##// END OF EJS Templates
auth: reduced usage of raw auth calls inside templates
marcink -
r3587:4c21f44c new-ui
parent child Browse files
Show More
@@ -168,6 +168,28 b' class BaseAppView(object):'
168 168 from rhodecode.lib.base import attach_context_attributes
169 169 attach_context_attributes(c, self.request, self.request.user.user_id)
170 170
171 c.is_super_admin = c.auth_user.is_admin
172
173 c.can_create_repo = c.is_super_admin
174 c.can_create_repo_group = c.is_super_admin
175 c.can_create_user_group = c.is_super_admin
176
177 c.is_delegated_admin = False
178
179 if not c.auth_user.is_default:
180 c.can_create_repo = h.HasPermissionAny('hg.create.repository')(
181 user=self.request.user)
182 repositories = c.auth_user.repositories_admin or c.can_create_repo
183
184 c.can_create_repo_group = h.HasPermissionAny('hg.repogroup.create.true')(
185 user=self.request.user)
186 repository_groups = c.auth_user.repository_groups_admin or c.can_create_repo_group
187
188 c.can_create_user_group = h.HasPermissionAny('hg.usergroup.create.true')(
189 user=self.request.user)
190 user_groups = c.auth_user.user_groups_admin or c.can_create_user_group
191 # delegated admin can create, or manage some objects
192 c.is_delegated_admin = repositories or repository_groups or user_groups
171 193 return c
172 194
173 195 def _get_template_context(self, tmpl_args, **kwargs):
@@ -20,12 +20,12 b''
20 20
21 21 import logging
22 22
23 from pyramid.httpexceptions import HTTPFound
23 from pyramid.httpexceptions import HTTPFound, HTTPNotFound
24 24 from pyramid.view import view_config
25 25
26 26 from rhodecode.apps._base import BaseAppView
27 27 from rhodecode.lib import helpers as h
28 from rhodecode.lib.auth import (LoginRequired, HasPermissionAllDecorator)
28 from rhodecode.lib.auth import (LoginRequired, NotAnonymous)
29 29 from rhodecode.model.db import PullRequest
30 30
31 31
@@ -38,13 +38,17 b' class AdminMainView(BaseAppView):'
38 38 return c
39 39
40 40 @LoginRequired()
41 @HasPermissionAllDecorator('hg.admin')
41 @NotAnonymous()
42 42 @view_config(
43 43 route_name='admin_home', request_method='GET',
44 44 renderer='rhodecode:templates/admin/main.mako')
45 45 def admin_main(self):
46 46 c = self.load_default_context()
47 47 c.active = 'admin'
48
49 if not (c.is_super_admin or c.is_delegated_admin):
50 raise HTTPNotFound()
51
48 52 return self._get_template_context(c)
49 53
50 54 @LoginRequired()
@@ -54,8 +58,7 b' class AdminMainView(BaseAppView):'
54 58 def pull_requests(self):
55 59 """
56 60 Global redirect for Pull Requests
57
58 :param pull_request_id: id of pull requests in the system
61 pull_request_id: id of pull requests in the system
59 62 """
60 63
61 64 pull_request = PullRequest.get_or_404(
@@ -2078,8 +2078,7 b' class HasRepoPermissionAny(PermsFunction'
2078 2078 class HasRepoGroupPermissionAny(PermsFunction):
2079 2079 def __call__(self, group_name=None, check_location='', user=None):
2080 2080 self.repo_group_name = group_name
2081 return super(HasRepoGroupPermissionAny, self).__call__(
2082 check_location, user)
2081 return super(HasRepoGroupPermissionAny, self).__call__(check_location, user)
2083 2082
2084 2083 def check_permissions(self, user):
2085 2084 perms = user.permissions
@@ -2095,8 +2094,7 b' class HasRepoGroupPermissionAny(PermsFun'
2095 2094 class HasRepoGroupPermissionAll(PermsFunction):
2096 2095 def __call__(self, group_name=None, check_location='', user=None):
2097 2096 self.repo_group_name = group_name
2098 return super(HasRepoGroupPermissionAll, self).__call__(
2099 check_location, user)
2097 return super(HasRepoGroupPermissionAll, self).__call__(check_location, user)
2100 2098
2101 2099 def check_permissions(self, user):
2102 2100 perms = user.permissions
@@ -2112,8 +2110,7 b' class HasRepoGroupPermissionAll(PermsFun'
2112 2110 class HasUserGroupPermissionAny(PermsFunction):
2113 2111 def __call__(self, user_group_name=None, check_location='', user=None):
2114 2112 self.user_group_name = user_group_name
2115 return super(HasUserGroupPermissionAny, self).__call__(
2116 check_location, user)
2113 return super(HasUserGroupPermissionAny, self).__call__(check_location, user)
2117 2114
2118 2115 def check_permissions(self, user):
2119 2116 perms = user.permissions
@@ -2129,8 +2126,7 b' class HasUserGroupPermissionAny(PermsFun'
2129 2126 class HasUserGroupPermissionAll(PermsFunction):
2130 2127 def __call__(self, user_group_name=None, check_location='', user=None):
2131 2128 self.user_group_name = user_group_name
2132 return super(HasUserGroupPermissionAll, self).__call__(
2133 check_location, user)
2129 return super(HasUserGroupPermissionAll, self).__call__(check_location, user)
2134 2130
2135 2131 def check_permissions(self, user):
2136 2132 perms = user.permissions
@@ -288,7 +288,6 b' def attach_context_attributes(context, r'
288 288 """
289 289 config = request.registry.settings
290 290
291
292 291 rc_config = SettingsModel().get_all_settings(cache=True)
293 292
294 293 context.rhodecode_version = rhodecode.__version__
@@ -52,7 +52,7 b''
52 52 ##main
53 53 <div class="sidebar">
54 54 <ul class="nav nav-pills nav-stacked">
55 % if h.HasPermissionAll('hg.admin')('access admin gists page'):
55 % if c.is_super_admin:
56 56 <li class="${'active' if c.active=='all' else ''}"><a href="${h.route_path('gists_show', _query={'all': 1})}">${_('All gists')}</a></li>
57 57 %endif
58 58 <li class="${'active' if c.active=='public' else ''}"><a href="${h.route_path('gists_show')}">${_('All public')}</a></li>
@@ -48,7 +48,7 b''
48 48 </code>
49 49 </div>
50 50 <div class="stats">
51 %if h.HasPermissionAny('hg.admin')() or c.gist.gist_owner == c.rhodecode_user.user_id:
51 %if c.is_super_admin or c.gist.gist_owner == c.rhodecode_user.user_id:
52 52 <div class="remove_gist">
53 53 ${h.secure_form(h.route_path('gist_delete', gist_id=c.gist.gist_access_id), request=request)}
54 54 ${h.submit('remove_gist', _('Delete'),class_="btn btn-mini btn-danger",onclick="return confirm('"+_('Confirm to delete this Gist')+"');")}
@@ -59,7 +59,7 b''
59 59 ## only owner should see that
60 60 <a href="#copySource" onclick="return false;" class="btn btn-mini icon-clipboard clipboard-action" data-clipboard-text="${c.files[0].content}">${_('Copy content')}</a>
61 61
62 %if h.HasPermissionAny('hg.admin')() or c.gist.gist_owner == c.rhodecode_user.user_id:
62 %if c.is_super_admin or c.gist.gist_owner == c.rhodecode_user.user_id:
63 63 ${h.link_to(_('Edit'), h.route_path('gist_edit', gist_id=c.gist.gist_access_id), class_="btn btn-mini")}
64 64 %endif
65 65 ${h.link_to(_('Show as Raw'), h.route_path('gist_show_formatted', gist_id=c.gist.gist_access_id, revision='tip', format='raw'), class_="btn btn-mini")}
@@ -34,16 +34,8 b''
34 34 <div class="box">
35 35
36 36 ##main
37 <div class='sidebar-col-wrapper'>
38 <div class="sidebar">
39 <ul class="nav nav-pills nav-stacked">
40 ${self.side_bar_nav()}
41 </ul>
42 </div>
43
44 <div class="main-content-auto-width">
37 <div class="main-content-auto-width">
45 38 ${self.main_content()}
46 </div>
47 39 </div>
48 40 </div>
49 41
@@ -141,7 +141,7 b''
141 141 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'group.admin', checked=_user_group.permission=='group.admin')}</td>
142 142 <td class="td-componentname">
143 143 <i class="icon-user-group"></i>
144 %if h.HasPermissionAny('hg.admin')():
144 %if c.is_super_admin:
145 145 <a href="${h.route_path('edit_user_group',user_group_id=_user_group.users_group_id)}">
146 146 ${_user_group.users_group_name}
147 147 </a>
@@ -26,7 +26,7 b''
26 26 <div class="title">
27 27
28 28 <ul class="links">
29 %if h.HasPermissionAny('hg.admin','hg.repogroup.create.true')():
29 %if c.can_create_repo_group:
30 30 <li>
31 31 <a href="${h.route_path('repo_group_new')}" class="btn btn-small btn-success">${_(u'Add Repository Group')}</a>
32 32 </li>
@@ -136,7 +136,7 b''
136 136 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.admin', checked=_user_group.permission=='repository.admin')}</td>
137 137 <td class="td-componentname">
138 138 <i class="icon-user-group"></i>
139 %if h.HasPermissionAny('hg.admin')():
139 %if c.is_super_admin:
140 140 <a href="${h.route_path('edit_user_group',user_group_id=_user_group.users_group_id)}">
141 141 ${_user_group.users_group_name}
142 142 </a>
@@ -25,7 +25,7 b''
25 25 <div class="box">
26 26 <div class="title">
27 27 <ul class="links">
28 %if h.HasPermissionAny('hg.admin','hg.create.repository')():
28 %if c.can_create_repo:
29 29 <li>
30 30 <a href="${h.route_path('repo_new')}" class="btn btn-small btn-success">${_(u'Add Repository')}</a>
31 31 </li>
@@ -143,7 +143,7 b''
143 143 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'usergroup.admin')}</td>
144 144 <td class="td-user">
145 145 <i class="icon-user-group"></i>
146 %if h.HasPermissionAny('hg.admin')():
146 %if c.is_super_admin:
147 147 <a href="${h.route_path('edit_user_group',user_group_id=_user_group.users_group_id)}">
148 148 ${_user_group.users_group_name}
149 149 </a>
@@ -26,7 +26,7 b''
26 26
27 27 <div class="title">
28 28 <ul class="links">
29 %if h.HasPermissionAny('hg.admin', 'hg.usergroup.create.true')():
29 %if c.can_create_user_group:
30 30 <li>
31 31 <a href="${h.route_path('user_groups_new')}" class="btn btn-small btn-success">${_(u'Add User Group')}</a>
32 32 </li>
@@ -76,12 +76,6 b''
76 76
77 77 <%def name="admin_menu(active=None)">
78 78 <%
79 is_super_admin = c.rhodecode_user.is_admin
80 repositories=c.rhodecode_user.repositories_admin
81 repository_groups=c.rhodecode_user.repository_groups_admin
82 user_groups=c.rhodecode_user.user_groups_admin or h.HasPermissionAny('hg.usergroup.create.true')()
83 is_delegated_admin = repositories or repository_groups or user_groups
84
85 79 def is_active(selected):
86 80 if selected == active:
87 81 return "active"
@@ -104,7 +98,7 b''
104 98 <ul id="context-pages" class="navigation horizontal-list">
105 99
106 100 ## super admin case
107 % if is_super_admin:
101 % if c.is_super_admin:
108 102 <li class="${is_active('audit_logs')}"><a href="${h.route_path('admin_audit_logs')}">${_('Admin audit logs')}</a></li>
109 103 <li class="${is_active('repositories')}"><a href="${h.route_path('repos')}">${_('Repositories')}</a></li>
110 104 <li class="${is_active('repository_groups')}"><a href="${h.route_path('repo_groups')}">${_('Repository groups')}</a></li>
@@ -117,7 +111,13 b''
117 111 <li class="${is_active('settings')}"><a href="${h.route_path('admin_settings')}">${_('Settings')}</a></li>
118 112
119 113 ## delegated admin
120 % elif is_delegated_admin:
114 % elif c.is_delegated_admin:
115 <%
116 repositories=c.auth_user.repositories_admin or c.can_create_repo
117 repository_groups=c.auth_user.repository_groups_admin or c.can_create_repo_group
118 user_groups=c.auth_user.user_groups_admin or c.can_create_user_group
119 %>
120
121 121 %if repositories:
122 122 <li class="${is_active('repositories')} local-admin-repos"><a href="${h.route_path('repos')}">${_('Repositories')}</a></li>
123 123 %endif
@@ -361,8 +361,6 b''
361 361 if selected == active:
362 362 return "active"
363 363
364 is_admin = h.HasPermissionAny('hg.admin')('can create repos index page')
365
366 364 gr_name = c.repo_group.group_name if c.repo_group else None
367 365 # create repositories with write permission on group is set to true
368 366 create_on_write = h.HasPermissionAny('hg.create.write_on_repogroup.true')()
@@ -380,7 +378,7 b''
380 378
381 379 <ul id="context-pages" class="navigation horizontal-list">
382 380 <li class="${is_active('home')}"><a class="menulink" href="${h.route_path('repo_group_home', repo_group_name=c.repo_group.group_name)}"><div class="menulabel">${_('Group Home')}</div></a></li>
383 % if is_admin or group_admin:
381 % if c.is_super_admin or group_admin:
384 382 <li class="${is_active('settings')}"><a class="menulink" href="${h.route_path('edit_repo_group',repo_group_name=c.repo_group.group_name)}" title="${_('You have admin right to this group, and can edit it')}"><div class="menulabel">${_('Group Settings')}</div></a></li>
385 383 % endif
386 384
@@ -389,10 +387,10 b''
389 387 <div class="menulabel">${_('Options')} <div class="show_more"></div></div>
390 388 </a>
391 389 <ul class="submenu">
392 %if is_admin or group_admin or (group_write and create_on_write):
390 %if c.is_super_admin or group_admin or (group_write and create_on_write):
393 391 <li><a href="${h.route_path('repo_new',_query=dict(parent_group=c.repo_group.group_id))}">${_('Add Repository')}</a></li>
394 392 %endif
395 %if is_admin or group_admin:
393 %if c.is_super_admin or group_admin:
396 394 <li><a href="${h.route_path('repo_group_new',_query=dict(parent_group=c.repo_group.group_id))}">${_(u'Add Parent Group')}</a></li>
397 395 %endif
398 396 </ul>
@@ -611,11 +609,13 b''
611 609 </a>
612 610 </li>
613 611
612 % if c.is_super_admin or c.is_delegated_admin:
614 613 <li class="${is_active('admin')}">
615 614 <a class="menulink childs" title="${_('Admin settings')}" href="${h.route_path('admin_home')}">
616 615 <div class="menulabel">${_('Admin')} </div>
617 616 </a>
618 617 </li>
618 % endif
619 619
620 620 ## render extra user menu
621 621 ${usermenu(active=(active=='my_account'))}
@@ -139,7 +139,7 b''
139 139 ## only super-admin, repo admin OR comment owner can delete, also hide delete if currently viewed comment is outdated
140 140 %if not outdated_at_ver and (not comment.pull_request or (comment.pull_request and not comment.pull_request.is_closed())):
141 141 ## permissions to delete
142 %if h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionAny('repository.admin')(c.repo_name) or comment.author.user_id == c.rhodecode_user.user_id:
142 %if c.is_super_admin or h.HasRepoPermissionAny('repository.admin')(c.repo_name) or comment.author.user_id == c.rhodecode_user.user_id:
143 143 ## TODO: dan: add edit comment here
144 144 <a onclick="return Rhodecode.comments.deleteComment(this);" class="delete-comment"> ${_('Delete')}</a>
145 145 %else:
@@ -14,20 +14,13 b''
14 14 <div class="title">
15 15 %if c.rhodecode_user.username != h.DEFAULT_USER:
16 16 <div class="block-right">
17 <%
18 is_admin = h.HasPermissionAny('hg.admin')('can create repos index page')
19 create_repo = h.HasPermissionAny('hg.create.repository')('can create repository index page')
20 create_repo_group = h.HasPermissionAny('hg.repogroup.create.true')('can create repository groups index page')
21 create_user_group = h.HasPermissionAny('hg.usergroup.create.true')('can create user groups index page')
22 %>
23
24 17 %if not c.repo_group:
25 18 ## no repository group context here
26 %if is_admin or create_repo:
19 %if c.is_super_admin or c.can_create_repo:
27 20 <a href="${h.route_path('repo_new')}" class="btn btn-small btn-success btn-primary">${_('Add Repository')}</a>
28 21 %endif
29 22
30 %if is_admin or create_repo_group:
23 %if c.is_super_admin or c.can_create_repo_group:
31 24 <a href="${h.route_path('repo_group_new')}" class="btn btn-small btn-default">${_(u'Add Repository Group')}</a>
32 25 %endif
33 26 %endif
@@ -173,7 +173,7 b''
173 173 <span class="disabled">
174 174 ${_('Downloads are disabled for this repository')}.
175 175 </span>
176 % if h.HasPermissionAll('hg.admin')('enable downloads on from summary'):
176 % if c.is_super_admin:
177 177 ${h.link_to(_('Enable downloads'),h.route_path('edit_repo',repo_name=c.repo_name, _anchor='repo_enable_downloads'))}
178 178 % endif
179 179 % else:
@@ -205,7 +205,7 b''
205 205 <span class="disabled">
206 206 ${_('Statistics are disabled for this repository')}.
207 207 </span>
208 % if h.HasPermissionAll('hg.admin')('enable stats on from summary'):
208 % if c.is_super_admin:
209 209 ${h.link_to(_('Enable statistics'),h.route_path('edit_repo',repo_name=c.repo_name, _anchor='repo_enable_statistics'))}
210 210 % endif
211 211 % endif
@@ -3,7 +3,7 b''
3 3 <div class="panel panel-default user-profile">
4 4 <div class="panel-heading">
5 5 <h3 class="panel-title">${_('User group profile')}</h3>
6 %if h.HasPermissionAny('hg.admin')():
6 %if c.is_super_admin:
7 7 ${h.link_to(_('Edit'), h.route_path('edit_user_group', user_group_id=c.user_group.users_group_id), class_='panel-edit')}
8 8 %endif
9 9 </div>
@@ -3,7 +3,7 b''
3 3 <div class="panel panel-default user-profile">
4 4 <div class="panel-heading">
5 5 <h3 class="panel-title">${_('User Profile')}</h3>
6 %if h.HasPermissionAny('hg.admin')():
6 %if c.is_super_admin:
7 7 ${h.link_to(_('Edit'), h.route_path('user_edit', user_id=c.user.user_id), class_='panel-edit')}
8 8 %endif
9 9 </div>
General Comments 0
You need to be logged in to leave comments. Login now