You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by tv...@apache.org on 2013/09/24 19:36:59 UTC
[02/20] git commit: [#6392] ticket:403 Per tool user bans
[#6392] ticket:403 Per tool user bans
Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/887efbd1
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/887efbd1
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/887efbd1
Branch: refs/heads/master
Commit: 887efbd110f173fe62b101a46093239a4b9d1074
Parents: 05719e4
Author: Yuriy Arhipov <yu...@yandex.ru>
Authored: Wed Aug 7 12:44:29 2013 +0400
Committer: Tim Van Steenburgh <tv...@gmail.com>
Committed: Tue Sep 24 17:36:23 2013 +0000
----------------------------------------------------------------------
Allura/allura/app.py | 33 +++++++++++++++-
.../templates/admin_widgets/card_field.html | 20 ++++++++++
.../ext/admin/templates/widgets/block_list.html | 9 +++++
.../ext/admin/templates/widgets/block_user.html | 11 ++++++
Allura/allura/ext/admin/widgets.py | 15 ++++++++
Allura/allura/lib/security.py | 3 ++
Allura/allura/model/project.py | 1 +
.../allura/templates/app_admin_permissions.html | 23 ++++++++++-
Allura/allura/tests/functional/test_admin.py | 40 +++++++++++++++++++-
9 files changed, 151 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/app.py
----------------------------------------------------------------------
diff --git a/Allura/allura/app.py b/Allura/allura/app.py
index 5de6a12..fdde1fb 100644
--- a/Allura/allura/app.py
+++ b/Allura/allura/app.py
@@ -582,15 +582,43 @@ class DefaultAdminController(BaseController):
"""
permanent_redirect('permissions')
+ @expose()
+ def edit_block_user(self, user_id='', perm=''):
+ log.error(self.app.config.block_user[perm])
+ self.app.config.block_user[perm].remove(ObjectId(user_id))
+ return redirect(request.referer)
+
+ @expose()
+ def block_user(self, user_name, perm):
+ user = model.User.by_username(user_name)
+ if not user:
+ flash('User "%s" not found' % user_name, 'error')
+ return redirect(request.referer)
+
+ if perm not in self.app.config.block_user:
+ self.app.config.block_user[perm] = []
+ if user._id not in self.app.config.block_user[perm]:
+ self.app.config.block_user[perm].append(user._id)
+ return redirect(request.referer)
+
@expose('jinja:allura:templates/app_admin_permissions.html')
@without_trailing_slash
def permissions(self):
"""Render the permissions management web page.
"""
- from ext.admin.widgets import PermissionCard
+ from ext.admin.widgets import PermissionCard, BlockUser, BlockList
c.card = PermissionCard()
+ c.block_user = BlockUser()
+ c.block_list = BlockList()
permissions = dict((p, []) for p in self.app.permissions)
+ block_list = {}
+
+ for perm, users in self.app.config.block_user.items():
+ block_list[perm] = [[user._id, user.username] for user in model.User.query.find(dict(_id={'$in': users}))]
+
+
+
for ace in self.app.config.acl:
if ace.access == model.ACE.ALLOW:
try:
@@ -601,7 +629,8 @@ class DefaultAdminController(BaseController):
return dict(
app=self.app,
allow_config=has_access(c.project, 'admin')(),
- permissions=permissions)
+ permissions=permissions,
+ block_list=block_list)
@expose('jinja:allura:templates/app_admin_edit_label.html')
def edit_label(self):
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/ext/admin/templates/admin_widgets/card_field.html
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/templates/admin_widgets/card_field.html b/Allura/allura/ext/admin/templates/admin_widgets/card_field.html
index 770910e..dc532d4 100644
--- a/Allura/allura/ext/admin/templates/admin_widgets/card_field.html
+++ b/Allura/allura/ext/admin/templates/admin_widgets/card_field.html
@@ -66,5 +66,25 @@
title="Add a user"></small>
</a>
</li>
+ <li>
+ <a href="#" class="block-user">
+ Block User
+ </a>
+ </li>
+
+ {%if (name in block_list) and (block_list[name])%}
+ <li>
+ <a href="#" class="block-list">
+ Block list
+ <div class="block-list" style="display: none">
+ <ul>
+ {%for user in block_list[name]%}
+ <li><input type="checkbox" name="user_id" value="{{user[0]}}">{{user[1]}}</li>
+ {%endfor%}
+ </ul>
+ </div>
+ </a>
+ </li>
+ {%endif%}
</ul>
</div>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/ext/admin/templates/widgets/block_list.html
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/templates/widgets/block_list.html b/Allura/allura/ext/admin/templates/widgets/block_list.html
new file mode 100644
index 0000000..f1584b1
--- /dev/null
+++ b/Allura/allura/ext/admin/templates/widgets/block_list.html
@@ -0,0 +1,9 @@
+<h1>Block list</h1>
+<form action="edit_block_user">
+<div class="model-block-list"></div>
+<input type="hidden" class="block_user_role" name="perm" value="">
+<div class="grid-13"> </div>
+<hr>
+<div class="grid-13"><div class="grid-13"> </div>
+<input type="submit" value="Delete">
+</form>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/ext/admin/templates/widgets/block_user.html
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/templates/widgets/block_user.html b/Allura/allura/ext/admin/templates/widgets/block_user.html
new file mode 100644
index 0000000..b1a2ad1
--- /dev/null
+++ b/Allura/allura/ext/admin/templates/widgets/block_user.html
@@ -0,0 +1,11 @@
+<h1>Block User</h1>
+<form action="block_user">
+ <label class="grid-13">User Name</label>
+ <div class="grid-13"><input type="text" id="block_user" name="user_name"></div>
+ <input type="hidden" class="block_user_role" name="perm" value="">
+ <div class="grid-13"> </div>
+ <hr>
+ <div class="grid-13"><div class="grid-13"> </div>
+ <input type="submit" value="Save">
+ <a href="#" class="close">Cancel</a></div>
+</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/ext/admin/widgets.py
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/widgets.py b/Allura/allura/ext/admin/widgets.py
index e663687..85d9237 100644
--- a/Allura/allura/ext/admin/widgets.py
+++ b/Allura/allura/ext/admin/widgets.py
@@ -203,3 +203,18 @@ class AuditLog(ew_core.Widget):
for f in self.fields:
for r in f.resources():
yield r
+
+
+class BlockUser(ffw.Lightbox):
+ defaults = dict(
+ ffw.Lightbox.defaults,
+ name='block-user-modal',
+ trigger='a.block-user',
+ content_template='allura.ext.admin:templates/widgets/block_user.html')
+
+class BlockList(ffw.Lightbox):
+ defaults = dict(
+ ffw.Lightbox.defaults,
+ name='block-list-modal',
+ trigger='a.block-list',
+ content_template='allura.ext.admin:templates/widgets/block_list.html')
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/lib/security.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/security.py b/Allura/allura/lib/security.py
index a0497ca..52e1568 100644
--- a/Allura/allura/lib/security.py
+++ b/Allura/allura/lib/security.py
@@ -291,6 +291,9 @@ def has_access(obj, permission, user=None, project=None):
project = project.root_project
roles = cred.user_roles(user_id=user._id, project_id=project._id).reaching_ids
chainable_roles = []
+ block_user = getattr(obj, 'block_user', dict())
+ if (permission in block_user) and (user._id in block_user[permission]):
+ return False
for rid in roles:
for ace in obj.acl:
if M.ACE.match(ace, rid, permission):
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/model/project.py
----------------------------------------------------------------------
diff --git a/Allura/allura/model/project.py b/Allura/allura/model/project.py
index ec39157..bde7e13 100644
--- a/Allura/allura/model/project.py
+++ b/Allura/allura/model/project.py
@@ -942,6 +942,7 @@ class AppConfig(MappedClass):
tool_data = FieldProperty({str:{str:None}}) # entry point: prefs dict
acl = FieldProperty(ACL())
+ block_user = FieldProperty({str: [None]})
def get_tool_data(self, tool, key, default=None):
return self.tool_data.get(tool, {}).get(key, default)
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/templates/app_admin_permissions.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/app_admin_permissions.html b/Allura/allura/templates/app_admin_permissions.html
index 861c76d..8a9f728 100644
--- a/Allura/allura/templates/app_admin_permissions.html
+++ b/Allura/allura/templates/app_admin_permissions.html
@@ -47,7 +47,8 @@
id=name,
name=name,
desc=app.describe_permission(name),
- items=h.make_roles(ids)
+ items=h.make_roles(ids),
+ block_list = block_list
)}}
{% endfor %}
<br style="clear:both"/>
@@ -61,3 +62,23 @@
</form>
{%endif%}
{% endblock %}
+{% block extra_js %}
+ {{c.block_user.display()}}
+ {{c.block_list.display()}}
+<script type="text/javascript">
+ $('a.block-user').click(function(){
+ var block_user = $('#block_user');
+ var deck = $(this).closest('ul.deck');
+ var role = deck.find('li.tcenter h3').text();
+ $('input.block_user_role').val(role);
+ });
+ $('a.block-list').click(function(){
+ var userlist = $(this).find('div.block-list').clone();
+ var deck = $(this).closest('ul.deck');
+ var role = deck.find('li.tcenter h3').text();
+ $('input.block_user_role').val(role);
+ $('div.model-block-list').html(userlist.html());
+ });
+</script>
+{% endblock %}
+
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/tests/functional/test_admin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_admin.py b/Allura/allura/tests/functional/test_admin.py
index 6045d86..2ed1519 100644
--- a/Allura/allura/tests/functional/test_admin.py
+++ b/Allura/allura/tests/functional/test_admin.py
@@ -42,6 +42,9 @@ from allura import model as M
from allura.app import SitemapEntry
from allura.lib.plugin import AdminExtension
from allura.ext.admin.admin_main import AdminApp
+from allura.lib.security import has_access
+
+from forgewiki.model import Page
@contextmanager
def audits(*messages):
@@ -161,7 +164,42 @@ class TestProjectAdmin(TestController):
# Check the audit log
r = self.app.get('/admin/audit/')
- assert "uninstall tool test-tool" in r.body, r.body
+ assert "uninstall tool test-tool" in r.body, r.bodyt
+
+ @td.with_wiki
+ def test_add_user_to_block_list(self):
+ r = self.app.get('/admin/wiki/permissions')
+ assert '<a href="#" class="block-user">' in r
+ assert '<a href="#" class="block-list">' not in r
+
+ self.app.post('/admin/wiki/block_user', params={'user_name': 'test-admin', 'perm': 'read'})
+ user_id = M.User.by_username('test-admin')._id
+
+ app = M.Project.query.get(shortname='test').app_instance('wiki')
+ assert_equals(app.config.block_user['read'], [user_id])
+ r = self.app.get('/admin/wiki/permissions')
+ assert '<a href="#" class="block-list">' in r
+ assert '<li><input type="checkbox" name="user_id" value="%s">test-admin</li>' % user_id in r
+
+ @td.with_wiki
+ def test_remove_user_from_block_list(self):
+ self.app.post('/admin/wiki/block_user', params={'user_name': 'test-admin', 'perm': 'read'})
+ app = M.Project.query.get(shortname='test').app_instance('wiki')
+ user_id = M.User.by_username('test-admin')._id
+ assert_equals(app.config.block_user['read'], [user_id])
+ self.app.post('/admin/wiki/edit_block_user', params={'user_id': str(user_id), 'perm': 'read'})
+ assert_equals(app.config.block_user['read'], [])
+ r = self.app.get('/admin/wiki/permissions')
+ assert '<a href="#" class="block-list">' not in r
+
+ @td.with_wiki
+ def test_has_access_with_block_users(self):
+ wiki = M.Project.query.get(shortname='test').app_instance('wiki')
+ page = Page.query.get(app_config_id=wiki.config._id)
+ test_user = M.User.by_username('test-user')
+ assert has_access(page, 'read', user=test_user)()
+ self.app.post('/admin/wiki/block_user', params={'user_name': 'test-user', 'perm': 'read'})
+ assert not has_access(page, 'read', user=test_user)()
def test_tool_permissions(self):
BUILTIN_APPS = ['activity', 'blog', 'discussion', 'git', 'link',