##// END OF EJS Templates
user-group-admin: use a proper auth filter....
user-group-admin: use a proper auth filter. - we now use an full sql based perm check based on an earlier fetch of allowed IDS - fixes problem with sql limit/filter and later filterint that by auth. - can be optimized later

File last commit:

r1943:089c11e9 default
r1986:64b52a82 default
Show More
permissions_auth_token_access.mako
61 lines | 1.6 KiB | application/x-mako | MakoHtmlLexer
/ rhodecode / templates / admin / permissions / permissions_auth_token_access.mako
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">${_('View whitelist')}</h3>
</div>
<div class="panel-body">
<div class="">
<p class="pr-description">
View white list defines a set of views that can be accessed using auth token without the need to login.
Adding ?auth_token = SECRET_TOKEN to the url authenticates this request as if it
came from the the logged in user who owns this authentication token.
E.g. adding `RepoFilesView.repo_file_raw` allows to access a raw diff using such url:
http[s]://server.com/{repo_name}/raw/{commit_id}/{file_path}?auth_token=SECRET_TOKEN
White list can be defined inside `${c.whitelist_file}` under `${c.whitelist_key}=` setting
Currently under this settings following views are set:
</p>
<pre>
% for entry in c.whitelist_views:
${entry}
% endfor
</pre>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">${_('List of views available for usage in whitelist access')}</h3>
</div>
<div class="panel-body">
<div class="">
<table class="rctable ip-whitelist">
<tr>
<th>Active</th>
<th>View FQN</th>
<th>URL pattern</th>
</tr>
% for route_name, view_fqn, view_url, active in c.view_data:
<tr>
<td class="td-x">${h.bool2icon(active)}</td>
<td class="td-x">${view_fqn}</td>
<td class="td-x" title="${route_name}">${view_url}</td>
</tr>
% endfor
</table>
</div>
</div>
</div>