Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files
COUCHDB-1473 & COUCHDB-1472 - Futon: disable buttons if user has insu…
…fficient rights

- Disabled the delete database button if it is not in adminparty,
 or if the current user is not admin.
- Security button is also disabled if user is not a database admin.
  • Loading branch information
asbaker authored and dch committed May 23, 2012
1 parent 1906fe8 commit 68c855d3d74ebae7e50c63d4d21bae4a0ee60438
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 2 deletions.
@@ -177,9 +177,9 @@ <h1>
</div>
<ul id="toolbar">
<li><button class="add">New Document</button></li>
<li><button class="security">Security…</button></li>
<li><button class="security userAdmin serverAdmin">Security…</button></li>
<li><button class="compact">Compact &amp; Cleanup…</button></li>
<li><button class="delete">Delete Database…</button></li>
<li><button class="delete serverAdmin">Delete Database…</button></li>
</ul>

<div id="viewcode" class="collapsed" style="display: none">
@@ -225,20 +225,50 @@ function $$(node) {
this.sidebar = function() {
// get users db info?
$("#userCtx span").hide();
$(".serverAdmin").attr('disabled', 'disabled');

$.couch.session({
success : function(r) {
var userCtx = r.userCtx;

var urlParts = location.search.substr(1).split("/");
var dbName = decodeURIComponent(urlParts.shift());
var dbNameRegExp = new RegExp("[^a-z0-9\_\$\(\)\+\/\-]", "g");
dbName = dbName.replace(dbNameRegExp, "");

$$("#userCtx").userCtx = userCtx;
if (userCtx.name) {
$("#userCtx .name").text(userCtx.name).attr({href : $.couch.urlPrefix + "/_utils/document.html?"+encodeURIComponent(r.info.authentication_db)+"/org.couchdb.user%3A"+encodeURIComponent(userCtx.name)});

if (userCtx.roles.indexOf("_admin") != -1) {
$("#userCtx .loggedin").show();
$("#userCtx .loggedinadmin").show();
$(".serverAdmin").removeAttr('disabled'); // user is a server admin
} else {
$("#userCtx .loggedin").show();

if (dbName != "") {
$.couch.db(dbName).getDbProperty("_security", { // check security roles for user admins
success: function(resp) {
var adminRoles = resp.admins.roles;

if ($.inArray(userCtx.name, resp.admins.names)>=0) { // user is admin
$(".userAdmin").removeAttr('disabled');
}
else {
for (var i=0; i<userCtx.roles.length; i++) {
if ($.inArray(userCtx.roles[i], resp.admins.roles)>=0) { // user has role that is an admin
$(".userAdmin").removeAttr('disabled');
}
}
}
}
});
}
}
} else if (userCtx.roles.indexOf("_admin") != -1) {
$("#userCtx .adminparty").show();
$(".serverAdmin").removeAttr('disabled');
} else {
$("#userCtx .loggedout").show();
};
@@ -234,6 +234,8 @@ body.fullwidth #wrap { margin-right: 0; }
color: #666; margin: 0; padding: 2px 1em 2px 22px; cursor: pointer;
font-size: 95%; line-height: 16px;
}
#toolbar button[disabled] { opacity: .50; }
#toolbar button[disabled]:hover { background-position: 2px 2px; cursor: default; color: #666 }
#toolbar button:hover { background-position: 2px -30px; color: #000; }
#toolbar button:active { background-position: 2px -62px; color: #000; }
#toolbar button.add { background-image: url(../image/add.png); }

0 comments on commit 68c855d

Please sign in to comment.