From 050e18ef86f2cb16f2ae981be8b4123ad8e08697 Mon Sep 17 00:00:00 2001
From: Tom Clegg <tom@curoverse.com>
Date: Sat, 23 Aug 2014 20:00:59 -0400
Subject: [PATCH] 3171: Add administrator UI for toggling user<->role
 permissions.

---
 .../assets/javascripts/permission_toggle.js   |  55 +++++++++
 .../app/views/projects/_show_sharing.html.erb |   2 +-
 .../app/views/users/_show_admin.html.erb      | 115 +++++++++++++++---
 3 files changed, 157 insertions(+), 15 deletions(-)
 create mode 100644 apps/workbench/app/assets/javascripts/permission_toggle.js

diff --git a/apps/workbench/app/assets/javascripts/permission_toggle.js b/apps/workbench/app/assets/javascripts/permission_toggle.js
new file mode 100644
index 0000000000..00c1718bd8
--- /dev/null
+++ b/apps/workbench/app/assets/javascripts/permission_toggle.js
@@ -0,0 +1,55 @@
+$(document).
+    on('click', '[data-toggle-permission] input[type=checkbox]', function() {
+        var data = {};
+        var keys = ['data-permission-uuid',
+                    'data-permission-name',
+                    'data-permission-head',
+                    'data-permission-tail'];
+        var attr;
+        for(var i in keys) {
+            attr = keys[i];
+            data[attr] = $(this).closest('[' + attr + ']').attr(attr);
+            if (data[attr] === undefined) {
+                console.log(["Error: no " + attr + " established here.", this]);
+                return;
+            }
+        }
+        var is_checked = $(this).prop('checked');
+
+        if (is_checked) {
+            $.ajax('/links',
+                   {dataType: 'json',
+                    type: 'POST',
+                    data: {'link[tail_uuid]': data['data-permission-tail'],
+                           'link[head_uuid]': data['data-permission-head'],
+                           'link[link_class]': 'permission',
+                           'link[name]': data['data-permission-name']},
+                    context: this}).
+                fail(function(jqxhr, status, error) {
+                    $(this).prop('checked', false);
+                }).
+                done(function(data, status, jqxhr) {
+                    $(this).attr('data-permission-uuid', data['uuid']);
+                }).
+                always(function() {
+                    $(this).prop('disabled', false);
+                });
+        }
+        else {
+            $.ajax('/links/' + data['data-permission-uuid'],
+                   {dataType: 'json',
+                    type: 'POST',
+                    data: {'_method': 'DELETE'},
+                    context: this}).
+                fail(function(jqxhr, status, error) {
+                    $(this).prop('checked', true);
+                }).
+                done(function(data, status, jqxhr) {
+                    $(this).attr('data-permission-uuid', 'x');
+                }).
+                always(function() {
+                    $(this).prop('disabled', false);
+                });
+        }
+        $(this).prop('disabled', true);
+    });
diff --git a/apps/workbench/app/views/projects/_show_sharing.html.erb b/apps/workbench/app/views/projects/_show_sharing.html.erb
index ff0062c24b..cafaf6dae7 100644
--- a/apps/workbench/app/views/projects/_show_sharing.html.erb
+++ b/apps/workbench/app/views/projects/_show_sharing.html.erb
@@ -20,7 +20,7 @@
    end
    perms_json = perms_json.to_json
    choose_filters = {
-     "groups" => [["group_class", "=", nil]],
+     "groups" => [["group_class", "=", "role"]],
    }
    choose_filters.default = []
    owner_icon = fa_icon_class_for_uuid(@object.owner_uuid)
diff --git a/apps/workbench/app/views/users/_show_admin.html.erb b/apps/workbench/app/views/users/_show_admin.html.erb
index 19c7cb90d6..8d5495093b 100644
--- a/apps/workbench/app/views/users/_show_admin.html.erb
+++ b/apps/workbench/app/views/users/_show_admin.html.erb
@@ -1,21 +1,108 @@
-<p>As an admin, you can log in as this user. When you&rsquo;ve
-finished, you will need to log out and log in again with your own
-account.</p>
+<div class="row">
+  <div class="col-md-6">
+    <p>
+      As an admin, you can log in as this user. When you&rsquo;ve
+      finished, you will need to log out and log in again with your
+      own account.
+    </p>
 
-<blockquote>
-<%= button_to "Log in as #{@object.full_name}", sudo_user_url(id: @object.uuid), class: 'btn btn-primary' %>
-</blockquote>
+    <blockquote>
+      <%= button_to "Log in as #{@object.full_name}", sudo_user_url(id: @object.uuid), class: 'btn btn-primary' %>
+    </blockquote>
 
-<p>As an admin, you can setup this user. Please input a VM and repository for the user. If you had previously provided any of these items, they are pre-filled for you and you can leave them as is if you would like to reuse them.</p>
+    <p>
+      As an admin, you can setup this user. Please input a VM and
+      repository for the user. If you had previously provided any of
+      these items, they are pre-filled for you and you can leave them
+      as is if you would like to reuse them.
+    </p>
 
-<blockquote>
-<%= link_to "Setup #{@object.full_name}", setup_popup_user_url(id: @object.uuid),  {class: 'btn btn-primary', :remote => true, 'data-toggle' =>  "modal", 'data-target' => '#user-setup-modal-window'}  %>
-</blockquote>
+    <blockquote>
+      <%= link_to "Setup #{@object.full_name}", setup_popup_user_url(id: @object.uuid),  {class: 'btn btn-primary', :remote => true, 'data-toggle' =>  "modal", 'data-target' => '#user-setup-modal-window'}  %>
+    </blockquote>
 
-<p>As an admin, you can deactivate and reset this user. This will remove all repository/VM permissions for the user. If you "setup" the user again, the user will have to sign the user agreement again.</p>
+    <p>
+      As an admin, you can deactivate and reset this user. This will
+      remove all repository/VM permissions for the user. If you
+      "setup" the user again, the user will have to sign the user
+      agreement again.
+    </p>
 
-<blockquote>
-<%= button_to "Deactivate #{@object.full_name}", unsetup_user_url(id: @object.uuid), class: 'btn btn-primary', data: {confirm: "Are you sure you want to deactivate #{@object.full_name}?"} %>
-</blockquote>
+    <blockquote>
+      <%= button_to "Deactivate #{@object.full_name}", unsetup_user_url(id: @object.uuid), class: 'btn btn-primary', data: {confirm: "Are you sure you want to deactivate #{@object.full_name}?"} %>
+    </blockquote>
+  </div>
+  <div class="col-md-6">
+    <div class="panel panel-default">
+      <div class="panel-heading">
+        Groups
+      </div>
+      <div class="panel-body">
+        <div class="alert alert-info">
+          A <i>permitted</i> user <i>has all permissions</i> available to the group.
+          <br/>
+          A <i>member</i> user <i>is visible to</i> everyone else who can see the group.
+          <br/>
+          (Tip: in most cases, you don't want one without the other.)
+        </div>
+        <form>
+          <% permitted_group_perms = {}
+             Link.limit(10000).filter([
+             ['tail_uuid', '=', @object.uuid],
+             ['head_uuid', 'is_a', 'arvados#group'],
+             ['link_class', '=', 'permission'],
+             ]).each do |perm|
+               permitted_group_perms[perm.head_uuid] = perm.uuid
+             end %>
+          <% member_group_perms = {}
+             Link.permissions_for(@object).each do |perm|
+               member_group_perms[perm.tail_uuid] = perm.uuid
+             end %>
+          <% Group.order(['name']).where(group_class: 'role').each do |group| %>
+            <div>
+              <label class="checkbox-inline" data-toggle-permission="true" data-permission-tail="<%= @object.uuid %>" data-permission-name="can_manage">
+                <%= check_box_tag(
+                    'group_uuids[]',
+                    group.uuid,
+                    permitted_group_perms[group.uuid],
+                    disabled: (group.owner_uuid == @object.uuid),
+                    data: {
+                      permission_head: group.uuid,
+                      permission_uuid: permitted_group_perms[group.uuid]}) %>
+                permitted
+              </label>
+              <label class="checkbox-inline" data-toggle-permission="true" data-permission-head="<%= @object.uuid %>" data-permission-name="can_read">
+                <%= check_box_tag(
+                    'group_uuids[]',
+                    group.uuid,
+                    member_group_perms[group.uuid],
+                    disabled: (group.owner_uuid == @object.uuid),
+                    data: {
+                      permission_tail: group.uuid,
+                      permission_uuid: member_group_perms[group.uuid]}) %>
+                member
+              </label>
+              <label class="checkbox-inline">
+                <%= group.name || '(unnamed)' %> <span class="deemphasize">(owned by <%= User.find(group.owner_uuid).andand.full_name %>)</span>
+              </label>
+            </div>
+          <% end.empty? and begin %>
+            <div>
+              (No groups defined.)
+            </div>
+          <% end %>
+        </form>
+      </div>
+      <div class="panel-footer">
+        To manage these groups (roles), use:
+        <ul>
+          <li><code>arv group create \<br/>--group '{"group_class":"role","name":"New group"}'</code></li>
+          <li><code>arv group list \<br/>--filters '[["group_class","=","role"]]' \<br/>--select '["uuid","name"]'</code></li>
+          <li><code>arv edit <i>uuid</i></code></li>
+        </ul>
+      </div>
+    </div>
+  </div>
+</div>
 
 <div id="user-setup-modal-window" class="modal fade" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"></div>
-- 
2.39.5