## snippet for displaying permissions overview for users ## usage: ## <%namespace name="p" file="/base/perms_summary.mako"/> ## ${p.perms_summary(c.perm_user.permissions)} <%def name="perms_summary(permissions, show_all=False, actions=True, side_link=None)"> <% section_to_label = { 'global': 'Global Permissions', 'repository_branches': 'Repository Branch Rules', 'repositories': 'Repository Access Permissions', 'user_groups': 'User Group Permissions', 'repositories_groups': 'Repository Group Permissions', } %>
%for section in sorted(permissions.keys(), key=lambda item: {'global': 0, 'repository_branches': 1}.get(item, 1000)): <% total_counter = 0 %>

${section_to_label.get(section, section)} -

% if side_link: % endif
% if section == 'repository_branches': ${_('show')}: ${h.checkbox('perms_filter_none_%s' % section, 'none', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='none')} ${h.checkbox('perms_filter_merge_%s' % section, 'merge', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='merge')} ${h.checkbox('perms_filter_push_%s' % section, 'push', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='push')} ${h.checkbox('perms_filter_push_force_%s' % section, 'push_force', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='push_force')} % elif section != 'global': ${_('show')}: ${h.checkbox('perms_filter_none_%s' % section, 'none', '', class_='perm_filter filter_%s' % section, section=section, perm_type='none')} ${h.checkbox('perms_filter_read_%s' % section, 'read', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='read')} ${h.checkbox('perms_filter_write_%s' % section, 'write', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='write')} ${h.checkbox('perms_filter_admin_%s' % section, 'admin', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='admin')} % endif
%if not permissions[section]:

${_('No permissions defined')}

%else:
## global permission box %if section == 'global': %if actions: %endif <% def get_section_perms(prefix, opts): _selected = [] for op in opts: if op.startswith(prefix) and not op.startswith('hg.create.write_on_repogroup'): _selected.append(op) admin = 'hg.admin' in opts _selected_vals = [x.partition(prefix)[-1] for x in _selected] return admin, _selected_vals, _selected %> <%def name="glob(lbl, val, val_lbl=None, edit_url=None, edit_global_url=None)"> %if actions: % if edit_url or edit_global_url: % else: ${glob(_('Repository default permission'), get_section_perms('repository.', permissions[section]), 'repository', edit_url=None, edit_global_url=h.route_path('admin_permissions_object'))} ${glob(_('Repository group default permission'), get_section_perms('group.', permissions[section]), 'group', edit_url=None, edit_global_url=h.route_path('admin_permissions_object'))} ${glob(_('User group default permission'), get_section_perms('usergroup.', permissions[section]), 'usergroup', edit_url=None, edit_global_url=h.route_path('admin_permissions_object'))} ${glob(_('Super-admin'), get_section_perms('hg.admin', permissions[section]), edit_url=h.route_path('user_edit', user_id=c.user.user_id, _anchor='admin'), edit_global_url=None)} ${glob(_('Inherit permissions'), get_section_perms('hg.inherit_default_perms.', permissions[section]), edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=None)} ${glob(_('Create repositories'), get_section_perms('hg.create.', permissions[section]), edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=h.route_path('admin_permissions_object'))} ${glob(_('Fork repositories'), get_section_perms('hg.fork.', permissions[section]), edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=h.route_path('admin_permissions_object'))} ${glob(_('Create repository groups'), get_section_perms('hg.repogroup.create.', permissions[section]), edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=h.route_path('admin_permissions_object'))} ${glob(_('Create user groups'), get_section_perms('hg.usergroup.create.', permissions[section]), edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=h.route_path('admin_permissions_object'))} ## Branch perms %elif section == 'repository_branches': %if actions: %endif <% def name_sorter(permissions): def custom_sorter(item): return item[0] return sorted(permissions, key=custom_sorter) def branch_sorter(permissions): def custom_sorter(item): ## none, merge, push, push_force section = item[1].split('.')[-1] section_importance = {'none': u'0', 'merge': u'1', 'push': u'2', 'push_force': u'3'}.get(section) ## sort by importance + name return section_importance + item[0] return sorted(permissions, key=custom_sorter) %> %for k, section_perms in name_sorter(permissions[section].items()): ## for display purposes, for non super-admins we need to check if shown ## repository is actually accessible for user <% repo_perm = permissions['repositories'][k] %> % if repo_perm == 'repository.none' and not c.rhodecode_user.is_admin: ## skip this entry <% continue %> % endif <% total_counter +=1 %> % for pattern, perm in branch_sorter(section_perms.items()): %if actions: %endif % endfor %endfor ## Repos/Repo Groups/users groups perms %else: ## none/read/write/admin permissions on groups/repos etc %if actions: %endif <% def sorter(permissions): def custom_sorter(item): ## read/write/admin section = item[1].split('.')[-1] section_importance = {'none': u'0', 'read': u'1', 'write':u'2', 'admin':u'3'}.get(section) ## sort by group importance+name return section_importance+item[0] return sorted(permissions, key=custom_sorter) %> %for k, section_perm in sorter(permissions[section].items()): <% perm_value = section_perm.split('.')[-1] %> <% _css_class = 'display:none' if perm_value in ['none'] else '' %> %if perm_value != 'none' or show_all: %if actions: %endif <% total_counter +=1 %> %endif %endfor %endif
${_('Permission')}${_('Edit Permission')}
${lbl} %if val[0]: %if not val_lbl: ## super-admin case True %else: ${val_lbl}.admin %endif %else: %if not val_lbl: ${{'false': False, 'true': True, 'none': False, 'repository': True}.get(val[1][0] if 0 < len(val[1]) else 'false')} %else: ${val_lbl}.${val[1][0]} %endif %endif % if edit_url: ${_('edit')} % else: - % endif % if edit_global_url: ${_('edit global')} % else: - % endif ${_('edit global')} % endif %endif
${_('Name')} ${_('Pattern')} ${_('Permission')}${_('Edit Branch Permission')}
${k} ${pattern} ## TODO: calculate origin somehow ## % for i, ((_pat, perm), origin) in enumerate((permissions[section].perm_origin_stack[k])):
<% i = 0 %> <% origin = 'unknown' %> <% _css_class = i > 0 and 'perm_overriden' or '' %> ${perm} ##(${origin})
## % endfor
${_('edit')}
${_('Name')} ${_('Permission')}${_('Edit Permission')}
%if section == 'repositories': ${k} %elif section == 'repositories_groups': ${k} %elif section == 'user_groups': ##${k} ${k} %endif %if hasattr(permissions[section], 'perm_origin_stack'):
%for i, (perm, origin, obj_id) in enumerate(reversed(permissions[section].perm_origin_stack[k])): <% _css_class = i > 0 and 'perm_overriden' or '' %> % if i > 0:
${_('overridden by')}
% endif
${perm} (${origin})
%endfor
%else: ${section_perm} %endif
%if section == 'repositories': ${_('edit')} %elif section == 'repositories_groups': ${_('edit')} %elif section == 'user_groups': ##${_('edit')} %endif
%endif
%endfor