Enable changing default permissions for trackers
This commit is contained in:
parent
b7bf75da8b
commit
9c94ff36a1
|
@ -169,10 +169,76 @@ def tracker_GET(owner, name):
|
|||
abort(404)
|
||||
return return_tracker(tracker, access)
|
||||
|
||||
def parse_html_perms(short, valid):
|
||||
result = 0
|
||||
for sub_perm in TicketAccess:
|
||||
new_perm = valid.optional("perm_{}_{}".format(short, sub_perm.name))
|
||||
if new_perm:
|
||||
result |= int(new_perm)
|
||||
if result == 0:
|
||||
print(short)
|
||||
valid.expect(result or "perm_{}_none".format(short) in valid,
|
||||
"{} type permissions are missing".format(short),
|
||||
field="tracker_{}_access".format(short))
|
||||
return result
|
||||
|
||||
access_help_map={
|
||||
TicketAccess.browse:
|
||||
"Permission to view tickets",
|
||||
TicketAccess.submit:
|
||||
"Permission to submit tickets",
|
||||
TicketAccess.comment:
|
||||
"Permission to comment on tickets",
|
||||
TicketAccess.edit:
|
||||
"Permission to edit tickets",
|
||||
TicketAccess.triage:
|
||||
"Permission to resolve, re-open, or label tickets",
|
||||
}
|
||||
|
||||
@tracker.route("/<owner>/<path:name>/configure", methods=["POST"])
|
||||
@loginrequired
|
||||
def tracker_configure_POST(owner, name):
|
||||
tracker, access = get_tracker(owner, name)
|
||||
if not tracker:
|
||||
abort(404)
|
||||
if current_user != tracker.owner:
|
||||
abort(403)
|
||||
|
||||
valid = Validation(request)
|
||||
perm_anon = parse_html_perms('anon', valid)
|
||||
perm_user = parse_html_perms('user', valid)
|
||||
perm_submit = parse_html_perms('submit', valid)
|
||||
# TODO: once repos are linked
|
||||
#perm_commit = parse_html_perms('commit', valid)
|
||||
|
||||
desc = valid.optional("tracker_desc", default=tracker.description)
|
||||
valid.expect(not desc or len(desc) < 4096,
|
||||
"Must be less than 4096 characters",
|
||||
field="tracker_desc")
|
||||
if not valid.ok:
|
||||
return render_template("tracker-configure.html",
|
||||
tracker=tracker, access_type_list=TicketAccess,
|
||||
access_help_map=access_help_map, **valid.kwargs), 400
|
||||
|
||||
tracker.default_anonymous_perms = perm_anon
|
||||
tracker.default_user_perms = perm_user
|
||||
tracker.default_submitter_perms = perm_submit
|
||||
#tracker.default_committer_perms = perm_commit
|
||||
tracker.description = desc
|
||||
db.session.commit()
|
||||
|
||||
return redirect(url_for(".tracker_GET", owner=owner, name=name))
|
||||
|
||||
|
||||
@tracker.route("/<owner>/<path:name>/configure")
|
||||
@loginrequired
|
||||
def tracker_configure_GET(owner, name):
|
||||
pass
|
||||
tracker, access = get_tracker(owner, name)
|
||||
if not tracker:
|
||||
abort(404)
|
||||
return render_template("tracker-configure.html",
|
||||
tracker=tracker, access_type_list=TicketAccess,
|
||||
access_help_map=access_help_map)
|
||||
|
||||
@tracker.route("/<owner>/<path:name>/submit", methods=["POST"])
|
||||
@loginrequired
|
||||
|
@ -180,6 +246,8 @@ def tracker_submit_POST(owner, name):
|
|||
tracker, access = get_tracker(owner, name)
|
||||
if not tracker:
|
||||
abort(404)
|
||||
if not TicketAccess.submit in access:
|
||||
abort(403)
|
||||
|
||||
valid = Validation(request)
|
||||
title = valid.require("title", friendly_name="Title")
|
||||
|
|
|
@ -0,0 +1,135 @@
|
|||
{% extends "todo.html" %}
|
||||
|
||||
{% macro perm_checkbox(type, perms, name) %}
|
||||
{% if type.name not in ["none", "all"] %}
|
||||
<div class="form-check form-check-inline">
|
||||
<label class="form-check-label" title="{{access_help_map[type]}}">
|
||||
{% if type %}
|
||||
<input
|
||||
class="form-check-input"
|
||||
type="checkbox"
|
||||
name="perm_{{ name }}_{{ type.name }}"
|
||||
value="{{type.value}}"
|
||||
{{ "checked" if type in perms }}> {{type.name}}
|
||||
{% else %}
|
||||
<input
|
||||
class="form-check-input"
|
||||
type="checkbox"
|
||||
name="perm_{{ name }}_{{ type.name }}"
|
||||
value="{{type.value}}"
|
||||
{{ "checked" if perms == 0 }}> {{type.name}}
|
||||
{% endif %}
|
||||
</label>
|
||||
</div>
|
||||
{% endif %}
|
||||
{% endmacro %}
|
||||
|
||||
{% block title %}
|
||||
<title>Configure tracker — {{ cfg("sr.ht", "site-name") }}</title>
|
||||
{% endblock %}
|
||||
{% block content %}
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-md-7">
|
||||
<h2>Configure {{ tracker.name }}</h2>
|
||||
<form method="POST">
|
||||
<div class="form-group {{valid.cls("tracker_name")}}">
|
||||
<label for="tracker_name">
|
||||
Name
|
||||
<span class="text-muted">(you can't edit this)</p>
|
||||
</label>
|
||||
<input
|
||||
type="text"
|
||||
name="tracker_name"
|
||||
id="tracker_name"
|
||||
class="form-control"
|
||||
value="{{ tracker.name }}"
|
||||
disabled />
|
||||
{{ valid.summary("tracker_name") }}
|
||||
</div>
|
||||
<div class="form-group {{valid.cls("tracker_desc")}}">
|
||||
<label for="tracker_desc">Description</label>
|
||||
<textarea
|
||||
name="tracker_desc"
|
||||
id="tracker_desc"
|
||||
class="form-control"
|
||||
value="{{ tracker_desc or "" }}"
|
||||
rows="5"
|
||||
aria-describedby="tracker_desc-help"
|
||||
>{{tracker.desc or ""}}</textarea>
|
||||
<p
|
||||
id="tracker_desc-help"
|
||||
class="form-text text-muted"
|
||||
>Markdown supported</p>
|
||||
{{ valid.summary("tracker_desc") }}
|
||||
</div>
|
||||
<div class="form-group {{valid.cls("tracker_any_access")}}">
|
||||
<h3>Permissions</h3>
|
||||
<p>
|
||||
These permissions allow you to control what kinds of users are able
|
||||
to do what sorts of activities on your tracker.
|
||||
</p>
|
||||
<div class="event-list">
|
||||
<div class="event">
|
||||
<h4>Anonymous Permissions</h4>
|
||||
<p>
|
||||
Permissions granted to anyone who visits this tracker, logged
|
||||
in or otherwise.
|
||||
</p>
|
||||
{% for a in access_type_list %}
|
||||
{{ perm_checkbox(a, tracker.default_anonymous_perms, "anon") }}
|
||||
{% endfor %}
|
||||
{{ valid.summary("tracker_anon_access") }}
|
||||
</div>
|
||||
<div class="event">
|
||||
<h4>User Permissions</h4>
|
||||
<p>
|
||||
Permissions granted to any logged-in {{cfg("sr.ht",
|
||||
"site-name")}} user.
|
||||
</p>
|
||||
{% for a in access_type_list %}
|
||||
{{ perm_checkbox(a, tracker.default_user_perms, "user") }}
|
||||
{% endfor %}
|
||||
{{ valid.summary("tracker_user_access") }}
|
||||
</div>
|
||||
<div class="event">
|
||||
<h4>Submitter Permissions</h4>
|
||||
<p>
|
||||
Permissions granted to the ticket submitter on the tickets they
|
||||
submit.
|
||||
</p>
|
||||
{% for a in access_type_list %}
|
||||
{{ perm_checkbox(a, tracker.default_submitter_perms, "submit") }}
|
||||
{% endfor %}
|
||||
{{ valid.summary("tracker_submit_access") }}
|
||||
</div>
|
||||
{# TODO: once we link git accounts
|
||||
<div class="event">
|
||||
<h4>Committer Permissions</h4>
|
||||
{% for a in access_type_list %}
|
||||
{{ perm_checkbox(a, tracker.default_committer_perms, "commit") }}
|
||||
{% endfor %}
|
||||
{{ valid.summary("tracker_commit_access") }}
|
||||
</div>
|
||||
#}
|
||||
</div>
|
||||
</div>
|
||||
{{ valid.summary() }}
|
||||
<span class="pull-right">
|
||||
<a
|
||||
href="{{ url_for(
|
||||
".tracker_GET",
|
||||
owner="~" + tracker.owner.username,
|
||||
name=tracker.name) }}"
|
||||
class="btn btn-default"
|
||||
>Cancel</a>
|
||||
<button type="submit" class="btn btn-primary">
|
||||
Save
|
||||
<i class="fa fa-caret-right"></i>
|
||||
</button>
|
||||
</span>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
|
@ -49,7 +49,6 @@
|
|||
Create tracker
|
||||
<i class="fa fa-caret-right"></i>
|
||||
</button>
|
||||
{#
|
||||
<button
|
||||
type="submit"
|
||||
class="btn btn-default"
|
||||
|
@ -58,7 +57,6 @@
|
|||
Create & configure
|
||||
<i class="fa fa-caret-right"></i>
|
||||
</button>
|
||||
#}
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -12,13 +12,18 @@
|
|||
<div class="col-md-12">
|
||||
<h2>
|
||||
{{ format_tracker_name(tracker) }}
|
||||
<small>
|
||||
<a
|
||||
href="/~{{tracker.owner.username}}/{{tracker.name}}/configure"
|
||||
>Configure</a>
|
||||
</small>
|
||||
</h2>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-md-4">
|
||||
{{ tracker.description | md }}
|
||||
{% if current_user %}
|
||||
{% if TicketAccess.submit in access %}
|
||||
<h3 style="margin-top: 1rem">Submit ticket</h3>
|
||||
<form method="POST" action="{{
|
||||
url_for(".tracker_submit_POST",
|
||||
|
|
Loading…
Reference in New Issue