apps/workbench/app/views/users/_show_admin.html.erb

   1 <%# Copyright (C) The Arvados Authors. All rights reserved.
   2
   3 SPDX-License-Identifier: AGPL-3.0 %>
   4
   5 <div class="row">
   6   <div class="col-md-6">
   7
   8     <p>
   9       This page enables you to <a href="https://doc.arvados.org/main/admin/user-management.html">manage users</a>.
  10     </p>
  11
  12     <p>
  13       This button sets up a user.  After setup, they will be able use
  14       Arvados.  This dialog box also allows you to optionally set up a
  15       shell account for this user.  The login name is automatically
  16       generated from the user's e-mail address.
  17     </p>
  18
  19     <%= link_to "Setup account #{'for ' if @object.full_name.present?} #{@object.full_name}", setup_popup_user_url(id: @object.uuid),  {class: 'btn btn-primary', :remote => true, 'data-toggle' =>  "modal", 'data-target' => '#user-setup-modal-window'}  %>
  20
  21     <p style="margin-top: 3em">
  22       As an admin, you can deactivate and reset this user. This will
  23       remove all repository/VM permissions for the user. If you
  24       "setup" the user again, the user will have to sign the user
  25       agreement again.  You may also want to <a href="https://doc.arvados.org/main/admin/reassign-ownership.html">reassign data ownership</a>.
  26     </p>
  27
  28     <%= button_to "Deactivate #{@object.full_name}", unsetup_user_url(id: @object.uuid), class: 'btn btn-primary', data: {confirm: "Are you sure you want to deactivate #{@object.full_name}?"} %>
  29
  30     <p style="margin-top: 3em">
  31       As an admin, you can log in as this user. When you&rsquo;ve
  32       finished, you will need to log out and log in again with your
  33       own account.
  34     </p>
  35
  36     <%= button_to "Log in as #{@object.full_name}", sudo_user_url(id: @object.uuid), class: 'btn btn-primary' %>
  37   </div>
  38   <div class="col-md-6">
  39     <div class="panel panel-default">
  40       <div class="panel-heading">
  41         Group memberships
  42
  43         <div class="pull-right">
  44           <%= link_to raw('<i class="fa fa-plus"></i> Add new group'), "#",
  45                        {class: 'btn btn-xs btn-primary', 'data-toggle' => "modal",
  46                         'data-target' => '#add-group-modal'}  %>
  47         </div>
  48       </div>
  49       <div class="panel-body">
  50         <div class="alert alert-info">
  51           <b>Tip:</b> in most cases, you want <i>both permissions at once</i> for a given group.
  52           <br/>
  53           The user&rarr;group permission is can_manage.
  54           <br/>
  55           The group&rarr;user permission is can_read.
  56         </div>
  57         <form>
  58           <% permitted_group_perms = {}
  59              Link.filter([
  60              ['tail_uuid', '=', @object.uuid],
  61              ['head_uuid', 'is_a', 'arvados#group'],
  62              ['link_class', '=', 'permission'],
  63              ]).each do |perm|
  64                permitted_group_perms[perm.head_uuid] = perm.uuid
  65              end %>
  66           <% member_group_perms = {}
  67              Link.permissions_for(@object).each do |perm|
  68                member_group_perms[perm.tail_uuid] = perm.uuid
  69              end %>
  70           <% Group.order(['name']).where(group_class: 'role').each do |group| %>
  71             <div>
  72               <label class="checkbox-inline" data-toggle-permission="true" data-permission-tail="<%= @object.uuid %>" data-permission-name="can_manage">
  73                 <%= check_box_tag(
  74                     'group_uuids[]',
  75                     group.uuid,
  76                     permitted_group_perms[group.uuid],
  77                     disabled: (group.owner_uuid == @object.uuid),
  78                     data: {
  79                       permission_head: group.uuid,
  80                       permission_uuid: permitted_group_perms[group.uuid] || 'x'}) %>
  81                 <small>user&rarr;group</small>
  82               </label>
  83               <label class="checkbox-inline" data-toggle-permission="true" data-permission-head="<%= @object.uuid %>" data-permission-name="can_read">
  84                 <%= check_box_tag(
  85                     'group_uuids[]',
  86                     group.uuid,
  87                     member_group_perms[group.uuid],
  88                     disabled: (group.owner_uuid == @object.uuid),
  89                     data: {
  90                       permission_tail: group.uuid,
  91                       permission_uuid: member_group_perms[group.uuid] || 'x'}) %>
  92                 <small>group&rarr;user</small>
  93               </label>
  94               <label class="checkbox-inline">
  95                 <%= group.name || '(unnamed)' %> <span class="deemphasize">(owned by <%= User.find?(group.owner_uuid).andand.full_name %>)</span>
  96               </label>
  97             </div>
  98           <% end.empty? and begin %>
  99             <div>
 100               (No groups defined.)
 101             </div>
 102           <% end %>
 103         </form>
 104       </div>
 105       <div class="panel-footer">
 106         These groups (roles) can also be managed from the command line. For example:
 107         <ul>
 108           <li><code>arv group create \<br/>--group '{"group_class":"role","name":"New group"}'</code></li>
 109           <li><code>arv group list \<br/>--filters '[["group_class","=","role"]]' \<br/>--select '["uuid","name"]'</code></li>
 110           <li><code>arv edit <i>uuid</i></code></li>
 111         </ul>
 112       </div>
 113     </div>
 114   </div>
 115 </div>
 116
 117 <div id="user-setup-modal-window" class="modal fade" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"></div>
 118 <%= render partial: "add_group_modal" %>