1 new changeset in galaxy-central: http://bitbucket.org/galaxy/galaxy-central/changeset/e23f05a3fb41/ changeset: e23f05a3fb41 user: greg date: 2011-06-21 16:14:24 summary: Add security checks for enabling the ability to delete files in a tool shed repository. affected #: 6 files (1.2 KB) --- a/templates/webapps/community/repository/browse_repository.mako Tue Jun 21 09:38:06 2011 -0400 +++ b/templates/webapps/community/repository/browse_repository.mako Tue Jun 21 10:14:24 2011 -0400 @@ -93,38 +93,52 @@ %if can_browse_contents: <div class="toolForm"><div class="toolFormTitle">Browse ${repository.name}</div> - <form name="select_files_to_delete" id="select_files_to_delete" action="${h.url_for( controller='repository', action='select_files_to_delete', id=trans.security.encode_id( repository.id ))}" method="post" > - <div class="form-row" > - <label>Contents:</label> - <div id="tree" > - Loading... + %if can_push: + <form name="select_files_to_delete" id="select_files_to_delete" action="${h.url_for( controller='repository', action='select_files_to_delete', id=trans.security.encode_id( repository.id ))}" method="post" > + <div class="form-row" > + <label>Contents:</label> + <div id="tree" > + Loading... + </div> + <div class="toolParamHelp" style="clear: both;"> + Click on a file to display it's contents below. You may delete files from the repository by clicking the check box next to each file and clicking the <b>Delete selected files</b> button. + </div> + <input id="selected_files_to_delete" name="selected_files_to_delete" type="hidden" value=""/></div> - <div class="toolParamHelp" style="clear: both;"> - Click on a file to display it's contents below. You may delete files from the repository by clicking the check box next to each file and clicking the <b>Delete selected files</b> button. + <div class="form-row"> + <label>Message:</label> + <div class="form-row-input"> + %if commit_message: + <textarea name="commit_message" rows="3" cols="35">${commit_message}</textarea> + %else: + <textarea name="commit_message" rows="3" cols="35"></textarea> + %endif + </div> + <div class="toolParamHelp" style="clear: both;"> + This is the commit message for the mercurial change set that will be created if you delete selected files. + </div> + <div style="clear: both"></div></div> - <input id="selected_files_to_delete" name="selected_files_to_delete" type="hidden" value=""/> + <div class="form-row"> + <input type="submit" name="select_files_to_delete_button" value="Delete selected files"/> + </div> + <div class="form-row"> + <div id="file_contents" class="toolParamHelp" style="clear: both;background-color:#FAFAFA;"></div> + </div> + </form> + %else: + <div class="toolFormBody"> + <div class="form-row" > + <label>Contents:</label> + <div id="tree" > + Loading... + </div> + </div> + <div class="form-row"> + <div id="file_contents" class="toolParamHelp" style="clear: both;background-color:#FAFAFA;"></div> + </div></div> - <div class="form-row"> - <label>Message:</label> - <div class="form-row-input"> - %if commit_message: - <textarea name="commit_message" rows="3" cols="35">${commit_message}</textarea> - %else: - <textarea name="commit_message" rows="3" cols="35"></textarea> - %endif - </div> - <div class="toolParamHelp" style="clear: both;"> - This is the commit message for the mercurial change set that will be created if you delete selected files. - </div> - <div style="clear: both"></div> - </div> - <div class="form-row"> - <input type="submit" name="select_files_to_delete_button" value="Delete selected files"/> - </div> - <div class="form-row"> - <div id="file_contents" class="toolParamHelp" style="clear: both;background-color:#FAFAFA;"></div> - </div> - </form> + %endif </div><p/> %endif --- a/templates/webapps/community/repository/manage_repository.mako Tue Jun 21 09:38:06 2011 -0400 +++ b/templates/webapps/community/repository/manage_repository.mako Tue Jun 21 10:14:24 2011 -0400 @@ -11,6 +11,10 @@ can_browse_contents = not is_new can_rate = not is_new and repository.user != trans.user can_view_change_log = not is_new + if can_push: + browse_label = 'Browse or delete repository files' + else: + browse_label = 'Browse repository files' %><%! @@ -74,7 +78,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='rate_repository', id=trans.app.security.encode_id( repository.id ) )}">Rate repository</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">Browse or delete repository files</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> %endif <a class="action-button" href="${h.url_for( controller='repository', action='download', repository_id=trans.app.security.encode_id( repository.id ), file_type='gz' )}">Download as a .tar.gz file</a><a class="action-button" href="${h.url_for( controller='repository', action='download', repository_id=trans.app.security.encode_id( repository.id ), file_type='bz2' )}">Download as a .tar.bz2 file</a> --- a/templates/webapps/community/repository/rate_repository.mako Tue Jun 21 09:38:06 2011 -0400 +++ b/templates/webapps/community/repository/rate_repository.mako Tue Jun 21 10:14:24 2011 -0400 @@ -11,6 +11,10 @@ can_rate = repository.user != trans.user can_manage = repository.user == trans.user can_view_change_log = not is_new + if can_push: + browse_label = 'Browse or delete repository files' + else: + browse_label = 'Browse repository files' %><%! @@ -79,7 +83,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">View change log</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">Browse or delete repository files</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> %endif <a class="action-button" href="${h.url_for( controller='repository', action='download', repository_id=trans.app.security.encode_id( repository.id ), file_type='gz' )}">Download as a .tar.gz file</a><a class="action-button" href="${h.url_for( controller='repository', action='download', repository_id=trans.app.security.encode_id( repository.id ), file_type='bz2' )}">Download as a .tar.bz2 file</a> --- a/templates/webapps/community/repository/view_changelog.mako Tue Jun 21 09:38:06 2011 -0400 +++ b/templates/webapps/community/repository/view_changelog.mako Tue Jun 21 10:14:24 2011 -0400 @@ -11,6 +11,10 @@ can_push = trans.app.security_agent.can_push( trans.user, repository ) can_rate = repository.user != trans.user can_upload = can_push + if can_push: + browse_label = 'Browse or delete repository files' + else: + browse_label = 'Browse repository files' %><%! @@ -48,7 +52,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='rate_repository', id=trans.app.security.encode_id( repository.id ) )}">Rate repository</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">Browse or delete repository files</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> %endif <a class="action-button" href="${h.url_for( controller='repository', action='download', repository_id=trans.app.security.encode_id( repository.id ), file_type='gz' )}">Download as a .tar.gz file</a><a class="action-button" href="${h.url_for( controller='repository', action='download', repository_id=trans.app.security.encode_id( repository.id ), file_type='bz2' )}">Download as a .tar.bz2 file</a> --- a/templates/webapps/community/repository/view_changeset.mako Tue Jun 21 09:38:06 2011 -0400 +++ b/templates/webapps/community/repository/view_changeset.mako Tue Jun 21 10:14:24 2011 -0400 @@ -12,6 +12,10 @@ can_push = trans.app.security_agent.can_push( trans.user, repository ) can_view_change_log = not is_new can_upload = can_push + if can_push: + browse_label = 'Browse or delete repository files' + else: + browse_label = 'Browse repository files' %><%! @@ -52,7 +56,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='rate_repository', id=trans.app.security.encode_id( repository.id ) )}">Rate repository</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">Browse or delete repository files</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> %endif <a class="action-button" href="${h.url_for( controller='repository', action='download', repository_id=trans.app.security.encode_id( repository.id ), file_type='gz' )}">Download as a .tar.gz file</a><a class="action-button" href="${h.url_for( controller='repository', action='download', repository_id=trans.app.security.encode_id( repository.id ), file_type='bz2' )}">Download as a .tar.bz2 file</a> --- a/templates/webapps/community/repository/view_repository.mako Tue Jun 21 09:38:06 2011 -0400 +++ b/templates/webapps/community/repository/view_repository.mako Tue Jun 21 10:14:24 2011 -0400 @@ -11,6 +11,10 @@ can_upload = can_push can_browse_contents = not is_new can_view_change_log = not is_new + if can_push: + browse_label = 'Browse or delete repository files' + else: + browse_label = 'Browse repository files' %><%! @@ -74,7 +78,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='rate_repository', id=trans.app.security.encode_id( repository.id ) )}">Rate repository</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">Browse or delete repository files</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> %endif <a class="action-button" href="${h.url_for( controller='repository', action='download', repository_id=trans.app.security.encode_id( repository.id ), file_type='gz' )}">Download as a .tar.gz file</a><a class="action-button" href="${h.url_for( controller='repository', action='download', repository_id=trans.app.security.encode_id( repository.id ), file_type='bz2' )}">Download as a .tar.bz2 file</a> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.