summaryrefslogtreecommitdiffstats
path: root/ogcp/templates/auth/edit_user.html
Commit message (Collapse)AuthorAgeFilesLines
* ogcp: add user permission mechanismAlejandro Sirgo Rica2024-06-271-49/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new user permission system to control the allowed operations accessible from each account. Add a permission matrix editable through the user/add and user/edit views. The permission matrix has client, center, room, folder, image and repository as permission targets and add, update and delete as permission types. Restrict each view based on the user permissions, hide all actions from not autheticated users. permissions defined in the class UserForm. Serialize each user permissions into ogcp.json as: { ... "USERS" [ { "USER": "admin" ... "PERMISSIONS": { "CLIENT": { "ADD": true, "UPDATE": true, "DELETE": true, }, ... <- same structure for "CENTER", "ROOM", "FOLDER", "IMAGE" and "REPOSITORY" } }, ... ], ... } Grant all the permissions to old user configuration to not disrupt their workflow. The administrator will need to assign the permissions for each user. Ignore scope and permission restrictions for admin users. Save permissions and scopes even if the user is admin to account for the case of a temporal admin promotion without losing the previous configuration. Use template inheritance for add_user.html and edit_user.html to prevent big code duplication with the new HTML code to render the permission matrix. Make user administration an admin only feature. Define methods get_permission and target_is_disabled to improve readability in template conditionals that disable features based on user permissions.
* views: make password optional in user/editAlejandro Sirgo Rica2024-06-191-2/+2
| | | | | | | | | Add the option to leave the password fields empty in the form. When the passwords are not set the user keeps the old password configuration. Define a EditUserForm based on UserForm in forms/auth.py to remove the InputRequired validator in the password fields. Update the html template to make the password fields optional.
* forms: use checkboxes for scope selection in UserFormAlejandro Sirgo Rica2024-06-141-5/+40
| | | | | | | Enable selection of multiple scopes in user/add and user/edit for restricted users. Replace quick form creation with an inline form definition in add_user.html and edit_user.html
* templates: remove dead code from edit_user.htmlAlejandro Sirgo Rica2024-06-141-8/+0
| | | | | Remove the <script> block as the function digestUserFormPassword no longer exists.
* Add 'Edit user' to Users sectionJavier Sánchez Parra2022-04-271-0/+26
Creates "Edit user" form with the following inputs: password, password confirmation, role (administrator or regular), allowed scopes. It does no allow to change/edit the username.