incubator-allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From john...@apache.org
Subject [14/33] git commit: [#6392] ticket:403 Per tool user bans
Date Tue, 24 Sep 2013 19:37:50 GMT
[#6392]  ticket:403 Per tool user bans


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/887efbd1
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/887efbd1
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/887efbd1

Branch: refs/heads/cj/6695
Commit: 887efbd110f173fe62b101a46093239a4b9d1074
Parents: 05719e4
Author: Yuriy Arhipov <yuriyarhipovua@yandex.ru>
Authored: Wed Aug 7 12:44:29 2013 +0400
Committer: Tim Van Steenburgh <tvansteenburgh@gmail.com>
Committed: Tue Sep 24 17:36:23 2013 +0000

----------------------------------------------------------------------
 Allura/allura/app.py                            | 33 +++++++++++++++-
 .../templates/admin_widgets/card_field.html     | 20 ++++++++++
 .../ext/admin/templates/widgets/block_list.html |  9 +++++
 .../ext/admin/templates/widgets/block_user.html | 11 ++++++
 Allura/allura/ext/admin/widgets.py              | 15 ++++++++
 Allura/allura/lib/security.py                   |  3 ++
 Allura/allura/model/project.py                  |  1 +
 .../allura/templates/app_admin_permissions.html | 23 ++++++++++-
 Allura/allura/tests/functional/test_admin.py    | 40 +++++++++++++++++++-
 9 files changed, 151 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/app.py
----------------------------------------------------------------------
diff --git a/Allura/allura/app.py b/Allura/allura/app.py
index 5de6a12..fdde1fb 100644
--- a/Allura/allura/app.py
+++ b/Allura/allura/app.py
@@ -582,15 +582,43 @@ class DefaultAdminController(BaseController):
         """
         permanent_redirect('permissions')
 
+    @expose()
+    def edit_block_user(self, user_id='', perm=''):
+        log.error(self.app.config.block_user[perm])
+        self.app.config.block_user[perm].remove(ObjectId(user_id))
+        return redirect(request.referer)
+
+    @expose()
+    def block_user(self, user_name, perm):
+        user = model.User.by_username(user_name)
+        if not user:
+            flash('User "%s" not found' % user_name, 'error')
+            return redirect(request.referer)
+
+        if perm not in self.app.config.block_user:
+            self.app.config.block_user[perm] = []
+        if user._id not in self.app.config.block_user[perm]:
+            self.app.config.block_user[perm].append(user._id)
+        return redirect(request.referer)
+
     @expose('jinja:allura:templates/app_admin_permissions.html')
     @without_trailing_slash
     def permissions(self):
         """Render the permissions management web page.
 
         """
-        from ext.admin.widgets import PermissionCard
+        from ext.admin.widgets import PermissionCard, BlockUser, BlockList
         c.card = PermissionCard()
+        c.block_user = BlockUser()
+        c.block_list = BlockList()
         permissions = dict((p, []) for p in self.app.permissions)
+        block_list = {}
+
+        for perm, users in self.app.config.block_user.items():
+            block_list[perm] = [[user._id, user.username] for user in model.User.query.find(dict(_id={'$in':
users}))]
+
+
+
         for ace in self.app.config.acl:
             if ace.access == model.ACE.ALLOW:
                 try:
@@ -601,7 +629,8 @@ class DefaultAdminController(BaseController):
         return dict(
             app=self.app,
             allow_config=has_access(c.project, 'admin')(),
-            permissions=permissions)
+            permissions=permissions,
+            block_list=block_list)
 
     @expose('jinja:allura:templates/app_admin_edit_label.html')
     def edit_label(self):

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/ext/admin/templates/admin_widgets/card_field.html
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/templates/admin_widgets/card_field.html b/Allura/allura/ext/admin/templates/admin_widgets/card_field.html
index 770910e..dc532d4 100644
--- a/Allura/allura/ext/admin/templates/admin_widgets/card_field.html
+++ b/Allura/allura/ext/admin/templates/admin_widgets/card_field.html
@@ -66,5 +66,25 @@
                title="Add a user"></small>
       </a>
     </li>
+    <li>
+        <a href="#" class="block-user">
+            Block User
+        </a>
+    </li>
+
+    {%if (name in block_list) and (block_list[name])%}
+        <li>
+        <a href="#" class="block-list">
+            Block list
+        <div class="block-list" style="display: none">
+          <ul>
+          {%for user in block_list[name]%}
+            <li><input type="checkbox" name="user_id" value="{{user[0]}}">{{user[1]}}</li>
+          {%endfor%}
+          </ul>
+        </div>
+        </a>
+        </li>
+    {%endif%}
   </ul>
 </div>

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/ext/admin/templates/widgets/block_list.html
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/templates/widgets/block_list.html b/Allura/allura/ext/admin/templates/widgets/block_list.html
new file mode 100644
index 0000000..f1584b1
--- /dev/null
+++ b/Allura/allura/ext/admin/templates/widgets/block_list.html
@@ -0,0 +1,9 @@
+<h1>Block list</h1>
+<form action="edit_block_user">
+<div class="model-block-list"></div>
+<input type="hidden" class="block_user_role" name="perm" value="">
+<div class="grid-13">&nbsp;</div>
+<hr>
+<div class="grid-13"><div class="grid-13">&nbsp;</div>
+<input type="submit" value="Delete">
+</form>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/ext/admin/templates/widgets/block_user.html
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/templates/widgets/block_user.html b/Allura/allura/ext/admin/templates/widgets/block_user.html
new file mode 100644
index 0000000..b1a2ad1
--- /dev/null
+++ b/Allura/allura/ext/admin/templates/widgets/block_user.html
@@ -0,0 +1,11 @@
+<h1>Block User</h1>
+<form action="block_user">
+    <label class="grid-13">User Name</label>
+    <div class="grid-13"><input type="text" id="block_user" name="user_name"></div>
+    <input type="hidden" class="block_user_role" name="perm" value="">
+    <div class="grid-13">&nbsp;</div>
+    <hr>
+    <div class="grid-13"><div class="grid-13">&nbsp;</div>
+    <input type="submit" value="Save">
+    <a href="#" class="close">Cancel</a></div>
+</form>

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/ext/admin/widgets.py
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/widgets.py b/Allura/allura/ext/admin/widgets.py
index e663687..85d9237 100644
--- a/Allura/allura/ext/admin/widgets.py
+++ b/Allura/allura/ext/admin/widgets.py
@@ -203,3 +203,18 @@ class AuditLog(ew_core.Widget):
         for f in self.fields:
             for r in f.resources():
                 yield r
+
+
+class BlockUser(ffw.Lightbox):
+    defaults = dict(
+            ffw.Lightbox.defaults,
+            name='block-user-modal',
+            trigger='a.block-user',
+            content_template='allura.ext.admin:templates/widgets/block_user.html')
+
+class BlockList(ffw.Lightbox):
+    defaults = dict(
+            ffw.Lightbox.defaults,
+            name='block-list-modal',
+            trigger='a.block-list',
+            content_template='allura.ext.admin:templates/widgets/block_list.html')

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/lib/security.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/security.py b/Allura/allura/lib/security.py
index a0497ca..52e1568 100644
--- a/Allura/allura/lib/security.py
+++ b/Allura/allura/lib/security.py
@@ -291,6 +291,9 @@ def has_access(obj, permission, user=None, project=None):
                     project = project.root_project
             roles = cred.user_roles(user_id=user._id, project_id=project._id).reaching_ids
         chainable_roles = []
+        block_user = getattr(obj, 'block_user', dict())
+        if (permission in block_user) and (user._id in block_user[permission]):
+            return False
         for rid in roles:
             for ace in obj.acl:
                 if M.ACE.match(ace, rid, permission):

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/model/project.py
----------------------------------------------------------------------
diff --git a/Allura/allura/model/project.py b/Allura/allura/model/project.py
index ec39157..bde7e13 100644
--- a/Allura/allura/model/project.py
+++ b/Allura/allura/model/project.py
@@ -942,6 +942,7 @@ class AppConfig(MappedClass):
     tool_data = FieldProperty({str:{str:None}}) # entry point: prefs dict
 
     acl = FieldProperty(ACL())
+    block_user = FieldProperty({str: [None]})
 
     def get_tool_data(self, tool, key, default=None):
         return self.tool_data.get(tool, {}).get(key, default)

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/templates/app_admin_permissions.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/app_admin_permissions.html b/Allura/allura/templates/app_admin_permissions.html
index 861c76d..8a9f728 100644
--- a/Allura/allura/templates/app_admin_permissions.html
+++ b/Allura/allura/templates/app_admin_permissions.html
@@ -47,7 +47,8 @@
             id=name,
             name=name,
             desc=app.describe_permission(name),
-            items=h.make_roles(ids)
+            items=h.make_roles(ids),
+            block_list = block_list
         )}}
         {% endfor %}
         <br style="clear:both"/>
@@ -61,3 +62,23 @@
     </form>
   {%endif%}
 {% endblock %}
+{% block extra_js %}
+  {{c.block_user.display()}}
+  {{c.block_list.display()}}
+<script type="text/javascript">
+  $('a.block-user').click(function(){
+      var block_user = $('#block_user');
+      var deck =  $(this).closest('ul.deck');
+      var role = deck.find('li.tcenter h3').text();
+      $('input.block_user_role').val(role);
+  });
+  $('a.block-list').click(function(){
+      var userlist = $(this).find('div.block-list').clone();
+      var deck =  $(this).closest('ul.deck');
+      var role = deck.find('li.tcenter h3').text();
+      $('input.block_user_role').val(role);
+      $('div.model-block-list').html(userlist.html());
+  });
+</script>
+{% endblock %}
+

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/887efbd1/Allura/allura/tests/functional/test_admin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_admin.py b/Allura/allura/tests/functional/test_admin.py
index 6045d86..2ed1519 100644
--- a/Allura/allura/tests/functional/test_admin.py
+++ b/Allura/allura/tests/functional/test_admin.py
@@ -42,6 +42,9 @@ from allura import model as M
 from allura.app import SitemapEntry
 from allura.lib.plugin import AdminExtension
 from allura.ext.admin.admin_main import AdminApp
+from allura.lib.security import has_access
+
+from forgewiki.model import Page
 
 @contextmanager
 def audits(*messages):
@@ -161,7 +164,42 @@ class TestProjectAdmin(TestController):
 
         # Check the audit log
         r = self.app.get('/admin/audit/')
-        assert "uninstall tool test-tool" in r.body, r.body
+        assert "uninstall tool test-tool" in r.body, r.bodyt
+
+    @td.with_wiki
+    def test_add_user_to_block_list(self):
+        r = self.app.get('/admin/wiki/permissions')
+        assert '<a href="#" class="block-user">' in r
+        assert '<a href="#" class="block-list">' not in r
+
+        self.app.post('/admin/wiki/block_user', params={'user_name': 'test-admin', 'perm':
'read'})
+        user_id = M.User.by_username('test-admin')._id
+
+        app = M.Project.query.get(shortname='test').app_instance('wiki')
+        assert_equals(app.config.block_user['read'], [user_id])
+        r = self.app.get('/admin/wiki/permissions')
+        assert '<a href="#" class="block-list">' in r
+        assert '<li><input type="checkbox" name="user_id" value="%s">test-admin</li>'
% user_id in r
+
+    @td.with_wiki
+    def test_remove_user_from_block_list(self):
+        self.app.post('/admin/wiki/block_user', params={'user_name': 'test-admin', 'perm':
'read'})
+        app = M.Project.query.get(shortname='test').app_instance('wiki')
+        user_id = M.User.by_username('test-admin')._id
+        assert_equals(app.config.block_user['read'], [user_id])
+        self.app.post('/admin/wiki/edit_block_user', params={'user_id': str(user_id), 'perm':
'read'})
+        assert_equals(app.config.block_user['read'], [])
+        r = self.app.get('/admin/wiki/permissions')
+        assert '<a href="#" class="block-list">' not in r
+
+    @td.with_wiki
+    def test_has_access_with_block_users(self):
+        wiki = M.Project.query.get(shortname='test').app_instance('wiki')
+        page = Page.query.get(app_config_id=wiki.config._id)
+        test_user = M.User.by_username('test-user')
+        assert has_access(page, 'read', user=test_user)()
+        self.app.post('/admin/wiki/block_user', params={'user_name': 'test-user', 'perm':
'read'})
+        assert not has_access(page, 'read', user=test_user)()
 
     def test_tool_permissions(self):
         BUILTIN_APPS = ['activity', 'blog', 'discussion', 'git', 'link',


Mime
View raw message