[3/3] git commit: COUCHDB-1473 & COUCHDB-1472 - Futon: disable buttons if user has insufficient rights

Thu, 24 May 2012 01:05:14 -0700 

COUCHDB-1473 & COUCHDB-1472 - Futon: disable buttons if user has insufficient 
rights

- Disabled the delete database button if it is not in adminparty,
 or if the current user is not admin.
- Security button is also disabled if user is not a database admin.


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/49d8304f
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/49d8304f
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/49d8304f

Branch: refs/heads/1.2.x
Commit: 49d8304faf4b97d19368d7dcba52739b6bb60e56
Parents: de328ed
Author: Anthony S Baker <[email protected]>
Authored: Wed May 9 13:56:25 2012 -0400
Committer: Dave Cottlehuber <[email protected]>
Committed: Thu May 24 00:24:46 2012 +0200

----------------------------------------------------------------------
 share/www/database.html    |    4 ++--
 share/www/script/futon.js  |   30 ++++++++++++++++++++++++++++++
 share/www/style/layout.css |    2 ++
 3 files changed, 34 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/49d8304f/share/www/database.html
----------------------------------------------------------------------
diff --git a/share/www/database.html b/share/www/database.html
index 213159b..290b465 100644
--- a/share/www/database.html
+++ b/share/www/database.html
@@ -177,9 +177,9 @@ specific language governing permissions and limitations 
under the License.
       </div>
       <ul id="toolbar">
         <li><button class="add">New Document</button></li>
-        <li><button class="security">Security…</button></li>
+        <li><button class="security userAdmin 
serverAdmin">Security…</button></li>
         <li><button class="compact">Compact &amp; Cleanup…</button></li>
-        <li><button class="delete">Delete Database…</button></li>
+        <li><button class="delete serverAdmin">Delete Database…</button></li>
       </ul>
 
       <div id="viewcode" class="collapsed" style="display: none">

http://git-wip-us.apache.org/repos/asf/couchdb/blob/49d8304f/share/www/script/futon.js
----------------------------------------------------------------------
diff --git a/share/www/script/futon.js b/share/www/script/futon.js
index 5e0fb78..e2e0aaf 100644
--- a/share/www/script/futon.js
+++ b/share/www/script/futon.js
@@ -225,20 +225,50 @@ function $$(node) {
     this.sidebar = function() {
       // get users db info?
       $("#userCtx span").hide();
+      $(".serverAdmin").attr('disabled', 'disabled');
+
       $.couch.session({
         success : function(r) {
           var userCtx = r.userCtx;
+
+          var urlParts = location.search.substr(1).split("/");
+          var dbName = decodeURIComponent(urlParts.shift());
+          var dbNameRegExp = new RegExp("[^a-z0-9\_\$\(\)\+\/\-]", "g");
+          dbName = dbName.replace(dbNameRegExp, "");
+
           $$("#userCtx").userCtx = userCtx;
           if (userCtx.name) {
             $("#userCtx .name").text(userCtx.name).attr({href : 
$.couch.urlPrefix + 
"/_utils/document.html?"+encodeURIComponent(r.info.authentication_db)+"/org.couchdb.user%3A"+encodeURIComponent(userCtx.name)});
+
             if (userCtx.roles.indexOf("_admin") != -1) {
               $("#userCtx .loggedin").show();
               $("#userCtx .loggedinadmin").show();
+              $(".serverAdmin").removeAttr('disabled'); // user is a server 
admin
             } else {
               $("#userCtx .loggedin").show();
+
+              if (dbName != "") {
+                $.couch.db(dbName).getDbProperty("_security", { // check 
security roles for user admins
+                  success: function(resp) {
+                    var adminRoles = resp.admins.roles;
+
+                    if ($.inArray(userCtx.name, resp.admins.names)>=0) { // 
user is admin
+                      $(".userAdmin").removeAttr('disabled');
+                    }
+                    else {
+                      for (var i=0; i<userCtx.roles.length; i++) { 
+                        if ($.inArray(userCtx.roles[i], resp.admins.roles)>=0) 
{ // user has role that is an admin
+                          $(".userAdmin").removeAttr('disabled');
+                        }
+                      }
+                    }
+                  } 
+                }); 
+              }
             }
           } else if (userCtx.roles.indexOf("_admin") != -1) {
             $("#userCtx .adminparty").show();
+            $(".serverAdmin").removeAttr('disabled');
           } else {
             $("#userCtx .loggedout").show();
           };

http://git-wip-us.apache.org/repos/asf/couchdb/blob/49d8304f/share/www/style/layout.css
----------------------------------------------------------------------
diff --git a/share/www/style/layout.css b/share/www/style/layout.css
index ea8b117..e8a2a50 100644
--- a/share/www/style/layout.css
+++ b/share/www/style/layout.css
@@ -234,6 +234,8 @@ body.fullwidth #wrap { margin-right: 0; }
   color: #666; margin: 0; padding: 2px 1em 2px 22px; cursor: pointer;
   font-size: 95%; line-height: 16px;
 }
+#toolbar button[disabled] { opacity: .50; }
+#toolbar button[disabled]:hover { background-position: 2px 2px; cursor: 
default; color: #666 }
 #toolbar button:hover { background-position: 2px -30px; color: #000; }
 #toolbar button:active { background-position: 2px -62px; color: #000; }
 #toolbar button.add { background-image: url(../image/add.png); }

Reply via email to