Commit f2fe9760 authored by Remi Rampin's avatar Remi Rampin

Merge branch 'check-collaborator' into 'master'

parents a9f418ed 4ee21e90
Pipeline #66383229 passed with stage
in 1 minute and 58 seconds
......@@ -1117,6 +1117,7 @@ function removeMember(login) {
var members_modal = document.getElementById('members-modal');
var members_initial = {};
var members_displayed = {};
function _memberRow(login, user) {
var elem = document.createElement('div');
......@@ -1143,6 +1144,7 @@ function _memberRow(login, user) {
elem.querySelector('button').addEventListener('click', function(e) {
elem.parentNode.removeChild(elem);
delete members_displayed[login];
});
return elem;
......@@ -1151,6 +1153,12 @@ function _memberRow(login, user) {
function showMembers() {
document.getElementById('members-add').reset();
if(members[user_login].privileges == 'ADMIN') {
document.getElementById('members-fields').removeAttribute('disabled');
} else {
document.getElementById('members-fields').setAttribute('disabled', 1);
}
var entries = Object.entries(members);
sortByKey(entries, function(e) { return e[0]; });
console.log(
......@@ -1181,6 +1189,7 @@ function showMembers() {
// Store current state so that we can compare later
members_initial = Object.assign({}, members);
members_displayed = Object.assign({}, members);
$(members_modal).modal();
}
......@@ -1192,12 +1201,29 @@ document.getElementById('members-add').addEventListener('submit', function(e) {
if(!login) { return; }
var privileges = document.getElementById('member-add-privileges').value;
// Add it at the top
var elem = _memberRow(login, {privileges: privileges});
var current_members = document.getElementById('members-current');
current_members.insertBefore(elem, current_members.firstChild);
document.getElementById('members-add').reset();
// Check login
if(login in members_displayed) {
alert(gettext("Already a member!"));
document.getElementById('members-add').reset();
return;
}
postJSON(
'/api/check_user',
{login: login}
)
.then(function(result) {
if(result.exists) {
// Add it at the top
var elem = _memberRow(login, {privileges: privileges});
var current_members = document.getElementById('members-current');
current_members.insertBefore(elem, current_members.firstChild);
members_displayed[login] = true;
document.getElementById('members-add').reset();
} else {
alert(gettext("This user doesn't exist!"));
}
})
});
function sendMembersPatch() {
......
......@@ -116,26 +116,28 @@
</div>
<div class="modal-body">
<div class="container">
<h5>{% trans %}Add Collaborators{% endtrans %}</h5>
<form id="members-add">
<div class="row">
<div class="col-md-4 form-group">
<input type="text" class="form-control" id="member-add-name" placeholder="{{ gettext("Username") }}" required />
<fieldset id="members-fields">
<h5>{% trans %}Add Collaborators{% endtrans %}</h5>
<form id="members-add">
<div class="row">
<div class="col-md-4 form-group">
<input type="text" class="form-control" id="member-add-name" placeholder="{{ gettext("Username") }}" required />
</div>
<div class="col-md-4 form-group">
<select id="member-add-privileges" class="form-control">
<option value="ADMIN">{# TRANSLATORS: Permissions level #}{% trans %}Full permissions{% endtrans %}</option>
<option value="MANAGE_DOCS">{# TRANSLATORS: Permissions level #}{% trans %}Can't change collaborators / delete project{% endtrans %}</option>
<option value="TAG" selected>{# TRANSLATORS: Permissions level #}{% trans %}View & make changes{% endtrans %}</option>
<option value="READ">{# TRANSLATORS: Permissions level #}{% trans %}View only{% endtrans %}</option>
</select>
</div>
<button type="submit" class="btn btn-info col-md-4 form-group">{% trans %}Add to project{% endtrans %}</button>
</div>
<div class="col-md-4 form-group">
<select id="member-add-privileges" class="form-control">
<option value="ADMIN">{# TRANSLATORS: Permissions level #}{% trans %}Full permissions{% endtrans %}</option>
<option value="MANAGE_DOCS">{# TRANSLATORS: Permissions level #}{% trans %}Can't change collaborators / delete project{% endtrans %}</option>
<option value="TAG" selected>{# TRANSLATORS: Permissions level #}{% trans %}View & make changes{% endtrans %}</option>
<option value="READ">{# TRANSLATORS: Permissions level #}{% trans %}View only{% endtrans %}</option>
</select>
</div>
<button type="submit" class="btn btn-info col-md-4 form-group">{% trans %}Add to project{% endtrans %}</button>
</div>
</form>
<h5>{% trans %}Current Collaborators{% endtrans %}</h5>
<form id="members-current">
</form>
</form>
<h5>{% trans %}Current Collaborators{% endtrans %}</h5>
<form id="members-current">
</form>
</fieldset>
</div>
</div>
<div class="modal-footer">
......
......@@ -90,6 +90,7 @@ def make_app(config, debug=False, xsrf_cookies=True):
export.ExportHighlightsDoc, name='export_highlights_doc'),
# API
URLSpec('/api/check_user', api.CheckUser),
URLSpec('/api/project/([0-9]+)', api.ProjectMeta),
URLSpec('/api/project/([0-9]+)/document/new', api.DocumentAdd),
URLSpec('/api/project/([0-9]+)/document/([0-9]+)',
......
......@@ -6,7 +6,7 @@ from sqlalchemy.exc import IntegrityError
from sqlalchemy.orm import aliased
from tornado.concurrent import Future
import tornado.log
from tornado.web import MissingArgumentError
from tornado.web import MissingArgumentError, HTTPError
from .. import convert
from .. import database
......@@ -40,6 +40,22 @@ def api_auth(method):
return wrapper
class CheckUser(BaseHandler):
PROM_API.labels('check_user').inc(0)
@api_auth
def post(self):
PROM_API.labels('check_user').inc()
if not self.application.config['MULTIUSER']:
raise HTTPError(404)
login = self.get_json()['login']
if validate.user_login(login):
user = self.db.query(database.User).get(login)
if user is not None:
return self.send_json({'exists': True})
return self.send_json({'exists': False})
class ProjectMeta(BaseHandler):
PROM_API.labels('project_meta').inc(0)
......@@ -519,6 +535,8 @@ class MembersUpdate(BaseHandler):
@api_auth
def patch(self, project_id):
PROM_API.labels('members_update').inc()
if not self.application.config['MULTIUSER']:
raise HTTPError(404)
project, privileges = self.get_project(project_id)
if not privileges.can_edit_members():
self.set_status(403)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment