rhodecode-enterprise-ce Commit - r1998:2561e110

users/user_groups: ported permission summary pages into pyramid....

marcink -

r1998:2561e110 default

parent child

rhodecode/apps/admin/__init__.py

0 +16 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2017  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             from rhodecode.apps.admin.navigation import NavigationRegistry
             from rhodecode.config.routing import ADMIN_PREFIX
             from rhodecode.lib.utils2 import str2bool
             def admin_routes(config):
                 """
                 Admin prefixed routes
                 """
                 config.add_route(
                     name='admin_audit_logs',
                     pattern='/audit_logs')
                 config.add_route(
                     name='pull_requests_global_0',  # backward compat
                     pattern='/pull_requests/{pull_request_id:\d+}')
                 config.add_route(
                     name='pull_requests_global_1',  # backward compat
                     pattern='/pull-requests/{pull_request_id:\d+}')
                 config.add_route(
                     name='pull_requests_global',
                     pattern='/pull-request/{pull_request_id:\d+}')
                 config.add_route(
                     name='admin_settings_open_source',
                     pattern='/settings/open_source')
                 config.add_route(
                     name='admin_settings_vcs_svn_generate_cfg',
                     pattern='/settings/vcs/svn_generate_cfg')
                 config.add_route(
                     name='admin_settings_system',
                     pattern='/settings/system')
                 config.add_route(
                     name='admin_settings_system_update',
                     pattern='/settings/system/updates')
                 config.add_route(
                     name='admin_settings_sessions',
                     pattern='/settings/sessions')
                 config.add_route(
                     name='admin_settings_sessions_cleanup',
                     pattern='/settings/sessions/cleanup')
                 config.add_route(
                     name='admin_settings_process_management',
                     pattern='/settings/process_management')
                 config.add_route(
                     name='admin_settings_process_management_signal',
                     pattern='/settings/process_management/signal')
                 # global permissions
                 config.add_route(
                     name='admin_permissions_application',
                     pattern='/permissions/application')
                 config.add_route(
                     name='admin_permissions_application_update',
                     pattern='/permissions/application/update')
                 config.add_route(
                     name='admin_permissions_global',
                     pattern='/permissions/global')
                 config.add_route(
                     name='admin_permissions_global_update',
                     pattern='/permissions/global/update')
                 config.add_route(
                     name='admin_permissions_object',
                     pattern='/permissions/object')
                 config.add_route(
                     name='admin_permissions_object_update',
                     pattern='/permissions/object/update')
                 config.add_route(
                     name='admin_permissions_ips',
                     pattern='/permissions/ips')
                 config.add_route(
                     name='admin_permissions_overview',
                     pattern='/permissions/overview')
                 config.add_route(
                     name='admin_permissions_auth_token_access',
                     pattern='/permissions/auth_token_access')
                 # users admin
                 config.add_route(
                     name='users',
                     pattern='/users')
                 config.add_route(
                     name='users_data',
                     pattern='/users_data')
                 # user auth tokens
                 config.add_route(
                     name='edit_user_auth_tokens',
                     pattern='/users/{user_id:\d+}/edit/auth_tokens')
                 config.add_route(
                     name='edit_user_auth_tokens_add',
                     pattern='/users/{user_id:\d+}/edit/auth_tokens/new')
                 config.add_route(
                     name='edit_user_auth_tokens_delete',
                     pattern='/users/{user_id:\d+}/edit/auth_tokens/delete')
                 # user ssh keys
                 config.add_route(
                     name='edit_user_ssh_keys',
                     pattern='/users/{user_id:\d+}/edit/ssh_keys')
                 config.add_route(
                     name='edit_user_ssh_keys_generate_keypair',
                     pattern='/users/{user_id:\d+}/edit/ssh_keys/generate')
                 config.add_route(
                     name='edit_user_ssh_keys_add',
                     pattern='/users/{user_id:\d+}/edit/ssh_keys/new')
                 config.add_route(
                     name='edit_user_ssh_keys_delete',
                     pattern='/users/{user_id:\d+}/edit/ssh_keys/delete')
                 # user emails
                 config.add_route(
                     name='edit_user_emails',
                     pattern='/users/{user_id:\d+}/edit/emails')
                 config.add_route(
                     name='edit_user_emails_add',
                     pattern='/users/{user_id:\d+}/edit/emails/new')
                 config.add_route(
                     name='edit_user_emails_delete',
                     pattern='/users/{user_id:\d+}/edit/emails/delete')
                 # user IPs
                 config.add_route(
                     name='edit_user_ips',
                     pattern='/users/{user_id:\d+}/edit/ips')
                 config.add_route(
                     name='edit_user_ips_add',
                     pattern='/users/{user_id:\d+}/edit/ips/new')
                 config.add_route(
                     name='edit_user_ips_delete',
                     pattern='/users/{user_id:\d+}/edit/ips/delete')
+                # user perms
+                config.add_route(
+                    name='edit_user_perms_summary',
+                    pattern='/users/{user_id:\d+}/edit/permissions_summary')
+                config.add_route(
+                    name='edit_user_perms_summary_json',
+                    pattern='/users/{user_id:\d+}/edit/permissions_summary/json')
                 # user groups management
                 config.add_route(
                     name='edit_user_groups_management',
                     pattern='/users/{user_id:\d+}/edit/groups_management')
                 config.add_route(
                     name='edit_user_groups_management_updates',
                     pattern='/users/{user_id:\d+}/edit/edit_user_groups_management/updates')
                 # user audit logs
                 config.add_route(
                     name='edit_user_audit_logs',
                     pattern='/users/{user_id:\d+}/edit/audit')
                 # user groups admin
                 config.add_route(
                     name='user_groups',
                     pattern='/user_groups')
                 config.add_route(
                     name='user_groups_data',
                     pattern='/user_groups_data')
                 config.add_route(
                     name='user_group_members_data',
                     pattern='/user_groups/{user_group_id:\d+}/members')
+                # user groups perms
+                config.add_route(
+                    name='edit_user_group_perms_summary',
+                    pattern='/user_groups/{user_group_id:\d+}/edit/permissions_summary')
+                config.add_route(
+                    name='edit_user_group_perms_summary_json',
+                    pattern='/user_groups/{user_group_id:\d+}/edit/permissions_summary/json')
             def includeme(config):
                 settings = config.get_settings()
                 # Create admin navigation registry and add it to the pyramid registry.
                 labs_active = str2bool(settings.get('labs_settings_active', False))
                 navigation_registry = NavigationRegistry(labs_active=labs_active)
                 config.registry.registerUtility(navigation_registry)
                 # main admin routes
                 config.add_route(name='admin_home', pattern=ADMIN_PREFIX)
                 config.include(admin_routes, route_prefix=ADMIN_PREFIX)
                 # Scan module for configuration decorators.
                 config.scan('.views', ignore='.tests')

rhodecode/apps/admin/views/user_groups.py

0 +58 -5

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import datetime
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
-            from rhodecode.lib.helpers import Page
             from rhodecode.model.scm import UserGroupList
-            from rhodecode_tools.lib.ext_json import json
             from rhodecode.apps._base import BaseAppView, DataGridAppView
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, CSRFRequired, NotAnonymous,
                 HasUserGroupPermissionAnyDecorator)
             from rhodecode.lib import helpers as h
             from rhodecode.lib.utils import PartialRenderer
             from rhodecode.lib.utils2 import safe_int, safe_unicode
-            from rhodecode.model.auth_token import AuthTokenModel
-            from rhodecode.model.user import UserModel
             from rhodecode.model.user_group import UserGroupModel
-            from rhodecode.model.db import User, UserGroup, UserGroupMember, or_, count
+            from rhodecode.model.db import (
+                joinedload, or_, count, User, UserGroup, UserGroupMember,
+                UserGroupRepoToPerm, UserGroupRepoGroupToPerm)
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             class AdminUserGroupsView(BaseAppView, DataGridAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     self._register_global_c(c)
                     return c
                 # permission check in data loading of
                 # `user_groups_list_data` via UserGroupList
                 @NotAnonymous()
                 @view_config(
                     route_name='user_groups', request_method='GET',
                     renderer='rhodecode:templates/admin/user_groups/user_groups.mako')
                 def user_groups_list(self):
                     c = self.load_default_context()
                     return self._get_template_context(c)
                 # permission check inside
                 @NotAnonymous()
                 @view_config(
                     route_name='user_groups_data', request_method='GET',
                     renderer='json_ext', xhr=True)
                 def user_groups_list_data(self):
                     column_map = {
                         'active': 'users_group_active',
                         'description': 'user_group_description',
                         'members': 'members_total',
                         'owner': 'user_username',
                         'sync': 'group_data'
                     }
                     draw, start, limit = self._extract_chunk(self.request)
                     search_q, order_by, order_dir = self._extract_ordering(
                         self.request, column_map=column_map)
                     _render = PartialRenderer('data_table/_dt_elements.mako')
                     def user_group_name(user_group_id, user_group_name):
                         return _render("user_group_name", user_group_id, user_group_name)
                     def user_group_actions(user_group_id, user_group_name):
                         return _render("user_group_actions", user_group_id, user_group_name)
                     def user_profile(username):
                         return _render('user_profile', username)
                     auth_user_group_list = UserGroupList(
                         UserGroup.query().all(), perm_set=['usergroup.admin'])
                     allowed_ids = []
                     for user_group in auth_user_group_list:
                             allowed_ids.append(user_group.users_group_id)
                     user_groups_data_total_count = UserGroup.query()\
                         .filter(UserGroup.users_group_id.in_(allowed_ids))\
                         .count()
                     member_count = count(UserGroupMember.user_id)
                     base_q = Session.query(
                         UserGroup.users_group_name,
                         UserGroup.user_group_description,
                         UserGroup.users_group_active,
                         UserGroup.users_group_id,
                         UserGroup.group_data,
                         User,
                         member_count.label('member_count')
                     ) \
                     .filter(UserGroup.users_group_id.in_(allowed_ids)) \
                     .outerjoin(UserGroupMember) \
                     .join(User, User.user_id == UserGroup.user_id) \
                     .group_by(UserGroup, User)
                     if search_q:
                         like_expression = u'%{}%'.format(safe_unicode(search_q))
                         base_q = base_q.filter(or_(
                             UserGroup.users_group_name.ilike(like_expression),
                         ))
                     user_groups_data_total_filtered_count = base_q.count()
                     if order_by == 'members_total':
                         sort_col = member_count
                     elif order_by == 'user_username':
                         sort_col = User.username
                     else:
                         sort_col = getattr(UserGroup, order_by, None)
                     if isinstance(sort_col, count) or sort_col:
                         if order_dir == 'asc':
                             sort_col = sort_col.asc()
                         else:
                             sort_col = sort_col.desc()
                     base_q = base_q.order_by(sort_col)
                     base_q = base_q.offset(start).limit(limit)
                     # authenticated access to user groups
                     auth_user_group_list = base_q.all()
                     user_groups_data = []
                     for user_gr in auth_user_group_list:
                         user_groups_data.append({
                             "users_group_name": user_group_name(
                                 user_gr.users_group_id, h.escape(user_gr.users_group_name)),
                             "name_raw": h.escape(user_gr.users_group_name),
                             "description": h.escape(user_gr.user_group_description),
                             "members": user_gr.member_count,
                             # NOTE(marcink): because of advanced query we
                             # need to load it like that
                             "sync": UserGroup._load_group_data(
                                 user_gr.group_data).get('extern_type'),
                             "active": h.bool2icon(user_gr.users_group_active),
                             "owner": user_profile(user_gr.User.username),
                             "action": user_group_actions(
                                 user_gr.users_group_id, user_gr.users_group_name)
                         })
                     data = ({
                         'draw': draw,
                         'data': user_groups_data,
                         'recordsTotal': user_groups_data_total_count,
                         'recordsFiltered': user_groups_data_total_filtered_count,
                     })
                     return data
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @view_config(
                     route_name='user_group_members_data', request_method='GET',
                     renderer='json_ext', xhr=True)
                 def user_group_members(self):
                     """
                     Return members of given user group
                     """
                     user_group_id = self.request.matchdict['user_group_id']
                     user_group = UserGroup.get_or_404(user_group_id)
                     group_members_obj = sorted((x.user for x in user_group.members),
                                                key=lambda u: u.username.lower())
                     group_members = [
                         {
                             'id': user.user_id,
                             'first_name': user.first_name,
                             'last_name': user.last_name,
                             'username': user.username,
                             'icon_link': h.gravatar_url(user.email, 30),
                             'value_display': h.person(user.email),
                             'value': user.username,
                             'value_type': 'user',
                             'active': user.active,
                         }
                         for user in group_members_obj
                     ]
                     return {
                         'members': group_members
                     }
+                def _get_perms_summary(self, user_group_id):
+                    permissions = {
+                        'repositories': {},
+                        'repositories_groups': {},
+                    }
+                    ugroup_repo_perms = UserGroupRepoToPerm.query()\
+                        .options(joinedload(UserGroupRepoToPerm.permission))\
+                        .options(joinedload(UserGroupRepoToPerm.repository))\
+                        .filter(UserGroupRepoToPerm.users_group_id == user_group_id)\
+                        .all()
+                    for gr in ugroup_repo_perms:
+                        permissions['repositories'][gr.repository.repo_name]  \
+                            = gr.permission.permission_name
+                    ugroup_group_perms = UserGroupRepoGroupToPerm.query()\
+                        .options(joinedload(UserGroupRepoGroupToPerm.permission))\
+                        .options(joinedload(UserGroupRepoGroupToPerm.group))\
+                        .filter(UserGroupRepoGroupToPerm.users_group_id == user_group_id)\
+                        .all()
+                    for gr in ugroup_group_perms:
+                        permissions['repositories_groups'][gr.group.group_name] \
+                            = gr.permission.permission_name
+                    return permissions
+                @LoginRequired()
+                @HasUserGroupPermissionAnyDecorator('usergroup.admin')
+                @view_config(
+                    route_name='edit_user_group_perms_summary', request_method='GET',
+                    renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
+                def user_group_perms_summary(self):
+                    c = self.load_default_context()
+                    user_group_id = self.request.matchdict.get('user_group_id')
+                    c.user_group = UserGroup.get_or_404(user_group_id)
+                    c.active = 'perms_summary'
+                    c.permissions = self._get_perms_summary(c.user_group.users_group_id)
+                    return self._get_template_context(c)
+                @LoginRequired()
+                @HasUserGroupPermissionAnyDecorator('usergroup.admin')
+                @view_config(
+                    route_name='edit_user_group_perms_summary_json', request_method='GET',
+                    renderer='json_ext')
+                def user_group_perms_summary(self):
+                    self.load_default_context()
+                    user_group_id = self.request.matchdict.get('user_group_id')
+                    user_group = UserGroup.get_or_404(user_group_id)
+                    return self._get_perms_summary(user_group.users_group_id)

rhodecode/apps/admin/views/users.py

0 +33 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import datetime
             import formencode
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
             from sqlalchemy.sql.functions import coalesce
             from sqlalchemy.exc import IntegrityError
             from rhodecode.apps._base import BaseAppView, DataGridAppView
             from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
             from rhodecode.events import trigger
             from rhodecode.lib import audit_logger
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, CSRFRequired)
             from rhodecode.lib import helpers as h
             from rhodecode.lib.utils2 import safe_int, safe_unicode
             from rhodecode.model.auth_token import AuthTokenModel
             from rhodecode.model.ssh_key import SshKeyModel
             from rhodecode.model.user import UserModel
             from rhodecode.model.user_group import UserGroupModel
             from rhodecode.model.db import (
                 or_, User, UserIpMap, UserEmailMap, UserApiKeys, UserSshKeys)
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             class AdminUsersView(BaseAppView, DataGridAppView):
                 ALLOW_SCOPED_TOKENS = False
                 """
                 This view has alternative version inside EE, if modified please take a look
                 in there as well.
                 """
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     c.allow_scoped_tokens = self.ALLOW_SCOPED_TOKENS
                     self._register_global_c(c)
                     return c
                 def _redirect_for_default_user(self, username):
                     _ = self.request.translate
                     if username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         # TODO(marcink): redirect to 'users' admin panel once this
                         # is a pyramid view
                         raise HTTPFound('/')
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='users', request_method='GET',
                     renderer='rhodecode:templates/admin/users/users.mako')
                 def users_list(self):
                     c = self.load_default_context()
                     return self._get_template_context(c)
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     # renderer defined below
                     route_name='users_data', request_method='GET',
                     renderer='json_ext', xhr=True)
                 def users_list_data(self):
                     column_map = {
                         'first_name': 'name',
                         'last_name': 'lastname',
                     }
                     draw, start, limit = self._extract_chunk(self.request)
                     search_q, order_by, order_dir = self._extract_ordering(
                         self.request, column_map=column_map)
                     _render = self.request.get_partial_renderer(
                         'data_table/_dt_elements.mako')
                     def user_actions(user_id, username):
                         return _render("user_actions", user_id, username)
                     users_data_total_count = User.query()\
                         .filter(User.username != User.DEFAULT_USER) \
                         .count()
                     # json generate
                     base_q = User.query().filter(User.username != User.DEFAULT_USER)
                     if search_q:
                         like_expression = u'%{}%'.format(safe_unicode(search_q))
                         base_q = base_q.filter(or_(
                             User.username.ilike(like_expression),
                             User._email.ilike(like_expression),
                             User.name.ilike(like_expression),
                             User.lastname.ilike(like_expression),
                         ))
                     users_data_total_filtered_count = base_q.count()
                     sort_col = getattr(User, order_by, None)
                     if sort_col:
                         if order_dir == 'asc':
                             # handle null values properly to order by NULL last
                             if order_by in ['last_activity']:
                                 sort_col = coalesce(sort_col, datetime.date.max)
                             sort_col = sort_col.asc()
                         else:
                             # handle null values properly to order by NULL last
                             if order_by in ['last_activity']:
                                 sort_col = coalesce(sort_col, datetime.date.min)
                             sort_col = sort_col.desc()
                     base_q = base_q.order_by(sort_col)
                     base_q = base_q.offset(start).limit(limit)
                     users_list = base_q.all()
                     users_data = []
                     for user in users_list:
                         users_data.append({
                             "username": h.gravatar_with_user(self.request, user.username),
                             "email": user.email,
                             "first_name": user.first_name,
                             "last_name": user.last_name,
                             "last_login": h.format_date(user.last_login),
                             "last_activity": h.format_date(user.last_activity),
                             "active": h.bool2icon(user.active),
                             "active_raw": user.active,
                             "admin": h.bool2icon(user.admin),
                             "extern_type": user.extern_type,
                             "extern_name": user.extern_name,
                             "action": user_actions(user.user_id, user.username),
                         })
                     data = ({
                         'draw': draw,
                         'data': users_data,
                         'recordsTotal': users_data_total_count,
                         'recordsFiltered': users_data_total_filtered_count,
                     })
                     return data
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_auth_tokens', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def auth_tokens(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     c.active = 'auth_tokens'
                     c.lifetime_values = [
                         (str(-1), _('forever')),
                         (str(5), _('5 minutes')),
                         (str(60), _('1 hour')),
                         (str(60 * 24), _('1 day')),
                         (str(60 * 24 * 30), _('1 month')),
                     ]
                     c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
                     c.role_values = [
                         (x, AuthTokenModel.cls._get_role_name(x))
                         for x in AuthTokenModel.cls.ROLES]
                     c.role_options = [(c.role_values, _("Role"))]
                     c.user_auth_tokens = AuthTokenModel().get_auth_tokens(
                         c.user.user_id, show_expired=True)
                     return self._get_template_context(c)
                 def maybe_attach_token_scope(self, token):
                     # implemented in EE edition
                     pass
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_auth_tokens_add', request_method='POST')
                 def auth_tokens_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     user_data = c.user.get_api_data()
                     lifetime = safe_int(self.request.POST.get('lifetime'), -1)
                     description = self.request.POST.get('description')
                     role = self.request.POST.get('role')
                     token = AuthTokenModel().create(
                         c.user.user_id, description, lifetime, role)
                     token_data = token.get_api_data()
                     self.maybe_attach_token_scope(token)
                     audit_logger.store_web(
                         'user.edit.token.add', action_data={
                             'data': {'token': token_data, 'user': user_data}},
                         user=self._rhodecode_user, )
                     Session().commit()
                     h.flash(_("Auth token successfully created"), category='success')
                     return HTTPFound(h.route_path('edit_user_auth_tokens', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_auth_tokens_delete', request_method='POST')
                 def auth_tokens_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     user_data = c.user.get_api_data()
                     del_auth_token = self.request.POST.get('del_auth_token')
                     if del_auth_token:
                         token = UserApiKeys.get_or_404(del_auth_token)
                         token_data = token.get_api_data()
                         AuthTokenModel().delete(del_auth_token, c.user.user_id)
                         audit_logger.store_web(
                             'user.edit.token.delete', action_data={
                                 'data': {'token': token_data, 'user': user_data}},
                             user=self._rhodecode_user,)
                         Session().commit()
                         h.flash(_("Auth token successfully deleted"), category='success')
                     return HTTPFound(h.route_path('edit_user_auth_tokens', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_ssh_keys', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def ssh_keys(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     c.active = 'ssh_keys'
                     c.default_key = self.request.GET.get('default_key')
                     c.user_ssh_keys = SshKeyModel().get_ssh_keys(c.user.user_id)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_ssh_keys_generate_keypair', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def ssh_keys_generate_keypair(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     c.active = 'ssh_keys_generate'
                     comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
                     c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_ssh_keys_add', request_method='POST')
                 def ssh_keys_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     user_data = c.user.get_api_data()
                     key_data = self.request.POST.get('key_data')
                     description = self.request.POST.get('description')
                     try:
                         if not key_data:
                             raise ValueError('Please add a valid public key')
                         key = SshKeyModel().parse_key(key_data.strip())
                         fingerprint = key.hash_md5()
                         ssh_key = SshKeyModel().create(
                             c.user.user_id, fingerprint, key_data, description)
                         ssh_key_data = ssh_key.get_api_data()
                         audit_logger.store_web(
                             'user.edit.ssh_key.add', action_data={
                                 'data': {'ssh_key': ssh_key_data, 'user': user_data}},
                             user=self._rhodecode_user, )
                         Session().commit()
                         # Trigger an event on change of keys.
                         trigger(SshKeyFileChangeEvent(), self.request.registry)
                         h.flash(_("Ssh Key successfully created"), category='success')
                     except IntegrityError:
                         log.exception("Exception during ssh key saving")
                         h.flash(_('An error occurred during ssh key saving: {}').format(
                             'Such key already exists, please use a different one'),
                                 category='error')
                     except Exception as e:
                         log.exception("Exception during ssh key saving")
                         h.flash(_('An error occurred during ssh key saving: {}').format(e),
                                 category='error')
                     return HTTPFound(
                         h.route_path('edit_user_ssh_keys', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_ssh_keys_delete', request_method='POST')
                 def ssh_keys_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     user_data = c.user.get_api_data()
                     del_ssh_key = self.request.POST.get('del_ssh_key')
                     if del_ssh_key:
                         ssh_key = UserSshKeys.get_or_404(del_ssh_key)
                         ssh_key_data = ssh_key.get_api_data()
                         SshKeyModel().delete(del_ssh_key, c.user.user_id)
                         audit_logger.store_web(
                             'user.edit.ssh_key.delete', action_data={
                                 'data': {'ssh_key': ssh_key_data, 'user': user_data}},
                             user=self._rhodecode_user,)
                         Session().commit()
                         # Trigger an event on change of keys.
                         trigger(SshKeyFileChangeEvent(), self.request.registry)
                         h.flash(_("Ssh key successfully deleted"), category='success')
                     return HTTPFound(h.route_path('edit_user_ssh_keys', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_emails', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def emails(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     c.active = 'emails'
                     c.user_email_map = UserEmailMap.query() \
                         .filter(UserEmailMap.user == c.user).all()
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_emails_add', request_method='POST')
                 def emails_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     email = self.request.POST.get('new_email')
                     user_data = c.user.get_api_data()
                     try:
                         UserModel().add_extra_email(c.user.user_id, email)
                         audit_logger.store_web(
                             'user.edit.email.add', action_data={'email': email, 'user': user_data},
                             user=self._rhodecode_user)
                         Session().commit()
                         h.flash(_("Added new email address `%s` for user account") % email,
                                 category='success')
                     except formencode.Invalid as error:
                         h.flash(h.escape(error.error_dict['email']), category='error')
                     except Exception:
                         log.exception("Exception during email saving")
                         h.flash(_('An error occurred during email saving'),
                                 category='error')
                     raise HTTPFound(h.route_path('edit_user_emails', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_emails_delete', request_method='POST')
                 def emails_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     email_id = self.request.POST.get('del_email_id')
                     user_model = UserModel()
                     email = UserEmailMap.query().get(email_id).email
                     user_data = c.user.get_api_data()
                     user_model.delete_extra_email(c.user.user_id, email_id)
                     audit_logger.store_web(
                         'user.edit.email.delete', action_data={'email': email, 'user': user_data},
                         user=self._rhodecode_user)
                     Session().commit()
                     h.flash(_("Removed email address from user account"),
                             category='success')
                     raise HTTPFound(h.route_path('edit_user_emails', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_ips', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def ips(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     c.active = 'ips'
                     c.user_ip_map = UserIpMap.query() \
                         .filter(UserIpMap.user == c.user).all()
                     c.inherit_default_ips = c.user.inherit_default_permissions
                     c.default_user_ip_map = UserIpMap.query() \
                         .filter(UserIpMap.user == User.get_default_user()).all()
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_ips_add', request_method='POST')
                 def ips_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id)
                     # NOTE(marcink): this view is allowed for default users, as we can
                     # edit their IP white list
                     user_model = UserModel()
                     desc = self.request.POST.get('description')
                     try:
                         ip_list = user_model.parse_ip_range(
                             self.request.POST.get('new_ip'))
                     except Exception as e:
                         ip_list = []
                         log.exception("Exception during ip saving")
                         h.flash(_('An error occurred during ip saving:%s' % (e,)),
                                 category='error')
                     added = []
                     user_data = c.user.get_api_data()
                     for ip in ip_list:
                         try:
                             user_model.add_extra_ip(c.user.user_id, ip, desc)
                             audit_logger.store_web(
                                 'user.edit.ip.add', action_data={'ip': ip, 'user': user_data},
                                 user=self._rhodecode_user)
                             Session().commit()
                             added.append(ip)
                         except formencode.Invalid as error:
                             msg = error.error_dict['ip']
                             h.flash(msg, category='error')
                         except Exception:
                             log.exception("Exception during ip saving")
                             h.flash(_('An error occurred during ip saving'),
                                     category='error')
                     if added:
                         h.flash(
                             _("Added ips %s to user whitelist") % (', '.join(ip_list), ),
                             category='success')
                     if 'default_user' in self.request.POST:
                         # case for editing global IP list we do it for 'DEFAULT' user
                         raise HTTPFound(h.route_path('admin_permissions_ips'))
                     raise HTTPFound(h.route_path('edit_user_ips', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_ips_delete', request_method='POST')
                 def ips_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id)
                     # NOTE(marcink): this view is allowed for default users, as we can
                     # edit their IP white list
                     ip_id = self.request.POST.get('del_ip_id')
                     user_model = UserModel()
                     user_data = c.user.get_api_data()
                     ip = UserIpMap.query().get(ip_id).ip_addr
                     user_model.delete_extra_ip(c.user.user_id, ip_id)
                     audit_logger.store_web(
                         'user.edit.ip.delete', action_data={'ip': ip, 'user': user_data},
                         user=self._rhodecode_user)
                     Session().commit()
                     h.flash(_("Removed ip address from user whitelist"), category='success')
                     if 'default_user' in self.request.POST:
                         # case for editing global IP list we do it for 'DEFAULT' user
                         raise HTTPFound(h.route_path('admin_permissions_ips'))
                     raise HTTPFound(h.route_path('edit_user_ips', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_groups_management', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def groups_management(self):
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id)
                     c.data = c.user.group_member
                     self._redirect_for_default_user(c.user.username)
                     groups = [UserGroupModel.get_user_groups_as_dict(group.users_group)
                               for group in c.user.group_member]
                     c.groups = json.dumps(groups)
                     c.active = 'groups'
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_groups_management_updates', request_method='POST')
                 def groups_management_updates(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     users_groups = set(self.request.POST.getall('users_group_id'))
                     users_groups_model = []
                     for ugid in users_groups:
                         users_groups_model.append(UserGroupModel().get_group(safe_int(ugid)))
                     user_group_model = UserGroupModel()
                     user_group_model.change_groups(c.user, users_groups_model)
                     Session().commit()
                     c.active = 'user_groups_management'
                     h.flash(_("Groups successfully changed"), category='success')
                     return HTTPFound(h.route_path(
                         'edit_user_groups_management', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_audit_logs', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_audit_logs(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     c.active = 'audit'
                     p = safe_int(self.request.GET.get('page', 1), 1)
                     filter_term = self.request.GET.get('filter')
                     user_log = UserModel().get_user_log(c.user, filter_term)
                     def url_generator(**kw):
                         if filter_term:
                             kw['filter'] = filter_term
                         return self.request.current_route_path(_query=kw)
                     c.audit_logs = h.Page(
                         user_log, page=p, items_per_page=10, url=url_generator)
                     c.filter_term = filter_term
                     return self._get_template_context(c)
+                @LoginRequired()
+                @HasPermissionAllDecorator('hg.admin')
+                @view_config(
+                    route_name='edit_user_perms_summary', request_method='GET',
+                    renderer='rhodecode:templates/admin/users/user_edit.mako')
+                def user_perms_summary(self):
+                    _ = self.request.translate
+                    c = self.load_default_context()
+                    user_id = self.request.matchdict.get('user_id')
+                    c.user = User.get_or_404(user_id)
+                    self._redirect_for_default_user(c.user.username)
+                    c.active = 'perms_summary'
+                    c.perm_user = c.user.AuthUser(ip_addr=self.request.remote_addr)
+                    return self._get_template_context(c)
+                @LoginRequired()
+                @HasPermissionAllDecorator('hg.admin')
+                @view_config(
+                    route_name='edit_user_perms_summary_json', request_method='GET',
+                    renderer='json_ext')
+                def user_perms_summary_json(self):
+                    self.load_default_context()
+                    user_id = self.request.matchdict.get('user_id')
+                    user = User.get_or_404(user_id)
+                    self._redirect_for_default_user(user.username)
+                    perm_user = user.AuthUser(ip_addr=self.request.remote_addr)
+                    return perm_user.permissions

rhodecode/config/routing.py

0 0 -6

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Routes configuration
             The more specific and detailed routes should be defined first so they
             may take precedent over the more generic routes. For more information
             refer to the routes manual at http://routes.groovie.org/docs/
             IMPORTANT: if you change any routing here, make sure to take a look at lib/base.py
             and _route_name variable which uses some of stored naming here to do redirects.
             """
             import os
             import re
             from routes import Mapper
             # prefix for non repository related links needs to be prefixed with `/`
             ADMIN_PREFIX = '/_admin'
             STATIC_FILE_PREFIX = '/_static'
             # Default requirements for URL parts
             URL_NAME_REQUIREMENTS = {
                 # group name can have a slash in them, but they must not end with a slash
                 'group_name': r'.*?[^/]',
                 'repo_group_name': r'.*?[^/]',
                 # repo names can have a slash in them, but they must not end with a slash
                 'repo_name': r'.*?[^/]',
                 # file path eats up everything at the end
                 'f_path': r'.*',
                 # reference types
                 'source_ref_type': '(branch|book|tag|rev|\%\(source_ref_type\)s)',
                 'target_ref_type': '(branch|book|tag|rev|\%\(target_ref_type\)s)',
             }
             class JSRoutesMapper(Mapper):
                 """
                 Wrapper for routes.Mapper to make pyroutes compatible url definitions
                 """
                 _named_route_regex = re.compile(r'^[a-z-_0-9A-Z]+$')
                 _argument_prog = re.compile('\{(.*?)\}|:\((.*)\)')
                 def __init__(self, *args, **kw):
                     super(JSRoutesMapper, self).__init__(*args, **kw)
                     self._jsroutes = []
                 def connect(self, *args, **kw):
                     """
                     Wrapper for connect to take an extra argument jsroute=True
                     :param jsroute: boolean, if True will add the route to the pyroutes list
                     """
                     if kw.pop('jsroute', False):
                         if not self._named_route_regex.match(args[0]):
                             raise Exception('only named routes can be added to pyroutes')
                         self._jsroutes.append(args[0])
                     super(JSRoutesMapper, self).connect(*args, **kw)
                 def _extract_route_information(self, route):
                     """
                     Convert a route into tuple(name, path, args), eg:
                         ('show_user', '/profile/%(username)s', ['username'])
                     """
                     routepath = route.routepath
                     def replace(matchobj):
                         if matchobj.group(1):
                             return "%%(%s)s" % matchobj.group(1).split(':')[0]
                         else:
                             return "%%(%s)s" % matchobj.group(2)
                     routepath = self._argument_prog.sub(replace, routepath)
                     return (
                         route.name,
                         routepath,
                         [(arg[0].split(':')[0] if arg[0] != '' else arg[1])
                           for arg in self._argument_prog.findall(route.routepath)]
                     )
                 def jsroutes(self):
                     """
                     Return a list of pyroutes.js compatible routes
                     """
                     for route_name in self._jsroutes:
                         yield self._extract_route_information(self._routenames[route_name])
             def make_map(config):
                 """Create, configure and return the routes Mapper"""
                 rmap = JSRoutesMapper(
                     directory=config['pylons.paths']['controllers'],
                     always_scan=config['debug'])
                 rmap.minimization = False
                 rmap.explicit = False
                 from rhodecode.lib.utils2 import str2bool
                 from rhodecode.model import repo, repo_group
                 def check_repo(environ, match_dict):
                     """
                     check for valid repository for proper 404 handling
                     :param environ:
                     :param match_dict:
                     """
                     repo_name = match_dict.get('repo_name')
                     if match_dict.get('f_path'):
                         # fix for multiple initial slashes that causes errors
                         match_dict['f_path'] = match_dict['f_path'].lstrip('/')
                     repo_model = repo.RepoModel()
                     by_name_match = repo_model.get_by_repo_name(repo_name)
                     # if we match quickly from database, short circuit the operation,
                     # and validate repo based on the type.
                     if by_name_match:
                         return True
                     by_id_match = repo_model.get_repo_by_id(repo_name)
                     if by_id_match:
                         repo_name = by_id_match.repo_name
                         match_dict['repo_name'] = repo_name
                         return True
                     return False
                 def check_group(environ, match_dict):
                     """
                     check for valid repository group path for proper 404 handling
                     :param environ:
                     :param match_dict:
                     """
                     repo_group_name = match_dict.get('group_name')
                     repo_group_model = repo_group.RepoGroupModel()
                     by_name_match = repo_group_model.get_by_group_name(repo_group_name)
                     if by_name_match:
                         return True
                     return False
                 def check_user_group(environ, match_dict):
                     """
                     check for valid user group for proper 404 handling
                     :param environ:
                     :param match_dict:
                     """
                     return True
                 def check_int(environ, match_dict):
                     return match_dict.get('id').isdigit()
                 #==========================================================================
                 # CUSTOM ROUTES HERE
                 #==========================================================================
                 # ping and pylons error test
                 rmap.connect('ping', '%s/ping' % (ADMIN_PREFIX,), controller='home', action='ping')
                 rmap.connect('error_test', '%s/error_test' % (ADMIN_PREFIX,), controller='home', action='error_test')
                 # ADMIN REPOSITORY ROUTES
                 with rmap.submapper(path_prefix=ADMIN_PREFIX,
                                     controller='admin/repos') as m:
                     m.connect('repos', '/repos',
                               action='create', conditions={'method': ['POST']})
                     m.connect('repos', '/repos',
                               action='index', conditions={'method': ['GET']})
                     m.connect('new_repo', '/create_repository', jsroute=True,
                               action='create_repository', conditions={'method': ['GET']})
                     m.connect('delete_repo', '/repos/{repo_name}',
                               action='delete', conditions={'method': ['DELETE']},
                               requirements=URL_NAME_REQUIREMENTS)
                     m.connect('repo', '/repos/{repo_name}',
                               action='show', conditions={'method': ['GET'],
                                                          'function': check_repo},
                               requirements=URL_NAME_REQUIREMENTS)
                 # ADMIN REPOSITORY GROUPS ROUTES
                 with rmap.submapper(path_prefix=ADMIN_PREFIX,
                                     controller='admin/repo_groups') as m:
                     m.connect('repo_groups', '/repo_groups',
                               action='create', conditions={'method': ['POST']})
                     m.connect('repo_groups', '/repo_groups',
                               action='index', conditions={'method': ['GET']})
                     m.connect('new_repo_group', '/repo_groups/new',
                               action='new', conditions={'method': ['GET']})
                     m.connect('update_repo_group', '/repo_groups/{group_name}',
                               action='update', conditions={'method': ['PUT'],
                                                            'function': check_group},
                               requirements=URL_NAME_REQUIREMENTS)
                     # EXTRAS REPO GROUP ROUTES
                     m.connect('edit_repo_group', '/repo_groups/{group_name}/edit',
                               action='edit',
                               conditions={'method': ['GET'], 'function': check_group},
                               requirements=URL_NAME_REQUIREMENTS)
                     m.connect('edit_repo_group', '/repo_groups/{group_name}/edit',
                               action='edit',
                               conditions={'method': ['PUT'], 'function': check_group},
                               requirements=URL_NAME_REQUIREMENTS)
                     m.connect('edit_repo_group_advanced', '/repo_groups/{group_name}/edit/advanced',
                               action='edit_repo_group_advanced',
                               conditions={'method': ['GET'], 'function': check_group},
                               requirements=URL_NAME_REQUIREMENTS)
                     m.connect('edit_repo_group_advanced', '/repo_groups/{group_name}/edit/advanced',
                               action='edit_repo_group_advanced',
                               conditions={'method': ['PUT'], 'function': check_group},
                               requirements=URL_NAME_REQUIREMENTS)
                     m.connect('edit_repo_group_perms', '/repo_groups/{group_name}/edit/permissions',
                               action='edit_repo_group_perms',
                               conditions={'method': ['GET'], 'function': check_group},
                               requirements=URL_NAME_REQUIREMENTS)
                     m.connect('edit_repo_group_perms', '/repo_groups/{group_name}/edit/permissions',
                               action='update_perms',
                               conditions={'method': ['PUT'], 'function': check_group},
                               requirements=URL_NAME_REQUIREMENTS)
                     m.connect('delete_repo_group', '/repo_groups/{group_name}',
                               action='delete', conditions={'method': ['DELETE'],
                                                            'function': check_group},
                               requirements=URL_NAME_REQUIREMENTS)
                 # ADMIN USER ROUTES
                 with rmap.submapper(path_prefix=ADMIN_PREFIX,
                                     controller='admin/users') as m:
                     m.connect('users', '/users',
                               action='create', conditions={'method': ['POST']})
                     m.connect('new_user', '/users/new',
                               action='new', conditions={'method': ['GET']})
                     m.connect('update_user', '/users/{user_id}',
                               action='update', conditions={'method': ['PUT']})
                     m.connect('delete_user', '/users/{user_id}',
                               action='delete', conditions={'method': ['DELETE']})
                     m.connect('edit_user', '/users/{user_id}/edit',
                               action='edit', conditions={'method': ['GET']}, jsroute=True)
                     m.connect('user', '/users/{user_id}',
                               action='show', conditions={'method': ['GET']})
                     m.connect('force_password_reset_user', '/users/{user_id}/password_reset',
                               action='reset_password', conditions={'method': ['POST']})
                     m.connect('create_personal_repo_group', '/users/{user_id}/create_repo_group',
                               action='create_personal_repo_group', conditions={'method': ['POST']})
                     # EXTRAS USER ROUTES
                     m.connect('edit_user_advanced', '/users/{user_id}/edit/advanced',
                               action='edit_advanced', conditions={'method': ['GET']})
                     m.connect('edit_user_advanced', '/users/{user_id}/edit/advanced',
                               action='update_advanced', conditions={'method': ['PUT']})
                     m.connect('edit_user_global_perms', '/users/{user_id}/edit/global_permissions',
                               action='edit_global_perms', conditions={'method': ['GET']})
                     m.connect('edit_user_global_perms', '/users/{user_id}/edit/global_permissions',
                               action='update_global_perms', conditions={'method': ['PUT']})
-                    m.connect('edit_user_perms_summary', '/users/{user_id}/edit/permissions_summary',
-                              action='edit_perms_summary', conditions={'method': ['GET']})
                 # ADMIN USER GROUPS REST ROUTES
                 with rmap.submapper(path_prefix=ADMIN_PREFIX,
                                     controller='admin/user_groups') as m:
                     m.connect('users_groups', '/user_groups',
                               action='create', conditions={'method': ['POST']})
                     m.connect('new_users_group', '/user_groups/new',
                               action='new', conditions={'method': ['GET']})
                     m.connect('update_users_group', '/user_groups/{user_group_id}',
                               action='update', conditions={'method': ['PUT']})
                     m.connect('delete_users_group', '/user_groups/{user_group_id}',
                               action='delete', conditions={'method': ['DELETE']})
                     m.connect('edit_users_group', '/user_groups/{user_group_id}/edit',
                               action='edit', conditions={'method': ['GET']},
                               function=check_user_group)
                     # EXTRAS USER GROUP ROUTES
                     m.connect('edit_user_group_global_perms',
                               '/user_groups/{user_group_id}/edit/global_permissions',
                               action='edit_global_perms', conditions={'method': ['GET']})
                     m.connect('edit_user_group_global_perms',
                               '/user_groups/{user_group_id}/edit/global_permissions',
                               action='update_global_perms', conditions={'method': ['PUT']})
-                    m.connect('edit_user_group_perms_summary',
-                              '/user_groups/{user_group_id}/edit/permissions_summary',
-                              action='edit_perms_summary', conditions={'method': ['GET']})
                     m.connect('edit_user_group_perms',
                               '/user_groups/{user_group_id}/edit/permissions',
                               action='edit_perms', conditions={'method': ['GET']})
                     m.connect('edit_user_group_perms',
                               '/user_groups/{user_group_id}/edit/permissions',
                               action='update_perms', conditions={'method': ['PUT']})
                     m.connect('edit_user_group_advanced',
                               '/user_groups/{user_group_id}/edit/advanced',
                               action='edit_advanced', conditions={'method': ['GET']})
                     m.connect('edit_user_group_advanced_sync',
                               '/user_groups/{user_group_id}/edit/advanced/sync',
                               action='edit_advanced_set_synchronization', conditions={'method': ['POST']})
                 # ADMIN DEFAULTS REST ROUTES
                 with rmap.submapper(path_prefix=ADMIN_PREFIX,
                                     controller='admin/defaults') as m:
                     m.connect('admin_defaults_repositories', '/defaults/repositories',
                               action='update_repository_defaults', conditions={'method': ['POST']})
                     m.connect('admin_defaults_repositories', '/defaults/repositories',
                               action='index', conditions={'method': ['GET']})
                 # ADMIN SETTINGS ROUTES
                 with rmap.submapper(path_prefix=ADMIN_PREFIX,
                                     controller='admin/settings') as m:
                     # default
                     m.connect('admin_settings', '/settings',
                               action='settings_global_update',
                               conditions={'method': ['POST']})
                     m.connect('admin_settings', '/settings',
                               action='settings_global', conditions={'method': ['GET']})
                     m.connect('admin_settings_vcs', '/settings/vcs',
                               action='settings_vcs_update',
                               conditions={'method': ['POST']})
                     m.connect('admin_settings_vcs', '/settings/vcs',
                               action='settings_vcs',
                               conditions={'method': ['GET']})
                     m.connect('admin_settings_vcs', '/settings/vcs',
                               action='delete_svn_pattern',
                               conditions={'method': ['DELETE']})
                     m.connect('admin_settings_mapping', '/settings/mapping',
                               action='settings_mapping_update',
                               conditions={'method': ['POST']})
                     m.connect('admin_settings_mapping', '/settings/mapping',
                               action='settings_mapping', conditions={'method': ['GET']})
                     m.connect('admin_settings_global', '/settings/global',
                               action='settings_global_update',
                               conditions={'method': ['POST']})
                     m.connect('admin_settings_global', '/settings/global',
                               action='settings_global', conditions={'method': ['GET']})
                     m.connect('admin_settings_visual', '/settings/visual',
                               action='settings_visual_update',
                               conditions={'method': ['POST']})
                     m.connect('admin_settings_visual', '/settings/visual',
                               action='settings_visual', conditions={'method': ['GET']})
                     m.connect('admin_settings_issuetracker',
                               '/settings/issue-tracker', action='settings_issuetracker',
                               conditions={'method': ['GET']})
                     m.connect('admin_settings_issuetracker_save',
                               '/settings/issue-tracker/save',
                               action='settings_issuetracker_save',
                               conditions={'method': ['POST']})
                     m.connect('admin_issuetracker_test', '/settings/issue-tracker/test',
                               action='settings_issuetracker_test',
                               conditions={'method': ['POST']})
                     m.connect('admin_issuetracker_delete',
                               '/settings/issue-tracker/delete',
                               action='settings_issuetracker_delete',
                               conditions={'method': ['DELETE']})
                     m.connect('admin_settings_email', '/settings/email',
                               action='settings_email_update',
                               conditions={'method': ['POST']})
                     m.connect('admin_settings_email', '/settings/email',
                               action='settings_email', conditions={'method': ['GET']})
                     m.connect('admin_settings_hooks', '/settings/hooks',
                               action='settings_hooks_update',
                               conditions={'method': ['POST', 'DELETE']})
                     m.connect('admin_settings_hooks', '/settings/hooks',
                               action='settings_hooks', conditions={'method': ['GET']})
                     m.connect('admin_settings_search', '/settings/search',
                               action='settings_search', conditions={'method': ['GET']})
                     m.connect('admin_settings_supervisor', '/settings/supervisor',
                               action='settings_supervisor', conditions={'method': ['GET']})
                     m.connect('admin_settings_supervisor_log', '/settings/supervisor/{procid}/log',
                               action='settings_supervisor_log', conditions={'method': ['GET']})
                     m.connect('admin_settings_labs', '/settings/labs',
                               action='settings_labs_update',
                               conditions={'method': ['POST']})
                     m.connect('admin_settings_labs', '/settings/labs',
                               action='settings_labs', conditions={'method': ['GET']})
                 # ADMIN MY ACCOUNT
                 with rmap.submapper(path_prefix=ADMIN_PREFIX,
                                     controller='admin/my_account') as m:
                     # NOTE(marcink): this needs to be kept for password force flag to be
                     # handled in pylons controllers, remove after full migration to pyramid
                     m.connect('my_account_password', '/my_account/password',
                               action='my_account_password', conditions={'method': ['GET']})
                 #==========================================================================
                 # REPOSITORY ROUTES
                 #==========================================================================
                 # repo edit options
                 rmap.connect('edit_repo_fields', '/{repo_name}/settings/fields',
                              controller='admin/repos', action='edit_fields',
                              conditions={'method': ['GET'], 'function': check_repo},
                              requirements=URL_NAME_REQUIREMENTS)
                 rmap.connect('create_repo_fields', '/{repo_name}/settings/fields/new',
                              controller='admin/repos', action='create_repo_field',
                              conditions={'method': ['PUT'], 'function': check_repo},
                              requirements=URL_NAME_REQUIREMENTS)
                 rmap.connect('delete_repo_fields', '/{repo_name}/settings/fields/{field_id}',
                              controller='admin/repos', action='delete_repo_field',
                              conditions={'method': ['DELETE'], 'function': check_repo},
                              requirements=URL_NAME_REQUIREMENTS)
                 rmap.connect('toggle_locking', '/{repo_name}/settings/advanced/locking_toggle',
                              controller='admin/repos', action='toggle_locking',
                              conditions={'method': ['GET'], 'function': check_repo},
                              requirements=URL_NAME_REQUIREMENTS)
                 rmap.connect('edit_repo_remote', '/{repo_name}/settings/remote',
                              controller='admin/repos', action='edit_remote_form',
                              conditions={'method': ['GET'], 'function': check_repo},
                              requirements=URL_NAME_REQUIREMENTS)
                 rmap.connect('edit_repo_remote', '/{repo_name}/settings/remote',
                              controller='admin/repos', action='edit_remote',
                              conditions={'method': ['PUT'], 'function': check_repo},
                              requirements=URL_NAME_REQUIREMENTS)
                 rmap.connect('edit_repo_statistics', '/{repo_name}/settings/statistics',
                              controller='admin/repos', action='edit_statistics_form',
                              conditions={'method': ['GET'], 'function': check_repo},
                              requirements=URL_NAME_REQUIREMENTS)
                 rmap.connect('edit_repo_statistics', '/{repo_name}/settings/statistics',
                              controller='admin/repos', action='edit_statistics',
                              conditions={'method': ['PUT'], 'function': check_repo},
                              requirements=URL_NAME_REQUIREMENTS)
                 rmap.connect('repo_settings_issuetracker',
                              '/{repo_name}/settings/issue-tracker',
                              controller='admin/repos', action='repo_issuetracker',
                              conditions={'method': ['GET'], 'function': check_repo},
                              requirements=URL_NAME_REQUIREMENTS)
                 rmap.connect('repo_issuetracker_test',
                              '/{repo_name}/settings/issue-tracker/test',
                              controller='admin/repos', action='repo_issuetracker_test',
                              conditions={'method': ['POST'], 'function': check_repo},
                              requirements=URL_NAME_REQUIREMENTS)
                 rmap.connect('repo_issuetracker_delete',
                              '/{repo_name}/settings/issue-tracker/delete',
                              controller='admin/repos', action='repo_issuetracker_delete',
                              conditions={'method': ['DELETE'], 'function': check_repo},
                              requirements=URL_NAME_REQUIREMENTS)
                 rmap.connect('repo_issuetracker_save',
                              '/{repo_name}/settings/issue-tracker/save',
                              controller='admin/repos', action='repo_issuetracker_save',
                              conditions={'method': ['POST'], 'function': check_repo},
                              requirements=URL_NAME_REQUIREMENTS)
                 rmap.connect('repo_vcs_settings', '/{repo_name}/settings/vcs',
                              controller='admin/repos', action='repo_settings_vcs_update',
                              conditions={'method': ['POST'], 'function': check_repo},
                              requirements=URL_NAME_REQUIREMENTS)
                 rmap.connect('repo_vcs_settings', '/{repo_name}/settings/vcs',
                              controller='admin/repos', action='repo_settings_vcs',
                              conditions={'method': ['GET'], 'function': check_repo},
                              requirements=URL_NAME_REQUIREMENTS)
                 rmap.connect('repo_vcs_settings', '/{repo_name}/settings/vcs',
                              controller='admin/repos', action='repo_delete_svn_pattern',
                              conditions={'method': ['DELETE'], 'function': check_repo},
                              requirements=URL_NAME_REQUIREMENTS)
                 rmap.connect('repo_pullrequest_settings', '/{repo_name}/settings/pullrequest',
                              controller='admin/repos', action='repo_settings_pullrequest',
                              conditions={'method': ['GET', 'POST'], 'function': check_repo},
                              requirements=URL_NAME_REQUIREMENTS)
                 return rmap

rhodecode/controllers/admin/user_groups.py

0 0 -29

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             User Groups crud controller for pylons
             """
             import logging
             import formencode
             import peppercorn
             from formencode import htmlfill
             from pylons import request, tmpl_context as c, url, config
             from pylons.controllers.util import redirect
             from pylons.i18n.translation import _
             from sqlalchemy.orm import joinedload
             from rhodecode.lib import auth
             from rhodecode.lib import helpers as h
             from rhodecode.lib import audit_logger
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.exceptions import UserGroupAssignedException,\
                 RepoGroupAssignmentError
             from rhodecode.lib.utils import jsonify
             from rhodecode.lib.utils2 import safe_unicode, str2bool, safe_int
             from rhodecode.lib.auth import (
                 LoginRequired, NotAnonymous, HasUserGroupPermissionAnyDecorator,
                 HasPermissionAnyDecorator, XHRRequired)
             from rhodecode.lib.base import BaseController, render
             from rhodecode.model.permission import PermissionModel
             from rhodecode.model.scm import UserGroupList
             from rhodecode.model.user_group import UserGroupModel
             from rhodecode.model.db import (
                 User, UserGroup, UserGroupRepoToPerm, UserGroupRepoGroupToPerm)
             from rhodecode.model.forms import (
                 UserGroupForm, UserGroupPermsForm, UserIndividualPermissionsForm,
                 UserPermissionsForm)
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             class UserGroupsController(BaseController):
                 """REST Controller styled on the Atom Publishing Protocol"""
                 @LoginRequired()
                 def __before__(self):
                     super(UserGroupsController, self).__before__()
                     c.available_permissions = config['available_permissions']
                     PermissionModel().set_global_permission_choices(c, gettext_translator=_)
                 def __load_data(self, user_group_id):
                     c.group_members_obj = [x.user for x in c.user_group.members]
                     c.group_members_obj.sort(key=lambda u: u.username.lower())
                     c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
                 def __load_defaults(self, user_group_id):
                     """
                     Load defaults settings for edit, and update
                     :param user_group_id:
                     """
                     user_group = UserGroup.get_or_404(user_group_id)
                     data = user_group.get_dict()
                     # fill owner
                     if user_group.user:
                         data.update({'user': user_group.user.username})
                     else:
                         replacement_user = User.get_first_super_admin().username
                         data.update({'user': replacement_user})
                     return data
                 def _revoke_perms_on_yourself(self, form_result):
                     _updates = filter(lambda u: c.rhodecode_user.user_id == int(u[0]),
                                       form_result['perm_updates'])
                     _additions = filter(lambda u: c.rhodecode_user.user_id == int(u[0]),
                                         form_result['perm_additions'])
                     _deletions = filter(lambda u: c.rhodecode_user.user_id == int(u[0]),
                                         form_result['perm_deletions'])
                     admin_perm = 'usergroup.admin'
                     if _updates   and _updates[0][1]   != admin_perm or \
                        _additions and _additions[0][1] != admin_perm or \
                        _deletions and _deletions[0][1] != admin_perm:
                         return True
                     return False
                 @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')
                 @auth.CSRFRequired()
                 def create(self):
                     users_group_form = UserGroupForm()()
                     try:
                         form_result = users_group_form.to_python(dict(request.POST))
                         user_group = UserGroupModel().create(
                             name=form_result['users_group_name'],
                             description=form_result['user_group_description'],
                             owner=c.rhodecode_user.user_id,
                             active=form_result['users_group_active'])
                         Session().flush()
                         creation_data = user_group.get_api_data()
                         user_group_name = form_result['users_group_name']
                         audit_logger.store_web(
                             'user_group.create', action_data={'data': creation_data},
                             user=c.rhodecode_user)
                         user_group_link = h.link_to(
                             h.escape(user_group_name),
                             url('edit_users_group', user_group_id=user_group.users_group_id))
                         h.flash(h.literal(_('Created user group %(user_group_link)s')
                                           % {'user_group_link': user_group_link}),
                                 category='success')
                         Session().commit()
                     except formencode.Invalid as errors:
                         return htmlfill.render(
                             render('admin/user_groups/user_group_add.mako'),
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False)
                     except Exception:
                         log.exception("Exception creating user group")
                         h.flash(_('Error occurred during creation of user group %s') \
                                 % request.POST.get('users_group_name'), category='error')
                     return redirect(
                         url('edit_users_group', user_group_id=user_group.users_group_id))
                 @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')
                 def new(self):
                     """GET /user_groups/new: Form to create a new item"""
                     # url('new_users_group')
                     return render('admin/user_groups/user_group_add.mako')
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @auth.CSRFRequired()
                 def update(self, user_group_id):
                     user_group_id = safe_int(user_group_id)
                     c.user_group = UserGroup.get_or_404(user_group_id)
                     c.active = 'settings'
                     self.__load_data(user_group_id)
                     users_group_form = UserGroupForm(
                         edit=True, old_data=c.user_group.get_dict(), allow_disabled=True)()
                     old_values = c.user_group.get_api_data()
                     try:
                         form_result = users_group_form.to_python(request.POST)
                         pstruct = peppercorn.parse(request.POST.items())
                         form_result['users_group_members'] = pstruct['user_group_members']
                         user_group, added_members, removed_members = \
                             UserGroupModel().update(c.user_group, form_result)
                         updated_user_group = form_result['users_group_name']
                         audit_logger.store_web(
                             'user_group.edit', action_data={'old_data': old_values},
                             user=c.rhodecode_user)
                         # TODO(marcink): use added/removed to set user_group.edit.member.add
                         h.flash(_('Updated user group %s') % updated_user_group,
                                 category='success')
                         Session().commit()
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         e = errors.error_dict or {}
                         return htmlfill.render(
                             render('admin/user_groups/user_group_edit.mako'),
                             defaults=defaults,
                             errors=e,
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False)
                     except Exception:
                         log.exception("Exception during update of user group")
                         h.flash(_('Error occurred during update of user group %s')
                                 % request.POST.get('users_group_name'), category='error')
                     return redirect(url('edit_users_group', user_group_id=user_group_id))
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @auth.CSRFRequired()
                 def delete(self, user_group_id):
                     user_group_id = safe_int(user_group_id)
                     c.user_group = UserGroup.get_or_404(user_group_id)
                     force = str2bool(request.POST.get('force'))
                     old_values = c.user_group.get_api_data()
                     try:
                         UserGroupModel().delete(c.user_group, force=force)
                         audit_logger.store_web(
                             'user.delete', action_data={'old_data': old_values},
                             user=c.rhodecode_user)
                         Session().commit()
                         h.flash(_('Successfully deleted user group'), category='success')
                     except UserGroupAssignedException as e:
                         h.flash(str(e), category='error')
                     except Exception:
                         log.exception("Exception during deletion of user group")
                         h.flash(_('An error occurred during deletion of user group'),
                                 category='error')
                     return redirect(url('users_groups'))
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 def edit(self, user_group_id):
                     """GET /user_groups/user_group_id/edit: Form to edit an existing item"""
                     # url('edit_users_group', user_group_id=ID)
                     user_group_id = safe_int(user_group_id)
                     c.user_group = UserGroup.get_or_404(user_group_id)
                     c.active = 'settings'
                     self.__load_data(user_group_id)
                     defaults = self.__load_defaults(user_group_id)
                     return htmlfill.render(
                         render('admin/user_groups/user_group_edit.mako'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 def edit_perms(self, user_group_id):
                     user_group_id = safe_int(user_group_id)
                     c.user_group = UserGroup.get_or_404(user_group_id)
                     c.active = 'perms'
                     defaults = {}
                     # fill user group users
                     for p in c.user_group.user_user_group_to_perm:
                         defaults.update({'u_perm_%s' % p.user.user_id:
                                          p.permission.permission_name})
                     for p in c.user_group.user_group_user_group_to_perm:
                         defaults.update({'g_perm_%s' % p.user_group.users_group_id:
                                          p.permission.permission_name})
                     return htmlfill.render(
                         render('admin/user_groups/user_group_edit.mako'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @auth.CSRFRequired()
                 def update_perms(self, user_group_id):
                     """
                     grant permission for given usergroup
                     :param user_group_id:
                     """
                     user_group_id = safe_int(user_group_id)
                     c.user_group = UserGroup.get_or_404(user_group_id)
                     form = UserGroupPermsForm()().to_python(request.POST)
                     if not c.rhodecode_user.is_admin:
                         if self._revoke_perms_on_yourself(form):
                             msg = _('Cannot change permission for yourself as admin')
                             h.flash(msg, category='warning')
                             return redirect(url('edit_user_group_perms', user_group_id=user_group_id))
                     try:
                         UserGroupModel().update_permissions(user_group_id,
                             form['perm_additions'], form['perm_updates'], form['perm_deletions'])
                     except RepoGroupAssignmentError:
                         h.flash(_('Target group cannot be the same'), category='error')
                         return redirect(url('edit_user_group_perms', user_group_id=user_group_id))
                     # TODO(marcink): implement global permissions
                     # audit_log.store_web('user_group.edit.permissions')
                     Session().commit()
                     h.flash(_('User Group permissions updated'), category='success')
                     return redirect(url('edit_user_group_perms', user_group_id=user_group_id))
-                @HasUserGroupPermissionAnyDecorator('usergroup.admin')
-                def edit_perms_summary(self, user_group_id):
-                    user_group_id = safe_int(user_group_id)
-                    c.user_group = UserGroup.get_or_404(user_group_id)
-                    c.active = 'perms_summary'
-                    permissions = {
-                        'repositories': {},
-                        'repositories_groups': {},
-                    ugroup_repo_perms = UserGroupRepoToPerm.query()\
-                        .options(joinedload(UserGroupRepoToPerm.permission))\
-                        .options(joinedload(UserGroupRepoToPerm.repository))\
-                        .filter(UserGroupRepoToPerm.users_group_id == user_group_id)\
-                        .all()
-                    for gr in ugroup_repo_perms:
-                        permissions['repositories'][gr.repository.repo_name]  \
-                            = gr.permission.permission_name
-                    ugroup_group_perms = UserGroupRepoGroupToPerm.query()\
-                        .options(joinedload(UserGroupRepoGroupToPerm.permission))\
-                        .options(joinedload(UserGroupRepoGroupToPerm.group))\
-                        .filter(UserGroupRepoGroupToPerm.users_group_id == user_group_id)\
-                        .all()
-                    for gr in ugroup_group_perms:
-                        permissions['repositories_groups'][gr.group.group_name] \
-                            = gr.permission.permission_name
-                    c.permissions = permissions
-                    return render('admin/user_groups/user_group_edit.mako')
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 def edit_global_perms(self, user_group_id):
                     user_group_id = safe_int(user_group_id)
                     c.user_group = UserGroup.get_or_404(user_group_id)
                     c.active = 'global_perms'
                     c.default_user = User.get_default_user()
                     defaults = c.user_group.get_dict()
                     defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
                     defaults.update(c.user_group.get_default_perms())
                     return htmlfill.render(
                         render('admin/user_groups/user_group_edit.mako'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @auth.CSRFRequired()
                 def update_global_perms(self, user_group_id):
                     user_group_id = safe_int(user_group_id)
                     user_group = UserGroup.get_or_404(user_group_id)
                     c.active = 'global_perms'
                     try:
                         # first stage that verifies the checkbox
                         _form = UserIndividualPermissionsForm()
                         form_result = _form.to_python(dict(request.POST))
                         inherit_perms = form_result['inherit_default_permissions']
                         user_group.inherit_default_permissions = inherit_perms
                         Session().add(user_group)
                         if not inherit_perms:
                             # only update the individual ones if we un check the flag
                             _form = UserPermissionsForm(
                                 [x[0] for x in c.repo_create_choices],
                                 [x[0] for x in c.repo_create_on_write_choices],
                                 [x[0] for x in c.repo_group_create_choices],
                                 [x[0] for x in c.user_group_create_choices],
                                 [x[0] for x in c.fork_choices],
                                 [x[0] for x in c.inherit_default_permission_choices])()
                             form_result = _form.to_python(dict(request.POST))
                             form_result.update({'perm_user_group_id': user_group.users_group_id})
                             PermissionModel().update_user_group_permissions(form_result)
                         Session().commit()
                         h.flash(_('User Group global permissions updated successfully'),
                                 category='success')
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         c.user_group = user_group
                         return htmlfill.render(
                             render('admin/user_groups/user_group_edit.mako'),
                             defaults=defaults,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False)
                     except Exception:
                         log.exception("Exception during permissions saving")
                         h.flash(_('An error occurred during permissions saving'),
                                 category='error')
                     return redirect(url('edit_user_group_global_perms', user_group_id=user_group_id))
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 def edit_advanced(self, user_group_id):
                     user_group_id = safe_int(user_group_id)
                     c.user_group = UserGroup.get_or_404(user_group_id)
                     c.active = 'advanced'
                     c.group_members_obj = sorted(
                         (x.user for x in c.user_group.members),
                         key=lambda u: u.username.lower())
                     c.group_to_repos = sorted(
                         (x.repository for x in c.user_group.users_group_repo_to_perm),
                         key=lambda u: u.repo_name.lower())
                     c.group_to_repo_groups = sorted(
                         (x.group for x in c.user_group.users_group_repo_group_to_perm),
                         key=lambda u: u.group_name.lower())
                     return render('admin/user_groups/user_group_edit.mako')
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 def edit_advanced_set_synchronization(self, user_group_id):
                     user_group_id = safe_int(user_group_id)
                     user_group = UserGroup.get_or_404(user_group_id)
                     existing = user_group.group_data.get('extern_type')
                     if existing:
                         new_state = user_group.group_data
                         new_state['extern_type'] = None
                     else:
                         new_state = user_group.group_data
                         new_state['extern_type'] = 'manual'
                         new_state['extern_type_set_by'] = c.rhodecode_user.username
                     try:
                         user_group.group_data = new_state
                         Session().add(user_group)
                         Session().commit()
                         h.flash(_('User Group synchronization updated successfully'),
                                 category='success')
                     except Exception:
                         log.exception("Exception during sync settings saving")
                         h.flash(_('An error occurred during synchronization update'),
                                 category='error')
                     return redirect(
                         url('edit_user_group_advanced', user_group_id=user_group_id))

rhodecode/controllers/admin/users.py

0 0 -12

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Users crud controller for pylons
             """
             import logging
             import formencode
             from formencode import htmlfill
             from pylons import request, tmpl_context as c, url, config
             from pylons.controllers.util import redirect
             from pylons.i18n.translation import _
             from rhodecode.authentication.plugins import auth_rhodecode
             from rhodecode.lib import helpers as h
             from rhodecode.lib import auth
             from rhodecode.lib import audit_logger
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, AuthUser)
             from rhodecode.lib.base import BaseController, render
             from rhodecode.lib.exceptions import (
                 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
                 UserOwnsUserGroupsException, UserCreationError)
             from rhodecode.lib.utils2 import safe_int, AttributeDict
             from rhodecode.model.db import (
                 PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup)
             from rhodecode.model.forms import (
                 UserForm, UserPermissionsForm, UserIndividualPermissionsForm)
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.model.user import UserModel
             from rhodecode.model.meta import Session
             from rhodecode.model.permission import PermissionModel
             log = logging.getLogger(__name__)
             class UsersController(BaseController):
                 """REST Controller styled on the Atom Publishing Protocol"""
                 @LoginRequired()
                 def __before__(self):
                     super(UsersController, self).__before__()
                     c.available_permissions = config['available_permissions']
                     c.allowed_languages = [
                         ('en', 'English (en)'),
                         ('de', 'German (de)'),
                         ('fr', 'French (fr)'),
                         ('it', 'Italian (it)'),
                         ('ja', 'Japanese (ja)'),
                         ('pl', 'Polish (pl)'),
                         ('pt', 'Portuguese (pt)'),
                         ('ru', 'Russian (ru)'),
                         ('zh', 'Chinese (zh)'),
                     ]
                     PermissionModel().set_global_permission_choices(c, gettext_translator=_)
                 def _get_personal_repo_group_template_vars(self):
                     DummyUser = AttributeDict({
                         'username': '${username}',
                         'user_id': '${user_id}',
                     })
                     c.default_create_repo_group = RepoGroupModel() \
                         .get_default_create_personal_repo_group()
                     c.personal_repo_group_name = RepoGroupModel() \
                         .get_personal_group_name(DummyUser)
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def create(self):
                     c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
                     user_model = UserModel()
                     user_form = UserForm()()
                     try:
                         form_result = user_form.to_python(dict(request.POST))
                         user = user_model.create(form_result)
                         Session().flush()
                         creation_data = user.get_api_data()
                         username = form_result['username']
                         audit_logger.store_web(
                             'user.create', action_data={'data': creation_data},
                             user=c.rhodecode_user)
                         user_link = h.link_to(h.escape(username),
                                               url('edit_user',
                                                   user_id=user.user_id))
                         h.flash(h.literal(_('Created user %(user_link)s')
                                           % {'user_link': user_link}), category='success')
                         Session().commit()
                     except formencode.Invalid as errors:
                         self._get_personal_repo_group_template_vars()
                         return htmlfill.render(
                             render('admin/users/user_add.mako'),
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False)
                     except UserCreationError as e:
                         h.flash(e, 'error')
                     except Exception:
                         log.exception("Exception creation of user")
                         h.flash(_('Error occurred during creation of user %s')
                                 % request.POST.get('username'), category='error')
                     return redirect(h.route_path('users'))
                 @HasPermissionAllDecorator('hg.admin')
                 def new(self):
                     c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
                     self._get_personal_repo_group_template_vars()
                     return render('admin/users/user_add.mako')
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def update(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     c.active = 'profile'
                     c.extern_type = c.user.extern_type
                     c.extern_name = c.user.extern_name
                     c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
                     available_languages = [x[0] for x in c.allowed_languages]
                     _form = UserForm(edit=True, available_languages=available_languages,
                                      old_data={'user_id': user_id,
                                                'email': c.user.email})()
                     form_result = {}
                     old_values = c.user.get_api_data()
                     try:
                         form_result = _form.to_python(dict(request.POST))
                         skip_attrs = ['extern_type', 'extern_name']
                         # TODO: plugin should define if username can be updated
                         if c.extern_type != "rhodecode":
                             # forbid updating username for external accounts
                             skip_attrs.append('username')
                         UserModel().update_user(
                             user_id, skip_attrs=skip_attrs, **form_result)
                         audit_logger.store_web(
                             'user.edit', action_data={'old_data': old_values},
                             user=c.rhodecode_user)
                         Session().commit()
                         h.flash(_('User updated successfully'), category='success')
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         e = errors.error_dict or {}
                         return htmlfill.render(
                             render('admin/users/user_edit.mako'),
                             defaults=defaults,
                             errors=e,
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False)
                     except UserCreationError as e:
                         h.flash(e, 'error')
                     except Exception:
                         log.exception("Exception updating user")
                         h.flash(_('Error occurred during update of user %s')
                                 % form_result.get('username'), category='error')
                     return redirect(url('edit_user', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def delete(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     _repos = c.user.repositories
                     _repo_groups = c.user.repository_groups
                     _user_groups = c.user.user_groups
                     handle_repos = None
                     handle_repo_groups = None
                     handle_user_groups = None
                     # dummy call for flash of handle
                     set_handle_flash_repos = lambda: None
                     set_handle_flash_repo_groups = lambda: None
                     set_handle_flash_user_groups = lambda: None
                     if _repos and request.POST.get('user_repos'):
                         do = request.POST['user_repos']
                         if do == 'detach':
                             handle_repos = 'detach'
                             set_handle_flash_repos = lambda: h.flash(
                                 _('Detached %s repositories') % len(_repos),
                                 category='success')
                         elif do == 'delete':
                             handle_repos = 'delete'
                             set_handle_flash_repos = lambda: h.flash(
                                 _('Deleted %s repositories') % len(_repos),
                                 category='success')
                     if _repo_groups and request.POST.get('user_repo_groups'):
                         do = request.POST['user_repo_groups']
                         if do == 'detach':
                             handle_repo_groups = 'detach'
                             set_handle_flash_repo_groups = lambda: h.flash(
                                 _('Detached %s repository groups') % len(_repo_groups),
                                 category='success')
                         elif do == 'delete':
                             handle_repo_groups = 'delete'
                             set_handle_flash_repo_groups = lambda: h.flash(
                                 _('Deleted %s repository groups') % len(_repo_groups),
                                 category='success')
                     if _user_groups and request.POST.get('user_user_groups'):
                         do = request.POST['user_user_groups']
                         if do == 'detach':
                             handle_user_groups = 'detach'
                             set_handle_flash_user_groups = lambda: h.flash(
                                 _('Detached %s user groups') % len(_user_groups),
                                 category='success')
                         elif do == 'delete':
                             handle_user_groups = 'delete'
                             set_handle_flash_user_groups = lambda: h.flash(
                                 _('Deleted %s user groups') % len(_user_groups),
                                 category='success')
                     old_values = c.user.get_api_data()
                     try:
                         UserModel().delete(c.user, handle_repos=handle_repos,
                                            handle_repo_groups=handle_repo_groups,
                                            handle_user_groups=handle_user_groups)
                         audit_logger.store_web(
                             'user.delete', action_data={'old_data': old_values},
                             user=c.rhodecode_user)
                         Session().commit()
                         set_handle_flash_repos()
                         set_handle_flash_repo_groups()
                         set_handle_flash_user_groups()
                         h.flash(_('Successfully deleted user'), category='success')
                     except (UserOwnsReposException, UserOwnsRepoGroupsException,
                             UserOwnsUserGroupsException, DefaultUserException) as e:
                         h.flash(e, category='warning')
                     except Exception:
                         log.exception("Exception during deletion of user")
                         h.flash(_('An error occurred during deletion of user'),
                                 category='error')
                     return redirect(h.route_path('users'))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def reset_password(self, user_id):
                     """
                     toggle reset password flag for this user
                     """
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     try:
                         old_value = c.user.user_data.get('force_password_change')
                         c.user.update_userdata(force_password_change=not old_value)
                         if old_value:
                             msg = _('Force password change disabled for user')
                             audit_logger.store_web(
                                 'user.edit.password_reset.disabled',
                                 user=c.rhodecode_user)
                         else:
                             msg = _('Force password change enabled for user')
                             audit_logger.store_web(
                                 'user.edit.password_reset.enabled',
                                 user=c.rhodecode_user)
                         Session().commit()
                         h.flash(msg, category='success')
                     except Exception:
                         log.exception("Exception during password reset for user")
                         h.flash(_('An error occurred during password reset for user'),
                                 category='error')
                     return redirect(url('edit_user_advanced', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def create_personal_repo_group(self, user_id):
                     """
                     Create personal repository group for this user
                     """
                     from rhodecode.model.repo_group import RepoGroupModel
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     personal_repo_group = RepoGroup.get_user_personal_repo_group(
                         c.user.user_id)
                     if personal_repo_group:
                         return redirect(url('edit_user_advanced', user_id=user_id))
                     personal_repo_group_name = RepoGroupModel().get_personal_group_name(
                         c.user)
                     named_personal_group = RepoGroup.get_by_group_name(
                         personal_repo_group_name)
                     try:
                         if named_personal_group and named_personal_group.user_id == c.user.user_id:
                             # migrate the same named group, and mark it as personal
                             named_personal_group.personal = True
                             Session().add(named_personal_group)
                             Session().commit()
                             msg = _('Linked repository group `%s` as personal' % (
                                 personal_repo_group_name,))
                             h.flash(msg, category='success')
                         elif not named_personal_group:
                             RepoGroupModel().create_personal_repo_group(c.user)
                             msg = _('Created repository group `%s`' % (
                                 personal_repo_group_name,))
                             h.flash(msg, category='success')
                         else:
                             msg = _('Repository group `%s` is already taken' % (
                                 personal_repo_group_name,))
                             h.flash(msg, category='warning')
                     except Exception:
                         log.exception("Exception during repository group creation")
                         msg = _(
                             'An error occurred during repository group creation for user')
                         h.flash(msg, category='error')
                         Session().rollback()
                     return redirect(url('edit_user_advanced', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 def show(self, user_id):
                     """GET /users/user_id: Show a specific item"""
                     # url('user', user_id=ID)
                     User.get_or_404(-1)
                 @HasPermissionAllDecorator('hg.admin')
                 def edit(self, user_id):
                     """GET /users/user_id/edit: Form to edit an existing item"""
                     # url('edit_user', user_id=ID)
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(h.route_path('users'))
                     c.active = 'profile'
                     c.extern_type = c.user.extern_type
                     c.extern_name = c.user.extern_name
                     c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
                     defaults = c.user.get_dict()
                     defaults.update({'language': c.user.user_data.get('language')})
                     return htmlfill.render(
                         render('admin/users/user_edit.mako'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_advanced(self, user_id):
                     user_id = safe_int(user_id)
                     user = c.user = User.get_or_404(user_id)
                     if user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(h.route_path('users'))
                     c.active = 'advanced'
                     c.personal_repo_group = RepoGroup.get_user_personal_repo_group(user_id)
                     c.personal_repo_group_name = RepoGroupModel()\
                         .get_personal_group_name(user)
                     c.first_admin = User.get_first_super_admin()
                     defaults = user.get_dict()
                     # Interim workaround if the user participated on any pull requests as a
                     # reviewer.
                     has_review = len(user.reviewer_pull_requests)
                     c.can_delete_user = not has_review
                     c.can_delete_user_message = ''
                     inactive_link = h.link_to(
                         'inactive', h.url('edit_user', user_id=user_id, anchor='active'))
                     if has_review == 1:
                         c.can_delete_user_message = h.literal(_(
                             'The user participates as reviewer in {} pull request and '
                             'cannot be deleted. \nYou can set the user to '
                             '"{}" instead of deleting it.').format(
                             has_review, inactive_link))
                     elif has_review:
                         c.can_delete_user_message = h.literal(_(
                             'The user participates as reviewer in {} pull requests and '
                             'cannot be deleted. \nYou can set the user to '
                             '"{}" instead of deleting it.').format(
                             has_review, inactive_link))
                     return htmlfill.render(
                         render('admin/users/user_edit.mako'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_global_perms(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(h.route_path('users'))
                     c.active = 'global_perms'
                     c.default_user = User.get_default_user()
                     defaults = c.user.get_dict()
                     defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
                     defaults.update(c.default_user.get_default_perms())
                     defaults.update(c.user.get_default_perms())
                     return htmlfill.render(
                         render('admin/users/user_edit.mako'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def update_global_perms(self, user_id):
                     user_id = safe_int(user_id)
                     user = User.get_or_404(user_id)
                     c.active = 'global_perms'
                     try:
                         # first stage that verifies the checkbox
                         _form = UserIndividualPermissionsForm()
                         form_result = _form.to_python(dict(request.POST))
                         inherit_perms = form_result['inherit_default_permissions']
                         user.inherit_default_permissions = inherit_perms
                         Session().add(user)
                         if not inherit_perms:
                             # only update the individual ones if we un check the flag
                             _form = UserPermissionsForm(
                                 [x[0] for x in c.repo_create_choices],
                                 [x[0] for x in c.repo_create_on_write_choices],
                                 [x[0] for x in c.repo_group_create_choices],
                                 [x[0] for x in c.user_group_create_choices],
                                 [x[0] for x in c.fork_choices],
                                 [x[0] for x in c.inherit_default_permission_choices])()
                             form_result = _form.to_python(dict(request.POST))
                             form_result.update({'perm_user_id': user.user_id})
                             PermissionModel().update_user_permissions(form_result)
                         # TODO(marcink): implement global permissions
                         # audit_log.store_web('user.edit.permissions')
                         Session().commit()
                         h.flash(_('User global permissions updated successfully'),
                                 category='success')
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         c.user = user
                         return htmlfill.render(
                             render('admin/users/user_edit.mako'),
                             defaults=defaults,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False)
                     except Exception:
                         log.exception("Exception during permissions saving")
                         h.flash(_('An error occurred during permissions saving'),
                                 category='error')
                     return redirect(url('edit_user_global_perms', user_id=user_id))
-                @HasPermissionAllDecorator('hg.admin')
-                def edit_perms_summary(self, user_id):
-                    user_id = safe_int(user_id)
-                    c.user = User.get_or_404(user_id)
-                    if c.user.username == User.DEFAULT_USER:
-                        h.flash(_("You can't edit this user"), category='warning')
-                        return redirect(h.route_path('users'))
-                    c.active = 'perms_summary'
-                    c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
-                    return render('admin/users/user_edit.mako')

rhodecode/public/js/rhodecode/routes.js

0 +4 0

             /******************************************************************************
              *                                                                            *
              *                      DO NOT CHANGE THIS FILE MANUALLY                      *
              *                                                                            *
              *                                                                            *
              *        This file is automatically generated when the app starts up with    *
              *                         generate_js_files = true                           *
              *                                                                            *
              *  To add a route here pass jsroute=True to the route definition in the app  *
              *                                                                            *
              ******************************************************************************/
             function registerRCRoutes() {
                 // routes registration
                 pyroutes.register('new_repo', '/_admin/create_repository', []);
                 pyroutes.register('edit_user', '/_admin/users/%(user_id)s/edit', ['user_id']);
                 pyroutes.register('favicon', '/favicon.ico', []);
                 pyroutes.register('robots', '/robots.txt', []);
                 pyroutes.register('auth_home', '/_admin/auth*traverse', []);
                 pyroutes.register('global_integrations_new', '/_admin/integrations/new', []);
                 pyroutes.register('global_integrations_home', '/_admin/integrations', []);
                 pyroutes.register('global_integrations_list', '/_admin/integrations/%(integration)s', ['integration']);
                 pyroutes.register('global_integrations_create', '/_admin/integrations/%(integration)s/new', ['integration']);
                 pyroutes.register('global_integrations_edit', '/_admin/integrations/%(integration)s/%(integration_id)s', ['integration', 'integration_id']);
                 pyroutes.register('repo_group_integrations_home', '/%(repo_group_name)s/settings/integrations', ['repo_group_name']);
                 pyroutes.register('repo_group_integrations_new', '/%(repo_group_name)s/settings/integrations/new', ['repo_group_name']);
                 pyroutes.register('repo_group_integrations_list', '/%(repo_group_name)s/settings/integrations/%(integration)s', ['repo_group_name', 'integration']);
                 pyroutes.register('repo_group_integrations_create', '/%(repo_group_name)s/settings/integrations/%(integration)s/new', ['repo_group_name', 'integration']);
                 pyroutes.register('repo_group_integrations_edit', '/%(repo_group_name)s/settings/integrations/%(integration)s/%(integration_id)s', ['repo_group_name', 'integration', 'integration_id']);
                 pyroutes.register('repo_integrations_home', '/%(repo_name)s/settings/integrations', ['repo_name']);
                 pyroutes.register('repo_integrations_new', '/%(repo_name)s/settings/integrations/new', ['repo_name']);
                 pyroutes.register('repo_integrations_list', '/%(repo_name)s/settings/integrations/%(integration)s', ['repo_name', 'integration']);
                 pyroutes.register('repo_integrations_create', '/%(repo_name)s/settings/integrations/%(integration)s/new', ['repo_name', 'integration']);
                 pyroutes.register('repo_integrations_edit', '/%(repo_name)s/settings/integrations/%(integration)s/%(integration_id)s', ['repo_name', 'integration', 'integration_id']);
                 pyroutes.register('ops_ping', '/_admin/ops/ping', []);
                 pyroutes.register('ops_error_test', '/_admin/ops/error', []);
                 pyroutes.register('ops_redirect_test', '/_admin/ops/redirect', []);
                 pyroutes.register('admin_home', '/_admin', []);
                 pyroutes.register('admin_audit_logs', '/_admin/audit_logs', []);
                 pyroutes.register('pull_requests_global_0', '/_admin/pull_requests/%(pull_request_id)s', ['pull_request_id']);
                 pyroutes.register('pull_requests_global_1', '/_admin/pull-requests/%(pull_request_id)s', ['pull_request_id']);
                 pyroutes.register('pull_requests_global', '/_admin/pull-request/%(pull_request_id)s', ['pull_request_id']);
                 pyroutes.register('admin_settings_open_source', '/_admin/settings/open_source', []);
                 pyroutes.register('admin_settings_vcs_svn_generate_cfg', '/_admin/settings/vcs/svn_generate_cfg', []);
                 pyroutes.register('admin_settings_system', '/_admin/settings/system', []);
                 pyroutes.register('admin_settings_system_update', '/_admin/settings/system/updates', []);
                 pyroutes.register('admin_settings_sessions', '/_admin/settings/sessions', []);
                 pyroutes.register('admin_settings_sessions_cleanup', '/_admin/settings/sessions/cleanup', []);
                 pyroutes.register('admin_settings_process_management', '/_admin/settings/process_management', []);
                 pyroutes.register('admin_settings_process_management_signal', '/_admin/settings/process_management/signal', []);
                 pyroutes.register('admin_permissions_application', '/_admin/permissions/application', []);
                 pyroutes.register('admin_permissions_application_update', '/_admin/permissions/application/update', []);
                 pyroutes.register('admin_permissions_global', '/_admin/permissions/global', []);
                 pyroutes.register('admin_permissions_global_update', '/_admin/permissions/global/update', []);
                 pyroutes.register('admin_permissions_object', '/_admin/permissions/object', []);
                 pyroutes.register('admin_permissions_object_update', '/_admin/permissions/object/update', []);
                 pyroutes.register('admin_permissions_ips', '/_admin/permissions/ips', []);
                 pyroutes.register('admin_permissions_overview', '/_admin/permissions/overview', []);
                 pyroutes.register('admin_permissions_auth_token_access', '/_admin/permissions/auth_token_access', []);
                 pyroutes.register('users', '/_admin/users', []);
                 pyroutes.register('users_data', '/_admin/users_data', []);
                 pyroutes.register('edit_user_auth_tokens', '/_admin/users/%(user_id)s/edit/auth_tokens', ['user_id']);
                 pyroutes.register('edit_user_auth_tokens_add', '/_admin/users/%(user_id)s/edit/auth_tokens/new', ['user_id']);
                 pyroutes.register('edit_user_auth_tokens_delete', '/_admin/users/%(user_id)s/edit/auth_tokens/delete', ['user_id']);
                 pyroutes.register('edit_user_ssh_keys', '/_admin/users/%(user_id)s/edit/ssh_keys', ['user_id']);
                 pyroutes.register('edit_user_ssh_keys_generate_keypair', '/_admin/users/%(user_id)s/edit/ssh_keys/generate', ['user_id']);
                 pyroutes.register('edit_user_ssh_keys_add', '/_admin/users/%(user_id)s/edit/ssh_keys/new', ['user_id']);
                 pyroutes.register('edit_user_ssh_keys_delete', '/_admin/users/%(user_id)s/edit/ssh_keys/delete', ['user_id']);
                 pyroutes.register('edit_user_emails', '/_admin/users/%(user_id)s/edit/emails', ['user_id']);
                 pyroutes.register('edit_user_emails_add', '/_admin/users/%(user_id)s/edit/emails/new', ['user_id']);
                 pyroutes.register('edit_user_emails_delete', '/_admin/users/%(user_id)s/edit/emails/delete', ['user_id']);
                 pyroutes.register('edit_user_ips', '/_admin/users/%(user_id)s/edit/ips', ['user_id']);
                 pyroutes.register('edit_user_ips_add', '/_admin/users/%(user_id)s/edit/ips/new', ['user_id']);
                 pyroutes.register('edit_user_ips_delete', '/_admin/users/%(user_id)s/edit/ips/delete', ['user_id']);
+                pyroutes.register('edit_user_perms_summary', '/_admin/users/%(user_id)s/edit/permissions_summary', ['user_id']);
+                pyroutes.register('edit_user_perms_summary_json', '/_admin/users/%(user_id)s/edit/permissions_summary/json', ['user_id']);
                 pyroutes.register('edit_user_groups_management', '/_admin/users/%(user_id)s/edit/groups_management', ['user_id']);
                 pyroutes.register('edit_user_groups_management_updates', '/_admin/users/%(user_id)s/edit/edit_user_groups_management/updates', ['user_id']);
                 pyroutes.register('edit_user_audit_logs', '/_admin/users/%(user_id)s/edit/audit', ['user_id']);
                 pyroutes.register('user_groups', '/_admin/user_groups', []);
                 pyroutes.register('user_groups_data', '/_admin/user_groups_data', []);
                 pyroutes.register('user_group_members_data', '/_admin/user_groups/%(user_group_id)s/members', ['user_group_id']);
+                pyroutes.register('edit_user_group_perms_summary', '/_admin/user_groups/%(user_group_id)s/edit/permissions_summary', ['user_group_id']);
+                pyroutes.register('edit_user_group_perms_summary_json', '/_admin/user_groups/%(user_group_id)s/edit/permissions_summary/json', ['user_group_id']);
                 pyroutes.register('channelstream_connect', '/_admin/channelstream/connect', []);
                 pyroutes.register('channelstream_subscribe', '/_admin/channelstream/subscribe', []);
                 pyroutes.register('channelstream_proxy', '/_channelstream', []);
                 pyroutes.register('login', '/_admin/login', []);
                 pyroutes.register('logout', '/_admin/logout', []);
                 pyroutes.register('register', '/_admin/register', []);
                 pyroutes.register('reset_password', '/_admin/password_reset', []);
                 pyroutes.register('reset_password_confirmation', '/_admin/password_reset_confirmation', []);
                 pyroutes.register('home', '/', []);
                 pyroutes.register('user_autocomplete_data', '/_users', []);
                 pyroutes.register('user_group_autocomplete_data', '/_user_groups', []);
                 pyroutes.register('repo_list_data', '/_repos', []);
                 pyroutes.register('goto_switcher_data', '/_goto_data', []);
                 pyroutes.register('journal', '/_admin/journal', []);
                 pyroutes.register('journal_rss', '/_admin/journal/rss', []);
                 pyroutes.register('journal_atom', '/_admin/journal/atom', []);
                 pyroutes.register('journal_public', '/_admin/public_journal', []);
                 pyroutes.register('journal_public_atom', '/_admin/public_journal/atom', []);
                 pyroutes.register('journal_public_atom_old', '/_admin/public_journal_atom', []);
                 pyroutes.register('journal_public_rss', '/_admin/public_journal/rss', []);
                 pyroutes.register('journal_public_rss_old', '/_admin/public_journal_rss', []);
                 pyroutes.register('toggle_following', '/_admin/toggle_following', []);
                 pyroutes.register('repo_creating', '/%(repo_name)s/repo_creating', ['repo_name']);
                 pyroutes.register('repo_creating_check', '/%(repo_name)s/repo_creating_check', ['repo_name']);
                 pyroutes.register('repo_summary_explicit', '/%(repo_name)s/summary', ['repo_name']);
                 pyroutes.register('repo_summary_commits', '/%(repo_name)s/summary-commits', ['repo_name']);
                 pyroutes.register('repo_commit', '/%(repo_name)s/changeset/%(commit_id)s', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_commit_children', '/%(repo_name)s/changeset_children/%(commit_id)s', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_commit_parents', '/%(repo_name)s/changeset_parents/%(commit_id)s', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_commit_raw', '/%(repo_name)s/changeset-diff/%(commit_id)s', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_commit_patch', '/%(repo_name)s/changeset-patch/%(commit_id)s', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_commit_download', '/%(repo_name)s/changeset-download/%(commit_id)s', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_commit_data', '/%(repo_name)s/changeset-data/%(commit_id)s', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_commit_comment_create', '/%(repo_name)s/changeset/%(commit_id)s/comment/create', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_commit_comment_preview', '/%(repo_name)s/changeset/%(commit_id)s/comment/preview', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_commit_comment_delete', '/%(repo_name)s/changeset/%(commit_id)s/comment/%(comment_id)s/delete', ['repo_name', 'commit_id', 'comment_id']);
                 pyroutes.register('repo_commit_raw_deprecated', '/%(repo_name)s/raw-changeset/%(commit_id)s', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_archivefile', '/%(repo_name)s/archive/%(fname)s', ['repo_name', 'fname']);
                 pyroutes.register('repo_files_diff', '/%(repo_name)s/diff/%(f_path)s', ['repo_name', 'f_path']);
                 pyroutes.register('repo_files_diff_2way_redirect', '/%(repo_name)s/diff-2way/%(f_path)s', ['repo_name', 'f_path']);
                 pyroutes.register('repo_files', '/%(repo_name)s/files/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files:default_path', '/%(repo_name)s/files/%(commit_id)s/', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_files:default_commit', '/%(repo_name)s/files', ['repo_name']);
                 pyroutes.register('repo_files:rendered', '/%(repo_name)s/render/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files:annotated', '/%(repo_name)s/annotate/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files:annotated_previous', '/%(repo_name)s/annotate-previous/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_nodetree_full', '/%(repo_name)s/nodetree_full/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_nodetree_full:default_path', '/%(repo_name)s/nodetree_full/%(commit_id)s/', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_files_nodelist', '/%(repo_name)s/nodelist/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_file_raw', '/%(repo_name)s/raw/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_file_download', '/%(repo_name)s/download/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_file_download:legacy', '/%(repo_name)s/rawfile/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_file_history', '/%(repo_name)s/history/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_file_authors', '/%(repo_name)s/authors/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files_remove_file', '/%(repo_name)s/remove_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files_delete_file', '/%(repo_name)s/delete_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files_edit_file', '/%(repo_name)s/edit_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files_update_file', '/%(repo_name)s/update_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files_add_file', '/%(repo_name)s/add_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_files_create_file', '/%(repo_name)s/create_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_refs_data', '/%(repo_name)s/refs-data', ['repo_name']);
                 pyroutes.register('repo_refs_changelog_data', '/%(repo_name)s/refs-data-changelog', ['repo_name']);
                 pyroutes.register('repo_stats', '/%(repo_name)s/repo_stats/%(commit_id)s', ['repo_name', 'commit_id']);
                 pyroutes.register('repo_changelog', '/%(repo_name)s/changelog', ['repo_name']);
                 pyroutes.register('repo_changelog_file', '/%(repo_name)s/changelog/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
                 pyroutes.register('repo_changelog_elements', '/%(repo_name)s/changelog_elements', ['repo_name']);
                 pyroutes.register('repo_compare_select', '/%(repo_name)s/compare', ['repo_name']);
                 pyroutes.register('repo_compare', '/%(repo_name)s/compare/%(source_ref_type)s@%(source_ref)s...%(target_ref_type)s@%(target_ref)s', ['repo_name', 'source_ref_type', 'source_ref', 'target_ref_type', 'target_ref']);
                 pyroutes.register('tags_home', '/%(repo_name)s/tags', ['repo_name']);
                 pyroutes.register('branches_home', '/%(repo_name)s/branches', ['repo_name']);
                 pyroutes.register('bookmarks_home', '/%(repo_name)s/bookmarks', ['repo_name']);
                 pyroutes.register('repo_fork_new', '/%(repo_name)s/fork', ['repo_name']);
                 pyroutes.register('repo_fork_create', '/%(repo_name)s/fork/create', ['repo_name']);
                 pyroutes.register('repo_forks_show_all', '/%(repo_name)s/forks', ['repo_name']);
                 pyroutes.register('repo_forks_data', '/%(repo_name)s/forks/data', ['repo_name']);
                 pyroutes.register('pullrequest_show', '/%(repo_name)s/pull-request/%(pull_request_id)s', ['repo_name', 'pull_request_id']);
                 pyroutes.register('pullrequest_show_all', '/%(repo_name)s/pull-request', ['repo_name']);
                 pyroutes.register('pullrequest_show_all_data', '/%(repo_name)s/pull-request-data', ['repo_name']);
                 pyroutes.register('pullrequest_repo_refs', '/%(repo_name)s/pull-request/refs/%(target_repo_name)s', ['repo_name', 'target_repo_name']);
                 pyroutes.register('pullrequest_repo_destinations', '/%(repo_name)s/pull-request/repo-destinations', ['repo_name']);
                 pyroutes.register('pullrequest_new', '/%(repo_name)s/pull-request/new', ['repo_name']);
                 pyroutes.register('pullrequest_create', '/%(repo_name)s/pull-request/create', ['repo_name']);
                 pyroutes.register('pullrequest_update', '/%(repo_name)s/pull-request/%(pull_request_id)s/update', ['repo_name', 'pull_request_id']);
                 pyroutes.register('pullrequest_merge', '/%(repo_name)s/pull-request/%(pull_request_id)s/merge', ['repo_name', 'pull_request_id']);
                 pyroutes.register('pullrequest_delete', '/%(repo_name)s/pull-request/%(pull_request_id)s/delete', ['repo_name', 'pull_request_id']);
                 pyroutes.register('pullrequest_comment_create', '/%(repo_name)s/pull-request/%(pull_request_id)s/comment', ['repo_name', 'pull_request_id']);
                 pyroutes.register('pullrequest_comment_delete', '/%(repo_name)s/pull-request/%(pull_request_id)s/comment/%(comment_id)s/delete', ['repo_name', 'pull_request_id', 'comment_id']);
                 pyroutes.register('edit_repo', '/%(repo_name)s/settings', ['repo_name']);
                 pyroutes.register('edit_repo_advanced', '/%(repo_name)s/settings/advanced', ['repo_name']);
                 pyroutes.register('edit_repo_advanced_delete', '/%(repo_name)s/settings/advanced/delete', ['repo_name']);
                 pyroutes.register('edit_repo_advanced_locking', '/%(repo_name)s/settings/advanced/locking', ['repo_name']);
                 pyroutes.register('edit_repo_advanced_journal', '/%(repo_name)s/settings/advanced/journal', ['repo_name']);
                 pyroutes.register('edit_repo_advanced_fork', '/%(repo_name)s/settings/advanced/fork', ['repo_name']);
                 pyroutes.register('edit_repo_caches', '/%(repo_name)s/settings/caches', ['repo_name']);
                 pyroutes.register('edit_repo_perms', '/%(repo_name)s/settings/permissions', ['repo_name']);
                 pyroutes.register('repo_reviewers', '/%(repo_name)s/settings/review/rules', ['repo_name']);
                 pyroutes.register('repo_default_reviewers_data', '/%(repo_name)s/settings/review/default-reviewers', ['repo_name']);
                 pyroutes.register('repo_maintenance', '/%(repo_name)s/settings/maintenance', ['repo_name']);
                 pyroutes.register('repo_maintenance_execute', '/%(repo_name)s/settings/maintenance/execute', ['repo_name']);
                 pyroutes.register('strip', '/%(repo_name)s/settings/strip', ['repo_name']);
                 pyroutes.register('strip_check', '/%(repo_name)s/settings/strip_check', ['repo_name']);
                 pyroutes.register('strip_execute', '/%(repo_name)s/settings/strip_execute', ['repo_name']);
                 pyroutes.register('rss_feed_home', '/%(repo_name)s/feed/rss', ['repo_name']);
                 pyroutes.register('atom_feed_home', '/%(repo_name)s/feed/atom', ['repo_name']);
                 pyroutes.register('repo_summary', '/%(repo_name)s', ['repo_name']);
                 pyroutes.register('repo_summary_slash', '/%(repo_name)s/', ['repo_name']);
                 pyroutes.register('repo_group_home', '/%(repo_group_name)s', ['repo_group_name']);
                 pyroutes.register('repo_group_home_slash', '/%(repo_group_name)s/', ['repo_group_name']);
                 pyroutes.register('search', '/_admin/search', []);
                 pyroutes.register('search_repo', '/%(repo_name)s/search', ['repo_name']);
                 pyroutes.register('user_profile', '/_profiles/%(username)s', ['username']);
                 pyroutes.register('my_account_profile', '/_admin/my_account/profile', []);
                 pyroutes.register('my_account_edit', '/_admin/my_account/edit', []);
                 pyroutes.register('my_account_update', '/_admin/my_account/update', []);
                 pyroutes.register('my_account_password', '/_admin/my_account/password', []);
                 pyroutes.register('my_account_password_update', '/_admin/my_account/password/update', []);
                 pyroutes.register('my_account_auth_tokens', '/_admin/my_account/auth_tokens', []);
                 pyroutes.register('my_account_auth_tokens_add', '/_admin/my_account/auth_tokens/new', []);
                 pyroutes.register('my_account_auth_tokens_delete', '/_admin/my_account/auth_tokens/delete', []);
                 pyroutes.register('my_account_emails', '/_admin/my_account/emails', []);
                 pyroutes.register('my_account_emails_add', '/_admin/my_account/emails/new', []);
                 pyroutes.register('my_account_emails_delete', '/_admin/my_account/emails/delete', []);
                 pyroutes.register('my_account_repos', '/_admin/my_account/repos', []);
                 pyroutes.register('my_account_watched', '/_admin/my_account/watched', []);
                 pyroutes.register('my_account_perms', '/_admin/my_account/perms', []);
                 pyroutes.register('my_account_notifications', '/_admin/my_account/notifications', []);
                 pyroutes.register('my_account_notifications_toggle_visibility', '/_admin/my_account/toggle_visibility', []);
                 pyroutes.register('my_account_pullrequests', '/_admin/my_account/pull_requests', []);
                 pyroutes.register('my_account_pullrequests_data', '/_admin/my_account/pull_requests/data', []);
                 pyroutes.register('notifications_show_all', '/_admin/notifications', []);
                 pyroutes.register('notifications_mark_all_read', '/_admin/notifications/mark_all_read', []);
                 pyroutes.register('notifications_show', '/_admin/notifications/%(notification_id)s', ['notification_id']);
                 pyroutes.register('notifications_update', '/_admin/notifications/%(notification_id)s/update', ['notification_id']);
                 pyroutes.register('notifications_delete', '/_admin/notifications/%(notification_id)s/delete', ['notification_id']);
                 pyroutes.register('my_account_notifications_test_channelstream', '/_admin/my_account/test_channelstream', []);
                 pyroutes.register('gists_show', '/_admin/gists', []);
                 pyroutes.register('gists_new', '/_admin/gists/new', []);
                 pyroutes.register('gists_create', '/_admin/gists/create', []);
                 pyroutes.register('gist_show', '/_admin/gists/%(gist_id)s', ['gist_id']);
                 pyroutes.register('gist_delete', '/_admin/gists/%(gist_id)s/delete', ['gist_id']);
                 pyroutes.register('gist_edit', '/_admin/gists/%(gist_id)s/edit', ['gist_id']);
                 pyroutes.register('gist_edit_check_revision', '/_admin/gists/%(gist_id)s/edit/check_revision', ['gist_id']);
                 pyroutes.register('gist_update', '/_admin/gists/%(gist_id)s/update', ['gist_id']);
                 pyroutes.register('gist_show_rev', '/_admin/gists/%(gist_id)s/%(revision)s', ['gist_id', 'revision']);
                 pyroutes.register('gist_show_formatted', '/_admin/gists/%(gist_id)s/%(revision)s/%(format)s', ['gist_id', 'revision', 'format']);
                 pyroutes.register('gist_show_formatted_path', '/_admin/gists/%(gist_id)s/%(revision)s/%(format)s/%(f_path)s', ['gist_id', 'revision', 'format', 'f_path']);
                 pyroutes.register('debug_style_home', '/_admin/debug_style', []);
                 pyroutes.register('debug_style_template', '/_admin/debug_style/t/%(t_path)s', ['t_path']);
                 pyroutes.register('apiv2', '/_admin/api', []);
             }

rhodecode/templates/admin/user_groups/user_group_edit.mako

0 +1 -1

             ## -*- coding: utf-8 -*-
             <%inherit file="/base/base.mako"/>
             <%def name="title()">
                 ${_('%s user group settings') % c.user_group.users_group_name}
                 %if c.rhodecode_name:
                     &middot; ${h.branding(c.rhodecode_name)}
                 %endif
             </%def>
             <%def name="breadcrumbs_links()">
                 ${h.link_to(_('Admin'),h.route_path('admin_home'))}
                 &raquo;
                 ${h.link_to(_('User Groups'),h.url('users_groups'))}
                 &raquo;
                 ${c.user_group.users_group_name}
             </%def>
             <%def name="menu_bar_nav()">
                 ${self.menu_items(active='admin')}
             </%def>
             <%def name="main()">
             <div class="box">
               <div class="title">
                   ${self.breadcrumbs()}
               </div>
               ##main
               <div class="sidebar-col-wrapper">
                 <div class="sidebar">
                     <ul class="nav nav-pills nav-stacked">
                       <li class="${'active' if c.active=='settings' else ''}"><a href="${h.url('edit_users_group', user_group_id=c.user_group.users_group_id)}">${_('Settings')}</a></li>
                       <li class="${'active' if c.active=='perms' else ''}"><a href="${h.url('edit_user_group_perms', user_group_id=c.user_group.users_group_id)}">${_('Permissions')}</a></li>
                       <li class="${'active' if c.active=='advanced' else ''}"><a href="${h.url('edit_user_group_advanced', user_group_id=c.user_group.users_group_id)}">${_('Advanced')}</a></li>
                       <li class="${'active' if c.active=='global_perms' else ''}"><a href="${h.url('edit_user_group_global_perms', user_group_id=c.user_group.users_group_id)}">${_('Global permissions')}</a></li>
-                      <li class="${'active' if c.active=='perms_summary' else ''}"><a href="${h.url('edit_user_group_perms_summary', user_group_id=c.user_group.users_group_id)}">${_('Permissions summary')}</a></li>
+                      <li class="${'active' if c.active=='perms_summary' else ''}"><a href="${h.route_path('edit_user_group_perms_summary', user_group_id=c.user_group.users_group_id)}">${_('Permissions summary')}</a></li>
                     </ul>
                 </div>
                 <div class="main-content-full-width">
                     <%include file="/admin/user_groups/user_group_edit_${c.active}.mako"/>
                 </div>
               </div>
             </div>
             </%def>

rhodecode/templates/admin/user_groups/user_group_edit_perms_summary.mako

0 +1 -1

             ## permissions overview
             <%namespace name="p" file="/base/perms_summary.mako"/>
-            ${p.perms_summary(c.permissions)}
+            ${p.perms_summary(c.permissions, side_link=h.route_path('edit_user_group_perms_summary_json', user_group_id=c.user_group.users_group_id))}

rhodecode/templates/admin/users/user_edit.mako

0 +1 -1

             ## -*- coding: utf-8 -*-
             <%inherit file="/base/base.mako"/>
             <%def name="title()">
                 ${_('%s user settings') % c.user.username}
                 %if c.rhodecode_name:
                     &middot; ${h.branding(c.rhodecode_name)}
                 %endif
             </%def>
             <%def name="breadcrumbs_links()">
                 ${h.link_to(_('Admin'),h.route_path('admin_home'))}
                 &raquo;
                 ${h.link_to(_('Users'),h.route_path('users'))}
                 &raquo;
                 % if c.user.active:
                 ${c.user.username}
                 % else:
                 <strike title="${_('This user is set as disabled')}">${c.user.username}</strike>
                 % endif
             </%def>
             <%def name="menu_bar_nav()">
                 ${self.menu_items(active='admin')}
             </%def>
             <%def name="main()">
             <div class="box user_settings">
                 <div class="title">
                     ${self.breadcrumbs()}
                 </div>
                 ##main
               <div class="sidebar-col-wrapper">
                 <div class="sidebar">
                     <ul class="nav nav-pills nav-stacked">
                       <li class="${'active' if c.active=='profile' else ''}"><a href="${h.url('edit_user', user_id=c.user.user_id)}">${_('User Profile')}</a></li>
                       <li class="${'active' if c.active=='auth_tokens' else ''}"><a href="${h.route_path('edit_user_auth_tokens', user_id=c.user.user_id)}">${_('Auth tokens')}</a></li>
                       <li class="${'active' if c.active in ['ssh_keys','ssh_keys_generate'] else ''}"><a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id)}">${_('SSH Keys')}</a></li>
                       <li class="${'active' if c.active=='advanced' else ''}"><a href="${h.url('edit_user_advanced', user_id=c.user.user_id)}">${_('Advanced')}</a></li>
                       <li class="${'active' if c.active=='global_perms' else ''}"><a href="${h.url('edit_user_global_perms', user_id=c.user.user_id)}">${_('Global permissions')}</a></li>
-                      <li class="${'active' if c.active=='perms_summary' else ''}"><a href="${h.url('edit_user_perms_summary', user_id=c.user.user_id)}">${_('Permissions summary')}</a></li>
+                      <li class="${'active' if c.active=='perms_summary' else ''}"><a href="${h.route_path('edit_user_perms_summary', user_id=c.user.user_id)}">${_('Permissions summary')}</a></li>
                       <li class="${'active' if c.active=='emails' else ''}"><a href="${h.route_path('edit_user_emails', user_id=c.user.user_id)}">${_('Emails')}</a></li>
                       <li class="${'active' if c.active=='ips' else ''}"><a href="${h.route_path('edit_user_ips', user_id=c.user.user_id)}">${_('Ip Whitelist')}</a></li>
                       <li class="${'active' if c.active=='groups' else ''}"><a href="${h.route_path('edit_user_groups_management', user_id=c.user.user_id)}">${_('User Groups Management')}</a></li>
                       <li class="${'active' if c.active=='audit' else ''}"><a href="${h.route_path('edit_user_audit_logs', user_id=c.user.user_id)}">${_('User audit')}</a></li>
                     </ul>
                 </div>
                 <div class="main-content-full-width">
                     <%include file="/admin/users/user_edit_${c.active}.mako"/>
                 </div>
               </div>
             </div>
             </%def>

rhodecode/templates/admin/users/user_edit_perms_summary.mako

0 +1 -1

             ## permissions overview
             <%namespace name="p" file="/base/perms_summary.mako"/>
-            ${p.perms_summary(c.perm_user.permissions, show_all=True)}
+            ${p.perms_summary(c.perm_user.permissions, show_all=True, side_link=h.route_path('edit_user_perms_summary_json', user_id=c.user.user_id))}

rhodecode/templates/base/perms_summary.mako

0 +6 -1

             ## snippet for displaying permissions overview for users
             ## usage:
             ##    <%namespace name="p" file="/base/perms_summary.mako"/>
             ##    ${p.perms_summary(c.perm_user.permissions)}
-            <%def name="perms_summary(permissions, show_all=False, actions=True)">
+            <%def name="perms_summary(permissions, show_all=False, actions=True, side_link=None)">
             <div id="perms" class="table fields">
               %for section in sorted(permissions.keys()):
               <div class="panel panel-default">
                 <div class="panel-heading">
                     <h3 class="panel-title">${section.replace("_"," ").capitalize()}</h3>
+                    % if side_link:
+                        <div class="pull-right">
+                            <a href="${side_link}">${_('in JSON format')}</a>
+                        </div>
+                    % endif
                 </div>
                 <div class="panel-body">
                   <div class="perms_section_head field">
                     <div class="radios">
                       %if section != 'global':
                           <span class="permissions_boxes">
                           <span class="desc">${_('show')}: </span>
                           ${h.checkbox('perms_filter_none_%s' % section, 'none', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='none')}   <label for="${'perms_filter_none_%s' % section}"><span class="perm_tag none">${_('none')}</span></label>
                           ${h.checkbox('perms_filter_read_%s' % section, 'read', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='read')}   <label for="${'perms_filter_read_%s' % section}"><span class="perm_tag read">${_('read')}</span></label>
                           ${h.checkbox('perms_filter_write_%s' % section, 'write', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='write')} <label for="${'perms_filter_write_%s' % section}"> <span class="perm_tag write">${_('write')}</span></label>
                           ${h.checkbox('perms_filter_admin_%s' % section, 'admin', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='admin')} <label for="${'perms_filter_admin_%s' % section}"><span class="perm_tag admin">${_('admin')}</span></label>
                           </span>
                       %endif
                     </div>
                   </div>
                   <div class="field">
                     %if not permissions[section]:
                         <p class="empty_data help-block">${_('No permissions defined')}</p>
                     %else:
                     <div id='tbl_list_wrap_${section}'>
                      <table id="tbl_list_${section}" class="rctable">
                       ## global permission box
                       %if section == 'global':
                         <thead>
                             <tr>
                             <th colspan="2" class="left">${_('Permission')}</th>
                             %if actions:
                             <th>${_('Edit Permission')}</th>
                             %endif
                         </thead>
                         <tbody>
                         <%
                           def get_section_perms(prefix, opts):
                               _selected = []
                               for op in opts:
                                   if op.startswith(prefix) and not op.startswith('hg.create.write_on_repogroup'):
                                       _selected.append(op)
                               admin = 'hg.admin' in opts
                               _selected_vals = [x.partition(prefix)[-1] for x in _selected]
                               return admin, _selected_vals, _selected
                         %>
                         <%def name="glob(lbl, val, val_lbl=None, custom_url=None)">
                           <tr>
                             <td class="td-tags">
                                 ${lbl}
                             </td>
                             <td class="td-tags">
                                 %if val[0]:
                                   %if not val_lbl:
                                       ${h.bool2icon(True)}
                                   %else:
                                       <span class="perm_tag admin">${val_lbl}.admin</span>
                                   %endif
                                 %else:
                                   %if not val_lbl:
                                       ${h.bool2icon({'false': False,
                                                      'true': True,
                                                      'none': False,
                                                      'repository': True}.get(val[1][0] if 0 < len(val[1]) else 'false'))}
                                   %else:
                                       <span class="perm_tag ${val[1][0]}">${val_lbl}.${val[1][0]}</span>
                                   %endif
                                 %endif
                             </td>
                             %if actions:
                             <td class="td-action">
                                  <a href="${custom_url or h.route_path('admin_permissions_global')}">${_('edit')}</a>
                             </td>
                             %endif
                           </tr>
                         </%def>
                        ${glob(_('Super admin'), get_section_perms('hg.admin', permissions[section]))}
                        ${glob(_('Repository default permission'), get_section_perms('repository.', permissions[section]), 'repository', h.route_path('admin_permissions_object'))}
                        ${glob(_('Repository group default permission'), get_section_perms('group.', permissions[section]), 'group', h.route_path('admin_permissions_object'))}
                        ${glob(_('User group default permission'), get_section_perms('usergroup.', permissions[section]), 'usergroup', h.route_path('admin_permissions_object'))}
                        ${glob(_('Create repositories'), get_section_perms('hg.create.', permissions[section]), custom_url=h.route_path('admin_permissions_global'))}
                        ${glob(_('Fork repositories'), get_section_perms('hg.fork.', permissions[section]), custom_url=h.route_path('admin_permissions_global'))}
                        ${glob(_('Create repository groups'), get_section_perms('hg.repogroup.create.', permissions[section]), custom_url=h.route_path('admin_permissions_global'))}
                        ${glob(_('Create user groups'), get_section_perms('hg.usergroup.create.', permissions[section]), custom_url=h.route_path('admin_permissions_global'))}
                        </tbody>
                       %else:
                        ## none/read/write/admin permissions on groups/repos etc
                         <thead>
                             <tr>
                             <th>${_('Name')}</th>
                             <th>${_('Permission')}</th>
                             %if actions:
                             <th>${_('Edit Permission')}</th>
                             %endif
                         </thead>
                         <tbody class="section_${section}">
                         <%
                             def sorter(permissions):
                                 def custom_sorter(item):
                                    ## read/write/admin
                                    section = item[1].split('.')[-1]
                                    section_importance = {'none': u'0',
                                                          'read': u'1',
                                                          'write':u'2',
                                                          'admin':u'3'}.get(section)
                                    ## sort by group importance+name
                                    return section_importance+item[0]
                                 return sorted(permissions, key=custom_sorter)
                         %>
                         %for k, section_perm in sorter(permissions[section].items()):
                             %if section_perm.split('.')[-1] != 'none' or show_all:
                             <tr class="perm_row ${'%s_%s' % (section, section_perm.split('.')[-1])}">
                                 <td class="td-componentname">
                                     %if section == 'repositories':
                                         <a href="${h.route_path('repo_summary',repo_name=k)}">${k}</a>
                                     %elif section == 'repositories_groups':
                                         <a href="${h.route_path('repo_group_home', repo_group_name=k)}">${k}</a>
                                     %elif section == 'user_groups':
                                         ##<a href="${h.url('edit_users_group',user_group_id=k)}">${k}</a>
                                         ${k}
                                     %endif
                                 </td>
                                 <td class="td-tags">
                                   %if hasattr(permissions[section], 'perm_origin_stack'):
                                      %for i, (perm, origin) in enumerate(reversed(permissions[section].perm_origin_stack[k])):
                                      <span class="${i > 0 and 'perm_overriden' or ''} perm_tag ${perm.split('.')[-1]}">
                                       ${perm} (${origin})
                                     </span>
                                      %endfor
                                   %else:
                                      <span class="perm_tag ${section_perm.split('.')[-1]}">${section_perm}</span>
                                   %endif
                                 </td>
                                 %if actions:
                                 <td class="td-action">
                                     %if section == 'repositories':
                                         <a href="${h.route_path('edit_repo_perms',repo_name=k,_anchor='permissions_manage')}">${_('edit')}</a>
                                     %elif section == 'repositories_groups':
                                         <a href="${h.url('edit_repo_group_perms',group_name=k,anchor='permissions_manage')}">${_('edit')}</a>
                                     %elif section == 'user_groups':
                                         ##<a href="${h.url('edit_users_group',user_group_id=k)}">${_('edit')}</a>
                                     %endif
                                 </td>
                                 %endif
                             </tr>
                             %endif
                         %endfor
                         <tr id="empty_${section}" class="noborder" style="display:none;">
                           <td colspan="6">${_('No permission defined')}</td>
                         </tr>
                         </tbody>
                       %endif
                      </table>
                     </div>
                     %endif
                   </div>
                 </div>
               </div>
               %endfor
             </div>
             <script>
                 $(document).ready(function(){
                     var show_empty = function(section){
                         var visible = $('.section_{0} tr.perm_row:visible'.format(section)).length;
                         if(visible == 0){
                             $('#empty_{0}'.format(section)).show();
                         }
                         else{
                             $('#empty_{0}'.format(section)).hide();
                         }
                     };
                     $('.perm_filter').on('change', function(e){
                         var self = this;
                         var section = $(this).attr('section');
                         var opts = {};
                         var elems = $('.filter_' + section).each(function(el){
                             var perm_type = $(this).attr('perm_type');
                             var checked = this.checked;
                             opts[perm_type] = checked;
                             if(checked){
                                 $('.'+section+'_'+perm_type).show();
                             }
                             else{
                                 $('.'+section+'_'+perm_type).hide();
                             }
                         });
                         show_empty(section);
                     })
                 })
             </script>
             </%def>

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages