Use permissions in the UI

2025-12-25 01:03:20 -05:00 · 2014-03-12 12:59:05 +02:00
parent 52d7650d61
commit 3066327b0e
6 changed files with 27 additions and 8 deletions
--- a/rd_ui/app/index.html
+++ b/rd_ui/app/index.html
@@ -51,14 +51,14 @@
                    <li ng-repeat="dashboard in otherDashboards">
                        <a role="menu-item" ng-href="/dashboard/{{dashboard.slug}}" ng-bind="dashboard.name"></a>
                    </li>
-                    <li class="divider"></li>
-                    <li><a data-toggle="modal" href="#new_dashboard_dialog">New Dashboard</a></li>
+                    <li class="divider" ng-show="currentUser.hasPermission('create_dashboard')"></li>
+                    <li><a data-toggle="modal" href="#new_dashboard_dialog" ng-show="currentUser.hasPermission('create_dashboard')">New Dashboard</a></li>
                </ul>
            </li>
            <li class="dropdown">
                <a href="#" class="dropdown-toggle" data-toggle="dropdown">Queries <b class="caret"></b></a>
                <ul class="dropdown-menu">
-                    <li><a href="/queries/new">New Query</a></li>
+                    <li ng-show="currentUser.hasPermission('create_query')"><a href="/queries/new">New Query</a></li>
                    <li><a href="/queries">Queries</a></li>
                </ul>
            </li>
@@ -135,6 +135,10 @@
        return user_id && (user_id == currentUser.id);
    };

+    currentUser.hasPermission = function(permission) {
+        return this.permissions.indexOf(permission) != -1;
+    }
+
    {{ analytics|safe }}
 </script>

--- a/rd_ui/app/scripts/services/dashboards.js
+++ b/rd_ui/app/scripts/services/dashboards.js
@@ -2,7 +2,7 @@
    var Dashboard = function($resource) {
        var resource = $resource('/api/dashboards/:slug', {slug: '@slug'});
        resource.prototype.canEdit = function() {
-            return currentUser.is_admin || currentUser.canEdit(this);
+            return currentUser.hasPermission('admin') || currentUser.canEdit(this);
        }
        return resource;
    }
--- a/rd_ui/app/views/index.html
+++ b/rd_ui/app/views/index.html
@@ -3,7 +3,7 @@
    <div class="list-group" ng-repeat="(name, dashboards) in allDashboards">
        <div class="list-group-item active">
            {{name}}
-            <button type="button" class="btn btn-sm btn-link" data-toggle="modal" href="#new_dashboard_dialog" tooltip="New Dashboard"><span class="glyphicon glyphicon-plus-sign"></span></button>
+            <button ng-show="currentUser.hasPermission('create_dashboard')" type="button" class="btn btn-sm btn-link" data-toggle="modal" href="#new_dashboard_dialog" tooltip="New Dashboard"><span class="glyphicon glyphicon-plus-sign"></span></button>
        </div>
        <div class="list-group-item" ng-repeat="dashboard in dashboards" >
            <button type="button" class="close delete-button" aria-hidden="true" ng-show="dashboard.canEdit()" ng-click="archiveDashboard(dashboard)" tooltip="Delete Dashboard">&times;</button>
@@ -11,7 +11,7 @@
        </div>
    </div>

-    <div ng-show="currentUser.is_admin">
+    <div ng-show="currentUser.hasPermission('admin')">
        <div class="list-group">
            <div class="list-group-item active">Admin</div>
            <a href="/admin/status" class="list-group-item">Status</a>
--- a/rd_ui/app/views/queryview.html
+++ b/rd_ui/app/views/queryview.html
@@ -13,7 +13,7 @@
                        </em>
                    </p>
                </div>
-                <div class="col-lg-2" ng-hide="isNewQuery">
+                <div class="col-lg-2" ng-hide="isNewQuery || !currentUser.hasPermission('view_source')">
                    <a ng-href="{{sourceHref}}" ng-click="toggleSource()" class="hidden-xs pull-right">
                        <span ng-show="isSourceVisible">Hide Source</span>
                        <span ng-show="!isSourceVisible">View Source</span>
--- a/rd_ui/app/views/visualizations/cohort_editor.html
+++ b/rd_ui/app/views/visualizations/cohort_editor.html
@@ -0,0 +1,15 @@
+<div class="form-group">
+    <label class="control-label">Time Label</label>
+    <input type="text" class="form-control" ng-model="cohortOptions.timeLabel">
+    <label class="control-label">People Label</label>
+    <input type="text" class="form-control" ng-model="cohortOptions.peopleLabel">
+
+    <label class="control-label">Bucket Column</label>
+    <select ng-model="bucket_column" ng-options="value as key for (key, value) in columns" class="form-control"></select>
+    <label class="control-label">Bucket Total Value Column</label>
+    <select ng-model="total_column" ng-options="value as key for (key, value) in columns" class="form-control"></select>
+    <label class="control-label">Day Number Column</label>
+    <select ng-model="value_column" ng-options="value as key for (key, value) in columns" class="form-control"></select>
+    <label class="control-label">Day Value Column</label>
+    <select ng-model="day_column" ng-options="value as key for (key, value) in columns" class="form-control"></select>
+</div>
--- a/redash/models.py
+++ b/redash/models.py
@@ -24,7 +24,7 @@ class AnonymousUser(AnonymousUserMixin):

 class User(BaseModel, UserMixin):
    DEFAULT_PERMISSIONS = ['create_dashboard', 'create_query', 'edit_dashboard', 'edit_query',
-                           'execute_query']
+                           'view_source', 'execute_query']

    id = peewee.PrimaryKeyField()
    name = peewee.CharField(max_length=320)