##// END OF EJS Templates
feat: security-related code removed to be moved to EE
andverb -
r5525:5c137dd8 default
parent child Browse files
Show More
@@ -17,13 +17,8 b''
17 # and proprietary license terms, please see https://rhodecode.com/licenses/
17 # and proprietary license terms, please see https://rhodecode.com/licenses/
18
18
19 import logging
19 import logging
20 import formencode
21
20
22 from rhodecode import BACKENDS
23 from rhodecode.apps._base import BaseAppView
21 from rhodecode.apps._base import BaseAppView
24 from rhodecode.model.meta import Session
25 from rhodecode.model.settings import SettingsModel
26 from rhodecode.model.forms import WhitelistedVcsClientsForm
27 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
22 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
28
23
29 log = logging.getLogger(__name__)
24 log = logging.getLogger(__name__)
@@ -42,31 +37,10 b' class AdminSecurityView(BaseAppView):'
42 c.active = 'security'
37 c.active = 'security'
43 return self._get_template_context(c)
38 return self._get_template_context(c)
44
39
40
45 @LoginRequired()
41 @LoginRequired()
46 @HasPermissionAllDecorator('hg.admin')
42 @HasPermissionAllDecorator('hg.admin')
47 def vcs_whitelisted_client_versions_edit(self):
43 def admin_security_modify_allowed_vcs_client_versions(self):
48 _ = self.request.translate
49 c = self.load_default_context()
44 c = self.load_default_context()
50 render_ctx = {}
45 c.active = 'security'
51 settings = SettingsModel()
46 return self._get_template_context(c)
52 form = WhitelistedVcsClientsForm(_, )()
53 if self.request.method == 'POST':
54 try:
55 result = form.to_python(self.request.POST)
56 for k, v in result.items():
57 if v:
58 setting = settings.create_or_update_setting(name=f'{k}_allowed_clients', val=v)
59 Session().add(setting)
60 Session().commit()
61
62 except formencode.Invalid as errors:
63 render_ctx.update({
64 'errors': errors.error_dict
65 })
66 for key in BACKENDS.keys():
67 verbose_name = f"initial_{key}"
68 if existing := settings.get_setting_by_name(name=f'{key}_allowed_clients'):
69 render_ctx[verbose_name] = existing.app_settings_value
70 else:
71 render_ctx[verbose_name] = '*'
72 return self._get_template_context(c, **render_ctx)
@@ -38,42 +38,13 b''
38 <h3 class="panel-title">${_('Allowed client versions')}</h3>
38 <h3 class="panel-title">${_('Allowed client versions')}</h3>
39 </div>
39 </div>
40 <div class="panel-body">
40 <div class="panel-body">
41 %if c.rhodecode_edition_id != 'EE':
42 <h4>${_('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')|n}</h4>
41 <h4>${_('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')|n}</h4>
43 <p>
42 <p>
44 ${_('Some outdated client versions may have security vulnerabilities. This section have rules for whitelisting versions of clients for Git, Mercurial and SVN.')}
43 ${_('Some outdated client versions may have security vulnerabilities. This section have rules for whitelisting versions of clients for Git, Mercurial and SVN.')}
45 </p>
44 </p>
46 %else:
47 <div class="inner form" id="container">
48 </div>
49 %endif
50 </div>
45 </div>
51
46
47
52 </div>
48 </div>
53
49
54 <script>
55 $(document).ready(function() {
56 $.ajax({
57 url: pyroutes.url('admin_security_modify_allowed_vcs_client_versions'),
58 type: 'GET',
59 success: function(response) {
60 $('#container').html(response);
61 },
62 });
63 $(document).on('submit', '#allowed_clients_form', function(event) {
64 event.preventDefault();
65 var formData = $(this).serialize();
66
67 $.ajax({
68 url: pyroutes.url('admin_security_modify_allowed_vcs_client_versions'),
69 type: 'POST',
70 data: formData,
71 success: function(response) {
72 $('#container').html(response);
73 },
74 });
75 });
76 });
77 </script>
78
79 </%def>
50 </%def>
1 NO CONTENT: file was removed
NO CONTENT: file was removed
General Comments 0
You need to be logged in to leave comments. Login now