtoolbar
115 115 rhodecode.lib.middleware.request_wrapper
116 116
117 117 pyramid.reload_templates = true
118 118
119 119 debugtoolbar.hosts = 0.0.0.0/0
120 120 debugtoolbar.exclude_prefixes =
121 121 /css
122 122 /fonts
123 123 /images
124 124 /js
125 125
126 126 ## RHODECODE PLUGINS ##
127 127 rhodecode.includes =
128 128 rhodecode.api
129 129
130 130
131 131 # api prefix url
132 132 rhodecode.api.url = /_admin/api
133 133
134 134
135 135 ## END RHODECODE PLUGINS ##
136 136
137 137 ## encryption key used to encrypt social plugin tokens,
138 138 ## remote_urls with credentials etc, if not set it defaults to
139 139 ## `beaker.session.secret`
140 140 #rhodecode.encrypted_values.secret =
141 141
142 142 ## decryption strict mode (enabled by default). It controls if decryption raises
143 143 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
144 144 #rhodecode.encrypted_values.strict = false
145 145
146 146 ## return gzipped responses from Rhodecode (static files/application)
147 147 gzip_responses = false
148 148
149 149 ## autogenerate javascript routes file on startup
150 150 generate_js_files = false
151 151
152 152 ## Optional Languages
153 153 ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
154 154 lang = en
155 155
156 156 ## perform a full repository scan on each server start, this should be
157 157 ## set to false after first startup, to allow faster server restarts.
158 158 startup.import_repos = false
159 159
160 160 ## Uncomment and set this path to use archive download cache.
161 161 ## Once enabled, generated archives will be cached at this location
162 162 ## and served from the cache during subsequent requests for the same archive of
163 163 ## the repository.
164 164 #archive_cache_dir = /tmp/tarballcache
165 165
166 166 ## change this to unique ID for security
167 167 app_instance_uuid = rc-production
168 168
169 169 ## cut off limit for large diffs (size in bytes)
170 170 cut_off_limit_diff = 1024000
171 171 cut_off_limit_file = 256000
172 172
173 173 ## use cache version of scm repo everywhere
174 174 vcs_full_cache = true
175 175
176 176 ## force https in RhodeCode, fixes https redirects, assumes it's always https
177 177 ## Normally this is controlled by proper http flags sent from http server
178 178 force_https = false
179 179
180 180 ## use Strict-Transport-Security headers
181 181 use_htsts = false
182 182
183 183 ## number of commits stats will parse on each iteration
184 184 commit_parse_limit = 25
185 185
186 186 ## git rev filter option, --all is the default filter, if you need to
187 187 ## hide all refs in changelog switch this to --branches --tags
188 188 git_rev_filter = --branches --tags
189 189
190 190 # Set to true if your repos are exposed using the dumb protocol
191 191 git_update_server_info = false
192 192
193 193 ## RSS/ATOM feed options
194 194 rss_cut_off_limit = 256000
195 195 rss_items_per_page = 10
196 196 rss_include_diff = false
197 197
198 198 ## gist URL alias, used to create nicer urls for gist. This should be an
199 199 ## url that does rewrites to _admin/gists/{gistid}.
200 200 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
201 201 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
202 202 gist_alias_url =
203 203
204 ## List of controllers (using glob pattern syntax) that AUTH TOKENS could be
204 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
205 205 ## used for access.
206 206 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
207 207 ## came from the the logged in user who own this authentication token.
208 208 ##
209 ## Syntax is ControllerClass:function_pattern.
210 ## To enable access to raw_files put `FilesController:raw`.
211 ## To enable access to patches add `ChangesetController:changeset_patch`.
209 ## list of all views can be found under `_admin/permissions/auth_token_access`
212 210 ## The list should be "," separated and on a single line.
213 211 ##
214 ## Recommended controllers to enable:
215 # ChangesetController:changeset_patch,
216 # ChangesetController:changeset_raw,
217 # FilesController:raw,
218 # FilesController:archivefile,
219 # GistsController:*,
212 ## Most common views to enable:
213 # ChangesetController:changeset_patch
214 # ChangesetController:changeset_raw
215 # RepoFilesView.repo_files_diff
216 # RepoFilesView.repo_archivefile
217 # RepoFilesView.repo_file_raw
218 # GistView:*
220 219 api_access_controllers_whitelist =
221 220
222 221 ## default encoding used to convert from and to unicode
223 222 ## can be also a comma separated list of encoding in case of mixed encodings
224 223 default_encoding = UTF-8
225 224
226 225 ## instance-id prefix
227 226 ## a prefix key for this instance used for cache invalidation when running
228 227 ## multiple instances of rhodecode, make sure it's globally unique for
229 228 ## all running rhodecode instances. Leave empty if you don't use it
230 229 instance_id =
231 230
232 231 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
233 232 ## of an authentication plugin also if it is disabled by it's settings.
234 233 ## This could be useful if you are unable to log in to the system due to broken
235 234 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
236 235 ## module to log in again and fix the settings.
237 236 ##
238 237 ## Available builtin plugin IDs (hash is part of the ID):
239 238 ## egg:rhodecode-enterprise-ce#rhodecode
240 239 ## egg:rhodecode-enterprise-ce#pam
241 240 ## egg:rhodecode-enterprise-ce#ldap
242 241 ## egg:rhodecode-enterprise-ce#jasig_cas
243 242 ## egg:rhodecode-enterprise-ce#headers
244 243 ## egg:rhodecode-enterprise-ce#crowd
245 244 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
246 245
247 246 ## alternative return HTTP header for failed authentication. Default HTTP
248 247 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
249 248 ## handling that causing a series of failed authentication calls.
250 249 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
251 250 ## This will be served instead of default 401 on bad authnetication
252 251 auth_ret_code =
253 252
254 253 ## use special detection method when serving auth_ret_code, instead of serving
255 254 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
256 255 ## and then serve auth_ret_code to clients
257 256 auth_ret_code_detection = false
258 257
259 258 ## locking return code. When repository is locked return this HTTP code. 2XX
260 259 ## codes don't break the transactions while 4XX codes do
261 260 lock_ret_code = 423
262 261
263 262 ## allows to change the repository location in settings page
264 263 allow_repo_location_change = true
265 264
266 265 ## allows to setup custom hooks in settings page
267 266 allow_custom_hooks_settings = true
268 267
269 268 ## generated license token, goto license page in RhodeCode settings to obtain
270 269 ## new token
271 270 license_token =
272 271
273 272 ## supervisor connection uri, for managing supervisor and logs.
274 273 supervisor.uri =
275 274 ## supervisord group name/id we only want this RC instance to handle
276 275 supervisor.group_id = dev
277 276
278 277 ## Display extended labs settings
279 278 labs_settings_active = true
280 279
281 280 ####################################
282 281 ### CELERY CONFIG ####
283 282 ####################################
284 283 use_celery = false
285 284 broker.host = localhost
286 285 broker.vhost = rabbitmqhost
287 286 broker.port = 5672
288 287 broker.user = rabbitmq
289 288 broker.password = qweqwe
290 289
291 290 celery.imports = rhodecode.lib.celerylib.tasks
292 291
293 292 celery.result.backend = amqp
294 293 celery.result.dburi = amqp://
295 294 celery.result.serialier = json
296 295
297 296 #celery.send.task.error.emails = true
298 297 #celery.amqp.task.result.expires = 18000
299 298
300 299 celeryd.concurrency = 2
301 300 #celeryd.log.file = celeryd.log
302 301 celeryd.log.level = debug
303 302 celeryd.max.tasks.per.child = 1
304 303
305 304 ## tasks will never be sent to the queue, but executed locally instead.
306 305 celery.always.eager = false
307 306
308 307 ####################################
309 308 ### BEAKER CACHE ####
310 309 ####################################
311 310 # default cache dir for templates. Putting this into a ramdisk
312 311 ## can boost performance, eg. %(here)s/data_ramdisk
313 312 cache_dir = %(here)s/data
314 313
315 314 ## locking and default file storage for Beaker. Putting this into a ramdisk
316 315 ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
317 316 beaker.cache.data_dir = %(here)s/data/cache/beaker_data
318 317 beaker.cache.lock_dir = %(here)s/data/cache/beaker_lock
319 318
320 319 beaker.cache.regions = super_short_term, short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long
321 320
322 321 beaker.cache.super_short_term.type = memory
323 322 beaker.cache.super_short_term.expire = 10
324 323 beaker.cache.super_short_term.key_length = 256
325 324
326 325 beaker.cache.short_term.type = memory
327 326 beaker.cache.short_term.expire = 60
328 327 beaker.cache.short_term.key_length = 256
329 328
330 329 beaker.cache.long_term.type = memory
331 330 beaker.cache.long_term.expire = 36000
332 331 beaker.cache.long_term.key_length = 256
333 332
334 333 beaker.cache.sql_cache_short.type = memory
335 334 beaker.cache.sql_cache_short.expire = 10
336 335 beaker.cache.sql_cache_short.key_length = 256
337 336
338 337 ## default is memory cache, configure only if required
339 338 ## using multi-node or multi-worker setup
340 339 #beaker.cache.auth_plugins.type = ext:database
341 340 #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
342 341 #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
343 342 #beaker.cache.auth_plugins.url = mysql://root:secret@127.0.0.1/rhodecode
344 343 #beaker.cache.auth_plugins.sa.pool_recycle = 3600
345 344 #beaker.cache.auth_plugins.sa.pool_size = 10
346 345 #beaker.cache.auth_plugins.sa.max_overflow = 0
347 346
348 347 beaker.cache.repo_cache_long.type = memorylru_base
349 348 beaker.cache.repo_cache_long.max_items = 4096
350 349 beaker.cache.repo_cache_long.expire = 2592000
351 350
352 351 ## default is memorylru_base cache, configure only if required
353 352 ## using multi-node or multi-worker setup
354 353 #beaker.cache.repo_cache_long.type = ext:memcached
355 354 #beaker.cache.repo_cache_long.url = localhost:11211
356 355 #beaker.cache.repo_cache_long.expire = 1209600
357 356 #beaker.cache.repo_cache_long.key_length = 256
358 357
359 358 ####################################
360 359 ### BEAKER SESSION ####
361 360 ####################################
362 361
363 362 ## .session.type is type of storage options for the session, current allowed
364 363 ## types are file, ext:memcached, ext:database, and memory (default).
365 364 beaker.session.type = file
366 365 beaker.session.data_dir = %(here)s/data/sessions/data
367 366
368 367 ## db based session, fast, and allows easy management over logged in users
369 368 #beaker.session.type = ext:database
370 369 #beaker.session.table_name = db_session
371 370 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
372 371 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
373 372 #beaker.session.sa.pool_recycle = 3600
374 373 #beaker.session.sa.echo = false
375 374
376 375 beaker.session.key = rhodecode
377 376 beaker.session.secret = develop-rc-uytcxaz
378 377 beaker.session.lock_dir = %(here)s/data/sessions/lock
379 378
380 379 ## Secure encrypted cookie. Requires AES and AES python libraries
381 380 ## you must disable beaker.session.secret to use this
382 381 #beaker.session.encrypt_key = key_for_encryption
383 382 #beaker.session.validate_key = validation_key
384 383
385 384 ## sets session as invalid(also logging out user) if it haven not been
386 385 ## accessed for given amount of time in seconds
387 386 beaker.session.timeout = 2592000
388 387 beaker.session.httponly = true
389 388 ## Path to use for the cookie. Set to prefix if you use prefix middleware
390 389 #beaker.session.cookie_path = /custom_prefix
391 390
392 391 ## uncomment for https secure cookie
393 392 beaker.session.secure = false
394 393
395 394 ## auto save the session to not to use .save()
396 395 beaker.session.auto = false
397 396
398 397 ## default cookie expiration time in seconds, set to `true` to set expire
399 398 ## at browser close
400 399 #beaker.session.cookie_expires = 3600
401 400
402 401 ###################################
403 402 ## SEARCH INDEXING CONFIGURATION ##
404 403 ###################################
405 404 ## Full text search indexer is available in rhodecode-tools under
406 405 ## `rhodecode-tools index` command
407 406
408 407 ## WHOOSH Backend, doesn't require additional services to run
409 408 ## it works good with few dozen repos
410 409 search.module = rhodecode.lib.index.whoosh
411 410 search.location = %(here)s/data/index
412 411
413 412 ########################################
414 413 ### CHANNELSTREAM CONFIG ####
415 414 ########################################
416 415 ## channelstream enables persistent connections and live notification
417 416 ## in the system. It's also used by the chat system
418 417 channelstream.enabled = false
419 418
420 419 ## server address for channelstream server on the backend
421 420 channelstream.server = 127.0.0.1:9800
422 421
423 422 ## location of the channelstream server from outside world
424 423 ## use ws:// for http or wss:// for https. This address needs to be handled
425 424 ## by external HTTP server such as Nginx or Apache
426 425 ## see nginx/apache configuration examples in our docs
427 426 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
428 427 channelstream.secret = secret
429 428 channelstream.history.location = %(here)s/channelstream_history
430 429
431 430 ## Internal application path that Javascript uses to connect into.
432 431 ## If you use proxy-prefix the prefix should be added before /_channelstream
433 432 channelstream.proxy_path = /_channelstream
434 433
435 434
436 435 ###################################
437 436 ## APPENLIGHT CONFIG ##
438 437 ###################################
439 438
440 439 ## Appenlight is tailored to work with RhodeCode, see
441 440 ## http://appenlight.com for details how to obtain an account
442 441
443 442 ## appenlight integration enabled
444 443 appenlight = false
445 444
446 445 appenlight.server_url = https://api.appenlight.com
447 446 appenlight.api_key = YOUR_API_KEY
448 447 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
449 448
450 449 # used for JS client
451 450 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
452 451
453 452 ## TWEAK AMOUNT OF INFO SENT HERE
454 453
455 454 ## enables 404 error logging (default False)
456 455 appenlight.report_404 = false
457 456
458 457 ## time in seconds after request is considered being slow (default 1)
459 458 appenlight.slow_request_time = 1
460 459
461 460 ## record slow requests in application
462 461 ## (needs to be enabled for slow datastore recording and time tracking)
463 462 appenlight.slow_requests = true
464 463
465 464 ## enable hooking to application loggers
466 465 appenlight.logging = true
467 466
468 467 ## minimum log level for log capture
469 468 appenlight.logging.level = WARNING
470 469
471 470 ## send logs only from erroneous/slow requests
472 471 ## (saves API quota for intensive logging)
473 472 appenlight.logging_on_error = false
474 473
475 474 ## list of additonal keywords that should be grabbed from environ object
476 475 ## can be string with comma separated list of words in lowercase
477 476 ## (by default client will always send following info:
478 477 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
479 478 ## start with HTTP* this list be extended with additional keywords here
480 479 appenlight.environ_keys_whitelist =
481 480
482 481 ## list of keywords that should be blanked from request object
483 482 ## can be string with comma separated list of words in lowercase
484 483 ## (by default client will always blank keys that contain following words
485 484 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
486 485 ## this list be extended with additional keywords set here
487 486 appenlight.request_keys_blacklist =
488 487
489 488 ## list of namespaces that should be ignores when gathering log entries
490 489 ## can be string with comma separated list of namespaces
491 490 ## (by default the client ignores own entries: appenlight_client.client)
492 491 appenlight.log_namespace_blacklist =
493 492
494 493
495 494 ################################################################################
496 495 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
497 496 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
498 497 ## execute malicious code after an exception is raised. ##
499 498 ################################################################################
500 499 #set debug = false
501 500
502 501
503 502 ##############
504 503 ## STYLING ##
505 504 ##############
506 505 debug_style = true
507 506
508 507 ###########################################
509 508 ### MAIN RHODECODE DATABASE CONFIG ###
510 509 ###########################################
511 510 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
512 511 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
513 512 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
514 513 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
515 514
516 515 # see sqlalchemy docs for other advanced settings
517 516
518 517 ## print the sql statements to output
519 518 sqlalchemy.db1.echo = false
520 519 ## recycle the connections after this amount of seconds
521 520 sqlalchemy.db1.pool_recycle = 3600
522 521 sqlalchemy.db1.convert_unicode = true
523 522
524 523 ## the number of connections to keep open inside the connection pool.
525 524 ## 0 indicates no limit
526 525 #sqlalchemy.db1.pool_size = 5
527 526
528 527 ## the number of connections to allow in connection pool "overflow", that is
529 528 ## connections that can be opened above and beyond the pool_size setting,
530 529 ## which defaults to five.
531 530 #sqlalchemy.db1.max_overflow = 10
532 531
533 532
534 533 ##################
535 534 ### VCS CONFIG ###
536 535 ##################
537 536 vcs.server.enable = true
538 537 vcs.server = localhost:9900
539 538
540 539 ## Web server connectivity protocol, responsible for web based VCS operatations
541 540 ## Available protocols are:
542 541 ## `http` - use http-rpc backend (default)
543 542 vcs.server.protocol = http
544 543
545 544 ## Push/Pull operations protocol, available options are:
546 545 ## `http` - use http-rpc backend (default)
547 546 ##
548 547 vcs.scm_app_implementation = http
549 548
550 549 ## Push/Pull operations hooks protocol, available options are:
551 550 ## `http` - use http-rpc backend (default)
552 551 vcs.hooks.protocol = http
553 552
554 553 vcs.server.log_level = debug
555 554 ## Start VCSServer with this instance as a subprocess, usefull for development
556 555 vcs.start_server = true
557 556
558 557 ## List of enabled VCS backends, available options are:
559 558 ## `hg` - mercurial
560 559 ## `git` - git
561 560 ## `svn` - subversion
562 561 vcs.backends = hg, git, svn
563 562
564 563 vcs.connection_timeout = 3600
565 564 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
566 565 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible
567 566 #vcs.svn.compatible_version = pre-1.8-compatible
568 567
569 568
570 569 ############################################################
571 570 ### Subversion proxy support (mod_dav_svn) ###
572 571 ### Maps RhodeCode repo groups into SVN paths for Apache ###
573 572 ############################################################
574 573 ## Enable or disable the config file generation.
575 574 svn.proxy.generate_config = false
576 575 ## Generate config file with `SVNListParentPath` set to `On`.
577 576 svn.proxy.list_parent_path = true
578 577 ## Set location and file name of generated config file.
579 578 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
580 579 ## Used as a prefix to the `Location` block in the generated config file.
581 580 ## In most cases it should be set to `/`.
582 581 svn.proxy.location_root = /
583 582 ## Command to reload the mod dav svn configuration on change.
584 583 ## Example: `/etc/init.d/apache2 reload`
585 584 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
586 585 ## If the timeout expires before the reload command finishes, the command will
587 586 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
588 587 #svn.proxy.reload_timeout = 10
589 588
590 589 ## Dummy marker to add new entries after.
591 590 ## Add any custom entries below. Please don't remove.
592 591 custom.conf = 1
593 592
594 593
595 594 ################################
596 595 ### LOGGING CONFIGURATION ####
597 596 ################################
598 597 [loggers]
599 598 keys = root, routes, rhodecode, sqlalchemy, beaker, templates
600 599
601 600 [handlers]
602 601 keys = console, console_sql
603 602
604 603 [formatters]
605 604 keys = generic, color_formatter, color_formatter_sql
606 605
607 606 #############
608 607 ## LOGGERS ##
609 608 #############
610 609 [logger_root]
611 610 level = NOTSET
612 611 handlers = console
613 612
614 613 [logger_routes]
615 614 level = DEBUG
616 615 handlers =
617 616 qualname = routes.middleware
618 617 ## "level = DEBUG" logs the route matched and routing variables.
619 618 propagate = 1
620 619
621 620 [logger_beaker]
622 621 level = DEBUG
623 622 handlers =
624 623 qualname = beaker.container
625 624 propagate = 1
626 625
627 626 [logger_templates]
628 627 level = INFO
629 628 handlers =
630 629 qualname = pylons.templating
631 630 propagate = 1
632 631
633 632 [logger_rhodecode]
634 633 level = DEBUG
635 634 handlers =
636 635 qualname = rhodecode
637 636 propagate = 1
638 637
639 638 [logger_sqlalchemy]
640 639 level = INFO
641 640 handlers = console_sql
642 641 qualname = sqlalchemy.engine
643 642 propagate = 0
644 643
645 644 ##############
646 645 ## HANDLERS ##
647 646 ##############
648 647
649 648 [handler_console]
650 649 class = StreamHandler
651 650 args = (sys.stderr, )
652 651 level = DEBUG
653 652 formatter = color_formatter
654 653
655 654 [handler_console_sql]
656 655 class = StreamHandler
657 656 args = (sys.stderr, )
658 657 level = DEBUG
659 658 formatter = color_formatter_sql
660 659
661 660 ################
662 661 ## FORMATTERS ##
663 662 ################
664 663
665 664 [formatter_generic]
666 665 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
667 666 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
668 667 datefmt = %Y-%m-%d %H:%M:%S
669 668
670 669 [formatter_color_formatter]
671 670 class = rhodecode.lib.logging_formatter.ColorFormatter
672 671 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
673 672 datefmt = %Y-%m-%d %H:%M:%S
674 673
675 674 [formatter_color_formatter_sql]
676 675 class = rhodecode.lib.logging_formatter.ColorFormatterSql
677 676 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
678 677 datefmt = %Y-%m-%d %H:%M:%S
@@ -1,647 +1,646 b''
1 1
2 2
3 3 ################################################################################
4 4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 5 # The %(here)s variable will be replaced with the parent directory of this file#
6 6 ################################################################################
7 7
8 8 [DEFAULT]
9 9 debug = true
10 10
11 11 ################################################################################
12 12 ## EMAIL CONFIGURATION ##
13 13 ## Uncomment and replace with the email address which should receive ##
14 14 ## any error reports after an application crash ##
15 15 ## Additionally these settings will be used by the RhodeCode mailing system ##
16 16 ################################################################################
17 17
18 18 ## prefix all emails subjects with given prefix, helps filtering out emails
19 19 #email_prefix = [RhodeCode]
20 20
21 21 ## email FROM address all mails will be sent
22 22 #app_email_from = rhodecode-noreply@localhost
23 23
24 24 ## Uncomment and replace with the address which should receive any error report
25 25 ## note: using appenlight for error handling doesn't need this to be uncommented
26 26 #email_to = admin@localhost
27 27
28 28 ## in case of Application errors, sent an error email form
29 29 #error_email_from = rhodecode_error@localhost
30 30
31 31 ## additional error message to be send in case of server crash
32 32 #error_message =
33 33
34 34
35 35 #smtp_server = mail.server.com
36 36 #smtp_username =
37 37 #smtp_password =
38 38 #smtp_port =
39 39 #smtp_use_tls = false
40 40 #smtp_use_ssl = true
41 41 ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
42 42 #smtp_auth =
43 43
44 44 [server:main]
45 45 ## COMMON ##
46 46 host = 127.0.0.1
47 47 port = 5000
48 48
49 49 ##################################
50 50 ## WAITRESS WSGI SERVER ##
51 51 ## Recommended for Development ##
52 52 ##################################
53 53
54 54 #use = egg:waitress#main
55 55 ## number of worker threads
56 56 #threads = 5
57 57 ## MAX BODY SIZE 100GB
58 58 #max_request_body_size = 107374182400
59 59 ## Use poll instead of select, fixes file descriptors limits problems.
60 60 ## May not work on old windows systems.
61 61 #asyncore_use_poll = true
62 62
63 63
64 64 ##########################
65 65 ## GUNICORN WSGI SERVER ##
66 66 ##########################
67 67 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
68 68
69 69 use = egg:gunicorn#main
70 70 ## Sets the number of process workers. You must set `instance_id = *`
71 71 ## when this option is set to more than one worker, recommended
72 72 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
73 73 ## The `instance_id = *` must be set in the [app:main] section below
74 74 workers = 2
75 75 ## number of threads for each of the worker, must be set to 1 for gevent
76 76 ## generally recommened to be at 1
77 77 #threads = 1
78 78 ## process name
79 79 proc_name = rhodecode
80 80 ## type of worker class, one of sync, gevent
81 81 ## recommended for bigger setup is using of of other than sync one
82 82 worker_class = sync
83 83 ## The maximum number of simultaneous clients. Valid only for Gevent
84 84 #worker_connections = 10
85 85 ## max number of requests that worker will handle before being gracefully
86 86 ## restarted, could prevent memory leaks
87 87 max_requests = 1000
88 88 max_requests_jitter = 30
89 89 ## amount of time a worker can spend with handling a request before it
90 90 ## gets killed and restarted. Set to 6hrs
91 91 timeout = 21600
92 92
93 93
94 94 ## prefix middleware for RhodeCode.
95 95 ## recommended when using proxy setup.
96 96 ## allows to set RhodeCode under a prefix in server.
97 97 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
98 98 ## And set your prefix like: `prefix = /custom_prefix`
99 99 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
100 100 ## to make your cookies only work on prefix url
101 101 [filter:proxy-prefix]
102 102 use = egg:PasteDeploy#prefix
103 103 prefix = /
104 104
105 105 [app:main]
106 106 use = egg:rhodecode-enterprise-ce
107 107
108 108 ## enable proxy prefix middleware, defined above
109 109 #filter-with = proxy-prefix
110 110
111 111 ## encryption key used to encrypt social plugin tokens,
112 112 ## remote_urls with credentials etc, if not set it defaults to
113 113 ## `beaker.session.secret`
114 114 #rhodecode.encrypted_values.secret =
115 115
116 116 ## decryption strict mode (enabled by default). It controls if decryption raises
117 117 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
118 118 #rhodecode.encrypted_values.strict = false
119 119
120 120 ## return gzipped responses from Rhodecode (static files/application)
121 121 gzip_responses = false
122 122
123 123 ## autogenerate javascript routes file on startup
124 124 generate_js_files = false
125 125
126 126 ## Optional Languages
127 127 ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
128 128 lang = en
129 129
130 130 ## perform a full repository scan on each server start, this should be
131 131 ## set to false after first startup, to allow faster server restarts.
132 132 startup.import_repos = false
133 133
134 134 ## Uncomment and set this path to use archive download cache.
135 135 ## Once enabled, generated archives will be cached at this location
136 136 ## and served from the cache during subsequent requests for the same archive of
137 137 ## the repository.
138 138 #archive_cache_dir = /tmp/tarballcache
139 139
140 140 ## change this to unique ID for security
141 141 app_instance_uuid = rc-production
142 142
143 143 ## cut off limit for large diffs (size in bytes)
144 144 cut_off_limit_diff = 1024000
145 145 cut_off_limit_file = 256000
146 146
147 147 ## use cache version of scm repo everywhere
148 148 vcs_full_cache = true
149 149
150 150 ## force https in RhodeCode, fixes https redirects, assumes it's always https
151 151 ## Normally this is controlled by proper http flags sent from http server
152 152 force_https = false
153 153
154 154 ## use Strict-Transport-Security headers
155 155 use_htsts = false
156 156
157 157 ## number of commits stats will parse on each iteration
158 158 commit_parse_limit = 25
159 159
160 160 ## git rev filter option, --all is the default filter, if you need to
161 161 ## hide all refs in changelog switch this to --branches --tags
162 162 git_rev_filter = --branches --tags
163 163
164 164 # Set to true if your repos are exposed using the dumb protocol
165 165 git_update_server_info = false
166 166
167 167 ## RSS/ATOM feed options
168 168 rss_cut_off_limit = 256000
169 169 rss_items_per_page = 10
170 170 rss_include_diff = false
171 171
172 172 ## gist URL alias, used to create nicer urls for gist. This should be an
173 173 ## url that does rewrites to _admin/gists/{gistid}.
174 174 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
175 175 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
176 176 gist_alias_url =
177 177
178 ## List of controllers (using glob pattern syntax) that AUTH TOKENS could be
178 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
179 179 ## used for access.
180 180 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
181 181 ## came from the the logged in user who own this authentication token.
182 182 ##
183 ## Syntax is ControllerClass:function_pattern.
184 ## To enable access to raw_files put `FilesController:raw`.
185 ## To enable access to patches add `ChangesetController:changeset_patch`.
183 ## list of all views can be found under `_admin/permissions/auth_token_access`
186 184 ## The list should be "," separated and on a single line.
187 185 ##
188 ## Recommended controllers to enable:
189 # ChangesetController:changeset_patch,
190 # ChangesetController:changeset_raw,
191 # FilesController:raw,
192 # FilesController:archivefile,
193 # GistsController:*,
186 ## Most common views to enable:
187 # ChangesetController:changeset_patch
188 # ChangesetController:changeset_raw
189 # RepoFilesView.repo_files_diff
190 # RepoFilesView.repo_archivefile
191 # RepoFilesView.repo_file_raw
192 # GistView:*
194 193 api_access_controllers_whitelist =
195 194
196 195 ## default encoding used to convert from and to unicode
197 196 ## can be also a comma separated list of encoding in case of mixed encodings
198 197 default_encoding = UTF-8
199 198
200 199 ## instance-id prefix
201 200 ## a prefix key for this instance used for cache invalidation when running
202 201 ## multiple instances of rhodecode, make sure it's globally unique for
203 202 ## all running rhodecode instances. Leave empty if you don't use it
204 203 instance_id =
205 204
206 205 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
207 206 ## of an authentication plugin also if it is disabled by it's settings.
208 207 ## This could be useful if you are unable to log in to the system due to broken
209 208 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
210 209 ## module to log in again and fix the settings.
211 210 ##
212 211 ## Available builtin plugin IDs (hash is part of the ID):
213 212 ## egg:rhodecode-enterprise-ce#rhodecode
214 213 ## egg:rhodecode-enterprise-ce#pam
215 214 ## egg:rhodecode-enterprise-ce#ldap
216 215 ## egg:rhodecode-enterprise-ce#jasig_cas
217 216 ## egg:rhodecode-enterprise-ce#headers
218 217 ## egg:rhodecode-enterprise-ce#crowd
219 218 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
220 219
221 220 ## alternative return HTTP header for failed authentication. Default HTTP
222 221 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
223 222 ## handling that causing a series of failed authentication calls.
224 223 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
225 224 ## This will be served instead of default 401 on bad authnetication
226 225 auth_ret_code =
227 226
228 227 ## use special detection method when serving auth_ret_code, instead of serving
229 228 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
230 229 ## and then serve auth_ret_code to clients
231 230 auth_ret_code_detection = false
232 231
233 232 ## locking return code. When repository is locked return this HTTP code. 2XX
234 233 ## codes don't break the transactions while 4XX codes do
235 234 lock_ret_code = 423
236 235
237 236 ## allows to change the repository location in settings page
238 237 allow_repo_location_change = true
239 238
240 239 ## allows to setup custom hooks in settings page
241 240 allow_custom_hooks_settings = true
242 241
243 242 ## generated license token, goto license page in RhodeCode settings to obtain
244 243 ## new token
245 244 license_token =
246 245
247 246 ## supervisor connection uri, for managing supervisor and logs.
248 247 supervisor.uri =
249 248 ## supervisord group name/id we only want this RC instance to handle
250 249 supervisor.group_id = prod
251 250
252 251 ## Display extended labs settings
253 252 labs_settings_active = true
254 253
255 254 ####################################
256 255 ### CELERY CONFIG ####
257 256 ####################################
258 257 use_celery = false
259 258 broker.host = localhost
260 259 broker.vhost = rabbitmqhost
261 260 broker.port = 5672
262 261 broker.user = rabbitmq
263 262 broker.password = qweqwe
264 263
265 264 celery.imports = rhodecode.lib.celerylib.tasks
266 265
267 266 celery.result.backend = amqp
268 267 celery.result.dburi = amqp://
269 268 celery.result.serialier = json
270 269
271 270 #celery.send.task.error.emails = true
272 271 #celery.amqp.task.result.expires = 18000
273 272
274 273 celeryd.concurrency = 2
275 274 #celeryd.log.file = celeryd.log
276 275 celeryd.log.level = debug
277 276 celeryd.max.tasks.per.child = 1
278 277
279 278 ## tasks will never be sent to the queue, but executed locally instead.
280 279 celery.always.eager = false
281 280
282 281 ####################################
283 282 ### BEAKER CACHE ####
284 283 ####################################
285 284 # default cache dir for templates. Putting this into a ramdisk
286 285 ## can boost performance, eg. %(here)s/data_ramdisk
287 286 cache_dir = %(here)s/data
288 287
289 288 ## locking and default file storage for Beaker. Putting this into a ramdisk
290 289 ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
291 290 beaker.cache.data_dir = %(here)s/data/cache/beaker_data
292 291 beaker.cache.lock_dir = %(here)s/data/cache/beaker_lock
293 292
294 293 beaker.cache.regions = super_short_term, short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long
295 294
296 295 beaker.cache.super_short_term.type = memory
297 296 beaker.cache.super_short_term.expire = 10
298 297 beaker.cache.super_short_term.key_length = 256
299 298
300 299 beaker.cache.short_term.type = memory
301 300 beaker.cache.short_term.expire = 60
302 301 beaker.cache.short_term.key_length = 256
303 302
304 303 beaker.cache.long_term.type = memory
305 304 beaker.cache.long_term.expire = 36000
306 305 beaker.cache.long_term.key_length = 256
307 306
308 307 beaker.cache.sql_cache_short.type = memory
309 308 beaker.cache.sql_cache_short.expire = 10
310 309 beaker.cache.sql_cache_short.key_length = 256
311 310
312 311 ## default is memory cache, configure only if required
313 312 ## using multi-node or multi-worker setup
314 313 #beaker.cache.auth_plugins.type = ext:database
315 314 #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
316 315 #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
317 316 #beaker.cache.auth_plugins.url = mysql://root:secret@127.0.0.1/rhodecode
318 317 #beaker.cache.auth_plugins.sa.pool_recycle = 3600
319 318 #beaker.cache.auth_plugins.sa.pool_size = 10
320 319 #beaker.cache.auth_plugins.sa.max_overflow = 0
321 320
322 321 beaker.cache.repo_cache_long.type = memorylru_base
323 322 beaker.cache.repo_cache_long.max_items = 4096
324 323 beaker.cache.repo_cache_long.expire = 2592000
325 324
326 325 ## default is memorylru_base cache, configure only if required
327 326 ## using multi-node or multi-worker setup
328 327 #beaker.cache.repo_cache_long.type = ext:memcached
329 328 #beaker.cache.repo_cache_long.url = localhost:11211
330 329 #beaker.cache.repo_cache_long.expire = 1209600
331 330 #beaker.cache.repo_cache_long.key_length = 256
332 331
333 332 ####################################
334 333 ### BEAKER SESSION ####
335 334 ####################################
336 335
337 336 ## .session.type is type of storage options for the session, current allowed
338 337 ## types are file, ext:memcached, ext:database, and memory (default).
339 338 beaker.session.type = file
340 339 beaker.session.data_dir = %(here)s/data/sessions/data
341 340
342 341 ## db based session, fast, and allows easy management over logged in users
343 342 #beaker.session.type = ext:database
344 343 #beaker.session.table_name = db_session
345 344 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
346 345 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
347 346 #beaker.session.sa.pool_recycle = 3600
348 347 #beaker.session.sa.echo = false
349 348
350 349 beaker.session.key = rhodecode
351 350 beaker.session.secret = production-rc-uytcxaz
352 351 beaker.session.lock_dir = %(here)s/data/sessions/lock
353 352
354 353 ## Secure encrypted cookie. Requires AES and AES python libraries
355 354 ## you must disable beaker.session.secret to use this
356 355 #beaker.session.encrypt_key = key_for_encryption
357 356 #beaker.session.validate_key = validation_key
358 357
359 358 ## sets session as invalid(also logging out user) if it haven not been
360 359 ## accessed for given amount of time in seconds
361 360 beaker.session.timeout = 2592000
362 361 beaker.session.httponly = true
363 362 ## Path to use for the cookie. Set to prefix if you use prefix middleware
364 363 #beaker.session.cookie_path = /custom_prefix
365 364
366 365 ## uncomment for https secure cookie
367 366 beaker.session.secure = false
368 367
369 368 ## auto save the session to not to use .save()
370 369 beaker.session.auto = false
371 370
372 371 ## default cookie expiration time in seconds, set to `true` to set expire
373 372 ## at browser close
374 373 #beaker.session.cookie_expires = 3600
375 374
376 375 ###################################
377 376 ## SEARCH INDEXING CONFIGURATION ##
378 377 ###################################
379 378 ## Full text search indexer is available in rhodecode-tools under
380 379 ## `rhodecode-tools index` command
381 380
382 381 ## WHOOSH Backend, doesn't require additional services to run
383 382 ## it works good with few dozen repos
384 383 search.module = rhodecode.lib.index.whoosh
385 384 search.location = %(here)s/data/index
386 385
387 386 ########################################
388 387 ### CHANNELSTREAM CONFIG ####
389 388 ########################################
390 389 ## channelstream enables persistent connections and live notification
391 390 ## in the system. It's also used by the chat system
392 391 channelstream.enabled = false
393 392
394 393 ## server address for channelstream server on the backend
395 394 channelstream.server = 127.0.0.1:9800
396 395
397 396 ## location of the channelstream server from outside world
398 397 ## use ws:// for http or wss:// for https. This address needs to be handled
399 398 ## by external HTTP server such as Nginx or Apache
400 399 ## see nginx/apache configuration examples in our docs
401 400 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
402 401 channelstream.secret = secret
403 402 channelstream.history.location = %(here)s/channelstream_history
404 403
405 404 ## Internal application path that Javascript uses to connect into.
406 405 ## If you use proxy-prefix the prefix should be added before /_channelstream
407 406 channelstream.proxy_path = /_channelstream
408 407
409 408
410 409 ###################################
411 410 ## APPENLIGHT CONFIG ##
412 411 ###################################
413 412
414 413 ## Appenlight is tailored to work with RhodeCode, see
415 414 ## http://appenlight.com for details how to obtain an account
416 415
417 416 ## appenlight integration enabled
418 417 appenlight = false
419 418
420 419 appenlight.server_url = https://api.appenlight.com
421 420 appenlight.api_key = YOUR_API_KEY
422 421 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
423 422
424 423 # used for JS client
425 424 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
426 425
427 426 ## TWEAK AMOUNT OF INFO SENT HERE
428 427
429 428 ## enables 404 error logging (default False)
430 429 appenlight.report_404 = false
431 430
432 431 ## time in seconds after request is considered being slow (default 1)
433 432 appenlight.slow_request_time = 1
434 433
435 434 ## record slow requests in application
436 435 ## (needs to be enabled for slow datastore recording and time tracking)
437 436 appenlight.slow_requests = true
438 437
439 438 ## enable hooking to application loggers
440 439 appenlight.logging = true
441 440
442 441 ## minimum log level for log capture
443 442 appenlight.logging.level = WARNING
444 443
445 444 ## send logs only from erroneous/slow requests
446 445 ## (saves API quota for intensive logging)
447 446 appenlight.logging_on_error = false
448 447
449 448 ## list of additonal keywords that should be grabbed from environ object
450 449 ## can be string with comma separated list of words in lowercase
451 450 ## (by default client will always send following info:
452 451 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
453 452 ## start with HTTP* this list be extended with additional keywords here
454 453 appenlight.environ_keys_whitelist =
455 454
456 455 ## list of keywords that should be blanked from request object
457 456 ## can be string with comma separated list of words in lowercase
458 457 ## (by default client will always blank keys that contain following words
459 458 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
460 459 ## this list be extended with additional keywords set here
461 460 appenlight.request_keys_blacklist =
462 461
463 462 ## list of namespaces that should be ignores when gathering log entries
464 463 ## can be string with comma separated list of namespaces
465 464 ## (by default the client ignores own entries: appenlight_client.client)
466 465 appenlight.log_namespace_blacklist =
467 466
468 467
469 468 ################################################################################
470 469 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
471 470 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
472 471 ## execute malicious code after an exception is raised. ##
473 472 ################################################################################
474 473 set debug = false
475 474
476 475
477 476 ###########################################
478 477 ### MAIN RHODECODE DATABASE CONFIG ###
479 478 ###########################################
480 479 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
481 480 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
482 481 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
483 482 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
484 483
485 484 # see sqlalchemy docs for other advanced settings
486 485
487 486 ## print the sql statements to output
488 487 sqlalchemy.db1.echo = false
489 488 ## recycle the connections after this amount of seconds
490 489 sqlalchemy.db1.pool_recycle = 3600
491 490 sqlalchemy.db1.convert_unicode = true
492 491
493 492 ## the number of connections to keep open inside the connection pool.
494 493 ## 0 indicates no limit
495 494 #sqlalchemy.db1.pool_size = 5
496 495
497 496 ## the number of connections to allow in connection pool "overflow", that is
498 497 ## connections that can be opened above and beyond the pool_size setting,
499 498 ## which defaults to five.
500 499 #sqlalchemy.db1.max_overflow = 10
501 500
502 501
503 502 ##################
504 503 ### VCS CONFIG ###
505 504 ##################
506 505 vcs.server.enable = true
507 506 vcs.server = localhost:9900
508 507
509 508 ## Web server connectivity protocol, responsible for web based VCS operatations
510 509 ## Available protocols are:
511 510 ## `http` - use http-rpc backend (default)
512 511 vcs.server.protocol = http
513 512
514 513 ## Push/Pull operations protocol, available options are:
515 514 ## `http` - use http-rpc backend (default)
516 515 ##
517 516 vcs.scm_app_implementation = http
518 517
519 518 ## Push/Pull operations hooks protocol, available options are:
520 519 ## `http` - use http-rpc backend (default)
521 520 vcs.hooks.protocol = http
522 521
523 522 vcs.server.log_level = info
524 523 ## Start VCSServer with this instance as a subprocess, usefull for development
525 524 vcs.start_server = false
526 525
527 526 ## List of enabled VCS backends, available options are:
528 527 ## `hg` - mercurial
529 528 ## `git` - git
530 529 ## `svn` - subversion
531 530 vcs.backends = hg, git, svn
532 531
533 532 vcs.connection_timeout = 3600
534 533 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
535 534 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible
536 535 #vcs.svn.compatible_version = pre-1.8-compatible
537 536
538 537
539 538 ############################################################
540 539 ### Subversion proxy support (mod_dav_svn) ###
541 540 ### Maps RhodeCode repo groups into SVN paths for Apache ###
542 541 ############################################################
543 542 ## Enable or disable the config file generation.
544 543 svn.proxy.generate_config = false
545 544 ## Generate config file with `SVNListParentPath` set to `On`.
546 545 svn.proxy.list_parent_path = true
547 546 ## Set location and file name of generated config file.
548 547 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
549 548 ## Used as a prefix to the `Location` block in the generated config file.
550 549 ## In most cases it should be set to `/`.
551 550 svn.proxy.location_root = /
552 551 ## Command to reload the mod dav svn configuration on change.
553 552 ## Example: `/etc/init.d/apache2 reload`
554 553 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
555 554 ## If the timeout expires before the reload command finishes, the command will
556 555 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
557 556 #svn.proxy.reload_timeout = 10
558 557
559 558 ## Dummy marker to add new entries after.
560 559 ## Add any custom entries below. Please don't remove.
561 560 custom.conf = 1
562 561
563 562
564 563 ################################
565 564 ### LOGGING CONFIGURATION ####
566 565 ################################
567 566 [loggers]
568 567 keys = root, routes, rhodecode, sqlalchemy, beaker, templates
569 568
570 569 [handlers]
571 570 keys = console, console_sql
572 571
573 572 [formatters]
574 573 keys = generic, color_formatter, color_formatter_sql
575 574
576 575 #############
577 576 ## LOGGERS ##
578 577 #############
579 578 [logger_root]
580 579 level = NOTSET
581 580 handlers = console
582 581
583 582 [logger_routes]
584 583 level = DEBUG
585 584 handlers =
586 585 qualname = routes.middleware
587 586 ## "level = DEBUG" logs the route matched and routing variables.
588 587 propagate = 1
589 588
590 589 [logger_beaker]
591 590 level = DEBUG
592 591 handlers =
593 592 qualname = beaker.container
594 593 propagate = 1
595 594
596 595 [logger_templates]
597 596 level = INFO
598 597 handlers =
599 598 qualname = pylons.templating
600 599 propagate = 1
601 600
602 601 [logger_rhodecode]
603 602 level = DEBUG
604 603 handlers =
605 604 qualname = rhodecode
606 605 propagate = 1
607 606
608 607 [logger_sqlalchemy]
609 608 level = INFO
610 609 handlers = console_sql
611 610 qualname = sqlalchemy.engine
612 611 propagate = 0
613 612
614 613 ##############
615 614 ## HANDLERS ##
616 615 ##############
617 616
618 617 [handler_console]
619 618 class = StreamHandler
620 619 args = (sys.stderr, )
621 620 level = INFO
622 621 formatter = generic
623 622
624 623 [handler_console_sql]
625 624 class = StreamHandler
626 625 args = (sys.stderr, )
627 626 level = WARN
628 627 formatter = generic
629 628
630 629 ################
631 630 ## FORMATTERS ##
632 631 ################
633 632
634 633 [formatter_generic]
635 634 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
636 635 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
637 636 datefmt = %Y-%m-%d %H:%M:%S
638 637
639 638 [formatter_color_formatter]
640 639 class = rhodecode.lib.logging_formatter.ColorFormatter
641 640 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
642 641 datefmt = %Y-%m-%d %H:%M:%S
643 642
644 643 [formatter_color_formatter_sql]
645 644 class = rhodecode.lib.logging_formatter.ColorFormatterSql
646 645 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
647 646 datefmt = %Y-%m-%d %H:%M:%S
@@ -1,175 +1,179 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2016-2017 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21
22 22 from rhodecode.apps.admin.navigation import NavigationRegistry
23 23 from rhodecode.config.routing import ADMIN_PREFIX
24 24 from rhodecode.lib.utils2 import str2bool
25 25
26 26
27 27 def admin_routes(config):
28 28 """
29 29 Admin prefixed routes
30 30 """
31 31
32 32 config.add_route(
33 33 name='admin_audit_logs',
34 34 pattern='/audit_logs')
35 35
36 36 config.add_route(
37 37 name='pull_requests_global_0', # backward compat
38 38 pattern='/pull_requests/{pull_request_id:[0-9]+}')
39 39 config.add_route(
40 40 name='pull_requests_global_1', # backward compat
41 41 pattern='/pull-requests/{pull_request_id:[0-9]+}')
42 42 config.add_route(
43 43 name='pull_requests_global',
44 44 pattern='/pull-request/{pull_request_id:[0-9]+}')
45 45
46 46 config.add_route(
47 47 name='admin_settings_open_source',
48 48 pattern='/settings/open_source')
49 49 config.add_route(
50 50 name='admin_settings_vcs_svn_generate_cfg',
51 51 pattern='/settings/vcs/svn_generate_cfg')
52 52
53 53 config.add_route(
54 54 name='admin_settings_system',
55 55 pattern='/settings/system')
56 56 config.add_route(
57 57 name='admin_settings_system_update',
58 58 pattern='/settings/system/updates')
59 59
60 60 config.add_route(
61 61 name='admin_settings_sessions',
62 62 pattern='/settings/sessions')
63 63 config.add_route(
64 64 name='admin_settings_sessions_cleanup',
65 65 pattern='/settings/sessions/cleanup')
66 66
67 67 config.add_route(
68 68 name='admin_settings_process_management',
69 69 pattern='/settings/process_management')
70 70 config.add_route(
71 71 name='admin_settings_process_management_signal',
72 72 pattern='/settings/process_management/signal')
73 73
74 74 # global permissions
75 75
76 76 config.add_route(
77 77 name='admin_permissions_application',
78 78 pattern='/permissions/application')
79 79 config.add_route(
80 80 name='admin_permissions_application_update',
81 81 pattern='/permissions/application/update')
82 82
83 83 config.add_route(
84 84 name='admin_permissions_global',
85 85 pattern='/permissions/global')
86 86 config.add_route(
87 87 name='admin_permissions_global_update',
88 88 pattern='/permissions/global/update')
89 89
90 90 config.add_route(
91 91 name='admin_permissions_object',
92 92 pattern='/permissions/object')
93 93 config.add_route(
94 94 name='admin_permissions_object_update',
95 95 pattern='/permissions/object/update')
96 96
97 97 config.add_route(
98 98 name='admin_permissions_ips',
99 99 pattern='/permissions/ips')
100 100
101 101 config.add_route(
102 102 name='admin_permissions_overview',
103 103 pattern='/permissions/overview')
104 104
105 config.add_route(
106 name='admin_permissions_auth_token_access',
107 pattern='/permissions/auth_token_access')
108
105 109 # users admin
106 110 config.add_route(
107 111 name='users',
108 112 pattern='/users')
109 113
110 114 config.add_route(
111 115 name='users_data',
112 116 pattern='/users_data')
113 117
114 118 # user auth tokens
115 119 config.add_route(
116 120 name='edit_user_auth_tokens',
117 121 pattern='/users/{user_id:\d+}/edit/auth_tokens')
118 122 config.add_route(
119 123 name='edit_user_auth_tokens_add',
120 124 pattern='/users/{user_id:\d+}/edit/auth_tokens/new')
121 125 config.add_route(
122 126 name='edit_user_auth_tokens_delete',
123 127 pattern='/users/{user_id:\d+}/edit/auth_tokens/delete')
124 128
125 129 # user emails
126 130 config.add_route(
127 131 name='edit_user_emails',
128 132 pattern='/users/{user_id:\d+}/edit/emails')
129 133 config.add_route(
130 134 name='edit_user_emails_add',
131 135 pattern='/users/{user_id:\d+}/edit/emails/new')
132 136 config.add_route(
133 137 name='edit_user_emails_delete',
134 138 pattern='/users/{user_id:\d+}/edit/emails/delete')
135 139
136 140 # user IPs
137 141 config.add_route(
138 142 name='edit_user_ips',
139 143 pattern='/users/{user_id:\d+}/edit/ips')
140 144 config.add_route(
141 145 name='edit_user_ips_add',
142 146 pattern='/users/{user_id:\d+}/edit/ips/new')
143 147 config.add_route(
144 148 name='edit_user_ips_delete',
145 149 pattern='/users/{user_id:\d+}/edit/ips/delete')
146 150
147 151 # user groups management
148 152 config.add_route(
149 153 name='edit_user_groups_management',
150 154 pattern='/users/{user_id:\d+}/edit/groups_management')
151 155
152 156 config.add_route(
153 157 name='edit_user_groups_management_updates',
154 158 pattern='/users/{user_id:\d+}/edit/edit_user_groups_management/updates')
155 159
156 160 # user audit logs
157 161 config.add_route(
158 162 name='edit_user_audit_logs',
159 163 pattern='/users/{user_id:\d+}/edit/audit')
160 164
161 165
162 166 def includeme(config):
163 167 settings = config.get_settings()
164 168
165 169 # Create admin navigation registry and add it to the pyramid registry.
166 170 labs_active = str2bool(settings.get('labs_settings_active', False))
167 171 navigation_registry = NavigationRegistry(labs_active=labs_active)
168 172 config.registry.registerUtility(navigation_registry)
169 173
170 174 # main admin routes
171 175 config.add_route(name='admin_home', pattern=ADMIN_PREFIX)
172 176 config.include(admin_routes, route_prefix=ADMIN_PREFIX)
173 177
174 178 # Scan module for configuration decorators.
175 179 config.scan()
@@ -1,310 +1,369 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2016-2017 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 import re
21 22 import logging
22 23 import formencode
24 from pyramid.interfaces import IRoutesMapper
23 25
24 26 from pyramid.view import view_config
25 27 from pyramid.httpexceptions import HTTPFound
26 28 from pyramid.renderers import render
27 29 from pyramid.response import Response
28 30
29 31 from rhodecode.apps._base import BaseAppView
30 32
31 33 from rhodecode.lib import helpers as h
32 34 from rhodecode.lib.auth import (
33 35 LoginRequired, HasPermissionAllDecorator, CSRFRequired)
36 from rhodecode.lib.utils2 import aslist
34 37 from rhodecode.model.db import User, UserIpMap
35 38 from rhodecode.model.forms import (
36 39 ApplicationPermissionsForm, ObjectPermissionsForm, UserPermissionsForm)
37 40 from rhodecode.model.meta import Session
38 41 from rhodecode.model.permission import PermissionModel
39 42 from rhodecode.model.settings import SettingsModel
40 43
41 44
42 45 log = logging.getLogger(__name__)
43 46
44 47
45 48 class AdminPermissionsView(BaseAppView):
46 49 def load_default_context(self):
47 50 c = self._get_local_tmpl_context()
48 51
49 52 self._register_global_c(c)
50 53 PermissionModel().set_global_permission_choices(
51 54 c, gettext_translator=self.request.translate)
52 55 return c
53 56
54 57 @LoginRequired()
55 58 @HasPermissionAllDecorator('hg.admin')
56 59 @view_config(
57 60 route_name='admin_permissions_application', request_method='GET',
58 61 renderer='rhodecode:templates/admin/permissions/permissions.mako')
59 62 def permissions_application(self):
60 63 c = self.load_default_context()
61 64 c.active = 'application'
62 65
63 66 c.user = User.get_default_user(refresh=True)
64 67
65 68 app_settings = SettingsModel().get_all_settings()
66 69 defaults = {
67 70 'anonymous': c.user.active,
68 71 'default_register_message': app_settings.get(
69 72 'rhodecode_register_message')
70 73 }
71 74 defaults.update(c.user.get_default_perms())
72 75
73 76 data = render('rhodecode:templates/admin/permissions/permissions.mako',
74 77 self._get_template_context(c), self.request)
75 78 html = formencode.htmlfill.render(
76 79 data,
77 80 defaults=defaults,
78 81 encoding="UTF-8",
79 82 force_defaults=False
80 83 )
81 84 return Response(html)
82 85
83 86 @LoginRequired()
84 87 @HasPermissionAllDecorator('hg.admin')
85 88 @CSRFRequired()
86 89 @view_config(
87 90 route_name='admin_permissions_application_update', request_method='POST',
88 91 renderer='rhodecode:templates/admin/permissions/permissions.mako')
89 92 def permissions_application_update(self):
90 93 _ = self.request.translate
91 94 c = self.load_default_context()
92 95 c.active = 'application'
93 96
94 97 _form = ApplicationPermissionsForm(
95 98 [x[0] for x in c.register_choices],
96 99 [x[0] for x in c.password_reset_choices],
97 100 [x[0] for x in c.extern_activate_choices])()
98 101
99 102 try:
100 103 form_result = _form.to_python(dict(self.request.POST))
101 104 form_result.update({'perm_user_name': User.DEFAULT_USER})
102 105 PermissionModel().update_application_permissions(form_result)
103 106
104 107 settings = [
105 108 ('register_message', 'default_register_message'),
106 109 ]
107 110 for setting, form_key in settings:
108 111 sett = SettingsModel().create_or_update_setting(
109 112 setting, form_result[form_key])
110 113 Session().add(sett)
111 114
112 115 Session().commit()
113 116 h.flash(_('Application permissions updated successfully'),
114 117 category='success')
115 118
116 119 except formencode.Invalid as errors:
117 120 defaults = errors.value
118 121
119 122 data = render(
120 123 'rhodecode:templates/admin/permissions/permissions.mako',
121 124 self._get_template_context(c), self.request)
122 125 html = formencode.htmlfill.render(
123 126 data,
124 127 defaults=defaults,
125 128 errors=errors.error_dict or {},
126 129 prefix_error=False,
127 130 encoding="UTF-8",
128 131 force_defaults=False
129 132 )
130 133 return Response(html)
131 134
132 135 except Exception:
133 136 log.exception("Exception during update of permissions")
134 137 h.flash(_('Error occurred during update of permissions'),
135 138 category='error')
136 139
137 140 raise HTTPFound(h.route_path('admin_permissions_application'))
138 141
139 142 @LoginRequired()
140 143 @HasPermissionAllDecorator('hg.admin')
141 144 @view_config(
142 145 route_name='admin_permissions_object', request_method='GET',
143 146 renderer='rhodecode:templates/admin/permissions/permissions.mako')
144 147 def permissions_objects(self):
145 148 c = self.load_default_context()
146 149 c.active = 'objects'
147 150
148 151 c.user = User.get_default_user(refresh=True)
149 152 defaults = {}
150 153 defaults.update(c.user.get_default_perms())
151 154
152 155 data = render(
153 156 'rhodecode:templates/admin/permissions/permissions.mako',
154 157 self._get_template_context(c), self.request)
155 158 html = formencode.htmlfill.render(
156 159 data,
157 160 defaults=defaults,
158 161 encoding="UTF-8",
159 162 force_defaults=False
160 163 )
161 164 return Response(html)
162 165
163 166 @LoginRequired()
164 167 @HasPermissionAllDecorator('hg.admin')
165 168 @CSRFRequired()
166 169 @view_config(
167 170 route_name='admin_permissions_object_update', request_method='POST',
168 171 renderer='rhodecode:templates/admin/permissions/permissions.mako')
169 172 def permissions_objects_update(self):
170 173 _ = self.request.translate
171 174 c = self.load_default_context()
172 175 c.active = 'objects'
173 176
174 177 _form = ObjectPermissionsForm(
175 178 [x[0] for x in c.repo_perms_choices],
176 179 [x[0] for x in c.group_perms_choices],
177 180 [x[0] for x in c.user_group_perms_choices])()
178 181
179 182 try:
180 183 form_result = _form.to_python(dict(self.request.POST))
181 184 form_result.update({'perm_user_name': User.DEFAULT_USER})
182 185 PermissionModel().update_object_permissions(form_result)
183 186
184 187 Session().commit()
185 188 h.flash(_('Object permissions updated successfully'),
186 189 category='success')
187 190
188 191 except formencode.Invalid as errors:
189 192 defaults = errors.value
190 193
191 194 data = render(
192 195 'rhodecode:templates/admin/permissions/permissions.mako',
193 196 self._get_template_context(c), self.request)
194 197 html = formencode.htmlfill.render(
195 198 data,
196 199 defaults=defaults,
197 200 errors=errors.error_dict or {},
198 201 prefix_error=False,
199 202 encoding="UTF-8",
200 203 force_defaults=False
201 204 )
202 205 return Response(html)
203 206 except Exception:
204 207 log.exception("Exception during update of permissions")
205 208 h.flash(_('Error occurred during update of permissions'),
206 209 category='error')
207 210
208 211 raise HTTPFound(h.route_path('admin_permissions_object'))
209 212
210 213 @LoginRequired()
211 214 @HasPermissionAllDecorator('hg.admin')
212 215 @view_config(
213 216 route_name='admin_permissions_global', request_method='GET',
214 217 renderer='rhodecode:templates/admin/permissions/permissions.mako')
215 218 def permissions_global(self):
216 219 c = self.load_default_context()
217 220 c.active = 'global'
218 221
219 222 c.user = User.get_default_user(refresh=True)
220 223 defaults = {}
221 224 defaults.update(c.user.get_default_perms())
222 225
223 226 data = render(
224 227 'rhodecode:templates/admin/permissions/permissions.mako',
225 228 self._get_template_context(c), self.request)
226 229 html = formencode.htmlfill.render(
227 230 data,
228 231 defaults=defaults,
229 232 encoding="UTF-8",
230 233 force_defaults=False
231 234 )
232 235 return Response(html)
233 236
234 237 @LoginRequired()
235 238 @HasPermissionAllDecorator('hg.admin')
236 239 @CSRFRequired()
237 240 @view_config(
238 241 route_name='admin_permissions_global_update', request_method='POST',
239 242 renderer='rhodecode:templates/admin/permissions/permissions.mako')
240 243 def permissions_global_update(self):
241 244 _ = self.request.translate
242 245 c = self.load_default_context()
243 246 c.active = 'global'
244 247
245 248 _form = UserPermissionsForm(
246 249 [x[0] for x in c.repo_create_choices],
247 250 [x[0] for x in c.repo_create_on_write_choices],
248 251 [x[0] for x in c.repo_group_create_choices],
249 252 [x[0] for x in c.user_group_create_choices],
250 253 [x[0] for x in c.fork_choices],
251 254 [x[0] for x in c.inherit_default_permission_choices])()
252 255
253 256 try:
254 257 form_result = _form.to_python(dict(self.request.POST))
255 258 form_result.update({'perm_user_name': User.DEFAULT_USER})
256 259 PermissionModel().update_user_permissions(form_result)
257 260
258 261 Session().commit()
259 262 h.flash(_('Global permissions updated successfully'),
260 263 category='success')
261 264
262 265 except formencode.Invalid as errors:
263 266 defaults = errors.value
264 267
265 268 data = render(
266 269 'rhodecode:templates/admin/permissions/permissions.mako',
267 270 self._get_template_context(c), self.request)
268 271 html = formencode.htmlfill.render(
269 272 data,
270 273 defaults=defaults,
271 274 errors=errors.error_dict or {},
272 275 prefix_error=False,
273 276 encoding="UTF-8",
274 277 force_defaults=False
275 278 )
276 279 return Response(html)
277 280 except Exception:
278 281 log.exception("Exception during update of permissions")
279 282 h.flash(_('Error occurred during update of permissions'),
280 283 category='error')
281 284
282 285 raise HTTPFound(h.route_path('admin_permissions_global'))
283 286
284 287 @LoginRequired()
285 288 @HasPermissionAllDecorator('hg.admin')
286 289 @view_config(
287 290 route_name='admin_permissions_ips', request_method='GET',
288 291 renderer='rhodecode:templates/admin/permissions/permissions.mako')
289 292 def permissions_ips(self):
290 293 c = self.load_default_context()
291 294 c.active = 'ips'
292 295
293 296 c.user = User.get_default_user(refresh=True)
294 297 c.user_ip_map = (
295 298 UserIpMap.query().filter(UserIpMap.user == c.user).all())
296 299
297 300 return self._get_template_context(c)
298 301
299 302 @LoginRequired()
300 303 @HasPermissionAllDecorator('hg.admin')
301 304 @view_config(
302 305 route_name='admin_permissions_overview', request_method='GET',
303 306 renderer='rhodecode:templates/admin/permissions/permissions.mako')
304 307 def permissions_overview(self):
305 308 c = self.load_default_context()
306 309 c.active = 'perms'
307 310
308 311 c.user = User.get_default_user(refresh=True)
309 312 c.perm_user = c.user.AuthUser
310 313 return self._get_template_context(c)
314
315 @LoginRequired()
316 @HasPermissionAllDecorator('hg.admin')
317 @view_config(
318 route_name='admin_permissions_auth_token_access', request_method='GET',
319 renderer='rhodecode:templates/admin/permissions/permissions.mako')
320 def auth_token_access(self):
321 from rhodecode import CONFIG
322
323 c = self.load_default_context()
324 c.active = 'auth_token_access'
325
326 c.user = User.get_default_user(refresh=True)
327 c.perm_user = c.user.AuthUser
328
329 mapper = self.request.registry.queryUtility(IRoutesMapper)
330 c.view_data = []
331
332 _argument_prog = re.compile('\{(.*?)\}|:\((.*)\)')
333 introspector = self.request.registry.introspector
334
335 view_intr = {}
336 for view_data in introspector.get_category('views'):
337 intr = view_data['introspectable']
338
339 if 'route_name' in intr and intr['attr']:
340 view_intr[intr['route_name']] = '{}.{}'.format(
341 str(intr['derived_callable'].func_name), intr['attr']
342 )
343
344 c.whitelist_key = 'api_access_controllers_whitelist'
345 c.whitelist_file = CONFIG.get('__file__')
346 whitelist_views = aslist(
347 CONFIG.get(c.whitelist_key), sep=',')
348
349 for route_info in mapper.get_routes():
350 if not route_info.name.startswith('__'):
351 routepath = route_info.pattern
352
353 def replace(matchobj):
354 if matchobj.group(1):
355 return "{%s}" % matchobj.group(1).split(':')[0]
356 else:
357 return "{%s}" % matchobj.group(2)
358
359 routepath = _argument_prog.sub(replace, routepath)
360
361 if not routepath.startswith('/'):
362 routepath = '/' + routepath
363
364 view_fqn = view_intr.get(route_info.name, 'NOT AVAILABLE')
365 active = view_fqn in whitelist_views
366 c.view_data.append((route_info.name, view_fqn, routepath, active))
367
368 c.whitelist_views = whitelist_views
369 return self._get_template_context(c)
@@ -1,213 +1,214 b''
1 1
2 2 /******************************************************************************
3 3 * *
4 4 * DO NOT CHANGE THIS FILE MANUALLY *
5 5 * *
6 6 * *
7 7 * This file is automatically generated when the app starts up with *
8 8 * generate_js_files = true *
9 9 * *
10 10 * To add a route here pass jsroute=True to the route definition in the app *
11 11 * *
12 12 ******************************************************************************/
13 13 function registerRCRoutes() {
14 14 // routes registration
15 15 pyroutes.register('new_repo', '/_admin/create_repository', []);
16 16 pyroutes.register('edit_user', '/_admin/users/%(user_id)s/edit', ['user_id']);
17 17 pyroutes.register('edit_user_group_members', '/_admin/user_groups/%(user_group_id)s/edit/members', ['user_group_id']);
18 18 pyroutes.register('changeset_home', '/%(repo_name)s/changeset/%(revision)s', ['repo_name', 'revision']);
19 19 pyroutes.register('changeset_comment', '/%(repo_name)s/changeset/%(revision)s/comment', ['repo_name', 'revision']);
20 20 pyroutes.register('changeset_comment_preview', '/%(repo_name)s/changeset/comment/preview', ['repo_name']);
21 21 pyroutes.register('changeset_comment_delete', '/%(repo_name)s/changeset/comment/%(comment_id)s/delete', ['repo_name', 'comment_id']);
22 22 pyroutes.register('changeset_info', '/%(repo_name)s/changeset_info/%(revision)s', ['repo_name', 'revision']);
23 23 pyroutes.register('compare_url', '/%(repo_name)s/compare/%(source_ref_type)s@%(source_ref)s...%(target_ref_type)s@%(target_ref)s', ['repo_name', 'source_ref_type', 'source_ref', 'target_ref_type', 'target_ref']);
24 24 pyroutes.register('pullrequest_home', '/%(repo_name)s/pull-request/new', ['repo_name']);
25 25 pyroutes.register('pullrequest', '/%(repo_name)s/pull-request/new', ['repo_name']);
26 26 pyroutes.register('pullrequest_repo_refs', '/%(repo_name)s/pull-request/refs/%(target_repo_name)s', ['repo_name', 'target_repo_name']);
27 27 pyroutes.register('pullrequest_repo_destinations', '/%(repo_name)s/pull-request/repo-destinations', ['repo_name']);
28 28 pyroutes.register('pullrequest_show', '/%(repo_name)s/pull-request/%(pull_request_id)s', ['repo_name', 'pull_request_id']);
29 29 pyroutes.register('pullrequest_update', '/%(repo_name)s/pull-request/%(pull_request_id)s', ['repo_name', 'pull_request_id']);
30 30 pyroutes.register('pullrequest_comment', '/%(repo_name)s/pull-request-comment/%(pull_request_id)s', ['repo_name', 'pull_request_id']);
31 31 pyroutes.register('pullrequest_comment_delete', '/%(repo_name)s/pull-request-comment/%(comment_id)s/delete', ['repo_name', 'comment_id']);
32 32 pyroutes.register('favicon', '/favicon.ico', []);
33 33 pyroutes.register('robots', '/robots.txt', []);
34 34 pyroutes.register('auth_home', '/_admin/auth*traverse', []);
35 35 pyroutes.register('global_integrations_new', '/_admin/integrations/new', []);
36 36 pyroutes.register('global_integrations_home', '/_admin/integrations', []);
37 37 pyroutes.register('global_integrations_list', '/_admin/integrations/%(integration)s', ['integration']);
38 38 pyroutes.register('global_integrations_create', '/_admin/integrations/%(integration)s/new', ['integration']);
39 39 pyroutes.register('global_integrations_edit', '/_admin/integrations/%(integration)s/%(integration_id)s', ['integration', 'integration_id']);
40 40 pyroutes.register('repo_group_integrations_home', '/%(repo_group_name)s/settings/integrations', ['repo_group_name']);
41 41 pyroutes.register('repo_group_integrations_list', '/%(repo_group_name)s/settings/integrations/%(integration)s', ['repo_group_name', 'integration']);
42 42 pyroutes.register('repo_group_integrations_new', '/%(repo_group_name)s/settings/integrations/new', ['repo_group_name']);
43 43 pyroutes.register('repo_group_integrations_create', '/%(repo_group_name)s/settings/integrations/%(integration)s/new', ['repo_group_name', 'integration']);
44 44 pyroutes.register('repo_group_integrations_edit', '/%(repo_group_name)s/settings/integrations/%(integration)s/%(integration_id)s', ['repo_group_name', 'integration', 'integration_id']);
45 45 pyroutes.register('repo_integrations_home', '/%(repo_name)s/settings/integrations', ['repo_name']);
46 46 pyroutes.register('repo_integrations_list', '/%(repo_name)s/settings/integrations/%(integration)s', ['repo_name', 'integration']);
47 47 pyroutes.register('repo_integrations_new', '/%(repo_name)s/settings/integrations/new', ['repo_name']);
48 48 pyroutes.register('repo_integrations_create', '/%(repo_name)s/settings/integrations/%(integration)s/new', ['repo_name', 'integration']);
49 49 pyroutes.register('repo_integrations_edit', '/%(repo_name)s/settings/integrations/%(integration)s/%(integration_id)s', ['repo_name', 'integration', 'integration_id']);
50 50 pyroutes.register('ops_ping', '/_admin/ops/ping', []);
51 51 pyroutes.register('ops_error_test', '/_admin/ops/error', []);
52 52 pyroutes.register('ops_redirect_test', '/_admin/ops/redirect', []);
53 53 pyroutes.register('admin_home', '/_admin', []);
54 54 pyroutes.register('admin_audit_logs', '/_admin/audit_logs', []);
55 55 pyroutes.register('pull_requests_global_0', '/_admin/pull_requests/%(pull_request_id)s', ['pull_request_id']);
56 56 pyroutes.register('pull_requests_global_1', '/_admin/pull-requests/%(pull_request_id)s', ['pull_request_id']);
57 57 pyroutes.register('pull_requests_global', '/_admin/pull-request/%(pull_request_id)s', ['pull_request_id']);
58 58 pyroutes.register('admin_settings_open_source', '/_admin/settings/open_source', []);
59 59 pyroutes.register('admin_settings_vcs_svn_generate_cfg', '/_admin/settings/vcs/svn_generate_cfg', []);
60 60 pyroutes.register('admin_settings_system', '/_admin/settings/system', []);
61 61 pyroutes.register('admin_settings_system_update', '/_admin/settings/system/updates', []);
62 62 pyroutes.register('admin_settings_sessions', '/_admin/settings/sessions', []);
63 63 pyroutes.register('admin_settings_sessions_cleanup', '/_admin/settings/sessions/cleanup', []);
64 64 pyroutes.register('admin_settings_process_management', '/_admin/settings/process_management', []);
65 65 pyroutes.register('admin_settings_process_management_signal', '/_admin/settings/process_management/signal', []);
66 66 pyroutes.register('admin_permissions_application', '/_admin/permissions/application', []);
67 67 pyroutes.register('admin_permissions_application_update', '/_admin/permissions/application/update', []);
68 68 pyroutes.register('admin_permissions_global', '/_admin/permissions/global', []);
69 69 pyroutes.register('admin_permissions_global_update', '/_admin/permissions/global/update', []);
70 70 pyroutes.register('admin_permissions_object', '/_admin/permissions/object', []);
71 71 pyroutes.register('admin_permissions_object_update', '/_admin/permissions/object/update', []);
72 72 pyroutes.register('admin_permissions_ips', '/_admin/permissions/ips', []);
73 73 pyroutes.register('admin_permissions_overview', '/_admin/permissions/overview', []);
74 pyroutes.register('admin_permissions_auth_token_access', '/_admin/permissions/auth_token_access', []);
74 75 pyroutes.register('users', '/_admin/users', []);
75 76 pyroutes.register('users_data', '/_admin/users_data', []);
76 77 pyroutes.register('edit_user_auth_tokens', '/_admin/users/%(user_id)s/edit/auth_tokens', ['user_id']);
77 78 pyroutes.register('edit_user_auth_tokens_add', '/_admin/users/%(user_id)s/edit/auth_tokens/new', ['user_id']);
78 79 pyroutes.register('edit_user_auth_tokens_delete', '/_admin/users/%(user_id)s/edit/auth_tokens/delete', ['user_id']);
79 80 pyroutes.register('edit_user_emails', '/_admin/users/%(user_id)s/edit/emails', ['user_id']);
80 81 pyroutes.register('edit_user_emails_add', '/_admin/users/%(user_id)s/edit/emails/new', ['user_id']);
81 82 pyroutes.register('edit_user_emails_delete', '/_admin/users/%(user_id)s/edit/emails/delete', ['user_id']);
82 83 pyroutes.register('edit_user_ips', '/_admin/users/%(user_id)s/edit/ips', ['user_id']);
83 84 pyroutes.register('edit_user_ips_add', '/_admin/users/%(user_id)s/edit/ips/new', ['user_id']);
84 85 pyroutes.register('edit_user_ips_delete', '/_admin/users/%(user_id)s/edit/ips/delete', ['user_id']);
85 86 pyroutes.register('edit_user_groups_management', '/_admin/users/%(user_id)s/edit/groups_management', ['user_id']);
86 87 pyroutes.register('edit_user_groups_management_updates', '/_admin/users/%(user_id)s/edit/edit_user_groups_management/updates', ['user_id']);
87 88 pyroutes.register('edit_user_audit_logs', '/_admin/users/%(user_id)s/edit/audit', ['user_id']);
88 89 pyroutes.register('channelstream_connect', '/_admin/channelstream/connect', []);
89 90 pyroutes.register('channelstream_subscribe', '/_admin/channelstream/subscribe', []);
90 91 pyroutes.register('channelstream_proxy', '/_channelstream', []);
91 92 pyroutes.register('login', '/_admin/login', []);
92 93 pyroutes.register('logout', '/_admin/logout', []);
93 94 pyroutes.register('register', '/_admin/register', []);
94 95 pyroutes.register('reset_password', '/_admin/password_reset', []);
95 96 pyroutes.register('reset_password_confirmation', '/_admin/password_reset_confirmation', []);
96 97 pyroutes.register('home', '/', []);
97 98 pyroutes.register('user_autocomplete_data', '/_users', []);
98 99 pyroutes.register('user_group_autocomplete_data', '/_user_groups', []);
99 100 pyroutes.register('repo_list_data', '/_repos', []);
100 101 pyroutes.register('goto_switcher_data', '/_goto_data', []);
101 102 pyroutes.register('journal', '/_admin/journal', []);
102 103 pyroutes.register('journal_rss', '/_admin/journal/rss', []);
103 104 pyroutes.register('journal_atom', '/_admin/journal/atom', []);
104 105 pyroutes.register('journal_public', '/_admin/public_journal', []);
105 106 pyroutes.register('journal_public_atom', '/_admin/public_journal/atom', []);
106 107 pyroutes.register('journal_public_atom_old', '/_admin/public_journal_atom', []);
107 108 pyroutes.register('journal_public_rss', '/_admin/public_journal/rss', []);
108 109 pyroutes.register('journal_public_rss_old', '/_admin/public_journal_rss', []);
109 110 pyroutes.register('toggle_following', '/_admin/toggle_following', []);
110 111 pyroutes.register('repo_summary_explicit', '/%(repo_name)s/summary', ['repo_name']);
111 112 pyroutes.register('repo_summary_commits', '/%(repo_name)s/summary-commits', ['repo_name']);
112 113 pyroutes.register('repo_commit', '/%(repo_name)s/changeset/%(commit_id)s', ['repo_name', 'commit_id']);
113 114 pyroutes.register('repo_archivefile', '/%(repo_name)s/archive/%(fname)s', ['repo_name', 'fname']);
114 115 pyroutes.register('repo_files_diff', '/%(repo_name)s/diff/%(f_path)s', ['repo_name', 'f_path']);
115 116 pyroutes.register('repo_files_diff_2way_redirect', '/%(repo_name)s/diff-2way/%(f_path)s', ['repo_name', 'f_path']);
116 117 pyroutes.register('repo_files', '/%(repo_name)s/files/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
117 118 pyroutes.register('repo_files:default_path', '/%(repo_name)s/files/%(commit_id)s/', ['repo_name', 'commit_id']);
118 119 pyroutes.register('repo_files:default_commit', '/%(repo_name)s/files', ['repo_name']);
119 120 pyroutes.register('repo_files:rendered', '/%(repo_name)s/render/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
120 121 pyroutes.register('repo_files:annotated', '/%(repo_name)s/annotate/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
121 122 pyroutes.register('repo_files:annotated_previous', '/%(repo_name)s/annotate-previous/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
122 123 pyroutes.register('repo_nodetree_full', '/%(repo_name)s/nodetree_full/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
123 124 pyroutes.register('repo_nodetree_full:default_path', '/%(repo_name)s/nodetree_full/%(commit_id)s/', ['repo_name', 'commit_id']);
124 125 pyroutes.register('repo_files_nodelist', '/%(repo_name)s/nodelist/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
125 126 pyroutes.register('repo_file_raw', '/%(repo_name)s/raw/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
126 127 pyroutes.register('repo_file_download', '/%(repo_name)s/download/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
127 128 pyroutes.register('repo_file_download:legacy', '/%(repo_name)s/rawfile/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
128 129 pyroutes.register('repo_file_history', '/%(repo_name)s/history/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
129 130 pyroutes.register('repo_file_authors', '/%(repo_name)s/authors/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
130 131 pyroutes.register('repo_files_remove_file', '/%(repo_name)s/remove_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
131 132 pyroutes.register('repo_files_delete_file', '/%(repo_name)s/delete_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
132 133 pyroutes.register('repo_files_edit_file', '/%(repo_name)s/edit_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
133 134 pyroutes.register('repo_files_update_file', '/%(repo_name)s/update_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
134 135 pyroutes.register('repo_files_add_file', '/%(repo_name)s/add_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
135 136 pyroutes.register('repo_files_create_file', '/%(repo_name)s/create_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
136 137 pyroutes.register('repo_refs_data', '/%(repo_name)s/refs-data', ['repo_name']);
137 138 pyroutes.register('repo_refs_changelog_data', '/%(repo_name)s/refs-data-changelog', ['repo_name']);
138 139 pyroutes.register('repo_stats', '/%(repo_name)s/repo_stats/%(commit_id)s', ['repo_name', 'commit_id']);
139 140 pyroutes.register('repo_changelog', '/%(repo_name)s/changelog', ['repo_name']);
140 141 pyroutes.register('repo_changelog_file', '/%(repo_name)s/changelog/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
141 142 pyroutes.register('repo_changelog_elements', '/%(repo_name)s/changelog_elements', ['repo_name']);
142 143 pyroutes.register('tags_home', '/%(repo_name)s/tags', ['repo_name']);
143 144 pyroutes.register('branches_home', '/%(repo_name)s/branches', ['repo_name']);
144 145 pyroutes.register('bookmarks_home', '/%(repo_name)s/bookmarks', ['repo_name']);
145 146 pyroutes.register('pullrequest_show', '/%(repo_name)s/pull-request/%(pull_request_id)s', ['repo_name', 'pull_request_id']);
146 147 pyroutes.register('pullrequest_show_all', '/%(repo_name)s/pull-request', ['repo_name']);
147 148 pyroutes.register('pullrequest_show_all_data', '/%(repo_name)s/pull-request-data', ['repo_name']);
148 149 pyroutes.register('changeset_home', '/%(repo_name)s/changeset/%(revision)s', ['repo_name', 'revision']);
149 150 pyroutes.register('changeset_children', '/%(repo_name)s/changeset_children/%(revision)s', ['repo_name', 'revision']);
150 151 pyroutes.register('changeset_parents', '/%(repo_name)s/changeset_parents/%(revision)s', ['repo_name', 'revision']);
151 152 pyroutes.register('edit_repo', '/%(repo_name)s/settings', ['repo_name']);
152 153 pyroutes.register('edit_repo_advanced', '/%(repo_name)s/settings/advanced', ['repo_name']);
153 154 pyroutes.register('edit_repo_advanced_delete', '/%(repo_name)s/settings/advanced/delete', ['repo_name']);
154 155 pyroutes.register('edit_repo_advanced_locking', '/%(repo_name)s/settings/advanced/locking', ['repo_name']);
155 156 pyroutes.register('edit_repo_advanced_journal', '/%(repo_name)s/settings/advanced/journal', ['repo_name']);
156 157 pyroutes.register('edit_repo_advanced_fork', '/%(repo_name)s/settings/advanced/fork', ['repo_name']);
157 158 pyroutes.register('edit_repo_caches', '/%(repo_name)s/settings/caches', ['repo_name']);
158 159 pyroutes.register('edit_repo_perms', '/%(repo_name)s/settings/permissions', ['repo_name']);
159 160 pyroutes.register('repo_reviewers', '/%(repo_name)s/settings/review/rules', ['repo_name']);
160 161 pyroutes.register('repo_default_reviewers_data', '/%(repo_name)s/settings/review/default-reviewers', ['repo_name']);
161 162 pyroutes.register('repo_maintenance', '/%(repo_name)s/settings/maintenance', ['repo_name']);
162 163 pyroutes.register('repo_maintenance_execute', '/%(repo_name)s/settings/maintenance/execute', ['repo_name']);
163 164 pyroutes.register('strip', '/%(repo_name)s/settings/strip', ['repo_name']);
164 165 pyroutes.register('strip_check', '/%(repo_name)s/settings/strip_check', ['repo_name']);
165 166 pyroutes.register('strip_execute', '/%(repo_name)s/settings/strip_execute', ['repo_name']);
166 167 pyroutes.register('rss_feed_home', '/%(repo_name)s/feed/rss', ['repo_name']);
167 168 pyroutes.register('atom_feed_home', '/%(repo_name)s/feed/atom', ['repo_name']);
168 169 pyroutes.register('repo_summary', '/%(repo_name)s', ['repo_name']);
169 170 pyroutes.register('repo_summary_slash', '/%(repo_name)s/', ['repo_name']);
170 171 pyroutes.register('repo_group_home', '/%(repo_group_name)s', ['repo_group_name']);
171 172 pyroutes.register('repo_group_home_slash', '/%(repo_group_name)s/', ['repo_group_name']);
172 173 pyroutes.register('search', '/_admin/search', []);
173 174 pyroutes.register('search_repo', '/%(repo_name)s/search', ['repo_name']);
174 175 pyroutes.register('user_profile', '/_profiles/%(username)s', ['username']);
175 176 pyroutes.register('my_account_profile', '/_admin/my_account/profile', []);
176 177 pyroutes.register('my_account_edit', '/_admin/my_account/edit', []);
177 178 pyroutes.register('my_account_update', '/_admin/my_account/update', []);
178 179 pyroutes.register('my_account_password', '/_admin/my_account/password', []);
179 pyroutes.register('my_account_password_update', '/_admin/my_account/password', []);
180 pyroutes.register('my_account_password_update', '/_admin/my_account/password/update', []);
180 181 pyroutes.register('my_account_auth_tokens', '/_admin/my_account/auth_tokens', []);
181 182 pyroutes.register('my_account_auth_tokens_add', '/_admin/my_account/auth_tokens/new', []);
182 183 pyroutes.register('my_account_auth_tokens_delete', '/_admin/my_account/auth_tokens/delete', []);
183 184 pyroutes.register('my_account_emails', '/_admin/my_account/emails', []);
184 185 pyroutes.register('my_account_emails_add', '/_admin/my_account/emails/new', []);
185 186 pyroutes.register('my_account_emails_delete', '/_admin/my_account/emails/delete', []);
186 187 pyroutes.register('my_account_repos', '/_admin/my_account/repos', []);
187 188 pyroutes.register('my_account_watched', '/_admin/my_account/watched', []);
188 189 pyroutes.register('my_account_perms', '/_admin/my_account/perms', []);
189 190 pyroutes.register('my_account_notifications', '/_admin/my_account/notifications', []);
190 191 pyroutes.register('my_account_notifications_toggle_visibility', '/_admin/my_account/toggle_visibility', []);
191 192 pyroutes.register('my_account_pullrequests', '/_admin/my_account/pull_requests', []);
192 193 pyroutes.register('my_account_pullrequests_data', '/_admin/my_account/pull_requests/data', []);
193 194 pyroutes.register('notifications_show_all', '/_admin/notifications', []);
194 195 pyroutes.register('notifications_mark_all_read', '/_admin/notifications/mark_all_read', []);
195 196 pyroutes.register('notifications_show', '/_admin/notifications/%(notification_id)s', ['notification_id']);
196 197 pyroutes.register('notifications_update', '/_admin/notifications/%(notification_id)s/update', ['notification_id']);
197 198 pyroutes.register('notifications_delete', '/_admin/notifications/%(notification_id)s/delete', ['notification_id']);
198 199 pyroutes.register('my_account_notifications_test_channelstream', '/_admin/my_account/test_channelstream', []);
199 200 pyroutes.register('gists_show', '/_admin/gists', []);
200 201 pyroutes.register('gists_new', '/_admin/gists/new', []);
201 202 pyroutes.register('gists_create', '/_admin/gists/create', []);
202 203 pyroutes.register('gist_show', '/_admin/gists/%(gist_id)s', ['gist_id']);
203 204 pyroutes.register('gist_delete', '/_admin/gists/%(gist_id)s/delete', ['gist_id']);
204 205 pyroutes.register('gist_edit', '/_admin/gists/%(gist_id)s/edit', ['gist_id']);
205 206 pyroutes.register('gist_edit_check_revision', '/_admin/gists/%(gist_id)s/edit/check_revision', ['gist_id']);
206 207 pyroutes.register('gist_update', '/_admin/gists/%(gist_id)s/update', ['gist_id']);
207 208 pyroutes.register('gist_show_rev', '/_admin/gists/%(gist_id)s/%(revision)s', ['gist_id', 'revision']);
208 209 pyroutes.register('gist_show_formatted', '/_admin/gists/%(gist_id)s/%(revision)s/%(format)s', ['gist_id', 'revision', 'format']);
209 210 pyroutes.register('gist_show_formatted_path', '/_admin/gists/%(gist_id)s/%(revision)s/%(format)s/%(f_path)s', ['gist_id', 'revision', 'format', 'f_path']);
210 211 pyroutes.register('debug_style_home', '/_admin/debug_style', []);
211 212 pyroutes.register('debug_style_template', '/_admin/debug_style/t/%(t_path)s', ['t_path']);
212 213 pyroutes.register('apiv2', '/_admin/api', []);
213 214 }
@@ -1,56 +1,59 b''
1 1 ## -*- coding: utf-8 -*-
2 2 <%inherit file="/base/base.mako"/>
3 3
4 4 <%def name="title()">
5 5 ${_('Permissions Administration')}
6 6 %if c.rhodecode_name:
7 7 &middot; ${h.branding(c.rhodecode_name)}
8 8 %endif
9 9 </%def>
10 10
11 11 <%def name="breadcrumbs_links()">
12 12 ${h.link_to(_('Admin'),h.route_path('admin_home'))}
13 13 &raquo;
14 14 ${_('Permissions')}
15 15 </%def>
16 16
17 17 <%def name="menu_bar_nav()">
18 18 ${self.menu_items(active='admin')}
19 19 </%def>
20 20
21 21
22 22 <%def name="main()">
23 23 <div class="box">
24 24 <div class="title">
25 25 ${self.breadcrumbs()}
26 26 </div>
27 27
28 28 <div class="sidebar-col-wrapper scw-small">
29 29 ##main
30 30 <div class="sidebar">
31 31 <ul class="nav nav-pills nav-stacked">
32 32 <li class="${'active' if c.active=='application' else ''}">
33 33 <a href="${h.route_path('admin_permissions_application')}">${_('Application')}</a>
34 34 </li>
35 35 <li class="${'active' if c.active=='global' else ''}">
36 36 <a href="${h.route_path('admin_permissions_global')}">${_('Global')}</a>
37 37 </li>
38 38 <li class="${'active' if c.active=='objects' else ''}">
39 39 <a href="${h.route_path('admin_permissions_object')}">${_('Object')}</a>
40 40 </li>
41 41 <li class="${'active' if c.active=='ips' else ''}">
42 42 <a href="${h.route_path('admin_permissions_ips')}">${_('IP Whitelist')}</a>
43 43 </li>
44 <li class="${'active' if c.active=='auth_token_access' else ''}">
45 <a href="${h.route_path('admin_permissions_auth_token_access')}">${_('AuthToken Access')}</a>
46 </li>
44 47 <li class="${'active' if c.active=='perms' else ''}">
45 48 <a href="${h.route_path('admin_permissions_overview')}">${_('Overview')}</a>
46 49 </li>
47 50 </ul>
48 51 </div>
49 52
50 53 <div class="main-content-full-width">
51 54 <%include file="/admin/permissions/permissions_${c.active}.mako"/>
52 55 </div>
53 56 </div>
54 57 </div>
55 58
56 59 </%def>
General Comments 0
You need to be logged in to leave comments. Login now