roundabout,
created on Sunday, 10 December 2023, 17:59:00 (1702231140),
received on Wednesday, 31 July 2024, 06:54:39 (1722408879)
Author identity: vlad <vlad.muntoiu@gmail.com>
316048a876d117871b8ad40381ef7a8534acb3f9
app.py
@@ -585,7 +585,7 @@ def repositoryForum(username, repository):
return flask.render_template("repo-forum.html", username=username, repository=repository)
@app.route("/<username>/<repository>/users/")
@app.route("/<username>/<repository>/users/", methods=["GET", "POST"])
def repositoryUsers(username, repository):
if not (getVisibility(username, repository) or getPermissionLevel(flask.session.get("username"), username,
repository) is not None):
@@ -601,9 +601,33 @@ def repositoryUsers(username, repository):
repo = git.Repo(serverRepoLocation)
repoData = Repo.query.filter_by(route=f"/{username}/{repository}").first()
user = User.query.filter_by(username=username).first()
relationships = RepoAccess.query.filter_by(repo=repoData)
userRelationship = RepoAccess.query.filter_by(repo=repoData, user=user).first()
return flask.render_template("repo-users.html", username=username, repository=repository, repoData=repoData, relationships=relationships, repo=repo)
if flask.request.method == "GET":
return flask.render_template("repo-users.html", username=username, repository=repository, repoData=repoData, relationships=relationships, repo=repo, userRelationship=userRelationship)
else:
if getPermissionLevel(flask.session.get("username"), username, repository) != 2:
flask.abort(401)
if flask.request.form.get("new-username"):
# Create new relationship
newUser = User.query.filter_by(username=flask.request.form.get("new-username")).first()
relationship = RepoAccess(newUser, repoData, flask.request.form.get("new-level"))
db.session.add(relationship)
db.session.commit()
if flask.request.form.get("update-username"):
# Create new relationship
updatedUser = User.query.filter_by(username=flask.request.form.get("update-username")).first()
relationship = RepoAccess.query.filter_by(repo=repoData, user=updatedUser).first()
if flask.request.form.get("update-level") == -1:
relationship.delete()
else:
relationship.accessLevel = flask.request.form.get("update-level")
db.session.commit()
return flask.redirect(app.url_for("repositoryUsers", username=username, repository=repository))
@app.route("/<username>/<repository>/branches/")
@@ -675,5 +699,10 @@ def e418(error):
return flask.render_template("teapot.html"), 418
if __name__ == "__main__":
app.run(debug=True, port=8080, host="0.0.0.0")
config.py
@@ -2,26 +2,24 @@ import os
from dotenv import load_dotenv
load_dotenv("secrets.env")
DB_PASSWORD = os.environ.get("DB_PASSWORD")
DB_URI = f"postgresql://root:{DB_PASSWORD}@localhost/roundabout"
DB_PASSWORD: str = os.environ.get("DB_PASSWORD")
DB_URI: str = f"postgresql://root:{DB_PASSWORD}@localhost/roundabout"
REPOS_PATH = "./repos"
USERDATA_PATH = "./userdata"
DEFAULT_AVATARS_PATH = "./defaultAvatars"
BASE_DOMAIN = "localhost"
SERVER_IPS = {"127.0.0.1", "localhost", "0.0.0.0"}
AUTH_REALM = "roundabout"
REPOS_PATH: str = "./repos"
USERDATA_PATH: str = "./userdata"
DEFAULT_AVATARS_PATH: str = "./defaultAvatars"
BASE_DOMAIN: str = "localhost"
SERVER_IPS: set = {"127.0.0.1", "localhost", "0.0.0.0"}
AUTH_REALM: str = "roundabout"
AVATAR_SIZE = (192, 192)
AVATAR_SIZE: tuple = (192, 192)
HASHING_ROUNDS = 11
RESERVED_NAMES = ("git", "settings", "logout", "accounts", "info", "alerts", "notifications", "about", "newrepo")
HASHING_ROUNDS: int = 11
RESERVED_NAMES: tuple = ("git", "settings", "logout", "accounts", "info", "alerts", "notifications", "about", "newrepo")
locking = False
folderIcon = "mdi:folder"
unknownIcon = "mdi:file"
fileIcons = {
folderIcon: str = "mdi:folder"
unknownIcon: str = "mdi:file"
fileIcons: dict = {
"text/plain": "ic:baseline-text-snippet",
"text/css": "simple-icons:css3",
"text/csv": "mdi:table",
templates/method-not-allowed.html
@@ -0,0 +1,11 @@
{% extends "error.html" %}
{% block error %}
405
{% endblock %}
{% block heading %}
405 method not allowed
{% endblock %}
{% block text %}
This resource is not intended to be accessed with the current method.
{% endblock %}
{% block icon %}mdi:swap-horizontal-bold{% endblock %}
templates/repo-users.html
@@ -13,23 +13,73 @@
<img src="/info/{{ relationship.user.username }}/avatar" style="width: 48px; height: 48px;">
</a>
</figure>
<section class="card-main flexible-space">
<h3>{{ relationship.user.username }}</h3>
{% if relationship.user.username == username %}
Owner
{% elif relationship.accessLevel == 0 %}
{% if repo.visibility %}
Contributor
{% if userRelationship.accessLevel == 2 %}
<section class="card-main flexible-space">
<h3>{{ relationship.user.username }}</h3>
{% if relationship.user.username == username %}
Administrator / Owner
{% else %}
Read-only
<form method="post">
<input type="hidden" name="update-username" value="{{ relationship.user.username }}">
<x-hbox>
<select id="update-level" name="update-level">
<option value="-1">Remove</option>
<option value="0" {% if relationship.accessLevel == 0 %}selected{% endif %}>
{% if repoData.visibility %}
Contributor
{% else %}
Read-only
{% endif %}
</option>
<option value="1" {% if relationship.accessLevel == 1 %}selected{% endif %}>Read-write</option>
<option value="2" {% if relationship.accessLevel == 2 %}selected{% endif %}>Administrator</option>
</select>
<button type="submit">Update</button>
</x-hbox>
</form>
{% endif %}
{% elif relationship.accessLevel == 1 %}
Read-write
{% elif relationship.accessLevel == 2 %}
Administrator
{% endif %}
</section>
</section>
{% else %}
<section class="card-main flexible-space">
<h3>{{ relationship.user.username }}</h3>
{% if relationship.user.username == username %}
Administrator / Owner
{% elif relationship.accessLevel == 0 %}
{% if repo.visibility %}
Contributor
{% else %}
Read-only
{% endif %}
{% elif relationship.accessLevel == 1 %}
Read-write
{% elif relationship.accessLevel == 2 %}
Administrator
{% endif %}
</section>
{% endif %}
</article>
{% endfor %}
{% if userRelationship.accessLevel == 2 %}
<form method="POST">
<x-hbox style="align-items: flex-end;">
<x-vbox class="nopad flexible-space">
<label for="new-username">Username</label>
<input id="new-username" name="new-username" required>
</x-vbox>
<x-vbox class="nopad">
<label for="new-level">Level</label>
<select id="new-level" name="new-level" required>
{% if repo.visibility == 0 %}
<option value="0">Read-only</option>
{% endif %}
<option value="1">Read-write</option>
<option value="2">Administrator</option>
</select>
</x-vbox>
<button type="submit">Add</button>
</x-hbox>
</form>
{% endif %}
</x-vbox>
</x-frame>
</x-vbox>