Add ability for users to see their authorized applications and revoke the access

2014-03-24 20:57:02 -04:00 · 2014-03-24 20:57:02 -04:00 · c82d1ffe98
commit c82d1ffe98
parent e92cf37583
10 changed files with 262 additions and 3 deletions
--- a/static/css/quay.css
+++ b/static/css/quay.css
@ -3574,4 +3574,19 @@ pre.command:before {
  margin-top: 10px;
  padding-top: 20px;
  border-top: 1px solid #eee;
+}
+
+.auth-info .by:before {
+  content: "by";
+  margin-right: 4px;
+}
+
+.auth-info .by {
+  color: #aaa;
+  font-size: 12px;
+}
+
+.auth-info .scope {
+  cursor: pointer;
+  margin-right: 4px;
 }
--- a/static/js/controllers.js
+++ b/static/js/controllers.js
@ -1628,12 +1628,42 @@ function UserAdminCtrl($scope, $timeout, $location, ApiService, PlanService, Use
  $scope.org = {};
  $scope.githubRedirectUri = KeyService.githubRedirectUri;
  $scope.githubClientId = KeyService.githubClientId;
+  $scope.authorizedApps = null;

  $('.form-change').popover();

  $scope.logsShown = 0;
  $scope.invoicesShown = 0;
  
+  $scope.loadAuthedApps = function() {
+    if ($scope.authorizedApps) { return; }
+
+    ApiService.listUserAuthorizations().then(function(resp) {
+      $scope.authorizedApps = resp['authorizations'];
+    });
+  };
+
+  $scope.deleteAccess = function(accessTokenInfo) {
+    var params = {
+      'access_token_uuid': accessTokenInfo['uuid']
+    };
+
+    ApiService.deleteUserAuthorization(null, params).then(function(resp) {
+      $scope.authorizedApps.splice($scope.authorizedApps.indexOf(accessTokenInfo), 1);
+    }, function(resp) {
+      bootbox.dialog({
+        "message": resp.message || 'Could not revoke authorization',
+        "title": "Cannot revoke authorization",
+        "buttons": {
+          "close": {
+            "label": "Close",
+            "className": "btn-primary"
+          }
+        }
+      });      
+    });
+  };
+
  $scope.loadLogs = function() {
    if (!$scope.hasPaidBusinessPlan) { return; }
    $scope.logsShown++;
--- a/static/partials/user-admin.html
+++ b/static/partials/user-admin.html
@ -33,6 +33,7 @@
        <li><a href="javascript:void(0)" data-toggle="tab" data-target="#email">Account E-mail</a></li>
        <li><a href="javascript:void(0)" data-toggle="tab" data-target="#password">Change Password</a></li>
        <li><a href="javascript:void(0)" data-toggle="tab" data-target="#github">GitHub Login</a></li>
+        <li><a href="javascript:void(0)" data-toggle="tab" data-target="#authorized" ng-click="loadAuthedApps()">Authorized Applications</a></li>
        <li ng-show="hasPaidBusinessPlan"><a href="javascript:void(0)" data-toggle="tab" data-target="#logs" ng-click="loadLogs()">Usage Logs</a></li>
        <li><a href="javascript:void(0)" data-toggle="tab" data-target="#migrate" id="migrateTab">Convert to Organization</a></li>
      </ul>
@ -41,6 +42,55 @@
    <!-- Content -->
    <div class="col-md-10">
      <div class="tab-content">
+        <!-- Authorized applications tab -->
+        <div id="authorized" class="tab-pane">
+          <div class="quay-spinner" ng-show="!authorizedApps"></div>
+
+          <div class="panel" ng-show="authorizedApps != null">
+            <div class="panel-body" ng-show="!authorizedApps.length">
+              You have not authorized any external applications
+            </div>
+            <div class="panel-body" ng-show="authorizedApps.length">
+              <div class="alert alert-info">
+                These are the applications you have authorized to view information and perform actions on Quay.io on your behalf.
+              </div>
+
+              <table class="table">
+                <thead>
+                  <th>Application Name</th>
+                  <th>Authorized Permissions</th>
+                  <th style="width: 150px">Revoke</th>
+                </thead>
+                
+                <tr class="auth-info" ng-repeat="authInfo in authorizedApps">
+                  <td>
+                    <img src="//www.gravatar.com/avatar/{{ authInfo.gravatar }}?s=16&d=identicon">
+                    <a href="{{ authInfo.application.url }}" ng-if="authInfo.application.url" target="_blank"
+                       title="{{ authInfo.application.description || authInfo.application.name }}" bs-tooltip>
+                      {{ authInfo.application.name }}
+                    </a>
+                    <span ng-if="!authInfo.application.url" title="{{ authInfo.application.description || authInfo.application.name }}" bs-tooltip>
+                      {{ authInfo.application.name }}
+                    </span>
+                    <span class="by">{{ authInfo.application.organization.name }}</span>
+                  </td>
+                  <td>
+                    <span class="label label-default scope"
+                          ng-class="{'repo:admin': 'label-primary', 'repo:write': 'label-success', 'repo:create': 'label-success'}[scopeInfo.scope]"
+                          ng-repeat="scopeInfo in authInfo.scopes" title="{{ scopeInfo.description  }}" bs-tooltip>
+                      {{ scopeInfo.scope }}
+                    </span>
+                  </td>
+                  <td>
+                    <span class="delete-ui" delete-title="'Revoke Authorization'" button-title="'Revoke'" perform-delete="deleteAccess(authInfo)"></span>
+                  </td>
+                </tr>
+              </table>
+            </div>
+          </div>
+
+        </div>
+
        <!-- Logs tab -->
        <div id="logs" class="tab-pane">
          <div class="logs-view" user="user" visible="logsShown"></div>