u/ewong/rhodecode-enterprise-ce-fork Files · rhodecode/templates/base/perms_summary.html

vcs: Minimal change to expose the shadow repository...

vcs: Minimal change to expose the shadow repository Based on my original research, this was the "minimal" starting point. It shows that three concepts are needed for the "repo_name": * From the security standpoint we think of the shadow repository having the same ACL as the target repository of the pull request. This is because the pull request itself is considered to be a part of the target repository. Out of this thought, the variable "acl_repo_name" is used whenever we want to check permissions or when we need the database configuration of the repository. An alternative name would have been "db_repo_name", but the usage for ACL checking is the most important one. * From the web interaction perspective, we need the URL which was originally used to get to the repository. This is because based on this base URL commands can be identified. Especially for Git this is important, so that the commands are correctly recognized. Since the URL is in the focus, this is called "url_repo_name". * Finally we have to deal with the repository on the file system. This is what the VCS layer deal with normally, so this name is called "vcs_repo_name". The original repository interaction is a special case where all three names are the same. When interacting with a pull request, these three names are typically all different. This change is minimal in a sense that it just makes the interaction with a shadow repository barely work, without checking any special constraints yet. This was the starting point for further work on this topic.

dan - - Load All Authors

File last commit:

r100:5b55789f default


                r887:175782be

default

Download file

             perms_summary.html
        
                    207 lines
            
             | 9.7 KiB
            
                | text/html
            
             |
                HtmlLexer
            
             / rhodecode / templates / base / perms_summary.html
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      ## snippet for displaying permissions overview for users

      ## usage:

      ##    <%namespace name="p" file="/base/perms_summary.html"/>

      ##    ${p.perms_summary(c.perm_user.permissions)}

      <%def name="perms_summary(permissions, show_all=False, actions=True)">

      <div id="perms" class="table fields">

        %for section in sorted(permissions.keys()):

        <div class="panel panel-default">

          <div class="panel-heading">

              <h3 class="panel-title">${section.replace("_"," ").capitalize()}</h3>

          </div>

          <div class="panel-body">

            <div class="perms_section_head field">

              <div class="radios">

                %if section != 'global':

                    <span class="permissions_boxes">

                    <span class="desc">${_('show')}: </span>

                    ${h.checkbox('perms_filter_none_%s' % section, 'none', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='none')}   <label for="${'perms_filter_none_%s' % section}"><span class="perm_tag none">${_('none')}</span></label>

                    ${h.checkbox('perms_filter_read_%s' % section, 'read', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='read')}   <label for="${'perms_filter_read_%s' % section}"><span class="perm_tag read">${_('read')}</span></label>

                    ${h.checkbox('perms_filter_write_%s' % section, 'write', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='write')} <label for="${'perms_filter_write_%s' % section}"> <span class="perm_tag write">${_('write')}</span></label>

                    ${h.checkbox('perms_filter_admin_%s' % section, 'admin', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='admin')} <label for="${'perms_filter_admin_%s' % section}"><span class="perm_tag admin">${_('admin')}</span></label>

                    </span>

                %endif

              </div>

            </div>

            <div class="field">

              %if not permissions[section]:

                  <p class="empty_data help-block">${_('No permissions defined')}</p>

              %else:

              <div id='tbl_list_wrap_${section}'>

               <table id="tbl_list_${section}" class="rctable">

                ## global permission box

                %if section == 'global':

                  <thead>

                      <tr>

                      <th colspan="2" class="left">${_('Permission')}</th>

                      %if actions:

                      <th>${_('Edit Permission')}</th>

                      %endif

                  </thead>

                  <tbody>

                  <%

                    def get_section_perms(prefix, opts):

                        _selected = []

                        for op in opts:

                            if op.startswith(prefix) and not op.startswith('hg.create.write_on_repogroup'):

                                _selected.append(op)

                        admin = 'hg.admin' in opts

                        _selected_vals = [x.partition(prefix)[-1] for x in _selected]

                        return admin, _selected_vals, _selected

                  %>

                  <%def name="glob(lbl, val, val_lbl=None, custom_url=None)">

                    <tr>

                      <td class="td-tags">

                          ${lbl}

                      </td>

                      <td class="td-tags">

                          %if val[0]:

                            %if not val_lbl:

                                ${h.bool2icon(True)}

                            %else:

                                <span class="perm_tag admin">${val_lbl}.admin</span>

                            %endif

                          %else:

                            %if not val_lbl:

                                ${h.bool2icon({'false': False,

                                               'true': True,

                                               'none': False,

                                               'repository': True}.get(val[1][0] if 0 < len(val[1]) else 'false'))}

                            %else:

                                <span class="perm_tag ${val[1][0]}">${val_lbl}.${val[1][0]}</span>

                            %endif

                          %endif

                      </td>

                      %if actions:

                      <td class="td-action">

                           <a href="${custom_url or h.url('admin_permissions_global')}">${_('edit')}</a>

                      </td>

                      %endif

                    </tr>

                  </%def>

                 ${glob(_('Super admin'), get_section_perms('hg.admin', permissions[section]))}

                 ${glob(_('Repository default permission'), get_section_perms('repository.', permissions[section]), 'repository', h.url('admin_permissions_object'))}

                 ${glob(_('Repository group default permission'), get_section_perms('group.', permissions[section]), 'group', h.url('admin_permissions_object'))}

                 ${glob(_('User group default permission'), get_section_perms('usergroup.', permissions[section]), 'usergroup', h.url('admin_permissions_object'))}

                 ${glob(_('Create repositories'), get_section_perms('hg.create.', permissions[section]), custom_url=h.url('admin_permissions_global'))}

                 ${glob(_('Fork repositories'), get_section_perms('hg.fork.', permissions[section]), custom_url=h.url('admin_permissions_global'))}

                 ${glob(_('Create repository groups'), get_section_perms('hg.repogroup.create.', permissions[section]), custom_url=h.url('admin_permissions_global'))}

                 ${glob(_('Create user groups'), get_section_perms('hg.usergroup.create.', permissions[section]), custom_url=h.url('admin_permissions_global'))}

                 </tbody>

                %else:

                 ## none/read/write/admin permissions on groups/repos etc

                  <thead>

                      <tr>

                      <th>${_('Name')}</th>

                      <th>${_('Permission')}</th>

                      %if actions:

                      <th>${_('Edit Permission')}</th>

                      %endif

                  </thead>

                  <tbody class="section_${section}">

                  <%

                      def sorter(permissions):

                          def custom_sorter(item):

                             ## read/write/admin

                             section = item[1].split('.')[-1]

                             section_importance = {'none': u'0',

                                                   'read': u'1',

                                                   'write':u'2',

                                                   'admin':u'3'}.get(section)

                             ## sort by group importance+name

                             return section_importance+item[0]

                          return sorted(permissions, key=custom_sorter)

                  %>

                  %for k, section_perm in sorter(permissions[section].items()):

                      %if section_perm.split('.')[-1] != 'none' or show_all:

                      <tr class="perm_row ${'%s_%s' % (section, section_perm.split('.')[-1])}">

                          <td class="td-componentname">

                              %if section == 'repositories':

                                  <a href="${h.url('summary_home',repo_name=k)}">${k}</a>

                              %elif section == 'repositories_groups':

                                  <a href="${h.url('repo_group_home',group_name=k)}">${k}</a>

                              %elif section == 'user_groups':

                                  ##<a href="${h.url('edit_users_group',user_group_id=k)}">${k}</a>

                                  ${k}

                              %endif

                          </td>

                          <td class="td-tags">

                            %if hasattr(permissions[section], 'perm_origin_stack'):

                               %for i, (perm, origin) in enumerate(reversed(permissions[section].perm_origin_stack[k])):

                               <span class="${i > 0 and 'perm_overriden' or ''} perm_tag ${perm.split('.')[-1]}">

                                ${perm} (${origin})

                              </span>

                               %endfor

                            %else:

                               <span class="perm_tag ${section_perm.split('.')[-1]}">${section_perm}</span>

                            %endif

                          </td>

                          %if actions:

                          <td class="td-action">

                              %if section == 'repositories':

                                  <a href="${h.url('edit_repo_perms',repo_name=k,anchor='permissions_manage')}">${_('edit')}</a>

                              %elif section == 'repositories_groups':

                                  <a href="${h.url('edit_repo_group_perms',group_name=k,anchor='permissions_manage')}">${_('edit')}</a>

                              %elif section == 'user_groups':

                                  ##<a href="${h.url('edit_users_group',user_group_id=k)}">${_('edit')}</a>

                              %endif

                          </td>

                          %endif

                      </tr>

                      %endif

                  %endfor

                  <tr id="empty_${section}" class="noborder" style="display:none;">

                    <td colspan="6">${_('No permission defined')}</td>

                  </tr>

                  </tbody>

                %endif

               </table>

              </div>

              %endif

            </div>

          </div>

        </div>

        %endfor

      </div>

      <script>

          $(document).ready(function(){

              var show_empty = function(section){

                  var visible = $('.section_{0} tr.perm_row:visible'.format(section)).length;

                  if(visible == 0){

                      $('#empty_{0}'.format(section)).show();

                  }

                  else{

                      $('#empty_{0}'.format(section)).hide();

                  }

              };

              $('.perm_filter').on('change', function(e){

                  var self = this;

                  var section = $(this).attr('section');

                  var opts = {};

                  var elems = $('.filter_' + section).each(function(el){

                      var perm_type = $(this).attr('perm_type');

                      var checked = this.checked;

                      opts[perm_type] = checked;

                      if(checked){

                          $('.'+section+'_'+perm_type).show();

                      }

                      else{

                          $('.'+section+'_'+perm_type).hide();

                      }

                  });

                  show_empty(section);

              })

          })

      </script>

      </%def>

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				## snippet for displaying permissions overview for users
				## usage:
				## <%namespace name="p" file="/base/perms_summary.html"/>
				## ${p.perms_summary(c.perm_user.permissions)}

				<%def name="perms_summary(permissions, show_all=False, actions=True)">
				<div id="perms" class="table fields">
				%for section in sorted(permissions.keys()):
				<div class="panel panel-default">
				<div class="panel-heading">
				<h3 class="panel-title">${section.replace("_"," ").capitalize()}</h3>
				</div>
				<div class="panel-body">
				<div class="perms_section_head field">
				<div class="radios">
				%if section != 'global':
				<span class="permissions_boxes">
				<span class="desc">${_('show')}: </span>
				${h.checkbox('perms_filter_none_%s' % section, 'none', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='none')} <label for="${'perms_filter_none_%s' % section}"><span class="perm_tag none">${_('none')}</span></label>
				${h.checkbox('perms_filter_read_%s' % section, 'read', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='read')} <label for="${'perms_filter_read_%s' % section}"><span class="perm_tag read">${_('read')}</span></label>
				${h.checkbox('perms_filter_write_%s' % section, 'write', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='write')} <label for="${'perms_filter_write_%s' % section}"> <span class="perm_tag write">${_('write')}</span></label>
				${h.checkbox('perms_filter_admin_%s' % section, 'admin', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='admin')} <label for="${'perms_filter_admin_%s' % section}"><span class="perm_tag admin">${_('admin')}</span></label>
				</span>
				%endif
				</div>
				</div>
				<div class="field">
				%if not permissions[section]:
				<p class="empty_data help-block">${_('No permissions defined')}</p>
				%else:
				<div id='tbl_list_wrap_${section}'>
				<table id="tbl_list_${section}" class="rctable">
				## global permission box
				%if section == 'global':
				<thead>
				<tr>
				<th colspan="2" class="left">${_('Permission')}</th>
				%if actions:
				<th>${_('Edit Permission')}</th>
				%endif
				</thead>
				<tbody>

				<%
				def get_section_perms(prefix, opts):
				_selected = []
				for op in opts:
				if op.startswith(prefix) and not op.startswith('hg.create.write_on_repogroup'):
				_selected.append(op)
				admin = 'hg.admin' in opts
				_selected_vals = [x.partition(prefix)[-1] for x in _selected]
				return admin, _selected_vals, _selected
				%>
				<%def name="glob(lbl, val, val_lbl=None, custom_url=None)">
				<tr>
				<td class="td-tags">
				${lbl}
				</td>
				<td class="td-tags">
				%if val[0]:
				%if not val_lbl:
				${h.bool2icon(True)}
				%else:
				<span class="perm_tag admin">${val_lbl}.admin</span>
				%endif
				%else:
				%if not val_lbl:
				${h.bool2icon({'false': False,
				'true': True,
				'none': False,
				'repository': True}.get(val[1][0] if 0 < len(val[1]) else 'false'))}
				%else:
				<span class="perm_tag ${val[1][0]}">${val_lbl}.${val[1][0]}</span>
				%endif
				%endif
				</td>
				%if actions:
				<td class="td-action">
				<a href="${custom_url or h.url('admin_permissions_global')}">${_('edit')}</a>
				</td>
				%endif
				</tr>
				</%def>

				${glob(_('Super admin'), get_section_perms('hg.admin', permissions[section]))}

				${glob(_('Repository default permission'), get_section_perms('repository.', permissions[section]), 'repository', h.url('admin_permissions_object'))}
				${glob(_('Repository group default permission'), get_section_perms('group.', permissions[section]), 'group', h.url('admin_permissions_object'))}
				${glob(_('User group default permission'), get_section_perms('usergroup.', permissions[section]), 'usergroup', h.url('admin_permissions_object'))}

				${glob(_('Create repositories'), get_section_perms('hg.create.', permissions[section]), custom_url=h.url('admin_permissions_global'))}
				${glob(_('Fork repositories'), get_section_perms('hg.fork.', permissions[section]), custom_url=h.url('admin_permissions_global'))}
				${glob(_('Create repository groups'), get_section_perms('hg.repogroup.create.', permissions[section]), custom_url=h.url('admin_permissions_global'))}
				${glob(_('Create user groups'), get_section_perms('hg.usergroup.create.', permissions[section]), custom_url=h.url('admin_permissions_global'))}


				</tbody>
				%else:
				## none/read/write/admin permissions on groups/repos etc
				<thead>
				<tr>
				<th>${_('Name')}</th>
				<th>${_('Permission')}</th>
				%if actions:
				<th>${_('Edit Permission')}</th>
				%endif
				</thead>
				<tbody class="section_${section}">
				<%
				def sorter(permissions):
				def custom_sorter(item):
				## read/write/admin
				section = item[1].split('.')[-1]
				section_importance = {'none': u'0',
				'read': u'1',
				'write':u'2',
				'admin':u'3'}.get(section)
				## sort by group importance+name
				return section_importance+item[0]
				return sorted(permissions, key=custom_sorter)
				%>
				%for k, section_perm in sorter(permissions[section].items()):
				%if section_perm.split('.')[-1] != 'none' or show_all:
				<tr class="perm_row ${'%s_%s' % (section, section_perm.split('.')[-1])}">
				<td class="td-componentname">
				%if section == 'repositories':
				<a href="${h.url('summary_home',repo_name=k)}">${k}</a>
				%elif section == 'repositories_groups':
				<a href="${h.url('repo_group_home',group_name=k)}">${k}</a>
				%elif section == 'user_groups':
				##<a href="${h.url('edit_users_group',user_group_id=k)}">${k}</a>
				${k}
				%endif
				</td>
				<td class="td-tags">
				%if hasattr(permissions[section], 'perm_origin_stack'):
				%for i, (perm, origin) in enumerate(reversed(permissions[section].perm_origin_stack[k])):
				<span class="${i > 0 and 'perm_overriden' or ''} perm_tag ${perm.split('.')[-1]}">
				${perm} (${origin})
				</span>
				%endfor
				%else:
				<span class="perm_tag ${section_perm.split('.')[-1]}">${section_perm}</span>
				%endif
				</td>
				%if actions:
				<td class="td-action">
				%if section == 'repositories':
				<a href="${h.url('edit_repo_perms',repo_name=k,anchor='permissions_manage')}">${_('edit')}</a>
				%elif section == 'repositories_groups':
				<a href="${h.url('edit_repo_group_perms',group_name=k,anchor='permissions_manage')}">${_('edit')}</a>
				%elif section == 'user_groups':
				##<a href="${h.url('edit_users_group',user_group_id=k)}">${_('edit')}</a>
				%endif
				</td>
				%endif
				</tr>
				%endif
				%endfor

				<tr id="empty_${section}" class="noborder" style="display:none;">
				<td colspan="6">${_('No permission defined')}</td>
				</tr>

				</tbody>
				%endif
				</table>
				</div>
				%endif
				</div>
				</div>
				</div>
				%endfor
				</div>

				<script>
				$(document).ready(function(){
				var show_empty = function(section){
				var visible = $('.section_{0} tr.perm_row:visible'.format(section)).length;
				if(visible == 0){
				$('#empty_{0}'.format(section)).show();
				}
				else{
				$('#empty_{0}'.format(section)).hide();
				}
				};
				$('.perm_filter').on('change', function(e){
				var self = this;
				var section = $(this).attr('section');

				var opts = {};
				var elems = $('.filter_' + section).each(function(el){
				var perm_type = $(this).attr('perm_type');
				var checked = this.checked;
				opts[perm_type] = checked;
				if(checked){
				$('.'+section+'_'+perm_type).show();
				}
				else{
				$('.'+section+'_'+perm_type).hide();
				}
				});
				show_empty(section);
				})
				})
				</script>
				</%def>