Skip to content

Commit 59f7b16

Browse files
devGregAdevGregA
committed
feat(authorization): strip RBAC member-listing panels from view_user.html
The "Product Types this User can access" and "Products this User can access" panels in view_user.html iterate Product_Type_Member / Product_Member rows (inert under legacy authorization) and surface an "Add Product Types" / "Add Products" hamburger that opens the Add_Product_Type_Member_UserForm / Add_Product_Member_UserForm — the same RBAC member-add forms with the role dropdown the user flagged. Strip both panels (matching the rbac_members_panel / rbac_groups_panel pattern on product detail) and replace with empty {% block user_product_types_panel %}{% endblock %} and {% block user_products_panel %}{% endblock %} hooks. Companion Pro commit at pro/templates/dojo/view_user.html overrides both blocks to re-render the RBAC-driven panels under Pro. The /user/<id>/add_product_type, /user/<id>/add_product URLs and the underlying view + form definitions stay untouched so Pro's restored "Add" hamburger keeps working.
1 parent a085bd7 commit 59f7b16

2 files changed

Lines changed: 4 additions & 294 deletions

File tree

dojo/templates/dojo/view_user.html

Lines changed: 2 additions & 147 deletions
Original file line numberDiff line numberDiff line change
@@ -101,153 +101,8 @@ <h4 class="pull-left">{% trans "Contact Information" %}</h4>
101101
</table>
102102
</div>
103103
</div>
104-
<div class="panel panel-default">
105-
<div class="panel-heading">
106-
<div class="clearfix">
107-
<h4 class="pull-left">{{ labels.ORG_USERS_LABEL }}</h4>
108-
&nbsp;
109-
<a href="https://docs.defectdojo.com/en/customize_dojo/user_management/about_perms_and_roles/#productproduct-type-membership--roles" target="_blank">
110-
<i class="fa-solid fa-circle-question"></i></a>
111-
{% if request.user.is_superuser %}
112-
<div class="dropdown pull-right">
113-
<button class="btn btn-primary dropdown-toggle" aria-label="Actions" type="button" id="dropdownMenuAddProductTypeMember"
114-
data-toggle="dropdown" aria-expanded="true">
115-
<span class="fa-solid fa-bars"></span>
116-
<span class="caret"></span>
117-
</button>
118-
<ul class="dropdown-menu dropdown-menu-right" role="menu" aria-labelledby="dropdownMenu2">
119-
<li role="presentation">
120-
<a id="addProductTypeMember" href="{% url 'add_product_type_member_user' user.id %}">
121-
<i class="fa-solid fa-plus"></i> {{ labels.ORG_USERS_ADD_ORGANIZATIONS_LABEL }}
122-
</a>
123-
</li>
124-
</ul>
125-
</div>
126-
{% endif %}
127-
</div>
128-
</div>
129-
{% if product_type_members %}
130-
<div class="table-responsive">
131-
<table class="tablesorter-bootstrap table table-condensed table-striped">
132-
<thead>
133-
<tr>
134-
<th></th>
135-
<th>{{ labels.ORG_LABEL }}</th>
136-
<th>{% trans "Role" %}</th>
137-
</tr>
138-
</thead>
139-
<tbody>
140-
{% for member in product_type_members %}
141-
<tr>
142-
<td>
143-
<ul>
144-
<li class="dropdown" style="list-style:none">
145-
<a href="#" class="dropdown-toggle" data-toggle="dropdown" name="dropdownManageProductTypeMember"
146-
aria-expanded="true">&nbsp;<b class="fa-solid fa-ellipsis-vertical"></b>&nbsp;</a>
147-
<ul class="dropdown-menu">
148-
{% if member.product_type|has_object_permission:"staff_only" %}
149-
<li>
150-
<a name="editProductTypeMember" href="{% url 'edit_product_type_member' member.id %}">
151-
<i class="fa-solid fa-pen-to-square"></i> {% trans "Edit" %}</a>
152-
</li>
153-
{% endif %}
154-
{% if member|has_object_permission:"delete" %}
155-
<li>
156-
<a name="deleteProductTypeMember" href="{% url 'delete_product_type_member' member.id %}">
157-
<i class="fa-solid fa-trash"></i> {% trans "Delete" %}</a>
158-
</li>
159-
{% endif %}
160-
</ul>
161-
</li>
162-
</ul>
163-
</td>
164-
<td name="member_product_type"><a href="{% url 'view_product_type' member.product_type.id %}">{{ member.product_type }}</a></td>
165-
<td name="member_product_type_role">{{ member.role }}</td>
166-
</tr>
167-
{% endfor %}
168-
</tbody>
169-
</table>
170-
</div>
171-
{% else %}
172-
<div class="panel-body">
173-
<small class="text-muted"><em>{{ labels.ORG_USERS_NO_ACCESS_MESSAGE }}</em></small>
174-
</div>
175-
{% endif %}
176-
</div>
177-
<div class="panel panel-default">
178-
<div class="panel-heading">
179-
<div class="clearfix">
180-
<h4 class="pull-left">{{ labels.ASSET_USERS_ACCESS_LABEL }}</h4>
181-
&nbsp;
182-
<a href="https://docs.defectdojo.com/en/customize_dojo/user_management/about_perms_and_roles/#productproduct-type-membership--roles" target="_blank">
183-
<i class="fa-solid fa-circle-question"></i></a>
184-
{% if request.user.is_superuser %}
185-
<div class="dropdown pull-right">
186-
<button class="btn btn-primary dropdown-toggle" aria-label="Actions" type="button" id="dropdownMenuAddProductMember"
187-
data-toggle="dropdown" aria-expanded="true">
188-
<span class="fa-solid fa-bars"></span>
189-
<span class="caret"></span>
190-
</button>
191-
<ul class="dropdown-menu dropdown-menu-right" role="menu" aria-labelledby="dropdownMenu3">
192-
<li role="presentation">
193-
<a id="addProductMember" href="{% url 'add_product_member_user' user.id %}">
194-
<i class="fa-solid fa-plus"></i> {{ labels.ASSET_USERS_ADD_LABEL }}
195-
</a>
196-
</li>
197-
</ul>
198-
</div>
199-
{% endif %}
200-
</div>
201-
</div>
202-
{% if product_members %}
203-
<div class="table-responsive">
204-
<table class="tablesorter-bootstrap table table-condensed table-striped">
205-
<thead>
206-
<tr>
207-
<th></th>
208-
<th>{{ labels.ASSET_LABEL }}</th>
209-
<th>{% trans "Role" %}</th>
210-
</tr>
211-
</thead>
212-
<tbody>
213-
{% for member in product_members %}
214-
<tr>
215-
<td>
216-
<ul>
217-
<li class="dropdown" style="list-style:none">
218-
<a href="#" class="dropdown-toggle" data-toggle="dropdown" name="dropdownManageProductMember"
219-
aria-expanded="true">&nbsp;<b class="fa-solid fa-ellipsis-vertical"></b>&nbsp;</a>
220-
<ul class="dropdown-menu">
221-
{% if member.product|has_object_permission:"staff_only" %}
222-
<li>
223-
<a name="editProductMember" href="{% url 'edit_product_member' member.id %}">
224-
<i class="fa-solid fa-pen-to-square"></i> {% trans "Edit" %}</a>
225-
</li>
226-
{% endif %}
227-
{% if member|has_object_permission:"delete" %}
228-
<li>
229-
<a name="deleteProductMember" href="{% url 'delete_product_member' member.id %}">
230-
<i class="fa-solid fa-trash"></i> {% trans "Delete" %}</a>
231-
</li>
232-
{% endif %}
233-
</ul>
234-
</li>
235-
</ul>
236-
</td>
237-
<td name="member_product"><a href="{% url 'view_product' member.product.id %}">{{ member.product }}</a></td>
238-
<td name="member_product_role">{{ member.role }}</td>
239-
</tr>
240-
{% endfor %}
241-
</tbody>
242-
</table>
243-
</div>
244-
{% else %}
245-
<div class="panel-body">
246-
<small class="text-muted"><em>{{ labels.ASSET_USERS_NO_ACCESS_MESSAGE }}</em></small>
247-
</div>
248-
{% endif %}
249-
</div>
250-
104+
{% block user_product_types_panel %}{% endblock %}
105+
{% block user_products_panel %}{% endblock %}
251106
{% block user_groups_panel %}{% endblock %}
252107
</div>
253108
<div class="col-md-4">

dojo/templates_classic/dojo/view_user.html

Lines changed: 2 additions & 147 deletions
Original file line numberDiff line numberDiff line change
@@ -101,153 +101,8 @@ <h4 class="pull-left">{% trans "Contact Information" %}</h4>
101101
</table>
102102
</div>
103103
</div>
104-
<div class="panel panel-default">
105-
<div class="panel-heading">
106-
<div class="clearfix">
107-
<h4 class="pull-left">{{ labels.ORG_USERS_LABEL }}</h4>
108-
&nbsp;
109-
<a href="https://docs.defectdojo.com/en/customize_dojo/user_management/about_perms_and_roles/#productproduct-type-membership--roles" target="_blank">
110-
<i class="fa-solid fa-circle-question"></i></a>
111-
{% if request.user.is_superuser %}
112-
<div class="dropdown pull-right">
113-
<button class="btn btn-primary dropdown-toggle" aria-label="Actions" type="button" id="dropdownMenuAddProductTypeMember"
114-
data-toggle="dropdown" aria-expanded="true">
115-
<span class="fa-solid fa-bars"></span>
116-
<span class="caret"></span>
117-
</button>
118-
<ul class="dropdown-menu dropdown-menu-right" role="menu" aria-labelledby="dropdownMenu2">
119-
<li role="presentation">
120-
<a id="addProductTypeMember" href="{% url 'add_product_type_member_user' user.id %}">
121-
<i class="fa-solid fa-plus"></i> {{ labels.ORG_USERS_ADD_ORGANIZATIONS_LABEL }}
122-
</a>
123-
</li>
124-
</ul>
125-
</div>
126-
{% endif %}
127-
</div>
128-
</div>
129-
{% if product_type_members %}
130-
<div class="table-responsive">
131-
<table class="tablesorter-bootstrap table table-condensed table-striped">
132-
<thead>
133-
<tr>
134-
<th></th>
135-
<th>{{ labels.ORG_LABEL }}</th>
136-
<th>{% trans "Role" %}</th>
137-
</tr>
138-
</thead>
139-
<tbody>
140-
{% for member in product_type_members %}
141-
<tr>
142-
<td>
143-
<ul>
144-
<li class="dropdown" style="list-style:none">
145-
<a href="#" class="dropdown-toggle" data-toggle="dropdown" name="dropdownManageProductTypeMember"
146-
aria-expanded="true">&nbsp;<b class="fa-solid fa-ellipsis-vertical"></b>&nbsp;</a>
147-
<ul class="dropdown-menu">
148-
{% if member.product_type|has_object_permission:"Product_Type_Manage_Members" %}
149-
<li>
150-
<a name="editProductTypeMember" href="{% url 'edit_product_type_member' member.id %}">
151-
<i class="fa-solid fa-pen-to-square"></i> {% trans "Edit" %}</a>
152-
</li>
153-
{% endif %}
154-
{% if member|has_object_permission:"Product_Type_Member_Delete" %}
155-
<li>
156-
<a name="deleteProductTypeMember" href="{% url 'delete_product_type_member' member.id %}">
157-
<i class="fa-solid fa-trash"></i> {% trans "Delete" %}</a>
158-
</li>
159-
{% endif %}
160-
</ul>
161-
</li>
162-
</ul>
163-
</td>
164-
<td name="member_product_type"><a href="{% url 'view_product_type' member.product_type.id %}">{{ member.product_type }}</a></td>
165-
<td name="member_product_type_role">{{ member.role }}</td>
166-
</tr>
167-
{% endfor %}
168-
</tbody>
169-
</table>
170-
</div>
171-
{% else %}
172-
<div class="panel-body">
173-
<small class="text-muted"><em>{{ labels.ORG_USERS_NO_ACCESS_MESSAGE }}</em></small>
174-
</div>
175-
{% endif %}
176-
</div>
177-
<div class="panel panel-default">
178-
<div class="panel-heading">
179-
<div class="clearfix">
180-
<h4 class="pull-left">{{ labels.ASSET_USERS_ACCESS_LABEL }}</h4>
181-
&nbsp;
182-
<a href="https://docs.defectdojo.com/en/customize_dojo/user_management/about_perms_and_roles/#productproduct-type-membership--roles" target="_blank">
183-
<i class="fa-solid fa-circle-question"></i></a>
184-
{% if request.user.is_superuser %}
185-
<div class="dropdown pull-right">
186-
<button class="btn btn-primary dropdown-toggle" aria-label="Actions" type="button" id="dropdownMenuAddProductMember"
187-
data-toggle="dropdown" aria-expanded="true">
188-
<span class="fa-solid fa-bars"></span>
189-
<span class="caret"></span>
190-
</button>
191-
<ul class="dropdown-menu dropdown-menu-right" role="menu" aria-labelledby="dropdownMenu3">
192-
<li role="presentation">
193-
<a id="addProductMember" href="{% url 'add_product_member_user' user.id %}">
194-
<i class="fa-solid fa-plus"></i> {{ labels.ASSET_USERS_ADD_LABEL }}
195-
</a>
196-
</li>
197-
</ul>
198-
</div>
199-
{% endif %}
200-
</div>
201-
</div>
202-
{% if product_members %}
203-
<div class="table-responsive">
204-
<table class="tablesorter-bootstrap table table-condensed table-striped">
205-
<thead>
206-
<tr>
207-
<th></th>
208-
<th>{{ labels.ASSET_LABEL }}</th>
209-
<th>{% trans "Role" %}</th>
210-
</tr>
211-
</thead>
212-
<tbody>
213-
{% for member in product_members %}
214-
<tr>
215-
<td>
216-
<ul>
217-
<li class="dropdown" style="list-style:none">
218-
<a href="#" class="dropdown-toggle" data-toggle="dropdown" name="dropdownManageProductMember"
219-
aria-expanded="true">&nbsp;<b class="fa-solid fa-ellipsis-vertical"></b>&nbsp;</a>
220-
<ul class="dropdown-menu">
221-
{% if member.product|has_object_permission:"Product_Manage_Members" %}
222-
<li>
223-
<a name="editProductMember" href="{% url 'edit_product_member' member.id %}">
224-
<i class="fa-solid fa-pen-to-square"></i> {% trans "Edit" %}</a>
225-
</li>
226-
{% endif %}
227-
{% if member|has_object_permission:"Product_Member_Delete" %}
228-
<li>
229-
<a name="deleteProductMember" href="{% url 'delete_product_member' member.id %}">
230-
<i class="fa-solid fa-trash"></i> {% trans "Delete" %}</a>
231-
</li>
232-
{% endif %}
233-
</ul>
234-
</li>
235-
</ul>
236-
</td>
237-
<td name="member_product"><a href="{% url 'view_product' member.product.id %}">{{ member.product }}</a></td>
238-
<td name="member_product_role">{{ member.role }}</td>
239-
</tr>
240-
{% endfor %}
241-
</tbody>
242-
</table>
243-
</div>
244-
{% else %}
245-
<div class="panel-body">
246-
<small class="text-muted"><em>{{ labels.ASSET_USERS_NO_ACCESS_MESSAGE }}</em></small>
247-
</div>
248-
{% endif %}
249-
</div>
250-
104+
{% block user_product_types_panel %}{% endblock %}
105+
{% block user_products_panel %}{% endblock %}
251106
{% block user_groups_panel %}{% endblock %}
252107
</div>
253108
<div class="col-md-4">

0 commit comments

Comments
 (0)