COUCHDB-1473 & COUCHDB-1472 - Futon: disable buttons if user has insufficient rights
- Disabled the delete database button if it is not in adminparty,
or if the current user is not admin.
- Security button is also disabled if user is not a database admin.
diff --git a/database.html b/database.html
index 23945cb..c64f749 100644
--- a/database.html
+++ b/database.html
@@ -177,9 +177,9 @@
</div>
<ul id="toolbar">
<li><button class="add">New Document</button></li>
- <li><button class="security">Security…</button></li>
+ <li><button class="security userAdmin serverAdmin">Security…</button></li>
<li><button class="compact">Compact & Cleanup…</button></li>
- <li><button class="delete">Delete Database…</button></li>
+ <li><button class="delete serverAdmin">Delete Database…</button></li>
</ul>
<div id="viewcode" class="collapsed" style="display: none">
diff --git a/script/futon.js b/script/futon.js
index 5e0fb78..e2e0aaf 100644
--- a/script/futon.js
+++ b/script/futon.js
@@ -225,20 +225,50 @@
this.sidebar = function() {
// get users db info?
$("#userCtx span").hide();
+ $(".serverAdmin").attr('disabled', 'disabled');
+
$.couch.session({
success : function(r) {
var userCtx = r.userCtx;
+
+ var urlParts = location.search.substr(1).split("/");
+ var dbName = decodeURIComponent(urlParts.shift());
+ var dbNameRegExp = new RegExp("[^a-z0-9\_\$\(\)\+\/\-]", "g");
+ dbName = dbName.replace(dbNameRegExp, "");
+
$$("#userCtx").userCtx = userCtx;
if (userCtx.name) {
$("#userCtx .name").text(userCtx.name).attr({href : $.couch.urlPrefix + "/_utils/document.html?"+encodeURIComponent(r.info.authentication_db)+"/org.couchdb.user%3A"+encodeURIComponent(userCtx.name)});
+
if (userCtx.roles.indexOf("_admin") != -1) {
$("#userCtx .loggedin").show();
$("#userCtx .loggedinadmin").show();
+ $(".serverAdmin").removeAttr('disabled'); // user is a server admin
} else {
$("#userCtx .loggedin").show();
+
+ if (dbName != "") {
+ $.couch.db(dbName).getDbProperty("_security", { // check security roles for user admins
+ success: function(resp) {
+ var adminRoles = resp.admins.roles;
+
+ if ($.inArray(userCtx.name, resp.admins.names)>=0) { // user is admin
+ $(".userAdmin").removeAttr('disabled');
+ }
+ else {
+ for (var i=0; i<userCtx.roles.length; i++) {
+ if ($.inArray(userCtx.roles[i], resp.admins.roles)>=0) { // user has role that is an admin
+ $(".userAdmin").removeAttr('disabled');
+ }
+ }
+ }
+ }
+ });
+ }
}
} else if (userCtx.roles.indexOf("_admin") != -1) {
$("#userCtx .adminparty").show();
+ $(".serverAdmin").removeAttr('disabled');
} else {
$("#userCtx .loggedout").show();
};
diff --git a/style/layout.css b/style/layout.css
index 814eecd..54a183a 100644
--- a/style/layout.css
+++ b/style/layout.css
@@ -234,6 +234,8 @@
color: #666; margin: 0; padding: 2px 1em 2px 22px; cursor: pointer;
font-size: 95%; line-height: 16px;
}
+#toolbar button[disabled] { opacity: .50; }
+#toolbar button[disabled]:hover { background-position: 2px 2px; cursor: default; color: #666 }
#toolbar button:hover { background-position: 2px -30px; color: #000; }
#toolbar button:active { background-position: 2px -62px; color: #000; }
#toolbar button.add { background-image: url(../image/add.png); }
