Mercurial > kallithea
changeset 3332:92dfc033ee6f beta
forbid removing yourself as beeing an admin of a group
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Tue, 05 Feb 2013 01:57:37 +0100 |
| parents | 0379e15f0b85 |
| children | 069884383cc7 |
| files | rhodecode/controllers/admin/repos_groups.py rhodecode/templates/admin/repos_groups/repos_group_edit_perms.html |
| diffstat | 2 files changed, 33 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/rhodecode/controllers/admin/repos_groups.py Tue Feb 05 01:02:36 2013 +0100 +++ b/rhodecode/controllers/admin/repos_groups.py Tue Feb 05 01:57:37 2013 +0100 @@ -106,6 +106,15 @@ return data + def _revoke_perms_on_yourself(self, form_result): + _up = filter(lambda u: c.rhodecode_user.username == u[0], + form_result['perms_updates']) + _new = filter(lambda u: c.rhodecode_user.username == u[0], + form_result['perms_new']) + if _new and _new[0][1] != 'group.admin' or _up and _up[0][1] != 'group.admin': + return True + return False + def index(self, format='html'): """GET /repos_groups: All items in the collection""" # url('repos_groups') @@ -200,6 +209,12 @@ )() try: form_result = repos_group_form.to_python(dict(request.POST)) + if not c.rhodecode_user.is_admin: + if self._revoke_perms_on_yourself(form_result): + msg = _('Cannot revoke permission for yourself as admin') + h.flash(msg, category='warning') + raise Exception('revoke admin permission on self') + new_gr = ReposGroupModel().update(group_name, form_result) Session().commit() h.flash(_('updated repos group %s') \ @@ -272,6 +287,11 @@ :param group_name: """ try: + if not c.rhodecode_user.is_admin: + if c.rhodecode_user.user_id == safe_int(request.POST['user_id']): + msg = _('Cannot revoke permission for yourself as admin') + h.flash(msg, category='warning') + raise Exception('revoke admin permission on self') recursive = str2bool(request.POST.get('recursive', False)) ReposGroupModel().delete_permission( repos_group=group_name, obj=request.POST['user_id'],
--- a/rhodecode/templates/admin/repos_groups/repos_group_edit_perms.html Tue Feb 05 01:02:36 2013 +0100 +++ b/rhodecode/templates/admin/repos_groups/repos_group_edit_perms.html Tue Feb 05 01:57:37 2013 +0100 @@ -9,7 +9,9 @@ </tr> ## USERS %for r2p in c.repos_group.repo_group_to_perm: + ##forbid revoking permission from yourself <tr id="id${id(r2p.user.username)}"> + %if c.rhodecode_user.user_id != r2p.user.user_id or c.rhodecode_user.is_admin: <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none')}</td> <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read')}</td> <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write')}</td> @@ -24,6 +26,17 @@ </span> %endif </td> + %else: + <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none', disabled="disabled")}</td> + <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read', disabled="disabled")}</td> + <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write', disabled="disabled")}</td> + <td>${h.radio('u_perm_%s' % r2p.user.username,'group.admin', disabled="disabled")}</td> + <td style="white-space: nowrap;"> + <img class="perm-gravatar" src="${h.gravatar_url(r2p.user.email,14)}"/>${r2p.user.username if r2p.user.username != 'default' else _('default')} + </td> + <td> + </td> + %endif </tr> %endfor