upstream/kallithea Commit - r3736:87e6960e

Iteration on default permissions...

marcink -

r3736:87e6960e beta

parent child

rhodecode/templates/base/default_perms_box.html

0 created 644 +86 0

@@ -0,0 +1,86 b''
	1	## snippet for displaying default permission box
	2	## usage:
	3	## <%namespace name="dpb" file="/base/default_perms_box.html"/>
	4	## ${dpb.default_perms_box(<url_to_form>)}
	5
	6
	7	<%def name="default_perms_box(form_url)">
	8	${h.form(form_url, method='put')}
	9	<div class="form">
	10	<!-- fields -->
	11	<div class="fields">
	12	<div class="field">
	13	<div class="checkboxes">
	14	<label for="inherit_default_permissions">${_('Inherit default permissions')}:</label>
	15	${h.checkbox('inherit_default_permissions',value=True)}
	16	</div>
	17	<span class="help-block">
	18	${h.literal(_('Select to inherit permissions from %s settings. '
	19	'With this selected below options does not apply.')
	20	% h.link_to('default', url('edit_permission', id='default')))}
	21	</span>
	22	</div>
	23	<div id="inherit_overlay">
	24	<div class="field">
	25	<div class="checkboxes">
	26	<label for="create_repo_perm">${_('Create repositories')}:</label>
	27	${h.checkbox('create_repo_perm',value=True)}
	28	</div>
	29	<span class="help-block">
	30	${h.literal(_('Select this option to allow repository creation for this user'))}
	31	</span>
	32	</div>
	33	<div class="field">
	34	<div class="checkboxes">
	35	<label for="create_user_group_perm">${_('Create user groups')}:</label>
	36	${h.checkbox('create_user_group_perm',value=True)}
	37	</div>
	38	<span class="help-block">
	39	${h.literal(_('Select this option to allow user group creation for this user'))}
	40	</span>
	41	</div>
	42	<div class="field">
	43	<div class="checkboxes">
	44	<label for="fork_repo_perm">${_('Fork repositories')}:</label>
	45	${h.checkbox('fork_repo_perm',value=True)}
	46	</div>
	47	<span class="help-block">
	48	${h.literal(_('Select this option to allow repository forking for this user'))}
	49	</span>
	50	</div>
	51	</div>
	52	<div class="buttons">
	53	${h.submit('save',_('Save'),class_="ui-btn large")}
	54	${h.reset('reset',_('Reset'),class_="ui-btn large")}
	55	</div>
	56	</div>
	57	</div>
	58	${h.end_form()}
	59
	60	## JS
	61	<script>
	62	YUE.onDOMReady(function(e){
	63
	64	var show_custom_perms = function(inherit_default){
	65	if(inherit_default){
	66	YUD.setStyle('inherit_overlay', 'display', 'none');
	67	}
	68	else{
	69	YUD.setStyle('inherit_overlay', 'display', '');
	70	}
	71	}
	72
	73	var defaults = YUD.get('inherit_default_permissions').checked;
	74	show_custom_perms(defaults);
	75	YUE.on('inherit_default_permissions', 'change', function(e){
	76	if(YUD.get('inherit_default_permissions').checked){
	77	show_custom_perms(true);
	78	}
	79	else{
	80	show_custom_perms(false);
	81	}
	82	})
	83	})
	84	</script>
	85
	86	</%def>

rhodecode/controllers/admin/users.py

0 +31 -33

@@ -41,8 +41,8 b' from rhodecode.lib.auth import LoginRequ'
41	AuthUser	41	AuthUser
42	from rhodecode.lib.base import BaseController, render	42	from rhodecode.lib.base import BaseController, render
43		43
44	from rhodecode.model.db import User, UserEmailMap, UserIpMap	44	from rhodecode.model.db import User, UserEmailMap, UserIpMap, UserToPerm
45	from rhodecode.model.forms import UserForm	45	from rhodecode.model.forms import UserForm, CustomDefaultPermissionsForm
46	from rhodecode.model.user import UserModel	46	from rhodecode.model.user import UserModel
47	from rhodecode.model.meta import Session	47	from rhodecode.model.meta import Session
48	from rhodecode.lib.utils import action_logger	48	from rhodecode.lib.utils import action_logger
@@ -240,12 +240,13 b' class UsersController(BaseController):'
240	.filter(UserEmailMap.user == c.user).all()	240	.filter(UserEmailMap.user == c.user).all()
241	c.user_ip_map = UserIpMap.query()\	241	c.user_ip_map = UserIpMap.query()\
242	.filter(UserIpMap.user == c.user).all()	242	.filter(UserIpMap.user == c.user).all()
243	u~~ser_~~model = UserModel()	243	umodel = UserModel()
244	c.ldap_dn = c.user.ldap_dn	244	c.ldap_dn = c.user.ldap_dn
245	defaults = c.user.get_dict()	245	defaults = c.user.get_dict()
246	defaults.update({	246	defaults.update({
247	'create_repo_perm': u~~ser_~~model.has_perm(id, 'hg.create.repository'),	247	'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),
248	'~~fork_repo~~_perm': u~~ser_~~model.has_perm(id, 'hg.~~fork.repository~~'),	248	'create_user_group_perm': umodel.has_perm(c.user, 'hg.usergroup.create.true'),
		249	'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),
249	})	250	})
250		251
251	return htmlfill.render(	252	return htmlfill.render(
@@ -258,39 +259,36 b' class UsersController(BaseController):'
258	def update_perm(self, id):	259	def update_perm(self, id):
259	"""PUT /users_perm/id: Update an existing item"""	260	"""PUT /users_perm/id: Update an existing item"""
260	# url('user_perm', id=ID, method='put')	261	# url('user_perm', id=ID, method='put')
261	usr = User.get_or_404(id)	262	user = User.get_or_404(id)
262	grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
263	grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
264	inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))
265
266	user_model = UserModel()
267		263
268	try:	264	try:
269	~~usr~~.~~inherit_default_permissions~~ = ~~inherit_perms~~	265	form = CustomDefaultPermissionsForm()()
270	Session().add(usr)	266	form_result = form.to_python(request.POST)
		267
		268	inherit_perms = form_result['inherit_default_permissions']
		269	user.inherit_default_permissions = inherit_perms
		270	Session().add(user)
		271	user_model = UserModel()
271		272
272	if grant_create_perm:	273	defs = UserToPerm.query()\
273	user_model.revoke_perm(usr, 'hg.create.none')	274	.filter(UserToPerm.user == user)\
274	user_model.grant_perm(usr, 'hg.create.repository')	275	.all()
275	h.flash(_("Granted 'repository create' permission to user"),	276	for ug in defs:
276	category='success')	277	Session().delete(ug)
		278
		279	if form_result['create_repo_perm']:
		280	user_model.grant_perm(id, 'hg.create.repository')
277	else:	281	else:
278	user_model.~~revoke~~_perm(~~usr~~, 'hg.create.~~repository~~')	282	user_model.grant_perm(id, 'hg.create.none')
279	user_model.grant_perm(usr, 'hg.create.none')	283	if form_result['create_user_group_perm']:
280	h.flash(_("Revoked 'repository create' permission to user"),	284	user_model.grant_perm(id, 'hg.usergroup.create.true')
281	category='success')
282
283	if grant_fork_perm:
284	user_model.revoke_perm(usr, 'hg.fork.none')
285	user_model.grant_perm(usr, 'hg.fork.repository')
286	h.flash(_("Granted 'repository fork' permission to user"),
287	category='success')
288	else:	285	else:
289	user_model.~~revoke~~_perm(~~usr~~, 'hg.~~fork.repository~~')	286	user_model.grant_perm(id, 'hg.usergroup.create.false')
290	user_model.grant_perm(usr, 'hg.fork.none')	287	if form_result['fork_repo_perm']:
291	h.flash(_("Revoked 'repository fork' permission to user"),	288	user_model.grant_perm(id, 'hg.fork.repository')
292	category='success')	289	else:
293		290	user_model.grant_perm(id, 'hg.fork.none')
		291	h.flash(_("Updated permissions"), category='success')
294	Session().commit()	292	Session().commit()
295	except Exception:	293	except Exception:
296	log.error(traceback.format_exc())	294	log.error(traceback.format_exc())

rhodecode/controllers/admin/users_groups.py

0 +25 -24

             from rhodecode.model.repo import RepoModel
             from rhodecode.model.db import User, UserGroup, UserGroupToPerm,\
                 UserGroupRepoToPerm, UserGroupRepoGroupToPerm
-            from rhodecode.model.forms import UserGroupForm, UserGroupPermsForm
+            from rhodecode.model.forms import UserGroupForm, UserGroupPermsForm,\
+                CustomDefaultPermissionsForm
             from rhodecode.model.meta import Session
             from rhodecode.lib.utils import action_logger
             from sqlalchemy.orm import joinedload
                     data.update({
                         'create_repo_perm': ug_model.has_perm(user_group,
                                                               'hg.create.repository'),
+                        'create_user_group_perm': ug_model.has_perm(user_group,
+                                                              'hg.usergroup.create.true'),
                         'fork_repo_perm': ug_model.has_perm(user_group,
                                                             'hg.fork.repository'),
                     })
                     # url('users_group_perm', id=ID, method='put')
                     users_group = UserGroup.get_or_404(id)
-                    grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
-                    grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
-                    inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))
-                    usergroup_model = UserGroupModel()
                     try:
+                        form = CustomDefaultPermissionsForm()()
+                        form_result = form.to_python(request.POST)
+                        inherit_perms = form_result['inherit_default_permissions']
                         users_group.inherit_default_permissions = inherit_perms
                         Session().add(users_group)
+                        usergroup_model = UserGroupModel()
-                        if grant_create_perm:
+                        defs = UserGroupToPerm.query()\
-                            usergroup_model.revoke_perm(id, 'hg.create.none')
+                            .filter(UserGroupToPerm.users_group == users_group)\
-                            usergroup_model.grant_perm(id, 'hg.create.repository')
+                            .all()
-                            h.flash(_("Granted 'repository create' permission to user group"),
+                        for ug in defs:
-                                    category='success')
+                            Session().delete(ug)
-                        else:
-                            usergroup_model.revoke_perm(id, 'hg.create.repository')
-                            usergroup_model.grant_perm(id, 'hg.create.none')
-                            h.flash(_("Revoked 'repository create' permission to user group"),
-                                    category='success')
-                        if grant_fork_perm:
+                        if form_result['create_repo_perm']:
-                            usergroup_model.revoke_perm(id, 'hg.fork.none')
+                            usergroup_model.grant_perm(id, 'hg.create.repository')
-                            usergroup_model.grant_perm(id, 'hg.fork.repository')
+                        else:
-                            h.flash(_("Granted 'repository fork' permission to user group"),
+                            usergroup_model.grant_perm(id, 'hg.create.none')
-                                    category='success')
+                        if form_result['create_user_group_perm']:
+                            usergroup_model.grant_perm(id, 'hg.usergroup.create.true')
                         else:
-                            usergroup_model.revoke_perm(id, 'hg.fork.repository')
+                            usergroup_model.grant_perm(id, 'hg.usergroup.create.false')
+                        if form_result['fork_repo_perm']:
+                            usergroup_model.grant_perm(id, 'hg.fork.repository')
+                        else:
                             usergroup_model.grant_perm(id, 'hg.fork.none')
-                            h.flash(_("Revoked 'repository fork' permission to user group"),
-                                    category='success')
+                        h.flash(_("Updated permissions"), category='success')
                         Session().commit()
                     except Exception:
                         log.error(traceback.format_exc())

rhodecode/model/forms.py

0 +15 0

@@ -334,6 +334,21 b' def DefaultPermissionsForm(repo_perms_ch'
334	return _DefaultPermissionsForm	334	return _DefaultPermissionsForm
335		335
336		336
		337	def CustomDefaultPermissionsForm():
		338	class _CustomDefaultPermissionsForm(formencode.Schema):
		339	filter_extra_fields = True
		340	allow_extra_fields = True
		341	inherit_default_permissions = v.StringBoolean(if_missing=False)
		342
		343	create_repo_perm = v.StringBoolean(if_missing=False)
		344	create_user_group_perm = v.StringBoolean(if_missing=False)
		345	#create_repo_group_perm Impl. later
		346
		347	fork_repo_perm = v.StringBoolean(if_missing=False)
		348
		349	return _CustomDefaultPermissionsForm
		350
		351
337	def DefaultsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):	352	def DefaultsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):
338	class _DefaultsForm(formencode.Schema):	353	class _DefaultsForm(formencode.Schema):
339	allow_extra_fields = True	354	allow_extra_fields = True

rhodecode/model/user.py

0 +7 -2

                     # !! OVERRIDE GLOBALS !! with user permissions if any found
                     #======================================================================
                     # those can be configured from groups or users explicitly
-                    _configurable = set(['hg.fork.none', 'hg.fork.repository',
+                    _configurable = set([
-                                         'hg.create.none', 'hg.create.repository'])
+                        'hg.fork.none', 'hg.fork.repository',
+                        'hg.create.none', 'hg.create.repository',
+                        'hg.usergroup.create.false', 'hg.usergroup.create.true'
+                    ])
                     # USER GROUPS comes first
                     # user group global permissions
                         for perm in user_perms:
                             user.permissions[GLOBAL].add(perm.permission.permission_name)
+                    ## END GLOBAL PERMISSIONS
                     #======================================================================
                     # !! PERMISSIONS FOR REPOSITORIES !!

rhodecode/templates/admin/users/user_edit.html

0 +2 -39

@@ -149,45 +149,8 b''
149	<div class="title">	149	<div class="title">
150	<h5>${_('Permissions')}</h5>	150	<h5>${_('Permissions')}</h5>
151	</div>	151	</div>
152	${h.form(url('user_perm', id=c.user.user_id),method='put')}	152	<%namespace name="dpb" file="/base/default_perms_box.html"/>
153	<div class="form">	153	${dpb.default_perms_box(url('user_perm', id=c.user.user_id))}
154	<!-- fields -->
155	<div class="fields">
156	<div class="field">
157	<div class="label label-checkbox">
158	<label for="inherit_permissions">${_('Inherit default permissions')}:</label>
159	</div>
160	<div class="checkboxes">
161	${h.checkbox('inherit_default_permissions',value=True)}
162	</div>
163	<span class="help-block">${h.literal(_('Select to inherit permissions from %s settings. '
164	'With this selected below options does not have any action') % h.link_to('default', url('edit_permission', id='default')))}</span>
165	</div>
166	<div id="inherit_overlay" style="${'opacity:0.3' if c.user.inherit_default_permissions else ''}" >
167	<div class="field">
168	<div class="label label-checkbox">
169	<label for="create_repo_perm">${_('Create repositories')}:</label>
170	</div>
171	<div class="checkboxes">
172	${h.checkbox('create_repo_perm',value=True)}
173	</div>
174	</div>
175	<div class="field">
176	<div class="label label-checkbox">
177	<label for="fork_repo_perm">${_('Fork repositories')}:</label>
178	</div>
179	<div class="checkboxes">
180	${h.checkbox('fork_repo_perm',value=True)}
181	</div>
182	</div>
183	</div>
184	<div class="buttons">
185	${h.submit('save',_('Save'),class_="ui-btn large")}
186	${h.reset('reset',_('Reset'),class_="ui-btn large")}
187	</div>
188	</div>
189	</div>
190	${h.end_form()}
191		154
192	## permissions overview	155	## permissions overview
193	<%namespace name="p" file="/base/perms_summary.html"/>	156	<%namespace name="p" file="/base/perms_summary.html"/>

rhodecode/templates/admin/users_groups/users_group_edit.html

0 +8 -46

@@ -111,6 +111,14 b''
111	</div>	111	</div>
112	</div>	112	</div>
113		113
		114	<div class="box box-right">
		115	<!-- box / title -->
		116	<div class="title">
		117	<h5>${_('Global Permissions')}</h5>
		118	</div>
		119	<%namespace name="dpb" file="/base/default_perms_box.html"/>
		120	${dpb.default_perms_box(url('users_group_perm', id=c.users_group.users_group_id))}
		121	</div>
114		122
115	<div class="box box-right">	123	<div class="box box-right">
116	<div class="title">	124	<div class="title">
@@ -136,52 +144,6 b''
136	${h.end_form()}	144	${h.end_form()}
137	</div>	145	</div>
138		146
139	<div class="box box-right">
140	<!-- box / title -->
141	<div class="title">
142	<h5>${_('Global Permissions')}</h5>
143	</div>
144	${h.form(url('users_group_perm', id=c.users_group.users_group_id), method='put')}
145	<div class="form">
146	<!-- fields -->
147	<div class="fields">
148	<div class="field">
149	<div class="label label-checkbox">
150	<label for="inherit_permissions">${_('Inherit default permissions')}:</label>
151	</div>
152	<div class="checkboxes">
153	${h.checkbox('inherit_default_permissions',value=True)}
154	</div>
155	<span class="help-block">${h.literal(_('Select to inherit permissions from %s settings. '
156	'With this selected below options does not have any action') % h.link_to('default', url('edit_permission', id='default')))}</span>
157	</div>
158	<div id="inherit_overlay" style="${'opacity:0.3' if c.users_group.inherit_default_permissions else ''}" >
159	<div class="field">
160	<div class="label label-checkbox">
161	<label for="create_repo_perm">${_('Create repositories')}:</label>
162	</div>
163	<div class="checkboxes">
164	${h.checkbox('create_repo_perm',value=True)}
165	</div>
166	</div>
167	<div class="field">
168	<div class="label label-checkbox">
169	<label for="fork_repo_perm">${_('Fork repositories')}:</label>
170	</div>
171	<div class="checkboxes">
172	${h.checkbox('fork_repo_perm',value=True)}
173	</div>
174	</div>
175	</div>
176	<div class="buttons">
177	${h.submit('save',_('Save'),class_="ui-btn large")}
178	${h.reset('reset',_('Reset'),class_="ui-btn large")}
179	</div>
180	</div>
181	</div>
182	${h.end_form()}
183	</div>
184
185	<script type="text/javascript">	147	<script type="text/javascript">
186	MultiSelectWidget('users_group_members','available_members','edit_users_group');	148	MultiSelectWidget('users_group_members','available_members','edit_users_group');
187	</script>	149	</script>

rhodecode/templates/base/perms_summary.html

0 +4 -1

             ## snippet for displaying permissions overview for users
+            ## usage:
+            ##    <%namespace name="p" file="/base/perms_summary.html"/>
+            ##    ${p.perms_summary(c.perm_user.permissions)}
             <%def name="perms_summary(permissions)">
             <div id="perms" class="table">
                               <th class="left">${_('Edit Permission')}</th>
                           </thead>
                           <tbody>
-                          %for k in sorted(permissions[section], key=lambda s: s.lower()):
+                          %for k in permissions[section]:
                               <tr>
                                   <td colspan="2">
                                       ${h.get_permission_name(k)}

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages