##// END OF EJS Templates
auth-tokens: expose all roles with explanation to help users understand it better.
marcink -
r4430:d880ce51 default
parent child Browse files
Show More
@@ -89,7 +89,7 b' from rhodecode.lib.vcs.backends.base imp'
89 89 from rhodecode.lib.index.search_utils import get_matching_line_offsets
90 90 from rhodecode.config.conf import DATE_FORMAT, DATETIME_FORMAT
91 91 from rhodecode.model.changeset_status import ChangesetStatusModel
92 from rhodecode.model.db import Permission, User, Repository
92 from rhodecode.model.db import Permission, User, Repository, UserApiKeys
93 93 from rhodecode.model.repo_group import RepoGroupModel
94 94 from rhodecode.model.settings import IssueTrackerSettingsModel
95 95
@@ -1133,14 +1133,16 b' class UserApiKeys(Base, BaseModel):'
1133 1133
1134 1134 # ApiKey role
1135 1135 ROLE_ALL = 'token_role_all'
1136 ROLE_HTTP = 'token_role_http'
1137 1136 ROLE_VCS = 'token_role_vcs'
1138 1137 ROLE_API = 'token_role_api'
1138 ROLE_HTTP = 'token_role_http'
1139 1139 ROLE_FEED = 'token_role_feed'
1140 1140 ROLE_ARTIFACT_DOWNLOAD = 'role_artifact_download'
1141 # The last one is ignored in the list as we only
1142 # use it for one action, and cannot be created by users
1141 1143 ROLE_PASSWORD_RESET = 'token_password_reset'
1142 1144
1143 ROLES = [ROLE_ALL, ROLE_HTTP, ROLE_VCS, ROLE_API, ROLE_FEED, ROLE_ARTIFACT_DOWNLOAD]
1145 ROLES = [ROLE_ALL, ROLE_VCS, ROLE_API, ROLE_HTTP, ROLE_FEED, ROLE_ARTIFACT_DOWNLOAD]
1144 1146
1145 1147 user_api_key_id = Column("user_api_key_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1146 1148 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
@@ -1205,6 +1207,22 b' class UserApiKeys(Base, BaseModel):'
1205 1207 cls.ROLE_ARTIFACT_DOWNLOAD: _('artifacts downloads'),
1206 1208 }.get(role, role)
1207 1209
1210 @classmethod
1211 def _get_role_description(cls, role):
1212 return {
1213 cls.ROLE_ALL: _('Token for all actions.'),
1214 cls.ROLE_HTTP: _('Token to access RhodeCode pages via web interface without '
1215 'login using `api_access_controllers_whitelist` functionality.'),
1216 cls.ROLE_VCS: _('Token to interact over git/hg/svn protocols. '
1217 'Requires auth_token authentication plugin to be active. <br/>'
1218 'Such Token should be used then instead of a password to '
1219 'interact with a repository, and additionally can be '
1220 'limited to single repository using repo scope.'),
1221 cls.ROLE_API: _('Token limited to api calls.'),
1222 cls.ROLE_FEED: _('Token to read RSS/ATOM feed.'),
1223 cls.ROLE_ARTIFACT_DOWNLOAD: _('Token for artifacts downloads.'),
1224 }.get(role, role)
1225
1208 1226 @property
1209 1227 def role_humanized(self):
1210 1228 return self._get_role_name(self.role)
@@ -11,9 +11,15 b''
11 11 <div class="panel-body">
12 12 <div class="apikeys_wrap">
13 13 <p>
14 ${_('Authentication tokens can be used to interact with the API, or VCS-over-http. '
15 'Each token can have a role. Token with a role can be used only in given context, '
16 'e.g. VCS tokens can be used together with the authtoken auth plugin for git/hg/svn operations only.')}
14 ${_('Available roles')}:
15 <ul>
16 % for role in h.UserApiKeys.ROLES:
17 <li>
18 <span class="tag disabled">${h.UserApiKeys._get_role_name(role)}</span>
19 <span>${h.UserApiKeys._get_role_description(role) |n}</span>
20 </li>
21 % endfor
22 </ul>
17 23 </p>
18 24 <table class="rctable auth_tokens">
19 25 <tr>
@@ -36,7 +42,7 b''
36 42 </td>
37 43 <td class="td-wrap">${auth_token.description}</td>
38 44 <td class="td-tags">
39 <span class="tag disabled">${auth_token.role_humanized}</span>
45 <span class="tooltip tag disabled" title="${h.UserApiKeys._get_role_description(auth_token.role)}">${auth_token.role_humanized}</span>
40 46 </td>
41 47 <td class="td">${auth_token.scope_humanized}</td>
42 48 <td class="td-exp">
@@ -16,9 +16,15 b''
16 16 <div class="panel-body">
17 17 <div class="apikeys_wrap">
18 18 <p>
19 ${_('Authentication tokens can be used to interact with the API, or VCS-over-http. '
20 'Each token can have a role. Token with a role can be used only in given context, '
21 'e.g. VCS tokens can be used together with the authtoken auth plugin for git/hg/svn operations only.')}
19 ${_('Available roles')}:
20 <ul>
21 % for role in h.UserApiKeys.ROLES:
22 <li>
23 <span class="tag disabled">${h.UserApiKeys._get_role_name(role)}</span>
24 <span>${h.UserApiKeys._get_role_description(role) |n}</span>
25 </li>
26 % endfor
27 </ul>
22 28 </p>
23 29 <table class="rctable auth_tokens">
24 30 <tr>
@@ -41,7 +47,7 b''
41 47 </td>
42 48 <td class="td-wrap">${auth_token.description}</td>
43 49 <td class="td-tags">
44 <span class="tag disabled">${auth_token.role_humanized}</span>
50 <span class="tooltip tag disabled" title="${h.UserApiKeys._get_role_description(auth_token.role)}">${auth_token.role_humanized}</span>
45 51 </td>
46 52 <td class="td">${auth_token.scope_humanized}</td>
47 53 <td class="td-exp">
General Comments 0
You need to be logged in to leave comments. Login now