diff --git a/pylons_app/config/routing.py b/pylons_app/config/routing.py --- a/pylons_app/config/routing.py +++ b/pylons_app/config/routing.py @@ -4,6 +4,7 @@ The more specific and detailed routes sh may take precedent over the more generic routes. For more information refer to the routes manual at http://routes.groovie.org/docs/ """ +from __future__ import with_statement from routes import Mapper from pylons_app.lib.utils import check_repo_fast as cr @@ -31,7 +32,7 @@ def make_map(config): repo_name = match_dict.get('repo_name') return not cr(repo_name, config['base_path']) - #REST routes + #REST REPO MAP with map.submapper(path_prefix='/_admin', controller='admin/repos') as m: m.connect("repos", "/repos", action="create", conditions=dict(method=["POST"])) @@ -69,7 +70,36 @@ def make_map(config): map.resource('user', 'users', controller='admin/users', path_prefix='/_admin') map.resource('permission', 'permissions', controller='admin/permissions', path_prefix='/_admin') - map.resource('setting', 'settings', controller='admin/settings', path_prefix='/_admin', name_prefix='admin_') + + #map.resource('setting', 'settings', controller='admin/settings', path_prefix='/_admin', name_prefix='admin_') + #REST SETTINGS MAP + with map.submapper(path_prefix='/_admin', controller='admin/settings') as m: + m.connect("admin_settings", "/settings", + action="create", conditions=dict(method=["POST"])) + m.connect("admin_settings", "/settings", + action="index", conditions=dict(method=["GET"])) + m.connect("admin_formatted_settings", "/settings.{format}", + action="index", conditions=dict(method=["GET"])) + m.connect("admin_new_setting", "/settings/new", + action="new", conditions=dict(method=["GET"])) + m.connect("admin_formatted_new_setting", "/settings/new.{format}", + action="new", conditions=dict(method=["GET"])) + m.connect("/settings/{setting_id}", + action="update", conditions=dict(method=["PUT"])) + m.connect("/settings/{setting_id}", + action="delete", conditions=dict(method=["DELETE"])) + m.connect("admin_edit_setting", "/settings/{setting_id}/edit", + action="edit", conditions=dict(method=["GET"])) + m.connect("admin_formatted_edit_setting", "/settings/{setting_id}.{format}/edit", + action="edit", conditions=dict(method=["GET"])) + m.connect("admin_setting", "/settings/{setting_id}", + action="show", conditions=dict(method=["GET"])) + m.connect("admin_formatted_setting", "/settings/{setting_id}.{format}", + action="show", conditions=dict(method=["GET"])) + m.connect("admin_settings_my_account", "/my_account", + action="my_account", conditions=dict(method=["GET"])) + m.connect("admin_settings_my_account_update", "/my_account_update", + action="my_account_update", conditions=dict(method=["PUT"])) #ADMIN with map.submapper(path_prefix='/_admin', controller='admin/admin') as m: diff --git a/pylons_app/controllers/admin/repos.py b/pylons_app/controllers/admin/repos.py --- a/pylons_app/controllers/admin/repos.py +++ b/pylons_app/controllers/admin/repos.py @@ -2,6 +2,7 @@ # encoding: utf-8 # repos controller for pylons # Copyright (C) 2009-2010 Marcin Kuzminski +# # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; version 2 diff --git a/pylons_app/controllers/admin/settings.py b/pylons_app/controllers/admin/settings.py --- a/pylons_app/controllers/admin/settings.py +++ b/pylons_app/controllers/admin/settings.py @@ -52,12 +52,13 @@ class SettingsController(BaseController) @LoginRequired() - #@HasPermissionAllDecorator('hg.admin') def __before__(self): c.admin_user = session.get('admin_user') c.admin_username = session.get('admin_username') super(SettingsController, self).__before__() - + + + @HasPermissionAllDecorator('hg.admin') def index(self, format='html'): """GET /admin/settings: All items in the collection""" # url('admin_settings') @@ -71,23 +72,26 @@ class SettingsController(BaseController) force_defaults=False ) + @HasPermissionAllDecorator('hg.admin') def create(self): """POST /admin/settings: Create a new item""" # url('admin_settings') - + + @HasPermissionAllDecorator('hg.admin') def new(self, format='html'): """GET /admin/settings/new: Form to create a new item""" # url('admin_new_setting') - - def update(self, id): - """PUT /admin/settings/id: Update an existing item""" + + @HasPermissionAllDecorator('hg.admin') + def update(self, setting_id): + """PUT /admin/settings/setting_id: Update an existing item""" # Forms posted to this method should contain a hidden field: # # Or using helpers: - # h.form(url('admin_setting', id=ID), + # h.form(url('admin_setting', setting_id=ID), # method='put') - # url('admin_setting', id=ID) - if id == 'mapping': + # url('admin_setting', setting_id=ID) + if setting_id == 'mapping': rm_obsolete = request.POST.get('destroy', False) log.debug('Rescanning directories with destroy=%s', rm_obsolete) @@ -96,7 +100,7 @@ class SettingsController(BaseController) invalidate_cache('cached_repo_list') h.flash(_('Repositories sucessfully rescanned'), category='success') - if id == 'global': + if setting_id == 'global': application_form = ApplicationSettingsForm()() try: @@ -132,20 +136,77 @@ class SettingsController(BaseController) encoding="UTF-8") return redirect(url('admin_settings')) - - def delete(self, id): - """DELETE /admin/settings/id: Delete an existing item""" + + @HasPermissionAllDecorator('hg.admin') + def delete(self, setting_id): + """DELETE /admin/settings/setting_id: Delete an existing item""" # Forms posted to this method should contain a hidden field: # # Or using helpers: - # h.form(url('admin_setting', id=ID), + # h.form(url('admin_setting', setting_id=ID), # method='delete') - # url('admin_setting', id=ID) + # url('admin_setting', setting_id=ID) + + @HasPermissionAllDecorator('hg.admin') + def show(self, setting_id, format='html'): + """GET /admin/settings/setting_id: Show a specific item""" + # url('admin_setting', setting_id=ID) + + @HasPermissionAllDecorator('hg.admin') + def edit(self, setting_id, format='html'): + """GET /admin/settings/setting_id/edit: Form to edit an existing item""" + # url('admin_edit_setting', setting_id=ID) + + + def my_account(self): + """ + GET /_admin/my_account Displays info about my account + """ + # url('admin_settings_my_account') + c.user = self.sa.query(User).get(c.hg_app_user.user_id) + if c.user.username == 'default': + h.flash(_("You can't edit this user since it's" + " crucial for entire application"), category='warning') + return redirect(url('users')) + + defaults = c.user.__dict__ + return htmlfill.render( + render('admin/users/user_edit_my_account.html'), + defaults=defaults, + encoding="UTF-8", + force_defaults=False + ) - def show(self, id, format='html'): - """GET /admin/settings/id: Show a specific item""" - # url('admin_setting', id=ID) + def my_account_update(self): + """PUT /_admin/my_account_update: Update an existing item""" + # Forms posted to this method should contain a hidden field: + # + # Or using helpers: + # h.form(url('admin_settings_my_account_update'), + # method='put') + # url('admin_settings_my_account_update', id=ID) + user_model = UserModel() + uid = c.hg_app_user.user_id + _form = UserForm(edit=True, old_data={'user_id':uid})() + form_result = {} + try: + form_result = _form.to_python(dict(request.POST)) + user_model.update_my_account(uid, form_result) + h.flash(_('Your account was updated succesfully'), category='success') + + except formencode.Invalid as errors: + #c.user = self.sa.query(User).get(c.hg_app_user.user_id) + return htmlfill.render( + render('admin/users/user_edit_my_account.html'), + defaults=errors.value, + errors=errors.error_dict or {}, + prefix_error=False, + encoding="UTF-8") + except Exception: + log.error(traceback.format_exc()) + h.flash(_('error occured during update of user %s') \ + % form_result.get('username'), category='error') + + return redirect(url('my_account')) + - def edit(self, id, format='html'): - """GET /admin/settings/id/edit: Form to edit an existing item""" - # url('admin_edit_setting', id=ID) diff --git a/pylons_app/controllers/admin/users.py b/pylons_app/controllers/admin/users.py --- a/pylons_app/controllers/admin/users.py +++ b/pylons_app/controllers/admin/users.py @@ -17,6 +17,12 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, # MA 02110-1301, USA. +""" +Created on April 4, 2010 +users controller for pylons +@author: marcink +""" + from formencode import htmlfill from pylons import request, session, tmpl_context as c, url from pylons.controllers.util import abort, redirect @@ -30,11 +36,7 @@ from pylons_app.model.user_model import import formencode import logging import traceback -""" -Created on April 4, 2010 -users controller for pylons -@author: marcink -""" + log = logging.getLogger(__name__) diff --git a/pylons_app/lib/auth.py b/pylons_app/lib/auth.py --- a/pylons_app/lib/auth.py +++ b/pylons_app/lib/auth.py @@ -104,7 +104,23 @@ def set_available_permissions(config): def set_base_path(config): config['base_path'] = config['pylons.app_globals'].base_path - + +def fill_data(user): + """ + Fills user data with those from database + @param user: + """ + sa = meta.Session + dbuser = sa.query(User).get(user.user_id) + + user.username = dbuser.username + user.is_admin = dbuser.admin + user.name = dbuser.name + user.lastname = dbuser.lastname + + meta.Session.remove() + return user + def fill_perms(user): """ Fills user permission attribute with permissions taken from database @@ -113,6 +129,7 @@ def fill_perms(user): sa = meta.Session user.permissions['repositories'] = {} + user.permissions['global'] = set() #first fetch default permissions default_perms = sa.query(Repo2Perm, Repository, Permission)\ @@ -122,14 +139,14 @@ def fill_perms(user): 'default').one().user_id).all() if user.is_admin: - user.permissions['global'] = set(['hg.admin']) + user.permissions['global'].add('hg.admin') #admin have all rights full for perm in default_perms: p = 'repository.admin' user.permissions['repositories'][perm.Repo2Perm.repository.repo_name] = p else: - user.permissions['global'] = set() + user.permissions['global'].add('') for perm in default_perms: if perm.Repository.private: #disable defaults for private repos, @@ -164,8 +181,8 @@ def get_user(session): @param session: """ user = session.get('hg_app_user', AuthUser()) - if user.is_authenticated: + user = fill_data(user) user = fill_perms(user) session['hg_app_user'] = user session.save() diff --git a/pylons_app/lib/db_manage.py b/pylons_app/lib/db_manage.py --- a/pylons_app/lib/db_manage.py +++ b/pylons_app/lib/db_manage.py @@ -177,8 +177,9 @@ class DbManage(object): ('repository.read', 'Repository read access'), ('repository.write', 'Repository write access'), ('repository.admin', 'Repository admin access'), + ('repository.create', 'Repository create'), ('hg.admin', 'Hg Administrator'), - ] + ] for p in perms: new_perm = Permission() diff --git a/pylons_app/model/user_model.py b/pylons_app/model/user_model.py --- a/pylons_app/model/user_model.py +++ b/pylons_app/model/user_model.py @@ -68,9 +68,9 @@ class UserModel(object): self.sa.rollback() raise - def update(self, id, form_data): + def update(self, uid, form_data): try: - new_user = self.sa.query(User).get(id) + new_user = self.sa.query(User).get(uid) if new_user.username == 'default': raise DefaultUserException( _("You can't Edit this user since it's" @@ -87,7 +87,28 @@ class UserModel(object): log.error(e) self.sa.rollback() raise - + + def update_my_account(self, uid, form_data): + try: + new_user = self.sa.query(User).get(uid) + if new_user.username == 'default': + raise DefaultUserException( + _("You can't Edit this user since it's" + " crucial for entire application")) + for k, v in form_data.items(): + if k == 'new_password' and v != '': + new_user.password = v + else: + if k not in ['admin', 'active']: + setattr(new_user, k, v) + + self.sa.add(new_user) + self.sa.commit() + except Exception as e: + log.error(e) + self.sa.rollback() + raise + def delete(self, id): try: diff --git a/pylons_app/templates/admin/settings/settings.html b/pylons_app/templates/admin/settings/settings.html --- a/pylons_app/templates/admin/settings/settings.html +++ b/pylons_app/templates/admin/settings/settings.html @@ -23,7 +23,7 @@ - ${h.form(url('admin_setting', id='mapping'),method='put')} + ${h.form(url('admin_setting', setting_id='mapping'),method='put')}

${_('Remap and rescan repositories')}

@@ -49,7 +49,7 @@
${h.end_form()} - ${h.form(url('admin_setting', id='global'),method='put')} + ${h.form(url('admin_setting', setting_id='global'),method='put')}

${_('Global application settings')}

diff --git a/pylons_app/templates/admin/users/user_edit_my_account.html b/pylons_app/templates/admin/users/user_edit_my_account.html new file mode 100644 --- /dev/null +++ b/pylons_app/templates/admin/users/user_edit_my_account.html @@ -0,0 +1,79 @@ +## -*- coding: utf-8 -*- +<%inherit file="/base/base.html"/> + +<%def name="title()"> + ${_('User administration')} + + +<%def name="breadcrumbs_links()"> + ${_('My Account')} + + +<%def name="page_nav()"> + ${self.menu('admin')} + + +<%def name="main()"> +
+ +
+ ${self.breadcrumbs()} +
+ + ${h.form(url('admin_settings_my_account_update'),method='put')} +
+ +
+
+
+ +
+
+ ${h.text('username')} +
+
+ +
+
+ +
+
+ ${h.password('new_password')} +
+
+ +
+
+ +
+
+ ${h.text('name')} +
+
+ +
+
+ +
+
+ ${h.text('lastname')} +
+
+ +
+
+ +
+
+ ${h.text('email')} +
+
+ +
+ ${h.submit('save','save',class_="ui-button ui-widget ui-state-default ui-corner-all")} +
+
+
+ ${h.end_form()} +
+ \ No newline at end of file diff --git a/pylons_app/templates/base/base.html b/pylons_app/templates/base/base.html --- a/pylons_app/templates/base/base.html +++ b/pylons_app/templates/base/base.html @@ -17,7 +17,7 @@ diff --git a/pylons_app/templates/index.html b/pylons_app/templates/index.html --- a/pylons_app/templates/index.html +++ b/pylons_app/templates/index.html @@ -27,6 +27,13 @@
${_('Dashboard')}
+ ##%if h.HasPermissionAll('repository.create')(): + + ##%endif