##// END OF EJS Templates
u » ewong » rhodecode-enterprise-ce-fork
RSS

Fork of rhodecode-enterprise-ce

permissions-summary: skip branch permission entries that are leaking private repository names, and fix counters.
ergo -
r2991:6b51e9a4 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,353 +1,372 b''
1 1 ## snippet for displaying permissions overview for users
2 2 ## usage:
3 3 ## <%namespace name="p" file="/base/perms_summary.mako"/>
4 4 ## ${p.perms_summary(c.perm_user.permissions)}
5 5
6 6 <%def name="perms_summary(permissions, show_all=False, actions=True, side_link=None)">
7 7 <% section_to_label = {
8 8 'global': 'Global Permissions',
9 9 'repository_branches': 'Repository Branch Rules',
10 10 'repositories': 'Repository Permissions',
11 11 'user_groups': 'User Group Permissions',
12 12 'repositories_groups': 'Repository Group Permissions',
13 13 } %>
14
14 15 <div id="perms" class="table fields">
15 16 %for section in sorted(permissions.keys(), key=lambda item: {'global': 0, 'repository_branches': 1}.get(item, 1000)):
17 <% total_counter = 0 %>
18
16 19 <div class="panel panel-default">
17 20 <div class="panel-heading" id="${section.replace("_","-")}-permissions">
18 <h3 class="panel-title">${section_to_label.get(section, section)} - ${len(permissions[section])}
21 <h3 class="panel-title">${section_to_label.get(section, section)} - <span id="total_count_${section}"></span>
19 22 <a class="permalink" href="#${section.replace("_","-")}-permissions"> ΒΆ</a>
20 23 </h3>
21 24 % if side_link:
22 25 <div class="pull-right">
23 26 <a href="${side_link}">${_('in JSON format')}</a>
24 27 </div>
25 28 % endif
26 29 </div>
27 30 <div class="panel-body">
28 31 <div class="perms_section_head field">
29 32 <div class="radios">
30 33 % if section == 'repository_branches':
31 34 <span class="permissions_boxes">
32 35 <span class="desc">${_('show')}: </span>
33 36 ${h.checkbox('perms_filter_none_%s' % section, 'none', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='none')} <label for="${'perms_filter_none_{}'.format(section)}"><span class="perm_tag none">${_('none')}</span></label>
34 37 ${h.checkbox('perms_filter_merge_%s' % section, 'merge', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='merge')} <label for="${'perms_filter_merge_{}'.format(section)}"><span class="perm_tag merge">${_('merge')}</span></label>
35 38 ${h.checkbox('perms_filter_push_%s' % section, 'push', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='push')} <label for="${'perms_filter_push_{}'.format(section)}"> <span class="perm_tag push">${_('push')}</span></label>
36 39 ${h.checkbox('perms_filter_push_force_%s' % section, 'push_force', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='push_force')} <label for="${'perms_filter_push_force_{}'.format(section)}"><span class="perm_tag push_force">${_('push force')}</span></label>
37 40 </span>
38 41 % elif section != 'global':
39 42 <span class="permissions_boxes">
40 43 <span class="desc">${_('show')}: </span>
41 44 ${h.checkbox('perms_filter_none_%s' % section, 'none', '', class_='perm_filter filter_%s' % section, section=section, perm_type='none')} <label for="${'perms_filter_none_{}'.format(section)}"><span class="perm_tag none">${_('none')}</span></label>
42 45 ${h.checkbox('perms_filter_read_%s' % section, 'read', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='read')} <label for="${'perms_filter_read_{}'.format(section)}"><span class="perm_tag read">${_('read')}</span></label>
43 46 ${h.checkbox('perms_filter_write_%s' % section, 'write', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='write')} <label for="${'perms_filter_write_{}'.format(section)}"> <span class="perm_tag write">${_('write')}</span></label>
44 47 ${h.checkbox('perms_filter_admin_%s' % section, 'admin', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='admin')} <label for="${'perms_filter_admin_{}'.format(section)}"><span class="perm_tag admin">${_('admin')}</span></label>
45 48 </span>
46 49 % endif
47 50
48 51 </div>
49 52 </div>
50 53 <div class="field">
51 54 %if not permissions[section]:
52 55 <p class="empty_data help-block">${_('No permissions defined')}</p>
53 56 %else:
54 57 <div id='tbl_list_wrap_${section}'>
55 58 <table id="tbl_list_${section}" class="rctable">
56 59 ## global permission box
57 60 %if section == 'global':
58 61 <thead>
59 62 <tr>
60 63 <th colspan="2" class="left">${_('Permission')}</th>
61 64 %if actions:
62 65 <th colspan="2">${_('Edit Permission')}</th>
63 66 %endif
64 67 </thead>
65 68 <tbody>
66 69
67 70 <%
68 71 def get_section_perms(prefix, opts):
69 72 _selected = []
70 73 for op in opts:
71 74 if op.startswith(prefix) and not op.startswith('hg.create.write_on_repogroup'):
72 75 _selected.append(op)
73 76 admin = 'hg.admin' in opts
74 77 _selected_vals = [x.partition(prefix)[-1] for x in _selected]
75 78 return admin, _selected_vals, _selected
76 79 %>
77 80
78 81 <%def name="glob(lbl, val, val_lbl=None, edit_url=None, edit_global_url=None)">
79 82 <tr>
80 83 <td class="td-tags">
81 84 ${lbl}
82 85 </td>
83 86 <td class="td-tags">
84 87 %if val[0]:
85 88 %if not val_lbl:
86 89 ## super admin case
87 90 True
88 91 %else:
89 92 <span class="perm_tag admin">${val_lbl}.admin</span>
90 93 %endif
91 94 %else:
92 95 %if not val_lbl:
93 96 ${{'false': False,
94 97 'true': True,
95 98 'none': False,
96 99 'repository': True}.get(val[1][0] if 0 < len(val[1]) else 'false')}
97 100 %else:
98 101 <span class="perm_tag ${val[1][0]}">${val_lbl}.${val[1][0]}</span>
99 102 %endif
100 103 %endif
101 104 </td>
102 105 %if actions:
103 106
104 107 % if edit_url or edit_global_url:
105 108
106 109 <td class="td-action">
107 110 % if edit_url:
108 111 <a href="${edit_url}">${_('edit')}</a>
109 112 % else:
110 113 -
111 114 % endif
112 115 </td>
113 116
114 117 <td class="td-action">
115 118 % if edit_global_url:
116 119 <a href="${edit_global_url}">${_('edit global')}</a>
117 120 % else:
118 121 -
119 122 % endif
120 123 </td>
121 124
122 125 % else:
123 126 <td class="td-action"></td>
124 127 <td class="td-action">
125 128 <a href="${h.route_path('admin_permissions_global')}">${_('edit global')}</a>
126 129 <td class="td-action">
127 130 % endif
128 131
129 132 %endif
130 133 </tr>
131 134 </%def>
132 135
133 136 ${glob(_('Repository default permission'), get_section_perms('repository.', permissions[section]), 'repository',
134 137 edit_url=None, edit_global_url=h.route_path('admin_permissions_object'))}
135 138
136 139 ${glob(_('Repository group default permission'), get_section_perms('group.', permissions[section]), 'group',
137 140 edit_url=None, edit_global_url=h.route_path('admin_permissions_object'))}
138 141
139 142 ${glob(_('User group default permission'), get_section_perms('usergroup.', permissions[section]), 'usergroup',
140 143 edit_url=None, edit_global_url=h.route_path('admin_permissions_object'))}
141 144
142 145 ${glob(_('Super admin'), get_section_perms('hg.admin', permissions[section]),
143 146 edit_url=h.route_path('user_edit', user_id=c.user.user_id, _anchor='admin'), edit_global_url=None)}
144 147
145 148 ${glob(_('Inherit permissions'), get_section_perms('hg.inherit_default_perms.', permissions[section]),
146 149 edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=None)}
147 150
148 151 ${glob(_('Create repositories'), get_section_perms('hg.create.', permissions[section]),
149 152 edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=h.route_path('admin_permissions_object'))}
150 153
151 154 ${glob(_('Fork repositories'), get_section_perms('hg.fork.', permissions[section]),
152 155 edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=h.route_path('admin_permissions_object'))}
153 156
154 157 ${glob(_('Create repository groups'), get_section_perms('hg.repogroup.create.', permissions[section]),
155 158 edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=h.route_path('admin_permissions_object'))}
156 159
157 160 ${glob(_('Create user groups'), get_section_perms('hg.usergroup.create.', permissions[section]),
158 161 edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=h.route_path('admin_permissions_object'))}
159 162
160 163 </tbody>
161 164 ## Branch perms
162 165 %elif section == 'repository_branches':
163 166 <thead>
164 167 <tr>
165 168 <th>${_('Name')}</th>
166 169 <th>${_('Pattern')}</th>
167 170 <th>${_('Permission')}</th>
168 171 %if actions:
169 172 <th>${_('Edit Branch Permission')}</th>
170 173 %endif
171 174 </thead>
172 175 <tbody class="section_${section}">
173 176 <%
174 177 def name_sorter(permissions):
175 178 def custom_sorter(item):
176 179 return item[0]
177 180 return sorted(permissions, key=custom_sorter)
178 181
179 182 def branch_sorter(permissions):
180 183 def custom_sorter(item):
181 184 ## none, merge, push, push_force
182 185 section = item[1].split('.')[-1]
183 186 section_importance = {'none': u'0',
184 187 'merge': u'1',
185 188 'push': u'2',
186 189 'push_force': u'3'}.get(section)
187 190 ## sort by importance + name
188 191 return section_importance + item[0]
189 192 return sorted(permissions, key=custom_sorter)
190 193 %>
191 194 %for k, section_perms in name_sorter(permissions[section].items()):
195 ## for display purposes, for non super-admins we need to check if shown
196 ## repository is actually accessible for user
197 <% repo_perm = permissions['repositories'][k] %>
198 % if repo_perm == 'repository.none' and not c.rhodecode_user.is_admin:
199 ## skip this entry
200 <% continue %>
201 % endif
202
203 <% total_counter +=1 %>
192 204 % for pattern, perm in branch_sorter(section_perms.items()):
193 205 <tr class="perm_row ${'{}_{}'.format(section, perm.split('.')[-1])}">
194 206 <td class="td-name">
195 207 <a href="${h.route_path('repo_summary',repo_name=k)}">${k}</a>
196 208 </td>
197 209 <td>${pattern}</td>
198 210 <td class="td-tags">
199 211 ## TODO: calculate origin somehow
200 212 ## % for i, ((_pat, perm), origin) in enumerate((permissions[section].perm_origin_stack[k])):
201 213
202 214 <div>
203 215 <% i = 0 %>
204 216 <% origin = 'unknown' %>
205 217 <% _css_class = i > 0 and 'perm_overriden' or '' %>
206 218
207 219 <span class="${_css_class} perm_tag ${perm.split('.')[-1]}">
208 220 ${perm}
209 221 ##(${origin})
210 222 </span>
211 223 </div>
212 224 ## % endfor
213 225 </td>
214 226 %if actions:
215 227 <td class="td-action">
216 228 <a href="${h.route_path('edit_repo_perms_branch',repo_name=k)}">${_('edit')}</a>
217 229 </td>
218 230 %endif
219 231 </tr>
220 232 % endfor
221 233 %endfor
222 234 </tbody>
223 235
224 236 ## Repos/Repo Groups/users groups perms
225 237 %else:
226 238
227 239 ## none/read/write/admin permissions on groups/repos etc
228 240 <thead>
229 241 <tr>
230 242 <th>${_('Name')}</th>
231 243 <th>${_('Permission')}</th>
232 244 %if actions:
233 245 <th>${_('Edit Permission')}</th>
234 246 %endif
235 247 </thead>
236 248 <tbody class="section_${section}">
237 249 <%
238 250 def sorter(permissions):
239 251 def custom_sorter(item):
240 252 ## read/write/admin
241 253 section = item[1].split('.')[-1]
242 254 section_importance = {'none': u'0',
243 255 'read': u'1',
244 256 'write':u'2',
245 257 'admin':u'3'}.get(section)
246 258 ## sort by group importance+name
247 259 return section_importance+item[0]
248 260 return sorted(permissions, key=custom_sorter)
249 261 %>
250 262 %for k, section_perm in sorter(permissions[section].items()):
251 263 <% perm_value = section_perm.split('.')[-1] %>
252 264 <% _css_class = 'display:none' if perm_value in ['none'] else '' %>
253 265
254 266 %if perm_value != 'none' or show_all:
255 267 <tr class="perm_row ${'{}_{}'.format(section, section_perm.split('.')[-1])}" style="${_css_class}">
256 268 <td class="td-name">
257 269 %if section == 'repositories':
258 270 <a href="${h.route_path('repo_summary',repo_name=k)}">${k}</a>
259 271 %elif section == 'repositories_groups':
260 272 <a href="${h.route_path('repo_group_home', repo_group_name=k)}">${k}</a>
261 273 %elif section == 'user_groups':
262 274 ##<a href="${h.route_path('edit_user_group',user_group_id=k)}">${k}</a>
263 275 ${k}
264 276 %endif
265 277 </td>
266 278 <td class="td-tags">
267 279 %if hasattr(permissions[section], 'perm_origin_stack'):
268 280 <div>
269 281 %for i, (perm, origin) in enumerate(reversed(permissions[section].perm_origin_stack[k])):
270 282 <% _css_class = i > 0 and 'perm_overriden' or '' %>
271 283 % if i > 0:
272 284 <div style="color: #979797">
273 285 <i class="icon-arrow_up"></i>
274 286 ${_('overridden by')}
275 287 <i class="icon-arrow_up"></i>
276 288 </div>
277 289 % endif
278 290
279 291 <div>
280 292 <span class="${_css_class} perm_tag ${perm.split('.')[-1]}">
281 293 ${perm} (${origin})
282 294 </span>
283 295 </div>
284 296
285 297 %endfor
286 298 </div>
287 299 %else:
288 300 <span class="perm_tag ${section_perm.split('.')[-1]}">${section_perm}</span>
289 301 %endif
290 302 </td>
291 303 %if actions:
292 304 <td class="td-action">
293 305 %if section == 'repositories':
294 306 <a href="${h.route_path('edit_repo_perms',repo_name=k,_anchor='permissions_manage')}">${_('edit')}</a>
295 307 %elif section == 'repositories_groups':
296 308 <a href="${h.route_path('edit_repo_group_perms',repo_group_name=k,_anchor='permissions_manage')}">${_('edit')}</a>
297 309 %elif section == 'user_groups':
298 310 ##<a href="${h.route_path('edit_user_group',user_group_id=k)}">${_('edit')}</a>
299 311 %endif
300 312 </td>
301 313 %endif
302 314 </tr>
315 <% total_counter +=1 %>
303 316 %endif
317
304 318 %endfor
305 319
306 320 <tr id="empty_${section}" class="noborder" style="display:none;">
307 321 <td colspan="6">${_('No matching permission defined')}</td>
308 322 </tr>
309 323
310 324 </tbody>
311 325 %endif
312 326 </table>
313 327 </div>
314 328 %endif
315 329 </div>
316 330 </div>
317 331 </div>
332
333 <script>
334 $('#total_count_${section}').html(${total_counter})
335 </script>
336
318 337 %endfor
319 338 </div>
320 339
321 340 <script>
322 341 $(document).ready(function(){
323 342 var showEmpty = function(section){
324 343 var visible = $('.section_{0} tr.perm_row:visible'.format(section)).length;
325 344 if(visible === 0){
326 345 $('#empty_{0}'.format(section)).show();
327 346 }
328 347 else{
329 348 $('#empty_{0}'.format(section)).hide();
330 349 }
331 350 };
332 351
333 352 $('.perm_filter').on('change', function(e){
334 353 var self = this;
335 354 var section = $(this).attr('section');
336 355
337 356 var opts = {};
338 357 var elems = $('.filter_' + section).each(function(el){
339 358 var perm_type = $(this).attr('perm_type');
340 359 var checked = this.checked;
341 360 opts[perm_type] = checked;
342 361 if(checked){
343 362 $('.'+section+'_'+perm_type).show();
344 363 }
345 364 else{
346 365 $('.'+section+'_'+perm_type).hide();
347 366 }
348 367 });
349 368 showEmpty(section);
350 369 })
351 370 })
352 371 </script>
353 372 </%def>
General Comments 0
You need to be logged in to leave comments. Login now