Files
@ b537babcf966
Branch filter:
Location: kallithea/kallithea/templates/index_base.html
b537babcf966
8.2 KiB
text/html
login: include query parameters in came_from
The login controller uses the came_from query argument to determine
the page to continue to after login.
Previously, came_from specified only the URL path (obtained using
h.url.current), and any URL query parameters were passed along as
separate (additional) URL query parameters; to obtain the final redirect
target, h.url was used to combine came_from with the request.GET.
As of this changeset, came_from specifies both the URL path and query
string (obtained using request.path_qs), which means that came_from can
be used directly as the redirect target (as always, WebOb handles the
task of expanding the server relative path to a fully qualified URL).
The mangling of request.GET can also be removed.
The login code appended arbitrary, user-supplied query parameters to
URLs by calling the Routes URLGenerator (h.url) with user-supplied
keyword arguments. This construct is unfortunate, since url only
appends _unknown_ keyword arguments as query parameters, and the
parameter names could overlap with known keyword arguments, possibly
affecting the generated URL in various ways. This changeset removes
this usage from the login code, but other instances remain.
(In practice, the damage is apparently limited to causing an Internal
Server Error when going to e.g. "/_admin/login?host=foo", since WebOb
returns Unicode strings and URLGenerator only allows byte strings for
these keyword arguments.)
The login controller uses the came_from query argument to determine
the page to continue to after login.
Previously, came_from specified only the URL path (obtained using
h.url.current), and any URL query parameters were passed along as
separate (additional) URL query parameters; to obtain the final redirect
target, h.url was used to combine came_from with the request.GET.
As of this changeset, came_from specifies both the URL path and query
string (obtained using request.path_qs), which means that came_from can
be used directly as the redirect target (as always, WebOb handles the
task of expanding the server relative path to a fully qualified URL).
The mangling of request.GET can also be removed.
The login code appended arbitrary, user-supplied query parameters to
URLs by calling the Routes URLGenerator (h.url) with user-supplied
keyword arguments. This construct is unfortunate, since url only
appends _unknown_ keyword arguments as query parameters, and the
parameter names could overlap with known keyword arguments, possibly
affecting the generated URL in various ways. This changeset removes
this usage from the login code, but other instances remain.
(In practice, the damage is apparently limited to causing an Internal
Server Error when going to e.g. "/_admin/login?host=foo", since WebOb
returns Unicode strings and URLGenerator only allows byte strings for
these keyword arguments.)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 | <%page args="parent,group_name=''" />
<div class="box">
<!-- box / title -->
<div class="title">
<h5>
<input class="q_filter_box" id="q_filter" size="15" type="text" name="filter" placeholder="${_('quick filter...')}" value=""/> ${parent.breadcrumbs()} <span id="repo_count">0</span> ${_('repositories')}
</h5>
%if c.authuser.username != 'default':
<ul class="links">
<li>
<%
gr_name = c.group.group_name if c.group else None
# create repositories with write permission on group is set to true
create_on_write = h.HasPermissionAny('hg.create.write_on_repogroup.true')()
group_admin = h.HasRepoGroupPermissionAny('group.admin')(gr_name, 'can write into group index page')
group_write = h.HasRepoGroupPermissionAny('group.write')(gr_name, 'can write into group index page')
%>
%if h.HasPermissionAny('hg.admin','hg.create.repository')() or (group_admin or (group_write and create_on_write)):
%if c.group:
<a href="${h.url('new_repo',parent_group=c.group.group_id)}" class="btn btn-small"><i class="icon-plus"></i> ${_('Add Repository')}</a>
%if h.HasPermissionAny('hg.admin')() or h.HasRepoGroupPermissionAny('group.admin')(c.group.group_name):
<a href="${h.url('new_repos_group', parent_group=c.group.group_id)}" class="btn btn-small"><i class="icon-plus"></i> ${_('Add Repository Group')}</a>
%endif
%else:
<a href="${h.url('new_repo')}" class="btn btn-small"><i class="icon-plus"></i> ${_('Add Repository')}</a>
%if h.HasPermissionAny('hg.admin')():
<a href="${h.url('new_repos_group')}" class="btn btn-small"><i class="icon-plus"></i> ${_('Add Repository Group')}</a>
%endif
%endif
%endif
%if c.group and h.HasRepoGroupPermissionAny('group.admin')(c.group.group_name):
<a href="${h.url('edit_repo_group',group_name=c.group.group_name)}" title="${_('You have admin right to this group, and can edit it')}" class="btn btn-small"><i class="icon-pencil"></i> ${_('Edit Repository Group')}</a>
%endif
</li>
</ul>
%endif
</div>
<!-- end box / title -->
<div class="table">
% if c.groups:
<div id='groups_list_wrap' class="yui-skin-sam">
<table id="groups_list">
<thead>
<tr>
<th class="left"><a href="#">${_('Group Name')}</a></th>
<th class="left"><a href="#">${_('Description')}</a></th>
##<th class="left"><a href="#">${_('Number of Repositories')}</a></th>
</tr>
</thead>
## REPO GROUPS
% for gr in c.groups:
<tr>
<td>
<div class="dt_repo">
<a href="${url('repos_group_home',group_name=gr.group_name)}">
<i class="icon-folder"></i>
<span class="dt_repo_name">${gr.name}</span>
</a>
</div>
</td>
<td>${h.urlify_text(gr.group_description, stylize=c.visual.stylify_metatags)}</td>
## this is commented out since for multi nested repos can be HEAVY!
## in number of executed queries during traversing uncomment at will
##<td><b>${gr.repositories_recursive_count}</b></td>
</tr>
% endfor
</table>
</div>
<div id="group-user-paginator" style="padding: 0px 0px 0px 0px"></div>
<div style="height: 20px"></div>
% endif
<div id="welcome" style="display:none;text-align:center">
<h1><a href="${h.url('home')}">${c.site_name} ${c.kallithea_version}</a></h1>
</div>
<%cnt=0%>
<%namespace name="dt" file="/data_table/_dt_elements.html"/>
<div class="yui-skin-sam" id="repos_list_wrap"></div>
<div id="user-paginator" style="padding: 0px 0px 0px 0px"></div>
</div>
</div>
<script>
var data = ${c.data|n};
var myDataSource = new YAHOO.util.DataSource(data);
myDataSource.responseType = YAHOO.util.DataSource.TYPE_JSON;
myDataSource.responseSchema = {
resultsList: "records",
fields: [
{key:"menu"},
{key:"raw_name"},
{key:"name"},
{key:"desc"},
{key:"last_change"},
{key:"last_changeset"},
{key:"last_rev_raw"},
{key:"owner"},
{key:"atom"}
]
};
myDataSource.doBeforeCallback = function(req,raw,res,cb) {
// This is the filter function
var data = res.results || [],
filtered = [],
i,l;
if (req) {
req = req.toLowerCase();
for (i = 0; i<data.length; i++) {
var pos = data[i].raw_name.toLowerCase().indexOf(req, ${len(group_name)});
if (pos != -1) {
filtered.push(data[i]);
}
}
res.results = filtered;
}
YUD.get('repo_count').innerHTML = res.results.length;
return res;
}
// main table sorting
var myColumnDefs = [
{key:"menu",label:"",sortable:false,className:"quick_repo_menu hidden"},
{key:"name",label:"${_('Name')}",sortable:true,
sortOptions: { sortFunction: nameSort }},
{key:"desc",label:"${_('Description')}",sortable:true},
{key:"last_change",label:"${_('Last Change')}",sortable:true,
sortOptions: { sortFunction: ageSort }},
{key:"last_changeset",label:"${_('Tip')}",sortable:true,
sortOptions: { sortFunction: revisionSort }},
{key:"owner",label:"${_('Owner')}",sortable:true},
{key:"atom",label:"",sortable:false}
];
var myDataTable = new YAHOO.widget.DataTable("repos_list_wrap", myColumnDefs, myDataSource,{
sortedBy:{key:"name",dir:"asc"},
paginator: YUI_paginator(${c.visual.dashboard_items},['user-paginator']),
MSG_SORTASC:"${_('Click to sort ascending')}",
MSG_SORTDESC:"${_('Click to sort descending')}",
MSG_EMPTY:"${_('No repositories found.')}",
MSG_ERROR:"${_('Data error.')}",
MSG_LOADING:"${_('Loading...')}"
}
);
myDataTable.subscribe('postRenderEvent',function(oArgs) {
tooltip_activate();
quick_repo_menu();
});
var filterTimeout = null;
updateFilter = function () {
// Reset timeout
filterTimeout = null;
// Reset sort
var state = myDataTable.getState();
state.sortedBy = {key:'name', dir:YAHOO.widget.DataTable.CLASS_ASC};
// Get filtered data
myDataSource.sendRequest(YUD.get('q_filter').value,{
success : myDataTable.onDataReturnInitializeTable,
failure : myDataTable.onDataReturnInitializeTable,
scope : myDataTable,
argument: state
});
};
$('#q_filter').click(function(){
if(!$('#q_filter').hasClass('loaded')){
//TODO: load here full list later to do search within groups
$('#q_filter').addClass('loaded');
}
});
$('#q_filter').keyup(function(){
clearTimeout(filterTimeout);
filterTimeout = setTimeout(updateFilter,600);
});
if($('#q_filter').val()) {
updateFilter();
}
</script>
|