Mercurial > kallithea
changeset 8991:2e1059de6751 stable
repo groups: make it possible to remove own explicit permissions, now when group owners always have admin permissions
Until recently, group owners very given explicit admin permissions on repo
group, and special care was taken to make sure they didn't remove themselves.
Now we always give admin permissions to owners, and don't care about the
explicit permissions. We no longer add them when creating groups or changing
owner. There is no migration step to remove redundant permissions, but we
should allow group admins to remove them. This change will thus remove the
mechanism for preventing removal of own/owner permissions.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Tue, 09 May 2023 17:42:44 +0200 |
parents | 1aa109aea143 |
children | 7a6736f3ef65 |
files | kallithea/controllers/admin/repo_groups.py kallithea/templates/admin/repo_groups/repo_group_edit_perms.html |
diffstat | 2 files changed, 0 insertions(+), 30 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/admin/repo_groups.py Sun May 07 18:20:50 2023 +0200 +++ b/kallithea/controllers/admin/repo_groups.py Tue May 09 17:42:44 2023 +0200 @@ -90,13 +90,6 @@ return data - def _revoke_perms_on_yourself(self, form_result): - _up = [u for u in form_result['perms_updates'] if request.authuser.username == u[0]] - _new = [u for u in form_result['perms_new'] if request.authuser.username == u[0]] - if _new and _new[0][1] != 'group.admin' or _up and _up[0][1] != 'group.admin': - return True - return False - def index(self, format='html'): _list = db.RepoGroup.query(sorted=True).all() group_iter = RepoGroupList(_list, perm_level='admin') @@ -349,11 +342,6 @@ c.repo_group = db.RepoGroup.guess_instance(group_name) valid_recursive_choices = ['none', 'repos', 'groups', 'all'] form_result = RepoGroupPermsForm(valid_recursive_choices)().to_python(request.POST) - if not request.authuser.is_admin: - if self._revoke_perms_on_yourself(form_result): - msg = _('Cannot revoke permission for yourself as admin') - webutils.flash(msg, category='warning') - raise HTTPFound(location=url('edit_repo_group_perms', group_name=group_name)) recursive = form_result['recursive'] # iterate over all members(if in recursive mode) of this groups and # set the permissions ! @@ -379,11 +367,6 @@ elif obj_type == 'user_group': obj_id = safe_int(request.POST.get('user_group_id')) - if not request.authuser.is_admin: - if obj_type == 'user' and request.authuser.user_id == obj_id: - msg = _('Cannot revoke permission for yourself as admin') - webutils.flash(msg, category='warning') - raise Exception('revoke admin permission on self') recursive = request.POST.get('recursive', 'none') if obj_type == 'user': RepoGroupModel().delete_permission(repo_group=group_name,
--- a/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html Sun May 07 18:20:50 2023 +0200 +++ b/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html Tue May 09 17:42:44 2023 +0200 @@ -12,9 +12,7 @@ </tr> ## USERS %for r2p in c.repo_group.repo_group_to_perm: - ##forbid revoking permission from yourself, except if you're an super admin <tr id="id${id(r2p.user.username)}"> - %if request.authuser.user_id != r2p.user.user_id or request.authuser.is_admin: <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none')}</td> <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read')}</td> <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write')}</td> @@ -34,17 +32,6 @@ </button> %endif </td> - %else: - <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none', disabled="disabled")}</td> - <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read', disabled="disabled")}</td> - <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write', disabled="disabled")}</td> - <td>${h.radio('u_perm_%s' % r2p.user.username,'group.admin', disabled="disabled")}</td> - <td> - ${h.gravatar(r2p.user.email, cls="perm-gravatar", size=14)} - ${r2p.user.username if r2p.user.username != 'default' else _('Default')} - </td> - <td><i class="icon-user"></i>${_('Admin')}</td> - %endif </tr> %endfor