Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Init version of permission management of personal tokens.

Browse source
This commit is contained in:
Martin Edenhofer 2016-08-16 09:09:09 +02:00
parent 3bf32d51e4
commit e7960ab03b
5 changed files with 68 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
app/assets/javascripts/app/controllers/_profile/token_access.coffee
View file

@ -1,7 +1,7 @@
class Index extends App.ControllerContent
requiredPermission: 'user_preferences.access_token'
events:
'click [data-type=delete]': 'delete'
'click .js-delete': 'delete'
'submit form.js-create': 'create'
constructor: ->
@ -22,24 +22,35 @@ class Index extends App.ControllerContent
type: 'GET'
url: "#{@apiPath}/user_access_token"
success: (data) =>
tokens = data.tokens
# verify is rerender is needed
if !force && @lastestUpdated && data && data[0] && @lastestUpdated.updated_at is data[0].updated_at
if !force && @lastestUpdated && tokens && tokens[0] && @lastestUpdated.updated_at is tokens[0].updated_at
return
@lastestUpdated = data[0]
@data = data
@lastestUpdated = tokens[0]
@tokens = data.tokens
@permissions = data.permissions
@render()
)
render: =>
@html App.view('profile/token_access')(
tokens: @data
tokens: @tokens
permissions: @permissions
)
create: (e) =>
e.preventDefault()
params = @formParam(e.target)
# check if min one permission exists
if _.isEmpty(params['permission'])
alert('Min. one permission is needed!')
return
if !_.isArray(params['permission'])
params['permission'] = [params['permission']]
@ajax(
id: 'user_access_token_create'
type: 'POST'

2
app/assets/javascripts/app/views/generic/permission.jst.eco
View file

@ -1,4 +1,4 @@
<div class="checkbox <%= @attribute.class %> checkbox">
<div class="checkbox <%= @attribute.class %>">
<% for permission in @permissions: %>
<% if !permission.name.match(/\./): %>
<label class="inline-label checkbox-replacement">

31
app/assets/javascripts/app/views/profile/token_access.jst.eco
View file

@ -14,6 +14,33 @@
</div>
<div class="controls"><input id="token-label" type="text" name="label" value="" class="form-control js-input" required></div>
</div>
<div class="permission form-group checkbox">
<div class="checkbox">
<% for permission in @permissions: %>
<% if !permission.name.match(/\./): %>
<label class="inline-label checkbox-replacement">
<input type="checkbox" value="<%= permission.name %>" name="permission" <% if @params && _.contains(@params.permissions, permission.id): %>checked<% end %> <% if permission.preferences.disabled: %>disabled<% end %>/>
<%- @Icon('checkbox', 'icon-unchecked') %>
<%- @Icon('checkbox-checked', 'icon-checked') %>
<span class="label-text"><%= permission.name %> - <span class="help-text"><%- @T(permission.note) %></span></span>
</label>
<% else: %>
<div style="padding-left: 20px;" class="js-subPermissionList">
<label class="inline-label checkbox-replacement">
<input type="checkbox" value="<%= permission.name %>" name="permission" <% if @params && _.contains(@params.permissions, permission.id): %>checked<% end %> <% if permission.preferences.disabled: %>disabled<% end %>/>
<%- @Icon('checkbox', 'icon-unchecked') %>
<%- @Icon('checkbox-checked', 'icon-checked') %>
<span class="label-text"><%= permission.name.replace(/^.+?\./, '') %> - <span class="help-text"><%- @T(permission.note) %></span></span>
</label>
</div>
<% end %>
<% end %>
</div>
</div>
<button class="btn btn--primary js-submit"><%- @T('Create') %></button>
</form>
@ -24,6 +51,7 @@
<thead>
<tr>
<th><%- @T('Name') %></th>
<th><%- @T('Permission') %></th>
<th><%- @T('Created') %></th>
<!--
<th><%- @T('Expires') %></th>
@ -40,6 +68,7 @@
<% for token in @tokens: %>
<tr>
<td><%= token.label %></td>
<td><% if token.preferences && token.preferences.permission: %><%= token.preferences.permission.join(', ') %><% end %></td>
<td><%- @humanTime(token.created_at) %></td>
<!--
<td><%- @humanTime(token.expired_at) %></td>
@ -47,7 +76,7 @@
-->
<td class="settings-list-controls">
<div>
<a class="settings-list-control" href="#" data-token-id="<%- token.id %>" data-type="delete" title="<%- @Ti('Delete') %>"><%- @Icon('trash') %></a>
<a class="settings-list-control js-delete" href="#" data-token-id="<%- token.id %>" title="<%- @Ti('Delete') %>"><%- @Icon('trash') %></a>
</div>
</tr>
<% end %>

22
app/controllers/user_access_token_controller.rb
View file

@ -1,7 +1,7 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class UserAccessTokenController < ApplicationController
before_action :authentication_check
before_action { authentication_check(permission: 'user_preferences.access_token') }
def index
tokens = Token.where(action: 'api', persistent: true, user_id: current_user.id).order('updated_at DESC, label ASC')
@ -12,7 +12,25 @@ class UserAccessTokenController < ApplicationController
attributes.delete('name')
token_list.push attributes
}
model_index_render_result(token_list)
local_permissions = current_user.permissions
local_permissions_new = {}
local_permissions.each { |key, _value|
keys = Object.const_get('Permission').with_parents(key)
keys.each { |local_key|
next if local_permissions_new[local_key]
local_permissions_new[local_key] = false
}
}
permissions = []
Permission.all.order(:name).each { |permission|
next if !local_permissions_new.key?(permission.name)
permissions.push permission
}
render json: {
tokens: token_list,
permissions: permissions,
}, status: :ok
end
def create

2
app/controllers/user_devices_controller.rb
View file

@ -1,7 +1,7 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class UserDevicesController < ApplicationController
before_action :authentication_check
before_action { authentication_check(permission: 'user_preferences.device') }
def index
devices = UserDevice.where(user_id: current_user.id).order('updated_at DESC, name ASC')