couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject [3/3] git commit: COUCHDB-1473 & COUCHDB-1472 - Futon: disable buttons if user has insufficient rights
Date Thu, 24 May 2012 08:05:10 GMT
COUCHDB-1473 & COUCHDB-1472 - Futon: disable buttons if user has insufficient rights

- Disabled the delete database button if it is not in adminparty,
 or if the current user is not admin.
- Security button is also disabled if user is not a database admin.


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/49d8304f
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/49d8304f
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/49d8304f

Branch: refs/heads/1.2.x
Commit: 49d8304faf4b97d19368d7dcba52739b6bb60e56
Parents: de328ed
Author: Anthony S Baker <anthony.s.baker@gmail.com>
Authored: Wed May 9 13:56:25 2012 -0400
Committer: Dave Cottlehuber <dch@apache.org>
Committed: Thu May 24 00:24:46 2012 +0200

----------------------------------------------------------------------
 share/www/database.html    |    4 ++--
 share/www/script/futon.js  |   30 ++++++++++++++++++++++++++++++
 share/www/style/layout.css |    2 ++
 3 files changed, 34 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/49d8304f/share/www/database.html
----------------------------------------------------------------------
diff --git a/share/www/database.html b/share/www/database.html
index 213159b..290b465 100644
--- a/share/www/database.html
+++ b/share/www/database.html
@@ -177,9 +177,9 @@ specific language governing permissions and limitations under the License.
       </div>
       <ul id="toolbar">
         <li><button class="add">New Document</button></li>
-        <li><button class="security">Security…</button></li>
+        <li><button class="security userAdmin serverAdmin">Security…</button></li>
         <li><button class="compact">Compact &amp; Cleanup…</button></li>
-        <li><button class="delete">Delete Database…</button></li>
+        <li><button class="delete serverAdmin">Delete Database…</button></li>
       </ul>
 
       <div id="viewcode" class="collapsed" style="display: none">

http://git-wip-us.apache.org/repos/asf/couchdb/blob/49d8304f/share/www/script/futon.js
----------------------------------------------------------------------
diff --git a/share/www/script/futon.js b/share/www/script/futon.js
index 5e0fb78..e2e0aaf 100644
--- a/share/www/script/futon.js
+++ b/share/www/script/futon.js
@@ -225,20 +225,50 @@ function $$(node) {
     this.sidebar = function() {
       // get users db info?
       $("#userCtx span").hide();
+      $(".serverAdmin").attr('disabled', 'disabled');
+
       $.couch.session({
         success : function(r) {
           var userCtx = r.userCtx;
+
+          var urlParts = location.search.substr(1).split("/");
+          var dbName = decodeURIComponent(urlParts.shift());
+          var dbNameRegExp = new RegExp("[^a-z0-9\_\$\(\)\+\/\-]", "g");
+          dbName = dbName.replace(dbNameRegExp, "");
+
           $$("#userCtx").userCtx = userCtx;
           if (userCtx.name) {
             $("#userCtx .name").text(userCtx.name).attr({href : $.couch.urlPrefix + "/_utils/document.html?"+encodeURIComponent(r.info.authentication_db)+"/org.couchdb.user%3A"+encodeURIComponent(userCtx.name)});
+
             if (userCtx.roles.indexOf("_admin") != -1) {
               $("#userCtx .loggedin").show();
               $("#userCtx .loggedinadmin").show();
+              $(".serverAdmin").removeAttr('disabled'); // user is a server admin
             } else {
               $("#userCtx .loggedin").show();
+
+              if (dbName != "") {
+                $.couch.db(dbName).getDbProperty("_security", { // check security roles for
user admins
+                  success: function(resp) {
+                    var adminRoles = resp.admins.roles;
+
+                    if ($.inArray(userCtx.name, resp.admins.names)>=0) { // user is admin
+                      $(".userAdmin").removeAttr('disabled');
+                    }
+                    else {
+                      for (var i=0; i<userCtx.roles.length; i++) { 
+                        if ($.inArray(userCtx.roles[i], resp.admins.roles)>=0) { // user
has role that is an admin
+                          $(".userAdmin").removeAttr('disabled');
+                        }
+                      }
+                    }
+                  } 
+                }); 
+              }
             }
           } else if (userCtx.roles.indexOf("_admin") != -1) {
             $("#userCtx .adminparty").show();
+            $(".serverAdmin").removeAttr('disabled');
           } else {
             $("#userCtx .loggedout").show();
           };

http://git-wip-us.apache.org/repos/asf/couchdb/blob/49d8304f/share/www/style/layout.css
----------------------------------------------------------------------
diff --git a/share/www/style/layout.css b/share/www/style/layout.css
index ea8b117..e8a2a50 100644
--- a/share/www/style/layout.css
+++ b/share/www/style/layout.css
@@ -234,6 +234,8 @@ body.fullwidth #wrap { margin-right: 0; }
   color: #666; margin: 0; padding: 2px 1em 2px 22px; cursor: pointer;
   font-size: 95%; line-height: 16px;
 }
+#toolbar button[disabled] { opacity: .50; }
+#toolbar button[disabled]:hover { background-position: 2px 2px; cursor: default; color: #666
}
 #toolbar button:hover { background-position: 2px -30px; color: #000; }
 #toolbar button:active { background-position: 2px -62px; color: #000; }
 #toolbar button.add { background-image: url(../image/add.png); }


Mime
View raw message