You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2017/03/15 20:45:08 UTC
allura git commit: Revert "[#7958] Removed code for old permissions
page"
Repository: allura
Updated Branches:
refs/heads/master eeee2e63f -> 5ad0b0ef8
Revert "[#7958] Removed code for old permissions page"
This reverts commit 957b541cf65272d1f97d6e9aea575d3d4a7d37d7.
Subprojects' groups & memberships take affect on the project level,
so this UI was confusing and misleading, going back to the simpler
one that just manages the permissions part.
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/5ad0b0ef
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/5ad0b0ef
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/5ad0b0ef
Branch: refs/heads/master
Commit: 5ad0b0ef8968cff3a5ea9c1aef8fffaa130bde70
Parents: eeee2e6
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Wed Mar 15 20:43:23 2017 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Wed Mar 15 20:43:23 2017 +0000
----------------------------------------------------------------------
Allura/allura/ext/admin/admin_main.py | 64 ++++++++++++++++++++++-
Allura/allura/tests/functional/test_admin.py | 47 +++++++++++++++++
2 files changed, 110 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/5ad0b0ef/Allura/allura/ext/admin/admin_main.py
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/admin_main.py b/Allura/allura/ext/admin/admin_main.py
index 311be2b..e683ae6 100644
--- a/Allura/allura/ext/admin/admin_main.py
+++ b/Allura/allura/ext/admin/admin_main.py
@@ -161,7 +161,7 @@ class AdminApp(Application):
SitemapEntry('User Permissions', admin_url + 'groups/', className="admin-nav-user-perms"))
if not c.project.is_root and has_access(c.project, 'admin')():
links.append(
- SitemapEntry('Permissions', admin_url + 'groups/'))
+ SitemapEntry('Permissions', admin_url + 'permissions/'))
if len(c.project.neighborhood_invitations):
links.append(
SitemapEntry('Invitation(s)', admin_url + 'invitations'))
@@ -203,6 +203,7 @@ class ProjectAdminController(BaseController):
require_access(c.project, 'admin')
def __init__(self):
+ self.permissions = PermissionsController()
self.groups = GroupsController()
self.audit = AuditController()
self.ext = AdminExtensionLookup()
@@ -1002,6 +1003,67 @@ class ProjectAdminRestController(BaseController):
return app.admin_api_root, remainder
+class PermissionsController(BaseController):
+ def _check_security(self):
+ require_access(c.project, 'admin')
+
+ @with_trailing_slash
+ @expose('jinja:allura.ext.admin:templates/project_permissions.html')
+ def index(self, **kw):
+ c.card = W.permission_card
+ return dict(permissions=self._index_permissions())
+
+ @without_trailing_slash
+ @expose()
+ @h.vardec
+ @require_post()
+ def update(self, card=None, **kw):
+ permissions = self._index_permissions()
+ old_permissions = dict(permissions)
+ for args in card:
+ perm = args['id']
+ new_group_ids = args.get('new', [])
+ group_ids = args.get('value', [])
+ if isinstance(new_group_ids, basestring):
+ new_group_ids = [new_group_ids]
+ if isinstance(group_ids, basestring):
+ group_ids = [group_ids]
+ # make sure the admin group has the admin permission
+ if perm == 'admin':
+ if c.project.is_root:
+ pid = c.project._id
+ else:
+ pid = c.project.parent_id
+ admin_group_id = str(
+ M.ProjectRole.query.get(project_id=pid, name='Admin')._id)
+ if admin_group_id not in group_ids + new_group_ids:
+ flash(
+ 'You cannot remove the admin group from the admin permission.', 'warning')
+ group_ids.append(admin_group_id)
+ permissions[perm] = []
+ role_ids = map(ObjectId, group_ids + new_group_ids)
+ permissions[perm] = role_ids
+ c.project.acl = []
+ for perm, role_ids in permissions.iteritems():
+ role_names = lambda ids: ','.join(sorted(
+ pr.name for pr in M.ProjectRole.query.find(dict(_id={'$in': ids}))))
+ old_role_ids = old_permissions.get(perm, [])
+ if old_role_ids != role_ids:
+ M.AuditLog.log('updated "%s" permissions: "%s" => "%s"',
+ perm, role_names(old_role_ids), role_names(role_ids))
+ c.project.acl += [M.ACE.allow(rid, perm) for rid in role_ids]
+ g.post_event('project_updated')
+ redirect('.')
+
+ def _index_permissions(self):
+ permissions = dict(
+ (p, []) for p in c.project.permissions)
+ for ace in c.project.acl:
+ if ace.access == M.ACE.ALLOW:
+ permissions[ace.permission].append(ace.role_id)
+ return permissions
+
+
class GroupsController(BaseController):
def _check_security(self):
require_access(c.project, 'admin')
http://git-wip-us.apache.org/repos/asf/allura/blob/5ad0b0ef/Allura/allura/tests/functional/test_admin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_admin.py b/Allura/allura/tests/functional/test_admin.py
index 29af93e..98dda1b 100644
--- a/Allura/allura/tests/functional/test_admin.py
+++ b/Allura/allura/tests/functional/test_admin.py
@@ -607,6 +607,53 @@ class TestProjectAdmin(TestController):
'card-0.value': opt_admin['value'],
'card-0.id': 'admin'})
+ def test_project_permissions(self):
+ r = self.app.get('/admin/permissions/')
+ assert len(r.html.findAll('input', {'name': 'card-0.value'})) == 1
+ select = r.html.find('select', {'name': 'card-0.new'})
+ opt_admin = select.find(text='Admin').parent
+ opt_developer = select.find(text='Developer').parent
+ assert opt_admin.name == 'option'
+ assert opt_developer.name == 'option'
+ with audits('updated "admin" permissions: "Admin" => "Admin,Developer"'):
+ r = self.app.post('/admin/permissions/update', params={
+ 'card-0.new': opt_developer['value'],
+ 'card-0.value': opt_admin['value'],
+ 'card-0.id': 'admin'})
+ r = self.app.get('/admin/permissions/')
+ assigned_ids = [t['value']
+ for t in r.html.findAll('input', {'name': 'card-0.value'})]
+ assert len(assigned_ids) == 2
+ assert opt_developer['value'] in assigned_ids
+ assert opt_admin['value'] in assigned_ids
+
+ def test_subproject_permissions(self):
+ with audits('create subproject test-subproject'):
+ self.app.post('/admin/update_mounts', params={
+ 'new.install': 'install',
+ 'new.ep_name': '',
+ 'new.ordinal': '1',
+ 'new.mount_point': 'test-subproject',
+ 'new.mount_label': 'Test Subproject'})
+ r = self.app.get('/test-subproject/admin/permissions/')
+ assert len(r.html.findAll('input', {'name': 'card-0.value'})) == 0
+ select = r.html.find('select', {'name': 'card-0.new'})
+ opt_admin = select.find(text='Admin').parent
+ opt_developer = select.find(text='Developer').parent
+ assert opt_admin.name == 'option'
+ assert opt_developer.name == 'option'
+ with audits('updated "admin" permissions: "" => "Admin,Developer"'):
+ r = self.app.post('/test-subproject/admin/permissions/update', params={
+ 'card-0.new': opt_developer['value'],
+ 'card-0.value': opt_admin['value'],
+ 'card-0.id': 'admin'})
+ r = self.app.get('/test-subproject/admin/permissions/')
+ assigned_ids = [t['value']
+ for t in r.html.findAll('input', {'name': 'card-0.value'})]
+ assert len(assigned_ids) == 2
+ assert opt_developer['value'] in assigned_ids
+ assert opt_admin['value'] in assigned_ids
+
def test_project_groups(self):
r = self.app.get('/admin/groups/')
dev_holder = r.html.find('table', {'id': 'usergroup_admin'}).findAll('tr')[2]