summaryrefslogtreecommitdiffstats
path: root/ogcp/templates/repos.html
diff options
context:
space:
mode:
authorAlejandro Sirgo Rica <asirgo@soleta.eu>2024-06-25 17:29:02 +0200
committerAlejandro Sirgo Rica <asirgo@soleta.eu>2024-06-27 10:03:14 +0200
commit977b457d5ce7661e8b4680d5543ad4d31063dcf1 (patch)
treeb978944834f149c3aea9083c166fc2ba7b1d950f /ogcp/templates/repos.html
parent25bb1ff73b537c53b07c7d41c28e1b52c149c026 (diff)
ogcp: add user permission mechanism
Add a new user permission system to control the allowed operations accessible from each account. Add a permission matrix editable through the user/add and user/edit views. The permission matrix has client, center, room, folder, image and repository as permission targets and add, update and delete as permission types. Restrict each view based on the user permissions, hide all actions from not autheticated users. permissions defined in the class UserForm. Serialize each user permissions into ogcp.json as: { ... "USERS" [ { "USER": "admin" ... "PERMISSIONS": { "CLIENT": { "ADD": true, "UPDATE": true, "DELETE": true, }, ... <- same structure for "CENTER", "ROOM", "FOLDER", "IMAGE" and "REPOSITORY" } }, ... ], ... } Grant all the permissions to old user configuration to not disrupt their workflow. The administrator will need to assign the permissions for each user. Ignore scope and permission restrictions for admin users. Save permissions and scopes even if the user is admin to account for the case of a temporal admin promotion without losing the previous configuration. Use template inheritance for add_user.html and edit_user.html to prevent big code duplication with the new HTML code to render the permission matrix. Make user administration an admin only feature. Define methods get_permission and target_is_disabled to improve readability in template conditionals that disable features based on user permissions.
Diffstat (limited to 'ogcp/templates/repos.html')
-rw-r--r--ogcp/templates/repos.html24
1 files changed, 16 insertions, 8 deletions
diff --git a/ogcp/templates/repos.html b/ogcp/templates/repos.html
index ef56d2a..06bee58 100644
--- a/ogcp/templates/repos.html
+++ b/ogcp/templates/repos.html
@@ -50,14 +50,22 @@
{% endblock %}
{% block commands %}
- <input class="btn btn-light {% block nav_repo_info %}{% endblock %}" type="submit" value="{{ _('Repo details') }}"
- form="reposForm" formaction="{{ url_for('action_repo_info') }}" formmethod="get">
- <input class="btn btn-light {% block nav_repo_add %}{% endblock %}" type="submit" value="{{ _('Add repo') }}"
- form="reposForm" formaction="{{ url_for('action_repo_add') }}" formmethod="get">
- <input class="btn btn-light {% block nav_repo_delete %}{% endblock %}" type="submit" value="{{ _('Delete repo') }}"
- form="reposForm" formaction="{{ url_for('action_repo_delete') }}" formmethod="get">
- <input class="btn btn-light {% block nav_repo_update %}{% endblock %}" type="submit" value="{{ _('Update repo') }}"
- form="reposForm" formaction="{{ url_for('action_repo_update') }}" formmethod="get">
+{% if current_user.is_authenticated %}
+ <input class="btn btn-light {% block nav_repo_info %}{% endblock %}" type="submit" value="{{ _('Repo details') }}"
+ form="reposForm" formaction="{{ url_for('action_repo_info') }}" formmethod="get">
+ {% if current_user.get_permission('REPOSITORY', 'ADD') %}
+ <input class="btn btn-light {% block nav_repo_add %}{% endblock %}" type="submit" value="{{ _('Add repo') }}"
+ form="reposForm" formaction="{{ url_for('action_repo_add') }}" formmethod="get">
+ {% endif %}
+ {% if current_user.get_permission('REPOSITORY', 'DELETE') %}
+ <input class="btn btn-light {% block nav_repo_delete %}{% endblock %}" type="submit" value="{{ _('Delete repo') }}"
+ form="reposForm" formaction="{{ url_for('action_repo_delete') }}" formmethod="get">
+ {% endif %}
+ {% if current_user.get_permission('REPOSITORY', 'UPDATE') %}
+ <input class="btn btn-light {% block nav_repo_update %}{% endblock %}" type="submit" value="{{ _('Update repo') }}"
+ form="reposForm" formaction="{{ url_for('action_repo_update') }}" formmethod="get">
+ {% endif %}
+{% endif %}
{% if btn_back %}
<button class="btn btn-danger ml-3" type="button" id="backButton" onclick="history.back()">