Permalink
Browse files

- Changed config for dashboard authorisation to more understandable m…

…odel

- Changed case of Log In/Log Out From dashboard menu items
  • Loading branch information...
1 parent 7b0cc2d commit b06051111f31b4f1a15b162467fbf9a3d404a697 @captsens captsens committed Mar 21, 2013
@@ -231,28 +231,33 @@ LOGIN_URL
Dashboard Authorization Configuration
-------------------------------------
These settings control who is allowed to save and delete dashboards. By default anyone
-can perform these actions, but by choosing *just one* of these three settings you can restrict those
-actions further. Users who are not suitably authorized will still be able to use and change
-dashboards, but will not be able to save changes or delete dashboards.
+can perform these actions, but by setting DASHBOARD_REQUIRE_AUTHENTICATION, users must at
+least be logged in to do so. The other two settings allow further restriction of who is
+able to perform these actions. Users who are not suitably authorized will still be able to
+use and change dashboards, but will not be able to save changes or delete dashboards.
DASHBOARD_REQUIRE_AUTHENTICATION
`Default: False`
If set to True, dashboards can only be saved and deleted by logged in users.
-DASHBOARD_EDIT_GROUP
+DASHBOARD_REQUIRE_EDIT_GROUP
`Default: None`
If set to the name of a user group, dashboards can only be saved and deleted by logged-in users
who are members of this group. Groups can be set in the Django Admin app, or in LDAP.
+ Note that DASHBOARD_REQUIRE_AUTHENTICATION must be set to true - if not, this setting is ignored.
+
DASHBOARD_REQUIRE_PERMISSIONS
`Default: False`
If set to True, dashboards can only be saved or deleted by users having the appropriate
(change or delete) permission (as set in the Django Admin app). These permissions can be set at
the user or group level. Note that Django's 'add' permission is not used.
+ Note that DASHBOARD_REQUIRE_AUTHENTICATION must be set to true - if not, this setting is ignored.
+
Database Configuration
----------------------
The following configures the Django database settings. Graphite uses the database for storing user
@@ -2891,9 +2891,9 @@ function map(myArray, myFunc) {
function getLoginMenuItemText() {
if (isLoggedIn()) {
- return 'Log out from "' + userName + '"';
+ return 'Log Out From "' + userName + '"';
} else {
- return 'Log in';
+ return 'Log In';
}
}
@@ -155,23 +155,18 @@ def getPermissions(user):
"""Return [change, delete] based on authorisation model and user privileges/groups"""
if user and not user.is_authenticated():
user = None
+ if not settings.DASHBOARD_REQUIRE_AUTHENTICATION:
+ return ALL_PERMISSIONS # don't require login
if not user:
- if not settings.DASHBOARD_REQUIRE_AUTHENTICATION and not settings.DASHBOARD_REQUIRE_PERMISSIONS \
- and not settings.DASHBOARD_EDIT_GROUP:
- return ALL_PERMISSIONS # don't require login
- else:
return []
# from here on, we have a user
+ permissions = ALL_PERMISSIONS
if settings.DASHBOARD_REQUIRE_PERMISSIONS:
- return [permission for permission in ALL_PERMISSIONS \
- if user.has_perm('dashboard.%s_dashboard' % permission)]
- editGroup = settings.DASHBOARD_EDIT_GROUP
- if editGroup:
- if len(user.groups.filter(name = editGroup)) > 0:
- return ALL_PERMISSIONS
- else:
- return []
- return ALL_PERMISSIONS
+ permissions = [permission for permission in ALL_PERMISSIONS if user.has_perm('dashboard.%s_dashboard' % permission)]
+ editGroup = settings.DASHBOARD_REQUIRE_EDIT_GROUP
+ if editGroup and len(user.groups.filter(name = editGroup)) == 0:
+ permissions = []
+ return permissions
def save(request, name):
@@ -124,19 +124,19 @@
# Authorization for Dashboard #
###############################
# By default, there is no security on dashboards - any user can add, change or delete them.
-#
-# This section provides 3 different authorization models, of increasing strictness. If you
-# want security on your dashboards, you should choose JUST ONE of these settings.
+# This section provides 3 different authorization models, of varying strictness.
-# If set to True, dashboards can be saved and deleted by any logged-in user. Defaults to False
+# If set to True, users must be logged in to save or delete dashboards. Defaults to False
#DASHBOARD_REQUIRE_AUTHENTICATION = True
# If set to the name of a user group, dashboards can be saved and deleted by any user in this
-# group. Groups can be set in the Django Admin app, or in LDAP. Defaults to None
-#DASHBOARD_EDIT_GROUP = 'dashboard-editors-group'
+# group. Groups can be set in the Django Admin app, or in LDAP. Defaults to None.
+# NOTE: Ignored if DASHBOARD_REQUIRE_AUTHENTICATION is not set
+#DASHBOARD_REQUIRE_EDIT_GROUP = 'dashboard-editors-group'
# If set to True, dashboards can be saved or deleted by any user having the appropriate
# (change or delete) permission (as set in the Django Admin app). Defaults to False
+# NOTE: Ignored if DASHBOARD_REQUIRE_AUTHENTICATION is not set
#DASHBOARD_REQUIRE_PERMISSIONS = True
@@ -95,11 +95,13 @@
# Set to True to require authentication to save or delete dashboards
DASHBOARD_REQUIRE_AUTHENTICATION = False
-# Require Django change/delete permissions to save or delete dashboards
+# Require Django change/delete permissions to save or delete dashboards.
+# NOTE: Requires DASHBOARD_REQUIRE_AUTHENTICATION to be set
DASHBOARD_REQUIRE_PERMISSIONS = False
# Name of a group to which the user must belong to save or delete dashboards. Alternative to
# DASHBOARD_REQUIRE_PERMISSIONS, particularly useful when using only LDAP (without Admin app)
-DASHBOARD_EDIT_GROUP = None
+# NOTE: Requires DASHBOARD_REQUIRE_AUTHENTICATION to be set
+DASHBOARD_REQUIRE_EDIT_GROUP = None
#Initialize database settings - Old style (pre 1.2)
DATABASE_ENGINE = 'django.db.backends.sqlite3' # 'postgresql', 'mysql', 'sqlite3' or 'ado_mssql'.

0 comments on commit b060511

Please sign in to comment.