diff --git a/main.go b/main.go
index a772db7..650fa56 100644
--- a/main.go
+++ b/main.go
@@ -35,6 +35,7 @@ type configData struct {
EventDeletionEnabled bool `yaml:"event_deletion_enabled"`
CacheRefreshInterval uint8 `yaml:"cache_refresh_interval"`
AnyoneCanDelete bool `yaml:"anyone_can_delete"`
+ AnyoneCanViewEvents bool `yaml:"anyone_can_view_events"`
Admins []string `yaml:"admins"`
Debug bool `yaml:"debug"`
PurgeTagsKeepDays int `yaml:"purge_tags_keep_days"`
@@ -178,7 +179,7 @@ func (a *apiClient) viewRepositories(c echo.Context) error {
}
repos, _ := a.client.Repositories(true)[namespace]
- data := jet.VarMap{}
+ data := a.dataWithPermissions(c)
data.Set("namespace", namespace)
data.Set("namespaces", a.client.Namespaces())
data.Set("repos", repos)
@@ -196,13 +197,11 @@ func (a *apiClient) viewTags(c echo.Context) error {
}
tags := a.client.Tags(repoPath)
- deleteAllowed := a.checkDeletePermission(c.Request().Header.Get("X-WEBAUTH-USER"))
- data := jet.VarMap{}
+ data := a.dataWithPermissions(c)
data.Set("namespace", namespace)
data.Set("repo", repo)
data.Set("tags", tags)
- data.Set("deleteAllowed", deleteAllowed)
repoPath, _ = url.PathUnescape(repoPath)
data.Set("events", a.eventListener.GetEvents(repoPath))
@@ -289,7 +288,7 @@ func (a *apiClient) viewTagInfo(c echo.Context) error {
}
// Populate template vars
- data := jet.VarMap{}
+ data := a.dataWithPermissions(c)
data.Set("namespace", namespace)
data.Set("repo", repo)
data.Set("tag", tag)
@@ -322,6 +321,19 @@ func (a *apiClient) deleteTag(c echo.Context) error {
return c.Redirect(http.StatusSeeOther, fmt.Sprintf("%s/%s/%s", a.config.BasePath, namespace, repo))
}
+// dataWithPermissions returns a jet.VarMap with permission related information
+// set
+func (a *apiClient) dataWithPermissions(c echo.Context) jet.VarMap {
+ user := c.Request().Header.Get("X-WEBAUTH-USER")
+
+ data := jet.VarMap{}
+ data.Set("user", user)
+ data.Set("deleteAllowed", a.checkDeletePermission(user))
+ data.Set("eventsAllowed", a.checkEventsPermission(user))
+
+ return data
+}
+
// checkDeletePermission check if tag deletion is allowed whether by anyone or permitted users.
func (a *apiClient) checkDeletePermission(user string) bool {
deleteAllowed := a.config.AnyoneCanDelete
@@ -336,9 +348,24 @@ func (a *apiClient) checkDeletePermission(user string) bool {
return deleteAllowed
}
+// checkEventsPermission checks if anyone is allowed to view events or only
+// admins
+func (a *apiClient) checkEventsPermission(user string) bool {
+ eventsAllowed := a.config.AnyoneCanViewEvents
+ if !eventsAllowed {
+ for _, u := range a.config.Admins {
+ if u == user {
+ eventsAllowed = true
+ break
+ }
+ }
+ }
+ return eventsAllowed
+}
+
// viewLog view events from sqlite.
func (a *apiClient) viewLog(c echo.Context) error {
- data := jet.VarMap{}
+ data := a.dataWithPermissions(c)
data.Set("events", a.eventListener.GetEvents(""))
return c.Render(http.StatusOK, "event_log.html", data)
diff --git a/templates/base.html b/templates/base.html
index d51e4dd..fc0367d 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -14,9 +14,11 @@
+ {{if eventsAllowed}}
+ {{end}}
{{yield body()}}
diff --git a/templates/event_log.html b/templates/event_log.html
index 4bedc29..69f8869 100644
--- a/templates/event_log.html
+++ b/templates/event_log.html
@@ -20,6 +20,7 @@
Event Log
+{{if eventsAllowed}}
@@ -46,4 +47,9 @@
{{end}}
+{{else}}
+
+
User "{{user}}" is not permitted to view the Event Log.
+
+{{end}}
{{end}}
diff --git a/templates/tags.html b/templates/tags.html
index 8704a03..5a9ef41 100644
--- a/templates/tags.html
+++ b/templates/tags.html
@@ -59,6 +59,7 @@
+{{if eventsAllowed}}
Latest events on this repo
@@ -86,5 +87,6 @@
{{end}}
+{{end}}
{{end}}