Show More
| @@ -17,13 +17,8 b'' | |||||
| 17 | # and proprietary license terms, please see https://rhodecode.com/licenses/ |
|
17 | # and proprietary license terms, please see https://rhodecode.com/licenses/ | |
| 18 |
|
18 | |||
| 19 | import logging |
|
19 | import logging | |
| 20 | import formencode |
|
|||
| 21 |
|
20 | |||
| 22 | from rhodecode import BACKENDS |
|
|||
| 23 | from rhodecode.apps._base import BaseAppView |
|
21 | from rhodecode.apps._base import BaseAppView | |
| 24 | from rhodecode.model.meta import Session |
|
|||
| 25 | from rhodecode.model.settings import SettingsModel |
|
|||
| 26 | from rhodecode.model.forms import WhitelistedVcsClientsForm |
|
|||
| 27 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator |
|
22 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator | |
| 28 |
|
23 | |||
| 29 | log = logging.getLogger(__name__) |
|
24 | log = logging.getLogger(__name__) | |
| @@ -42,31 +37,10 b' class AdminSecurityView(BaseAppView):' | |||||
| 42 | c.active = 'security' |
|
37 | c.active = 'security' | |
| 43 | return self._get_template_context(c) |
|
38 | return self._get_template_context(c) | |
| 44 |
|
39 | |||
|
|
40 | ||||
| 45 | @LoginRequired() |
|
41 | @LoginRequired() | |
| 46 | @HasPermissionAllDecorator('hg.admin') |
|
42 | @HasPermissionAllDecorator('hg.admin') | |
| 47 | def vcs_whitelisted_client_versions_edit(self): |
|
43 | def admin_security_modify_allowed_vcs_client_versions(self): | |
| 48 | _ = self.request.translate |
|
|||
| 49 | c = self.load_default_context() |
|
44 | c = self.load_default_context() | |
| 50 | render_ctx = {} |
|
45 | c.active = 'security' | |
| 51 | settings = SettingsModel() |
|
46 | return self._get_template_context(c) | |
| 52 | form = WhitelistedVcsClientsForm(_, )() |
|
|||
| 53 | if self.request.method == 'POST': |
|
|||
| 54 | try: |
|
|||
| 55 | result = form.to_python(self.request.POST) |
|
|||
| 56 | for k, v in result.items(): |
|
|||
| 57 | if v: |
|
|||
| 58 | setting = settings.create_or_update_setting(name=f'{k}_allowed_clients', val=v) |
|
|||
| 59 | Session().add(setting) |
|
|||
| 60 | Session().commit() |
|
|||
| 61 |
|
||||
| 62 | except formencode.Invalid as errors: |
|
|||
| 63 | render_ctx.update({ |
|
|||
| 64 | 'errors': errors.error_dict |
|
|||
| 65 | }) |
|
|||
| 66 | for key in BACKENDS.keys(): |
|
|||
| 67 | verbose_name = f"initial_{key}" |
|
|||
| 68 | if existing := settings.get_setting_by_name(name=f'{key}_allowed_clients'): |
|
|||
| 69 | render_ctx[verbose_name] = existing.app_settings_value |
|
|||
| 70 | else: |
|
|||
| 71 | render_ctx[verbose_name] = '*' |
|
|||
| 72 | return self._get_template_context(c, **render_ctx) |
|
|||
| @@ -38,42 +38,13 b'' | |||||
| 38 | <h3 class="panel-title">${_('Allowed client versions')}</h3> |
|
38 | <h3 class="panel-title">${_('Allowed client versions')}</h3> | |
| 39 | </div> |
|
39 | </div> | |
| 40 | <div class="panel-body"> |
|
40 | <div class="panel-body"> | |
| 41 | %if c.rhodecode_edition_id != 'EE': |
|
|||
| 42 | <h4>${_('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')|n}</h4> |
|
41 | <h4>${_('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')|n}</h4> | |
| 43 | <p> |
|
42 | <p> | |
| 44 | ${_('Some outdated client versions may have security vulnerabilities. This section have rules for whitelisting versions of clients for Git, Mercurial and SVN.')} |
|
43 | ${_('Some outdated client versions may have security vulnerabilities. This section have rules for whitelisting versions of clients for Git, Mercurial and SVN.')} | |
| 45 | </p> |
|
44 | </p> | |
| 46 | %else: |
|
|||
| 47 | <div class="inner form" id="container"> |
|
|||
| 48 |
|
|
45 | </div> | |
| 49 | %endif |
|
46 | ||
| 50 | </div> |
|
|||
| 51 |
|
47 | |||
| 52 | </div> |
|
48 | </div> | |
| 53 |
|
49 | |||
| 54 | <script> |
|
|||
| 55 | $(document).ready(function() { |
|
|||
| 56 | $.ajax({ |
|
|||
| 57 | url: pyroutes.url('admin_security_modify_allowed_vcs_client_versions'), |
|
|||
| 58 | type: 'GET', |
|
|||
| 59 | success: function(response) { |
|
|||
| 60 | $('#container').html(response); |
|
|||
| 61 | }, |
|
|||
| 62 | }); |
|
|||
| 63 | $(document).on('submit', '#allowed_clients_form', function(event) { |
|
|||
| 64 | event.preventDefault(); |
|
|||
| 65 | var formData = $(this).serialize(); |
|
|||
| 66 |
|
||||
| 67 | $.ajax({ |
|
|||
| 68 | url: pyroutes.url('admin_security_modify_allowed_vcs_client_versions'), |
|
|||
| 69 | type: 'POST', |
|
|||
| 70 | data: formData, |
|
|||
| 71 | success: function(response) { |
|
|||
| 72 | $('#container').html(response); |
|
|||
| 73 | }, |
|
|||
| 74 | }); |
|
|||
| 75 | }); |
|
|||
| 76 | }); |
|
|||
| 77 | </script> |
|
|||
| 78 |
|
||||
| 79 | </%def> |
|
50 | </%def> | |
| 1 | NO CONTENT: file was removed |
|
NO CONTENT: file was removed |
General Comments 0
You need to be logged in to leave comments.
Login now