Mercurial > p > roundup > code
view website/issues/html/user.index.html @ 6681:ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
We now have an allow list to filter the hosts allowed to do api
requests. An element of this allow list must match the http ORIGIN
header exactly or the rest/xmlrpc CORS request will result in an
error.
The tracker host is always allowed to do a request.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 17 May 2022 17:18:51 -0400 |
| parents | 370cc9052239 |
| children |
line wrap: on
line source
<tal:block metal:use-macro="templates/page/macros/icing"> <title metal:fill-slot="head_title" i18n:translate="">User listing - <span i18n:name="tracker" tal:replace="config/TRACKER_NAME" /></title> <span metal:fill-slot="body_title" tal:omit-tag="python:1" i18n:translate="">User listing</span> <td class="content" metal:fill-slot="content"> <span tal:condition="python:not (context.is_view_ok() or request.user.hasRole('Anonymous'))" i18n:translate="">You are not allowed to view this page.</span> <span tal:condition="python:not context.is_view_ok() and request.user.hasRole('Anonymous')" i18n:translate="">Please login with your username and password.</span> <form tal:condition="context/is_view_ok" method="get" name="itemSynopsis" tal:attributes="action request/classname"> <table class="form" tal:define=" search_input templates/page/macros/search_input;"> <tr><th class="header" colspan="5">Search for users</th></tr> <tr> <th class="header">Username</th> <td tal:define="name string:username"> <input tal:attributes="value python:request.form.getvalue(name) or nothing; name name; id name"/> </td> <th class="header">Realname</th> <td tal:define="name string:realname"> <input tal:attributes="value python:request.form.getvalue(name) or nothing; name name; id name"/> </td> <td><input class="form-small" type="submit" value="Search" i18n:attributes="value"/></td> </tr> </table> <input type="hidden" name="@action" value="search"/> </form> <table width="100%" tal:condition="context/is_view_ok" class="list" tal:define="batch request/batch"> <tr> <th i18n:translate="">Username</th> <th i18n:translate="">Real name</th> <th i18n:translate="">Organisation</th> <th i18n:translate="">Email address</th> <th tal:condition="context/is_edit_ok" i18n:translate="">Retire</th> </tr> <tal:block repeat="user batch"> <tr tal:attributes="class python:['normal', 'alt'][repeat['user'].index%6//3]"> <td> <a tal:attributes="href string:user${user/id}" tal:content="user/username">username</a> </td> <td tal:content="python:user.realname.plain() or default"> </td> <td tal:content="python:user.organisation.plain() or default"> </td> <td tal:content="python:user.address.email() or default"> </td> <td tal:condition="context/is_edit_ok"> <form style="padding:0" method="POST" tal:attributes="action string:user${user/id}"> <input type="hidden" name="@template" value="index"> <input type="hidden" name="@action" value="retire"> <input type="submit" value="retire" i18n:attributes="value"> <input name="@csrf" type="hidden" tal:attributes="value python:utils.anti_csrf_nonce()"> </form> </td> </tr> </tal:block> <tr tal:condition="batch"> <th tal:attributes="colspan python:len(request.columns)"> <table width="100%"> <tr class="navigation"> <th> <a tal:define="prev batch/previous" tal:condition="prev" tal:attributes="href python:request.indexargs_url(request.classname, {'@startwith':prev.first, '@pagesize':prev.size})" i18n:translate=""><< previous</a> </th> <th i18n:translate=""><span tal:replace="batch/start" i18n:name="start" />..<span tal:replace="python: batch.start + batch.length -1" i18n:name="end" /> out of <span tal:replace="batch/sequence_length" i18n:name="total" /></th> <th> <a tal:define="next batch/next" tal:condition="next" tal:attributes="href python:request.indexargs_url(request.classname, {'@startwith':next.first, '@pagesize':next.size})" i18n:translate="">next >></a> </th> </tr> </table> </th> </tr> </table> </td> </tal:block>