Files @ aa25ef34ebab
Branch filter:

Location: kallithea/kallithea/templates/admin/notifications/show_notification.html

aa25ef34ebab 1.7 KiB text/html Show Annotation Show as Raw Download as Raw
mads
auth: refactor to introduce @LoginRequired(allow_default_user=True) and deprecate @NotAnonymous()

It was error prone that @LoginRequired defaulted to allow anonymous users (if
'default' user is enabled). See also 245b4e3abf39.

Refactor code to make it more explicit and safe by default: Deprecate
@NotAnonymous by making it the default of @LoginRequired. That will make it
safe by default.

To preserve same functionality, set allow_default_user=True in all the cases
where @LoginRequired was *not* followed by @NotAnonymous or other permission
checks - that was done with some script hacks:
sed -i 's/@LoginRequired(\(..*\))/@LoginRequired(\1, allow_default_user=True)/g' `hg mani`
sed -i 's/@LoginRequired()/@LoginRequired(allow_default_user=True)/g' `hg mani`
perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)\n\s*\@NotAnonymous\(\)/\@LoginRequired()/g' `hg mani`
perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@Has(Repo)?Permission)/\@LoginRequired()\1/g' `hg mani`

It has been reviewed that all uses of allow_default_user=True are in places
where the there indeed wasn't any checking for default user before. These may
or may not be correct, but now they are explicit and can be spotted and fixed.

The few remaining uses of @NotAnonymous should probably be removed somehow.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
## -*- coding: utf-8 -*-
<%inherit file="/base/base.html"/>

<%block name="title">
    ${_('Show Notification')} ${request.authuser.username}
</%block>

<%def name="breadcrumbs_links()">
    ${h.link_to(_('Notifications'),h.url('notifications'))}
    &raquo;
    ${_('Show Notification')}
</%def>

<%block name="header_menu">
    ${self.menu('admin')}
</%block>

<%def name="main()">
<div class="panel panel-primary">
    <div class="panel-heading clearfix">
        ${self.breadcrumbs()}
    </div>
    <div class="panel-body">
      <div id="notification_${c.notification.notification_id}">
        <div class="clearfix">
          ${h.gravatar_div(c.notification.created_by_user.email, size=24)}
          <span class="pull-left">
              ${c.notification.description}
          </span>
          <button type="button" id="${c.notification.notification_id}" class="delete-notification btn btn-default pull-right"><i class="icon-minus-circled"></i>${_('Delete')}</button>
        </div>
        <div>
            %if c.notification.subject:
                <div class="h4">${h.literal(c.notification.subject)}</div>
            %endif
            <div class="well">
            %if c.notification.body:
                ${h.render_w_mentions(c.notification.body)}
            %endif
            </div>
        </div>
      </div>
    </div>
</div>
<script type="text/javascript">
var url = ${h.js(url('notification_delete', notification_id='__NOTIFICATION_ID__'))};
var main = ${h.js(url('notifications'))};
   $('.delete-notification').click(function(e){
       var notification_id = e.currentTarget.id;
       deleteNotification(url,notification_id,[function(){window.location=main}]);
   });
</script>
</%def>
Server instance: clio-10240 This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3. – Support