M gitsrht/access.py => gitsrht/access.py +11 -0
@@ 37,3 37,14 @@ def get_access(repo):
def has_access(repo, access):
return access in get_access(repo)
+
+def check_access(owner_name, repo_name, access):
+ owner, repo = get_repo(owner_name, repo_name)
+ if not owner or not repo:
+ abort(404)
+ a = get_access(repo)
+ if not UserAccess.write in a:
+ abort(404)
+ if not access in a:
+ abort(403)
+ return owner, repo
M gitsrht/app.py => gitsrht/app.py +6 -2
@@ 1,4 1,4 @@
-from flask import render_template, request
+from flask import render_template, request, session
from flask_login import LoginManager, current_user
import urllib.parse
import locale
@@ 43,8 43,12 @@ app.register_blueprint(manage)
@app.context_processor
def inject():
+ notice = session.get("notice")
+ if notice:
+ del session["notice"]
return {
"oauth_url": oauth_url(request.full_path),
"current_user": User.query.filter(User.id == current_user.id).first() \
- if current_user else None
+ if current_user else None,
+ "notice": notice
}
M gitsrht/blueprints/manage.py => gitsrht/blueprints/manage.py +29 -12
@@ 1,11 1,11 @@
-from flask import Blueprint, request, render_template, redirect
+from flask import Blueprint, request, render_template, redirect, session
from flask_login import current_user
from srht.config import cfg
from srht.database import db
from srht.validation import Validation
from gitsrht.types import Repository, RepoVisibility
from gitsrht.decorators import loginrequired
-from gitsrht.access import get_repo, has_access, UserAccess
+from gitsrht.access import check_access, UserAccess
import shutil
import subprocess
import os
@@ 68,23 68,40 @@ def create():
return redirect("/~{}/{}".format(current_user.username, repo_name))
@manage.route("/<owner_name>/<repo_name>/settings/info")
+@loginrequired
def settings_info(owner_name, repo_name):
- owner, repo = get_repo(owner_name, repo_name)
- if not has_access(repo, UserAccess.read):
- abort(404)
- if not has_access(repo, UserAccess.manage):
- abort(403)
+ owner, repo = check_access(owner_name, repo_name, UserAccess.manage)
return render_template("settings_info.html", owner=owner, repo=repo)
@manage.route("/<owner_name>/<repo_name>/settings/info", methods=["POST"])
+@loginrequired
def settings_info_POST(owner_name, repo_name):
- owner, repo = get_repo(owner_name, repo_name)
- if not has_access(repo, UserAccess.read):
- abort(404)
- if not has_access(repo, UserAccess.manage):
- abort(403)
+ owner, repo = check_access(owner_name, repo_name, UserAccess.manage)
valid = Validation(request)
desc = valid.optional("description", default=repo.description)
repo.description = desc
db.session.commit()
return redirect("/{}/{}/settings/info".format(owner_name, repo_name))
+
+@manage.route("/<owner_name>/<repo_name>/settings/access")
+@loginrequired
+def settings_access(owner_name, repo_name):
+ owner, repo = check_access(owner_name, repo_name, UserAccess.manage)
+ return render_template("settings_access.html", owner=owner, repo=repo)
+
+@manage.route("/<owner_name>/<repo_name>/settings/delete")
+@loginrequired
+def settings_delete(owner_name, repo_name):
+ owner, repo = check_access(owner_name, repo_name, UserAccess.manage)
+ return render_template("settings_delete.html", owner=owner, repo=repo)
+
+@manage.route("/<owner_name>/<repo_name>/settings/delete", methods=["POST"])
+@loginrequired
+def settings_delete_POST(owner_name, repo_name):
+ owner, repo = check_access(owner_name, repo_name, UserAccess.manage)
+ shutil.rmtree(repo.path)
+ db.session.delete(repo)
+ db.session.commit()
+ session["notice"] = "{}/{} was deleted.".format(
+ owner.canonical_name, repo.name)
+ return redirect("/" + owner.canonical_name)
A gitsrht/templates/settings_access.html => gitsrht/templates/settings_access.html +8 -0
@@ 0,0 1,8 @@
+{% extends "settings.html" %}
+{% block content %}
+<div class="row">
+ <div class="col-md-6">
+ TODO
+ </div>
+</div>
+{% endblock %}
A gitsrht/templates/settings_delete.html => gitsrht/templates/settings_delete.html +21 -0
@@ 0,0 1,21 @@
+{% extends "settings.html" %}
+{% block content %}
+<div class="row">
+ <div class="col-md-12">
+ <p>
+ This will permanently delete your repository,
+ <strong>{{ owner.canonical_name }}/{{ repo.name }}</strong>.
+ This cannot be undone.
+ </p>
+ <form method="POST">
+ <button type="submit" class="btn btn-danger">
+ Proceed and delete
+ </button>
+ <a
+ href="/{{ owner.canonical_name }}/{{ repo.name }}"
+ class="btn btn-default"
+ >Nevermind</a>
+ </form>
+ </div>
+</div>
+{% endblock %}
M gitsrht/templates/tabs.html => gitsrht/templates/tabs.html +1 -1
@@ 1,7 1,7 @@
{% macro link(path, title) %}
<a
class="nav-link {% if request.path.endswith(path) %}active{% endif %}"
- href="/{{ owner.canonical_name }}/{{ repo.name }}/{{ path }}"
+ href="/{{ owner.canonical_name }}/{{ repo.name }}/settings{{ path }}"
>{{ title }}</a>
{% endmacro %}
M gitsrht/templates/user.html => gitsrht/templates/user.html +5 -0
@@ 21,6 21,11 @@
<p>{{profile["bio"]}}</p>
{% endif %}
{% endif %}
+ {% if notice %}
+ <div class="alert alert-success">
+ {{ notice }}
+ </div>
+ {% endif %}
{% if current_user and current_user.id == user.id %}
<a href="{{cfg("network", "meta")}}/profile">Edit your profile »</a>
{% endif %}