summaryrefslogtreecommitdiffstats
path: root/app/views/sudo_mode
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2015-06-19 18:41:10 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2015-06-19 18:41:10 +0000
commitd6f389658b9e83d7a5d74c57fc46a203a5a88591 (patch)
tree534fd5f3520833e1c1c2bb2105971ce86008b991 /app/views/sudo_mode
parent3811ff5d95bd848f457c9d29a162ce83f12fe3ac (diff)
downloadredmine-d6f389658b9e83d7a5d74c57fc46a203a5a88591.tar.gz
redmine-d6f389658b9e83d7a5d74c57fc46a203a5a88591.zip
Require password re-entry for sensitive actions (#19851).
Patch by Jens Krämer. git-svn-id: http://svn.redmine.org/redmine/trunk@14333 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/views/sudo_mode')
-rw-r--r--app/views/sudo_mode/_new_modal.html.erb19
-rw-r--r--app/views/sudo_mode/new.html.erb17
-rw-r--r--app/views/sudo_mode/new.js.erb4
3 files changed, 40 insertions, 0 deletions
diff --git a/app/views/sudo_mode/_new_modal.html.erb b/app/views/sudo_mode/_new_modal.html.erb
new file mode 100644
index 000000000..f63c1a427
--- /dev/null
+++ b/app/views/sudo_mode/_new_modal.html.erb
@@ -0,0 +1,19 @@
+<h3 class="title"><%= l(:label_password_required) %></h3>
+<%= form_tag({}, remote: true) do %>
+
+ <%= hidden_field_tag '_method', request.request_method %>
+ <%= hash_to_hidden_fields @sudo_form.original_fields %>
+ <%= render_flash_messages %>
+ <div class="box tabular">
+ <p>
+ <label for="sudo_password"><%= l :field_password %><span class="required">*</span></label>
+ <%= password_field_tag :sudo_password, nil, size: 25 %>
+ </p>
+ </div>
+
+ <p class="buttons">
+ <%= submit_tag l(:button_confirm_password), onclick: "hideModal(this);" %>
+ <%= submit_tag l(:button_cancel), name: nil, onclick: "hideModal(this);", type: 'button' %>
+ </p>
+<% end %>
+
diff --git a/app/views/sudo_mode/new.html.erb b/app/views/sudo_mode/new.html.erb
new file mode 100644
index 000000000..d92e47d47
--- /dev/null
+++ b/app/views/sudo_mode/new.html.erb
@@ -0,0 +1,17 @@
+<h2><%= l :label_password_required %></h2>
+<%= form_tag({}, class: 'tabular') do %>
+
+ <%= hidden_field_tag '_method', request.request_method %>
+ <%= hash_to_hidden_fields @sudo_form.original_fields %>
+
+ <div class="box">
+ <p>
+ <label for="sudo_password"><%= l :field_password %><span class="required">*</span></label>
+ <%= password_field_tag :sudo_password, nil, size: 25 %>
+ </p>
+ </div>
+ <%= submit_tag l(:button_confirm_password) %>
+<% end %>
+<%= javascript_tag "$('#sudo_password').focus();" %>
+
+
diff --git a/app/views/sudo_mode/new.js.erb b/app/views/sudo_mode/new.js.erb
new file mode 100644
index 000000000..34510fa54
--- /dev/null
+++ b/app/views/sudo_mode/new.js.erb
@@ -0,0 +1,4 @@
+$('#ajax-modal').html('<%= escape_javascript render partial: 'sudo_mode/new_modal' %>');
+showModal('ajax-modal', '400px');
+$('#sudo_password').focus();
+