[ARVADOS] created: 050e18ef86f2cb16f2ae981be8b4123ad8e08697
git at public.curoverse.com
git at public.curoverse.com
Sat Aug 23 20:01:04 EDT 2014
at 050e18ef86f2cb16f2ae981be8b4123ad8e08697 (commit)
commit 050e18ef86f2cb16f2ae981be8b4123ad8e08697
Author: Tom Clegg <tom at curoverse.com>
Date: Sat Aug 23 20:00:59 2014 -0400
3171: Add administrator UI for toggling user<->role permissions.
diff --git a/apps/workbench/app/assets/javascripts/permission_toggle.js b/apps/workbench/app/assets/javascripts/permission_toggle.js
new file mode 100644
index 0000000..00c1718
--- /dev/null
+++ b/apps/workbench/app/assets/javascripts/permission_toggle.js
@@ -0,0 +1,55 @@
+$(document).
+ on('click', '[data-toggle-permission] input[type=checkbox]', function() {
+ var data = {};
+ var keys = ['data-permission-uuid',
+ 'data-permission-name',
+ 'data-permission-head',
+ 'data-permission-tail'];
+ var attr;
+ for(var i in keys) {
+ attr = keys[i];
+ data[attr] = $(this).closest('[' + attr + ']').attr(attr);
+ if (data[attr] === undefined) {
+ console.log(["Error: no " + attr + " established here.", this]);
+ return;
+ }
+ }
+ var is_checked = $(this).prop('checked');
+
+ if (is_checked) {
+ $.ajax('/links',
+ {dataType: 'json',
+ type: 'POST',
+ data: {'link[tail_uuid]': data['data-permission-tail'],
+ 'link[head_uuid]': data['data-permission-head'],
+ 'link[link_class]': 'permission',
+ 'link[name]': data['data-permission-name']},
+ context: this}).
+ fail(function(jqxhr, status, error) {
+ $(this).prop('checked', false);
+ }).
+ done(function(data, status, jqxhr) {
+ $(this).attr('data-permission-uuid', data['uuid']);
+ }).
+ always(function() {
+ $(this).prop('disabled', false);
+ });
+ }
+ else {
+ $.ajax('/links/' + data['data-permission-uuid'],
+ {dataType: 'json',
+ type: 'POST',
+ data: {'_method': 'DELETE'},
+ context: this}).
+ fail(function(jqxhr, status, error) {
+ $(this).prop('checked', true);
+ }).
+ done(function(data, status, jqxhr) {
+ $(this).attr('data-permission-uuid', 'x');
+ }).
+ always(function() {
+ $(this).prop('disabled', false);
+ });
+ }
+ $(this).prop('disabled', true);
+ });
diff --git a/apps/workbench/app/views/projects/_show_sharing.html.erb b/apps/workbench/app/views/projects/_show_sharing.html.erb
index ff0062c..cafaf6d 100644
--- a/apps/workbench/app/views/projects/_show_sharing.html.erb
+++ b/apps/workbench/app/views/projects/_show_sharing.html.erb
@@ -20,7 +20,7 @@
end
perms_json = perms_json.to_json
choose_filters = {
- "groups" => [["group_class", "=", nil]],
+ "groups" => [["group_class", "=", "role"]],
}
choose_filters.default = []
owner_icon = fa_icon_class_for_uuid(@object.owner_uuid)
diff --git a/apps/workbench/app/views/users/_show_admin.html.erb b/apps/workbench/app/views/users/_show_admin.html.erb
index 19c7cb9..8d54950 100644
--- a/apps/workbench/app/views/users/_show_admin.html.erb
+++ b/apps/workbench/app/views/users/_show_admin.html.erb
@@ -1,21 +1,108 @@
-<p>As an admin, you can log in as this user. When you’ve
-finished, you will need to log out and log in again with your own
-account.</p>
+<div class="row">
+ <div class="col-md-6">
+ <p>
+ As an admin, you can log in as this user. When you’ve
+ finished, you will need to log out and log in again with your
+ own account.
+ </p>
-<blockquote>
-<%= button_to "Log in as #{@object.full_name}", sudo_user_url(id: @object.uuid), class: 'btn btn-primary' %>
-</blockquote>
+ <blockquote>
+ <%= button_to "Log in as #{@object.full_name}", sudo_user_url(id: @object.uuid), class: 'btn btn-primary' %>
+ </blockquote>
-<p>As an admin, you can setup this user. Please input a VM and repository for the user. If you had previously provided any of these items, they are pre-filled for you and you can leave them as is if you would like to reuse them.</p>
+ <p>
+ As an admin, you can setup this user. Please input a VM and
+ repository for the user. If you had previously provided any of
+ these items, they are pre-filled for you and you can leave them
+ as is if you would like to reuse them.
+ </p>
-<blockquote>
-<%= link_to "Setup #{@object.full_name}", setup_popup_user_url(id: @object.uuid), {class: 'btn btn-primary', :remote => true, 'data-toggle' => "modal", 'data-target' => '#user-setup-modal-window'} %>
-</blockquote>
+ <blockquote>
+ <%= link_to "Setup #{@object.full_name}", setup_popup_user_url(id: @object.uuid), {class: 'btn btn-primary', :remote => true, 'data-toggle' => "modal", 'data-target' => '#user-setup-modal-window'} %>
+ </blockquote>
-<p>As an admin, you can deactivate and reset this user. This will remove all repository/VM permissions for the user. If you "setup" the user again, the user will have to sign the user agreement again.</p>
+ <p>
+ As an admin, you can deactivate and reset this user. This will
+ remove all repository/VM permissions for the user. If you
+ "setup" the user again, the user will have to sign the user
+ agreement again.
+ </p>
-<blockquote>
-<%= button_to "Deactivate #{@object.full_name}", unsetup_user_url(id: @object.uuid), class: 'btn btn-primary', data: {confirm: "Are you sure you want to deactivate #{@object.full_name}?"} %>
-</blockquote>
+ <blockquote>
+ <%= button_to "Deactivate #{@object.full_name}", unsetup_user_url(id: @object.uuid), class: 'btn btn-primary', data: {confirm: "Are you sure you want to deactivate #{@object.full_name}?"} %>
+ </blockquote>
+ </div>
+ <div class="col-md-6">
+ <div class="panel panel-default">
+ <div class="panel-heading">
+ Groups
+ </div>
+ <div class="panel-body">
+ <div class="alert alert-info">
+ A <i>permitted</i> user <i>has all permissions</i> available to the group.
+ <br/>
+ A <i>member</i> user <i>is visible to</i> everyone else who can see the group.
+ <br/>
+ (Tip: in most cases, you don't want one without the other.)
+ </div>
+ <form>
+ <% permitted_group_perms = {}
+ Link.limit(10000).filter([
+ ['tail_uuid', '=', @object.uuid],
+ ['head_uuid', 'is_a', 'arvados#group'],
+ ['link_class', '=', 'permission'],
+ ]).each do |perm|
+ permitted_group_perms[perm.head_uuid] = perm.uuid
+ end %>
+ <% member_group_perms = {}
+ Link.permissions_for(@object).each do |perm|
+ member_group_perms[perm.tail_uuid] = perm.uuid
+ end %>
+ <% Group.order(['name']).where(group_class: 'role').each do |group| %>
+ <div>
+ <label class="checkbox-inline" data-toggle-permission="true" data-permission-tail="<%= @object.uuid %>" data-permission-name="can_manage">
+ <%= check_box_tag(
+ 'group_uuids[]',
+ group.uuid,
+ permitted_group_perms[group.uuid],
+ disabled: (group.owner_uuid == @object.uuid),
+ data: {
+ permission_head: group.uuid,
+ permission_uuid: permitted_group_perms[group.uuid]}) %>
+ permitted
+ </label>
+ <label class="checkbox-inline" data-toggle-permission="true" data-permission-head="<%= @object.uuid %>" data-permission-name="can_read">
+ <%= check_box_tag(
+ 'group_uuids[]',
+ group.uuid,
+ member_group_perms[group.uuid],
+ disabled: (group.owner_uuid == @object.uuid),
+ data: {
+ permission_tail: group.uuid,
+ permission_uuid: member_group_perms[group.uuid]}) %>
+ member
+ </label>
+ <label class="checkbox-inline">
+ <%= group.name || '(unnamed)' %> <span class="deemphasize">(owned by <%= User.find(group.owner_uuid).andand.full_name %>)</span>
+ </label>
+ </div>
+ <% end.empty? and begin %>
+ <div>
+ (No groups defined.)
+ </div>
+ <% end %>
+ </form>
+ </div>
+ <div class="panel-footer">
+ To manage these groups (roles), use:
+ <ul>
+ <li><code>arv group create \<br/>--group '{"group_class":"role","name":"New group"}'</code></li>
+ <li><code>arv group list \<br/>--filters '[["group_class","=","role"]]' \<br/>--select '["uuid","name"]'</code></li>
+ <li><code>arv edit <i>uuid</i></code></li>
+ </ul>
+ </div>
+ </div>
+ </div>
+</div>
<div id="user-setup-modal-window" class="modal fade" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"></div>
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list