Show More
| @@ -17,13 +17,8 b'' | |||
|
|
17 | 17 | # and proprietary license terms, please see https://rhodecode.com/licenses/ |
|
|
18 | 18 | |
|
|
19 | 19 | import logging |
|
|
20 | import formencode | |
|
|
21 | 20 | |
|
|
22 | from rhodecode import BACKENDS | |
|
|
23 | 21 | from rhodecode.apps._base import BaseAppView |
|
|
24 | from rhodecode.model.meta import Session | |
|
|
25 | from rhodecode.model.settings import SettingsModel | |
|
|
26 | from rhodecode.model.forms import WhitelistedVcsClientsForm | |
|
|
27 | 22 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator |
|
|
28 | 23 | |
|
|
29 | 24 | log = logging.getLogger(__name__) |
| @@ -42,31 +37,10 b' class AdminSecurityView(BaseAppView):' | |||
|
|
42 | 37 | c.active = 'security' |
|
|
43 | 38 | return self._get_template_context(c) |
|
|
44 | 39 | |
|
|
40 | ||
|
|
45 | 41 | @LoginRequired() |
|
|
46 | 42 | @HasPermissionAllDecorator('hg.admin') |
|
|
47 | def vcs_whitelisted_client_versions_edit(self): | |
|
|
48 | _ = self.request.translate | |
|
|
43 | def admin_security_modify_allowed_vcs_client_versions(self): | |
|
|
49 | 44 | c = self.load_default_context() |
|
|
50 | render_ctx = {} | |
|
|
51 | settings = SettingsModel() | |
|
|
52 | form = WhitelistedVcsClientsForm(_, )() | |
|
|
53 | if self.request.method == 'POST': | |
|
|
54 | try: | |
|
|
55 | result = form.to_python(self.request.POST) | |
|
|
56 | for k, v in result.items(): | |
|
|
57 | if v: | |
|
|
58 | setting = settings.create_or_update_setting(name=f'{k}_allowed_clients', val=v) | |
|
|
59 | Session().add(setting) | |
|
|
60 | Session().commit() | |
|
|
61 | ||
|
|
62 | except formencode.Invalid as errors: | |
|
|
63 | render_ctx.update({ | |
|
|
64 | 'errors': errors.error_dict | |
|
|
65 | }) | |
|
|
66 | for key in BACKENDS.keys(): | |
|
|
67 | verbose_name = f"initial_{key}" | |
|
|
68 | if existing := settings.get_setting_by_name(name=f'{key}_allowed_clients'): | |
|
|
69 | render_ctx[verbose_name] = existing.app_settings_value | |
|
|
70 | else: | |
|
|
71 | render_ctx[verbose_name] = '*' | |
|
|
72 | return self._get_template_context(c, **render_ctx) | |
|
|
45 | c.active = 'security' | |
|
|
46 | return self._get_template_context(c) | |
| @@ -38,42 +38,13 b'' | |||
|
|
38 | 38 | <h3 class="panel-title">${_('Allowed client versions')}</h3> |
|
|
39 | 39 | </div> |
|
|
40 | 40 | <div class="panel-body"> |
|
|
41 | %if c.rhodecode_edition_id != 'EE': | |
|
|
42 | 41 | <h4>${_('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')|n}</h4> |
|
|
43 | 42 | <p> |
|
|
44 | 43 | ${_('Some outdated client versions may have security vulnerabilities. This section have rules for whitelisting versions of clients for Git, Mercurial and SVN.')} |
|
|
45 | 44 | </p> |
|
|
46 | %else: | |
|
|
47 | <div class="inner form" id="container"> | |
|
|
48 | 45 |
|
|
|
49 | %endif | |
|
|
50 | </div> | |
|
|
46 | ||
|
|
51 | 47 | |
|
|
52 | 48 | </div> |
|
|
53 | 49 | |
|
|
54 | <script> | |
|
|
55 | $(document).ready(function() { | |
|
|
56 | $.ajax({ | |
|
|
57 | url: pyroutes.url('admin_security_modify_allowed_vcs_client_versions'), | |
|
|
58 | type: 'GET', | |
|
|
59 | success: function(response) { | |
|
|
60 | $('#container').html(response); | |
|
|
61 | }, | |
|
|
62 | }); | |
|
|
63 | $(document).on('submit', '#allowed_clients_form', function(event) { | |
|
|
64 | event.preventDefault(); | |
|
|
65 | var formData = $(this).serialize(); | |
|
|
66 | ||
|
|
67 | $.ajax({ | |
|
|
68 | url: pyroutes.url('admin_security_modify_allowed_vcs_client_versions'), | |
|
|
69 | type: 'POST', | |
|
|
70 | data: formData, | |
|
|
71 | success: function(response) { | |
|
|
72 | $('#container').html(response); | |
|
|
73 | }, | |
|
|
74 | }); | |
|
|
75 | }); | |
|
|
76 | }); | |
|
|
77 | </script> | |
|
|
78 | ||
|
|
79 | 50 | </%def> |
|
|
1 | NO CONTENT: file was removed |
General Comments 0
You need to be logged in to leave comments.
Login now