-<p>As an admin, you can log in as this user. When you’ve
-finished, you will need to log out and log in again with your own
-account.</p>
+<%# Copyright (C) The Arvados Authors. All rights reserved.
-<blockquote>
-<%= button_to "Log in as #{@object.full_name}", sudo_user_url(id: @object.uuid), class: 'btn btn-primary' %>
-</blockquote>
+SPDX-License-Identifier: AGPL-3.0 %>
-<p>As an admin, you can setup this user. Please input a VM and repository for the user. If you had previously provided any of these items, they are pre-filled for you and you can leave them as is if you would like to reuse them.</p>
+<div class="row">
+ <div class="col-md-6">
-<blockquote>
-<%= link_to "Setup #{@object.full_name}", setup_popup_user_url(id: @object.uuid), {class: 'btn btn-primary', :remote => true, 'data-toggle' => "modal", 'data-target' => '#user-setup-modal-window'} %>
-</blockquote>
+ <p>
+ This page enables you to <a href="https://doc.arvados.org/main/admin/user-management.html">manage users</a>.
+ </p>
-<p>As an admin, you can deactivate and reset this user. This will remove all repository/VM permissions for the user. If you "setup" the user again, the user will have to sign the user agreement again.</p>
+ <p>
+ This button sets up a user. After setup, they will be able use
+ Arvados. This dialog box also allows you to optionally set up a
+ shell account for this user. The login name is automatically
+ generated from the user's e-mail address.
+ </p>
-<blockquote>
-<%= button_to "Deactivate #{@object.full_name}", unsetup_user_url(id: @object.uuid), class: 'btn btn-primary', data: {confirm: "Are you sure you want to deactivate #{@object.full_name}?"} %>
-</blockquote>
+ <%= link_to "Setup account #{'for ' if @object.full_name.present?} #{@object.full_name}", setup_popup_user_url(id: @object.uuid), {class: 'btn btn-primary', :remote => true, 'data-toggle' => "modal", 'data-target' => '#user-setup-modal-window'} %>
+
+ <p style="margin-top: 3em">
+ As an admin, you can deactivate and reset this user. This will
+ remove all repository/VM permissions for the user. If you
+ "setup" the user again, the user will have to sign the user
+ agreement again. You may also want to <a href="https://doc.arvados.org/main/admin/reassign-ownership.html">reassign data ownership</a>.
+ </p>
+
+ <%= button_to "Deactivate #{@object.full_name}", unsetup_user_url(id: @object.uuid), class: 'btn btn-primary', data: {confirm: "Are you sure you want to deactivate #{@object.full_name}?"} %>
+
+ <p style="margin-top: 3em">
+ As an admin, you can log in as this user. When you’ve
+ finished, you will need to log out and log in again with your
+ own account.
+ </p>
+
+ <%= button_to "Log in as #{@object.full_name}", sudo_user_url(id: @object.uuid), class: 'btn btn-primary' %>
+ </div>
+ <div class="col-md-6">
+ <div class="panel panel-default">
+ <div class="panel-heading">
+ Group memberships
+
+ <div class="pull-right">
+ <%= link_to raw('<i class="fa fa-plus"></i> Add new group'), "#",
+ {class: 'btn btn-xs btn-primary', 'data-toggle' => "modal",
+ 'data-target' => '#add-group-modal'} %>
+ </div>
+ </div>
+ <div class="panel-body">
+ <div class="alert alert-info">
+ <b>Tip:</b> in most cases, you want <i>both permissions at once</i> for a given group.
+ <br/>
+ The user→group permission is can_manage.
+ <br/>
+ The group→user permission is can_read.
+ </div>
+ <form>
+ <% permitted_group_perms = {}
+ Link.filter([
+ ['tail_uuid', '=', @object.uuid],
+ ['head_uuid', 'is_a', 'arvados#group'],
+ ['link_class', '=', 'permission'],
+ ]).each do |perm|
+ permitted_group_perms[perm.head_uuid] = perm.uuid
+ end %>
+ <% member_group_perms = {}
+ Link.permissions_for(@object).each do |perm|
+ member_group_perms[perm.tail_uuid] = perm.uuid
+ end %>
+ <% Group.order(['name']).where(group_class: 'role').each do |group| %>
+ <div>
+ <label class="checkbox-inline" data-toggle-permission="true" data-permission-tail="<%= @object.uuid %>" data-permission-name="can_manage">
+ <%= check_box_tag(
+ 'group_uuids[]',
+ group.uuid,
+ permitted_group_perms[group.uuid],
+ disabled: (group.owner_uuid == @object.uuid),
+ data: {
+ permission_head: group.uuid,
+ permission_uuid: permitted_group_perms[group.uuid] || 'x'}) %>
+ <small>user→group</small>
+ </label>
+ <label class="checkbox-inline" data-toggle-permission="true" data-permission-head="<%= @object.uuid %>" data-permission-name="can_read">
+ <%= check_box_tag(
+ 'group_uuids[]',
+ group.uuid,
+ member_group_perms[group.uuid],
+ disabled: (group.owner_uuid == @object.uuid),
+ data: {
+ permission_tail: group.uuid,
+ permission_uuid: member_group_perms[group.uuid] || 'x'}) %>
+ <small>group→user</small>
+ </label>
+ <label class="checkbox-inline">
+ <%= group.name || '(unnamed)' %> <span class="deemphasize">(owned by <%= User.find?(group.owner_uuid).andand.full_name %>)</span>
+ </label>
+ </div>
+ <% end.empty? and begin %>
+ <div>
+ (No groups defined.)
+ </div>
+ <% end %>
+ </form>
+ </div>
+ <div class="panel-footer">
+ These groups (roles) can also be managed from the command line. For example:
+ <ul>
+ <li><code>arv group create \<br/>--group '{"group_class":"role","name":"New group"}'</code></li>
+ <li><code>arv group list \<br/>--filters '[["group_class","=","role"]]' \<br/>--select '["uuid","name"]'</code></li>
+ <li><code>arv edit <i>uuid</i></code></li>
+ </ul>
+ </div>
+ </div>
+ </div>
+</div>
<div id="user-setup-modal-window" class="modal fade" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"></div>
+<%= render partial: "add_group_modal" %>
projects / arvados.git / blobdiff