Show More
| @@ -89,7 +89,7 b' from rhodecode.lib.vcs.backends.base imp' | |||||
| 89 | from rhodecode.lib.index.search_utils import get_matching_line_offsets |
|
89 | from rhodecode.lib.index.search_utils import get_matching_line_offsets | |
| 90 | from rhodecode.config.conf import DATE_FORMAT, DATETIME_FORMAT |
|
90 | from rhodecode.config.conf import DATE_FORMAT, DATETIME_FORMAT | |
| 91 | from rhodecode.model.changeset_status import ChangesetStatusModel |
|
91 | from rhodecode.model.changeset_status import ChangesetStatusModel | |
| 92 | from rhodecode.model.db import Permission, User, Repository |
|
92 | from rhodecode.model.db import Permission, User, Repository, UserApiKeys | |
| 93 | from rhodecode.model.repo_group import RepoGroupModel |
|
93 | from rhodecode.model.repo_group import RepoGroupModel | |
| 94 | from rhodecode.model.settings import IssueTrackerSettingsModel |
|
94 | from rhodecode.model.settings import IssueTrackerSettingsModel | |
| 95 |
|
95 | |||
| @@ -1133,14 +1133,16 b' class UserApiKeys(Base, BaseModel):' | |||||
| 1133 |
|
1133 | |||
| 1134 | # ApiKey role |
|
1134 | # ApiKey role | |
| 1135 | ROLE_ALL = 'token_role_all' |
|
1135 | ROLE_ALL = 'token_role_all' | |
| 1136 | ROLE_HTTP = 'token_role_http' |
|
|||
| 1137 | ROLE_VCS = 'token_role_vcs' |
|
1136 | ROLE_VCS = 'token_role_vcs' | |
| 1138 | ROLE_API = 'token_role_api' |
|
1137 | ROLE_API = 'token_role_api' | |
|
|
1138 | ROLE_HTTP = 'token_role_http' | |||
| 1139 | ROLE_FEED = 'token_role_feed' |
|
1139 | ROLE_FEED = 'token_role_feed' | |
| 1140 | ROLE_ARTIFACT_DOWNLOAD = 'role_artifact_download' |
|
1140 | ROLE_ARTIFACT_DOWNLOAD = 'role_artifact_download' | |
|
|
1141 | # The last one is ignored in the list as we only | |||
|
|
1142 | # use it for one action, and cannot be created by users | |||
| 1141 | ROLE_PASSWORD_RESET = 'token_password_reset' |
|
1143 | ROLE_PASSWORD_RESET = 'token_password_reset' | |
| 1142 |
|
1144 | |||
| 1143 |
ROLES = [ROLE_ALL, |
|
1145 | ROLES = [ROLE_ALL, ROLE_VCS, ROLE_API, ROLE_HTTP, ROLE_FEED, ROLE_ARTIFACT_DOWNLOAD] | |
| 1144 |
|
1146 | |||
| 1145 | user_api_key_id = Column("user_api_key_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
1147 | user_api_key_id = Column("user_api_key_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) | |
| 1146 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None) |
|
1148 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None) | |
| @@ -1205,6 +1207,22 b' class UserApiKeys(Base, BaseModel):' | |||||
| 1205 | cls.ROLE_ARTIFACT_DOWNLOAD: _('artifacts downloads'), |
|
1207 | cls.ROLE_ARTIFACT_DOWNLOAD: _('artifacts downloads'), | |
| 1206 | }.get(role, role) |
|
1208 | }.get(role, role) | |
| 1207 |
|
1209 | |||
|
|
1210 | @classmethod | |||
|
|
1211 | def _get_role_description(cls, role): | |||
|
|
1212 | return { | |||
|
|
1213 | cls.ROLE_ALL: _('Token for all actions.'), | |||
|
|
1214 | cls.ROLE_HTTP: _('Token to access RhodeCode pages via web interface without ' | |||
|
|
1215 | 'login using `api_access_controllers_whitelist` functionality.'), | |||
|
|
1216 | cls.ROLE_VCS: _('Token to interact over git/hg/svn protocols. ' | |||
|
|
1217 | 'Requires auth_token authentication plugin to be active. <br/>' | |||
|
|
1218 | 'Such Token should be used then instead of a password to ' | |||
|
|
1219 | 'interact with a repository, and additionally can be ' | |||
|
|
1220 | 'limited to single repository using repo scope.'), | |||
|
|
1221 | cls.ROLE_API: _('Token limited to api calls.'), | |||
|
|
1222 | cls.ROLE_FEED: _('Token to read RSS/ATOM feed.'), | |||
|
|
1223 | cls.ROLE_ARTIFACT_DOWNLOAD: _('Token for artifacts downloads.'), | |||
|
|
1224 | }.get(role, role) | |||
|
|
1225 | ||||
| 1208 | @property |
|
1226 | @property | |
| 1209 | def role_humanized(self): |
|
1227 | def role_humanized(self): | |
| 1210 | return self._get_role_name(self.role) |
|
1228 | return self._get_role_name(self.role) | |
| @@ -11,9 +11,15 b'' | |||||
| 11 | <div class="panel-body"> |
|
11 | <div class="panel-body"> | |
| 12 | <div class="apikeys_wrap"> |
|
12 | <div class="apikeys_wrap"> | |
| 13 | <p> |
|
13 | <p> | |
| 14 | ${_('Authentication tokens can be used to interact with the API, or VCS-over-http. ' |
|
14 | ${_('Available roles')}: | |
| 15 | 'Each token can have a role. Token with a role can be used only in given context, ' |
|
15 | <ul> | |
| 16 | 'e.g. VCS tokens can be used together with the authtoken auth plugin for git/hg/svn operations only.')} |
|
16 | % for role in h.UserApiKeys.ROLES: | |
|
|
17 | <li> | |||
|
|
18 | <span class="tag disabled">${h.UserApiKeys._get_role_name(role)}</span> | |||
|
|
19 | <span>${h.UserApiKeys._get_role_description(role) |n}</span> | |||
|
|
20 | </li> | |||
|
|
21 | % endfor | |||
|
|
22 | </ul> | |||
| 17 | </p> |
|
23 | </p> | |
| 18 | <table class="rctable auth_tokens"> |
|
24 | <table class="rctable auth_tokens"> | |
| 19 | <tr> |
|
25 | <tr> | |
| @@ -36,7 +42,7 b'' | |||||
| 36 | </td> |
|
42 | </td> | |
| 37 | <td class="td-wrap">${auth_token.description}</td> |
|
43 | <td class="td-wrap">${auth_token.description}</td> | |
| 38 | <td class="td-tags"> |
|
44 | <td class="td-tags"> | |
| 39 | <span class="tag disabled">${auth_token.role_humanized}</span> |
|
45 | <span class="tooltip tag disabled" title="${h.UserApiKeys._get_role_description(auth_token.role)}">${auth_token.role_humanized}</span> | |
| 40 | </td> |
|
46 | </td> | |
| 41 | <td class="td">${auth_token.scope_humanized}</td> |
|
47 | <td class="td">${auth_token.scope_humanized}</td> | |
| 42 | <td class="td-exp"> |
|
48 | <td class="td-exp"> | |
| @@ -16,9 +16,15 b'' | |||||
| 16 | <div class="panel-body"> |
|
16 | <div class="panel-body"> | |
| 17 | <div class="apikeys_wrap"> |
|
17 | <div class="apikeys_wrap"> | |
| 18 | <p> |
|
18 | <p> | |
| 19 | ${_('Authentication tokens can be used to interact with the API, or VCS-over-http. ' |
|
19 | ${_('Available roles')}: | |
| 20 | 'Each token can have a role. Token with a role can be used only in given context, ' |
|
20 | <ul> | |
| 21 | 'e.g. VCS tokens can be used together with the authtoken auth plugin for git/hg/svn operations only.')} |
|
21 | % for role in h.UserApiKeys.ROLES: | |
|
|
22 | <li> | |||
|
|
23 | <span class="tag disabled">${h.UserApiKeys._get_role_name(role)}</span> | |||
|
|
24 | <span>${h.UserApiKeys._get_role_description(role) |n}</span> | |||
|
|
25 | </li> | |||
|
|
26 | % endfor | |||
|
|
27 | </ul> | |||
| 22 | </p> |
|
28 | </p> | |
| 23 | <table class="rctable auth_tokens"> |
|
29 | <table class="rctable auth_tokens"> | |
| 24 | <tr> |
|
30 | <tr> | |
| @@ -41,7 +47,7 b'' | |||||
| 41 | </td> |
|
47 | </td> | |
| 42 | <td class="td-wrap">${auth_token.description}</td> |
|
48 | <td class="td-wrap">${auth_token.description}</td> | |
| 43 | <td class="td-tags"> |
|
49 | <td class="td-tags"> | |
| 44 | <span class="tag disabled">${auth_token.role_humanized}</span> |
|
50 | <span class="tooltip tag disabled" title="${h.UserApiKeys._get_role_description(auth_token.role)}">${auth_token.role_humanized}</span> | |
| 45 | </td> |
|
51 | </td> | |
| 46 | <td class="td">${auth_token.scope_humanized}</td> |
|
52 | <td class="td">${auth_token.scope_humanized}</td> | |
| 47 | <td class="td-exp"> |
|
53 | <td class="td-exp"> | |
General Comments 0
You need to be logged in to leave comments.
Login now