diff options
author | Anthony S Baker <anthony.s.baker@gmail.com> | 2012-05-09 13:56:25 -0400 |
---|---|---|
committer | Dave Cottlehuber <dch@apache.org> | 2012-05-24 00:24:46 +0200 |
commit | 49d8304faf4b97d19368d7dcba52739b6bb60e56 (patch) | |
tree | 3ad08d03cdefbb974c065804efd8ed6f182a7426 | |
parent | de328ed4ffebcd3888f25473d9203d49c78eb5f5 (diff) | |
download | couchdb-49d8304faf4b97d19368d7dcba52739b6bb60e56.tar.gz |
COUCHDB-1473 & COUCHDB-1472 - Futon: disable buttons if user has insufficient rights
- Disabled the delete database button if it is not in adminparty,
or if the current user is not admin.
- Security button is also disabled if user is not a database admin.
-rw-r--r-- | share/www/database.html | 4 | ||||
-rw-r--r-- | share/www/script/futon.js | 30 | ||||
-rw-r--r-- | share/www/style/layout.css | 2 |
3 files changed, 34 insertions, 2 deletions
diff --git a/share/www/database.html b/share/www/database.html index 213159be1..290b465b2 100644 --- a/share/www/database.html +++ b/share/www/database.html @@ -177,9 +177,9 @@ specific language governing permissions and limitations under the License. </div> <ul id="toolbar"> <li><button class="add">New Document</button></li> - <li><button class="security">Security…</button></li> + <li><button class="security userAdmin serverAdmin">Security…</button></li> <li><button class="compact">Compact & Cleanup…</button></li> - <li><button class="delete">Delete Database…</button></li> + <li><button class="delete serverAdmin">Delete Database…</button></li> </ul> <div id="viewcode" class="collapsed" style="display: none"> diff --git a/share/www/script/futon.js b/share/www/script/futon.js index 5e0fb78b2..e2e0aaf36 100644 --- a/share/www/script/futon.js +++ b/share/www/script/futon.js @@ -225,20 +225,50 @@ function $$(node) { this.sidebar = function() { // get users db info? $("#userCtx span").hide(); + $(".serverAdmin").attr('disabled', 'disabled'); + $.couch.session({ success : function(r) { var userCtx = r.userCtx; + + var urlParts = location.search.substr(1).split("/"); + var dbName = decodeURIComponent(urlParts.shift()); + var dbNameRegExp = new RegExp("[^a-z0-9\_\$\(\)\+\/\-]", "g"); + dbName = dbName.replace(dbNameRegExp, ""); + $$("#userCtx").userCtx = userCtx; if (userCtx.name) { $("#userCtx .name").text(userCtx.name).attr({href : $.couch.urlPrefix + "/_utils/document.html?"+encodeURIComponent(r.info.authentication_db)+"/org.couchdb.user%3A"+encodeURIComponent(userCtx.name)}); + if (userCtx.roles.indexOf("_admin") != -1) { $("#userCtx .loggedin").show(); $("#userCtx .loggedinadmin").show(); + $(".serverAdmin").removeAttr('disabled'); // user is a server admin } else { $("#userCtx .loggedin").show(); + + if (dbName != "") { + $.couch.db(dbName).getDbProperty("_security", { // check security roles for user admins + success: function(resp) { + var adminRoles = resp.admins.roles; + + if ($.inArray(userCtx.name, resp.admins.names)>=0) { // user is admin + $(".userAdmin").removeAttr('disabled'); + } + else { + for (var i=0; i<userCtx.roles.length; i++) { + if ($.inArray(userCtx.roles[i], resp.admins.roles)>=0) { // user has role that is an admin + $(".userAdmin").removeAttr('disabled'); + } + } + } + } + }); + } } } else if (userCtx.roles.indexOf("_admin") != -1) { $("#userCtx .adminparty").show(); + $(".serverAdmin").removeAttr('disabled'); } else { $("#userCtx .loggedout").show(); }; diff --git a/share/www/style/layout.css b/share/www/style/layout.css index ea8b11720..e8a2a5052 100644 --- a/share/www/style/layout.css +++ b/share/www/style/layout.css @@ -234,6 +234,8 @@ body.fullwidth #wrap { margin-right: 0; } color: #666; margin: 0; padding: 2px 1em 2px 22px; cursor: pointer; font-size: 95%; line-height: 16px; } +#toolbar button[disabled] { opacity: .50; } +#toolbar button[disabled]:hover { background-position: 2px 2px; cursor: default; color: #666 } #toolbar button:hover { background-position: 2px -30px; color: #000; } #toolbar button:active { background-position: 2px -62px; color: #000; } #toolbar button.add { background-image: url(../image/add.png); } |