Enable changing default permissions for trackers

todosrht/blueprints/tracker.py

@@ -169,10 +169,76 @@ def tracker_GET(owner, name):
         abort(404)
     return return_tracker(tracker, access)
 
+def parse_html_perms(short, valid):
+    result = 0
+    for sub_perm in TicketAccess:
+        new_perm = valid.optional("perm_{}_{}".format(short, sub_perm.name))
+        if new_perm:
+            result |= int(new_perm)
+    if result == 0:
+        print(short)
+        valid.expect(result or "perm_{}_none".format(short) in valid,
+                     "{} type permissions are missing".format(short),
+                     field="tracker_{}_access".format(short))
+    return result
+
+access_help_map={
+    TicketAccess.browse:
+        "Permission to view tickets",
+    TicketAccess.submit:
+        "Permission to submit tickets",
+    TicketAccess.comment:
+        "Permission to comment on tickets",
+    TicketAccess.edit:
+        "Permission to edit tickets",
+    TicketAccess.triage:
+        "Permission to resolve, re-open, or label tickets",
+}
+
+@tracker.route("/<owner>/<path:name>/configure", methods=["POST"])
+@loginrequired
+def tracker_configure_POST(owner, name):
+    tracker, access = get_tracker(owner, name)
+    if not tracker:
+        abort(404)
+    if current_user != tracker.owner:
+        abort(403)
+
+    valid = Validation(request)
+    perm_anon = parse_html_perms('anon', valid)
+    perm_user = parse_html_perms('user', valid)
+    perm_submit = parse_html_perms('submit', valid)
+    # TODO: once repos are linked
+    #perm_commit = parse_html_perms('commit', valid)
+
+    desc = valid.optional("tracker_desc", default=tracker.description)
+    valid.expect(not desc or len(desc) < 4096,
+            "Must be less than 4096 characters",
+            field="tracker_desc")
+    if not valid.ok:
+        return render_template("tracker-configure.html",
+            tracker=tracker, access_type_list=TicketAccess,
+            access_help_map=access_help_map, **valid.kwargs), 400
+
+    tracker.default_anonymous_perms = perm_anon
+    tracker.default_user_perms = perm_user
+    tracker.default_submitter_perms = perm_submit
+    #tracker.default_committer_perms = perm_commit
+    tracker.description = desc
+    db.session.commit()
+
+    return redirect(url_for(".tracker_GET", owner=owner, name=name))
+
+
 @tracker.route("/<owner>/<path:name>/configure")
 @loginrequired
 def tracker_configure_GET(owner, name):
-    pass
+    tracker, access = get_tracker(owner, name)
+    if not tracker:
+        abort(404)
+    return render_template("tracker-configure.html",
+        tracker=tracker, access_type_list=TicketAccess,
+        access_help_map=access_help_map)
 
 @tracker.route("/<owner>/<path:name>/submit", methods=["POST"])
 @loginrequired
@@ -180,6 +246,8 @@ def tracker_submit_POST(owner, name):
     tracker, access = get_tracker(owner, name)
     if not tracker:
         abort(404)
+    if not TicketAccess.submit in access:
+        abort(403)
 
     valid = Validation(request)
     title = valid.require("title", friendly_name="Title")

todosrht/templates/tracker-configure.html

@@ -0,0 +1,135 @@
+{% extends "todo.html" %}
+
+{% macro perm_checkbox(type, perms, name) %}
+{% if type.name not in ["none", "all"] %}
+<div class="form-check form-check-inline">
+  <label class="form-check-label" title="{{access_help_map[type]}}">
+  {% if type %}
+    <input
+      class="form-check-input"
+      type="checkbox"
+      name="perm_{{ name }}_{{ type.name }}"
+      value="{{type.value}}"
+      {{ "checked" if type in perms }}> {{type.name}}
+  {% else %}
+    <input
+      class="form-check-input"
+      type="checkbox"
+      name="perm_{{ name }}_{{ type.name }}"
+      value="{{type.value}}"
+      {{ "checked" if perms == 0 }}> {{type.name}}
+  {% endif %}
+  </label>
+</div>
+{% endif %}
+{% endmacro %}
+
+{% block title %}
+<title>Configure tracker &mdash; {{ cfg("sr.ht", "site-name") }}</title>
+{% endblock %}
+{% block content %}
+<div class="container">
+  <div class="row">
+    <div class="col-md-7">
+      <h2>Configure {{ tracker.name }}</h2>
+      <form method="POST">
+        <div class="form-group {{valid.cls("tracker_name")}}">
+          <label for="tracker_name">
+            Name
+            <span class="text-muted">(you can't edit this)</p>
+          </label>
+          <input
+            type="text"
+            name="tracker_name"
+            id="tracker_name"
+            class="form-control"
+            value="{{ tracker.name }}"
+            disabled />
+          {{ valid.summary("tracker_name") }}
+        </div>
+        <div class="form-group {{valid.cls("tracker_desc")}}">
+          <label for="tracker_desc">Description</label>
+          <textarea
+            name="tracker_desc"
+            id="tracker_desc"
+            class="form-control"
+            value="{{ tracker_desc or "" }}"
+            rows="5"
+            aria-describedby="tracker_desc-help"
+          >{{tracker.desc or ""}}</textarea>
+          <p
+            id="tracker_desc-help"
+            class="form-text text-muted"
+          >Markdown supported</p>
+          {{ valid.summary("tracker_desc") }}
+        </div>
+        <div class="form-group {{valid.cls("tracker_any_access")}}">
+          <h3>Permissions</h3>
+          <p>
+            These permissions allow you to control what kinds of users are able
+            to do what sorts of activities on your tracker.
+          </p>
+          <div class="event-list">
+            <div class="event">
+              <h4>Anonymous Permissions</h4>
+              <p>
+                Permissions granted to anyone who visits this tracker, logged
+                in or otherwise.
+              </p>
+              {% for a in access_type_list %}
+              {{ perm_checkbox(a, tracker.default_anonymous_perms, "anon") }}
+              {% endfor %}
+              {{ valid.summary("tracker_anon_access") }}
+            </div>
+            <div class="event">
+              <h4>User Permissions</h4>
+              <p>
+                Permissions granted to any logged-in {{cfg("sr.ht",
+                "site-name")}} user.
+              </p>
+              {% for a in access_type_list %}
+              {{ perm_checkbox(a, tracker.default_user_perms, "user") }}
+              {% endfor %}
+              {{ valid.summary("tracker_user_access") }}
+            </div>
+            <div class="event">
+              <h4>Submitter Permissions</h4>
+              <p>
+                Permissions granted to the ticket submitter on the tickets they
+                submit.
+              </p>
+              {% for a in access_type_list %}
+              {{ perm_checkbox(a, tracker.default_submitter_perms, "submit") }}
+              {% endfor %}
+              {{ valid.summary("tracker_submit_access") }}
+            </div>
+            {# TODO: once we link git accounts
+            <div class="event">
+              <h4>Committer Permissions</h4>
+              {% for a in access_type_list %}
+              {{ perm_checkbox(a, tracker.default_committer_perms, "commit") }}
+              {% endfor %}
+              {{ valid.summary("tracker_commit_access") }}
+            </div>
+            #}
+          </div>
+        </div>
+        {{ valid.summary() }}
+        <span class="pull-right">
+          <a
+            href="{{ url_for(
+              ".tracker_GET",
+              owner="~" + tracker.owner.username,
+              name=tracker.name) }}"
+            class="btn btn-default"
+          >Cancel</a>
+          <button type="submit" class="btn btn-primary">
+            Save
+            <i class="fa fa-caret-right"></i>
+          </button>
+        </span>
+      </form>
+    </div>
+  </div>
+</div>
+{% endblock %}

todosrht/templates/tracker-create.html

@@ -49,7 +49,6 @@
           Create tracker
           <i class="fa fa-caret-right"></i>
         </button>
-        {#
         <button
           type="submit"
           class="btn btn-default"
@@ -58,7 +57,6 @@
           Create &amp; configure
           <i class="fa fa-caret-right"></i>
         </button>
-        #}
       </form>
     </div>
   </div>

todosrht/templates/tracker.html

@@ -12,13 +12,18 @@
     <div class="col-md-12">
       <h2>
         {{ format_tracker_name(tracker) }}
+        <small>
+          <a
+            href="/~{{tracker.owner.username}}/{{tracker.name}}/configure"
+          >Configure</a>
+        </small>
       </h2>
     </div>
   </div>
   <div class="row">
     <div class="col-md-4">
       {{ tracker.description | md }}
-      {% if current_user %}
+      {% if TicketAccess.submit in access %}
       <h3 style="margin-top: 1rem">Submit ticket</h3>
       <form method="POST" action="{{
           url_for(".tracker_submit_POST",