Mercurial > kallithea
changeset 3736:87e6960e250b beta
Iteration on default permissions
- added user groups default
- organized global permission form, and made it common for
users, and user groups
- form improvements and intructions
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Wed, 10 Apr 2013 23:15:00 +0200 |
parents | 8a40028eaf73 |
children | 46b17730ca32 |
files | rhodecode/controllers/admin/users.py rhodecode/controllers/admin/users_groups.py rhodecode/model/forms.py rhodecode/model/user.py rhodecode/templates/admin/users/user_edit.html rhodecode/templates/admin/users_groups/users_group_edit.html rhodecode/templates/base/default_perms_box.html rhodecode/templates/base/perms_summary.html |
diffstat | 8 files changed, 178 insertions(+), 145 deletions(-) [+] |
line wrap: on
line diff
--- a/rhodecode/controllers/admin/users.py Wed Apr 10 18:03:11 2013 +0200 +++ b/rhodecode/controllers/admin/users.py Wed Apr 10 23:15:00 2013 +0200 @@ -41,8 +41,8 @@ AuthUser from rhodecode.lib.base import BaseController, render -from rhodecode.model.db import User, UserEmailMap, UserIpMap -from rhodecode.model.forms import UserForm +from rhodecode.model.db import User, UserEmailMap, UserIpMap, UserToPerm +from rhodecode.model.forms import UserForm, CustomDefaultPermissionsForm from rhodecode.model.user import UserModel from rhodecode.model.meta import Session from rhodecode.lib.utils import action_logger @@ -240,12 +240,13 @@ .filter(UserEmailMap.user == c.user).all() c.user_ip_map = UserIpMap.query()\ .filter(UserIpMap.user == c.user).all() - user_model = UserModel() + umodel = UserModel() c.ldap_dn = c.user.ldap_dn defaults = c.user.get_dict() defaults.update({ - 'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'), - 'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'), + 'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'), + 'create_user_group_perm': umodel.has_perm(c.user, 'hg.usergroup.create.true'), + 'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'), }) return htmlfill.render( @@ -258,39 +259,36 @@ def update_perm(self, id): """PUT /users_perm/id: Update an existing item""" # url('user_perm', id=ID, method='put') - usr = User.get_or_404(id) - grant_create_perm = str2bool(request.POST.get('create_repo_perm')) - grant_fork_perm = str2bool(request.POST.get('fork_repo_perm')) - inherit_perms = str2bool(request.POST.get('inherit_default_permissions')) - - user_model = UserModel() + user = User.get_or_404(id) try: - usr.inherit_default_permissions = inherit_perms - Session().add(usr) + form = CustomDefaultPermissionsForm()() + form_result = form.to_python(request.POST) + + inherit_perms = form_result['inherit_default_permissions'] + user.inherit_default_permissions = inherit_perms + Session().add(user) + user_model = UserModel() - if grant_create_perm: - user_model.revoke_perm(usr, 'hg.create.none') - user_model.grant_perm(usr, 'hg.create.repository') - h.flash(_("Granted 'repository create' permission to user"), - category='success') + defs = UserToPerm.query()\ + .filter(UserToPerm.user == user)\ + .all() + for ug in defs: + Session().delete(ug) + + if form_result['create_repo_perm']: + user_model.grant_perm(id, 'hg.create.repository') else: - user_model.revoke_perm(usr, 'hg.create.repository') - user_model.grant_perm(usr, 'hg.create.none') - h.flash(_("Revoked 'repository create' permission to user"), - category='success') - - if grant_fork_perm: - user_model.revoke_perm(usr, 'hg.fork.none') - user_model.grant_perm(usr, 'hg.fork.repository') - h.flash(_("Granted 'repository fork' permission to user"), - category='success') + user_model.grant_perm(id, 'hg.create.none') + if form_result['create_user_group_perm']: + user_model.grant_perm(id, 'hg.usergroup.create.true') else: - user_model.revoke_perm(usr, 'hg.fork.repository') - user_model.grant_perm(usr, 'hg.fork.none') - h.flash(_("Revoked 'repository fork' permission to user"), - category='success') - + user_model.grant_perm(id, 'hg.usergroup.create.false') + if form_result['fork_repo_perm']: + user_model.grant_perm(id, 'hg.fork.repository') + else: + user_model.grant_perm(id, 'hg.fork.none') + h.flash(_("Updated permissions"), category='success') Session().commit() except Exception: log.error(traceback.format_exc())
--- a/rhodecode/controllers/admin/users_groups.py Wed Apr 10 18:03:11 2013 +0200 +++ b/rhodecode/controllers/admin/users_groups.py Wed Apr 10 23:15:00 2013 +0200 @@ -43,7 +43,8 @@ from rhodecode.model.repo import RepoModel from rhodecode.model.db import User, UserGroup, UserGroupToPerm,\ UserGroupRepoToPerm, UserGroupRepoGroupToPerm -from rhodecode.model.forms import UserGroupForm, UserGroupPermsForm +from rhodecode.model.forms import UserGroupForm, UserGroupPermsForm,\ + CustomDefaultPermissionsForm from rhodecode.model.meta import Session from rhodecode.lib.utils import action_logger from sqlalchemy.orm import joinedload @@ -113,6 +114,8 @@ data.update({ 'create_repo_perm': ug_model.has_perm(user_group, 'hg.create.repository'), + 'create_user_group_perm': ug_model.has_perm(user_group, + 'hg.usergroup.create.true'), 'fork_repo_perm': ug_model.has_perm(user_group, 'hg.fork.repository'), }) @@ -326,38 +329,36 @@ # url('users_group_perm', id=ID, method='put') users_group = UserGroup.get_or_404(id) - grant_create_perm = str2bool(request.POST.get('create_repo_perm')) - grant_fork_perm = str2bool(request.POST.get('fork_repo_perm')) - inherit_perms = str2bool(request.POST.get('inherit_default_permissions')) - - usergroup_model = UserGroupModel() try: + form = CustomDefaultPermissionsForm()() + form_result = form.to_python(request.POST) + + inherit_perms = form_result['inherit_default_permissions'] users_group.inherit_default_permissions = inherit_perms Session().add(users_group) + usergroup_model = UserGroupModel() - if grant_create_perm: - usergroup_model.revoke_perm(id, 'hg.create.none') - usergroup_model.grant_perm(id, 'hg.create.repository') - h.flash(_("Granted 'repository create' permission to user group"), - category='success') - else: - usergroup_model.revoke_perm(id, 'hg.create.repository') - usergroup_model.grant_perm(id, 'hg.create.none') - h.flash(_("Revoked 'repository create' permission to user group"), - category='success') + defs = UserGroupToPerm.query()\ + .filter(UserGroupToPerm.users_group == users_group)\ + .all() + for ug in defs: + Session().delete(ug) - if grant_fork_perm: - usergroup_model.revoke_perm(id, 'hg.fork.none') - usergroup_model.grant_perm(id, 'hg.fork.repository') - h.flash(_("Granted 'repository fork' permission to user group"), - category='success') + if form_result['create_repo_perm']: + usergroup_model.grant_perm(id, 'hg.create.repository') + else: + usergroup_model.grant_perm(id, 'hg.create.none') + if form_result['create_user_group_perm']: + usergroup_model.grant_perm(id, 'hg.usergroup.create.true') else: - usergroup_model.revoke_perm(id, 'hg.fork.repository') + usergroup_model.grant_perm(id, 'hg.usergroup.create.false') + if form_result['fork_repo_perm']: + usergroup_model.grant_perm(id, 'hg.fork.repository') + else: usergroup_model.grant_perm(id, 'hg.fork.none') - h.flash(_("Revoked 'repository fork' permission to user group"), - category='success') + h.flash(_("Updated permissions"), category='success') Session().commit() except Exception: log.error(traceback.format_exc())
--- a/rhodecode/model/forms.py Wed Apr 10 18:03:11 2013 +0200 +++ b/rhodecode/model/forms.py Wed Apr 10 23:15:00 2013 +0200 @@ -334,6 +334,21 @@ return _DefaultPermissionsForm +def CustomDefaultPermissionsForm(): + class _CustomDefaultPermissionsForm(formencode.Schema): + filter_extra_fields = True + allow_extra_fields = True + inherit_default_permissions = v.StringBoolean(if_missing=False) + + create_repo_perm = v.StringBoolean(if_missing=False) + create_user_group_perm = v.StringBoolean(if_missing=False) + #create_repo_group_perm Impl. later + + fork_repo_perm = v.StringBoolean(if_missing=False) + + return _CustomDefaultPermissionsForm + + def DefaultsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()): class _DefaultsForm(formencode.Schema): allow_extra_fields = True
--- a/rhodecode/model/user.py Wed Apr 10 18:03:11 2013 +0200 +++ b/rhodecode/model/user.py Wed Apr 10 23:15:00 2013 +0200 @@ -524,8 +524,11 @@ # !! OVERRIDE GLOBALS !! with user permissions if any found #====================================================================== # those can be configured from groups or users explicitly - _configurable = set(['hg.fork.none', 'hg.fork.repository', - 'hg.create.none', 'hg.create.repository']) + _configurable = set([ + 'hg.fork.none', 'hg.fork.repository', + 'hg.create.none', 'hg.create.repository', + 'hg.usergroup.create.false', 'hg.usergroup.create.true' + ]) # USER GROUPS comes first # user group global permissions @@ -565,6 +568,8 @@ for perm in user_perms: user.permissions[GLOBAL].add(perm.permission.permission_name) + ## END GLOBAL PERMISSIONS + #====================================================================== # !! PERMISSIONS FOR REPOSITORIES !!
--- a/rhodecode/templates/admin/users/user_edit.html Wed Apr 10 18:03:11 2013 +0200 +++ b/rhodecode/templates/admin/users/user_edit.html Wed Apr 10 23:15:00 2013 +0200 @@ -149,45 +149,8 @@ <div class="title"> <h5>${_('Permissions')}</h5> </div> - ${h.form(url('user_perm', id=c.user.user_id),method='put')} - <div class="form"> - <!-- fields --> - <div class="fields"> - <div class="field"> - <div class="label label-checkbox"> - <label for="inherit_permissions">${_('Inherit default permissions')}:</label> - </div> - <div class="checkboxes"> - ${h.checkbox('inherit_default_permissions',value=True)} - </div> - <span class="help-block">${h.literal(_('Select to inherit permissions from %s settings. ' - 'With this selected below options does not have any action') % h.link_to('default', url('edit_permission', id='default')))}</span> - </div> - <div id="inherit_overlay" style="${'opacity:0.3' if c.user.inherit_default_permissions else ''}" > - <div class="field"> - <div class="label label-checkbox"> - <label for="create_repo_perm">${_('Create repositories')}:</label> - </div> - <div class="checkboxes"> - ${h.checkbox('create_repo_perm',value=True)} - </div> - </div> - <div class="field"> - <div class="label label-checkbox"> - <label for="fork_repo_perm">${_('Fork repositories')}:</label> - </div> - <div class="checkboxes"> - ${h.checkbox('fork_repo_perm',value=True)} - </div> - </div> - </div> - <div class="buttons"> - ${h.submit('save',_('Save'),class_="ui-btn large")} - ${h.reset('reset',_('Reset'),class_="ui-btn large")} - </div> - </div> - </div> - ${h.end_form()} + <%namespace name="dpb" file="/base/default_perms_box.html"/> + ${dpb.default_perms_box(url('user_perm', id=c.user.user_id))} ## permissions overview <%namespace name="p" file="/base/perms_summary.html"/>
--- a/rhodecode/templates/admin/users_groups/users_group_edit.html Wed Apr 10 18:03:11 2013 +0200 +++ b/rhodecode/templates/admin/users_groups/users_group_edit.html Wed Apr 10 23:15:00 2013 +0200 @@ -111,6 +111,14 @@ </div> </div> +<div class="box box-right"> + <!-- box / title --> + <div class="title"> + <h5>${_('Global Permissions')}</h5> + </div> + <%namespace name="dpb" file="/base/default_perms_box.html"/> + ${dpb.default_perms_box(url('users_group_perm', id=c.users_group.users_group_id))} +</div> <div class="box box-right"> <div class="title"> @@ -136,52 +144,6 @@ ${h.end_form()} </div> -<div class="box box-right"> - <!-- box / title --> - <div class="title"> - <h5>${_('Global Permissions')}</h5> - </div> - ${h.form(url('users_group_perm', id=c.users_group.users_group_id), method='put')} - <div class="form"> - <!-- fields --> - <div class="fields"> - <div class="field"> - <div class="label label-checkbox"> - <label for="inherit_permissions">${_('Inherit default permissions')}:</label> - </div> - <div class="checkboxes"> - ${h.checkbox('inherit_default_permissions',value=True)} - </div> - <span class="help-block">${h.literal(_('Select to inherit permissions from %s settings. ' - 'With this selected below options does not have any action') % h.link_to('default', url('edit_permission', id='default')))}</span> - </div> - <div id="inherit_overlay" style="${'opacity:0.3' if c.users_group.inherit_default_permissions else ''}" > - <div class="field"> - <div class="label label-checkbox"> - <label for="create_repo_perm">${_('Create repositories')}:</label> - </div> - <div class="checkboxes"> - ${h.checkbox('create_repo_perm',value=True)} - </div> - </div> - <div class="field"> - <div class="label label-checkbox"> - <label for="fork_repo_perm">${_('Fork repositories')}:</label> - </div> - <div class="checkboxes"> - ${h.checkbox('fork_repo_perm',value=True)} - </div> - </div> - </div> - <div class="buttons"> - ${h.submit('save',_('Save'),class_="ui-btn large")} - ${h.reset('reset',_('Reset'),class_="ui-btn large")} - </div> - </div> - </div> - ${h.end_form()} -</div> - <script type="text/javascript"> MultiSelectWidget('users_group_members','available_members','edit_users_group'); </script>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/rhodecode/templates/base/default_perms_box.html Wed Apr 10 23:15:00 2013 +0200 @@ -0,0 +1,86 @@ +## snippet for displaying default permission box +## usage: +## <%namespace name="dpb" file="/base/default_perms_box.html"/> +## ${dpb.default_perms_box(<url_to_form>)} + + +<%def name="default_perms_box(form_url)"> +${h.form(form_url, method='put')} + <div class="form"> + <!-- fields --> + <div class="fields"> + <div class="field"> + <div class="checkboxes"> + <label for="inherit_default_permissions">${_('Inherit default permissions')}:</label> + ${h.checkbox('inherit_default_permissions',value=True)} + </div> + <span class="help-block"> + ${h.literal(_('Select to inherit permissions from %s settings. ' + 'With this selected below options does not apply.') + % h.link_to('default', url('edit_permission', id='default')))} + </span> + </div> + <div id="inherit_overlay"> + <div class="field"> + <div class="checkboxes"> + <label for="create_repo_perm">${_('Create repositories')}:</label> + ${h.checkbox('create_repo_perm',value=True)} + </div> + <span class="help-block"> + ${h.literal(_('Select this option to allow repository creation for this user'))} + </span> + </div> + <div class="field"> + <div class="checkboxes"> + <label for="create_user_group_perm">${_('Create user groups')}:</label> + ${h.checkbox('create_user_group_perm',value=True)} + </div> + <span class="help-block"> + ${h.literal(_('Select this option to allow user group creation for this user'))} + </span> + </div> + <div class="field"> + <div class="checkboxes"> + <label for="fork_repo_perm">${_('Fork repositories')}:</label> + ${h.checkbox('fork_repo_perm',value=True)} + </div> + <span class="help-block"> + ${h.literal(_('Select this option to allow repository forking for this user'))} + </span> + </div> + </div> + <div class="buttons"> + ${h.submit('save',_('Save'),class_="ui-btn large")} + ${h.reset('reset',_('Reset'),class_="ui-btn large")} + </div> + </div> + </div> +${h.end_form()} + +## JS +<script> +YUE.onDOMReady(function(e){ + + var show_custom_perms = function(inherit_default){ + if(inherit_default){ + YUD.setStyle('inherit_overlay', 'display', 'none'); + } + else{ + YUD.setStyle('inherit_overlay', 'display', ''); + } + } + + var defaults = YUD.get('inherit_default_permissions').checked; + show_custom_perms(defaults); + YUE.on('inherit_default_permissions', 'change', function(e){ + if(YUD.get('inherit_default_permissions').checked){ + show_custom_perms(true); + } + else{ + show_custom_perms(false); + } + }) +}) +</script> + +</%def>
--- a/rhodecode/templates/base/perms_summary.html Wed Apr 10 18:03:11 2013 +0200 +++ b/rhodecode/templates/base/perms_summary.html Wed Apr 10 23:15:00 2013 +0200 @@ -1,4 +1,7 @@ ## snippet for displaying permissions overview for users +## usage: +## <%namespace name="p" file="/base/perms_summary.html"/> +## ${p.perms_summary(c.perm_user.permissions)} <%def name="perms_summary(permissions)"> <div id="perms" class="table"> @@ -16,7 +19,7 @@ <th class="left">${_('Edit Permission')}</th> </thead> <tbody> - %for k in sorted(permissions[section], key=lambda s: s.lower()): + %for k in permissions[section]: <tr> <td colspan="2"> ${h.get_permission_name(k)}