diff --git a/kallithea/controllers/admin/gists.py b/kallithea/controllers/admin/gists.py --- a/kallithea/controllers/admin/gists.py +++ b/kallithea/controllers/admin/gists.py @@ -67,7 +67,7 @@ class GistsController(BaseController): @LoginRequired() def index(self): - not_default_user = not c.authuser.is_default_user + not_default_user = not request.authuser.is_default_user c.show_private = request.GET.get('private') and not_default_user c.show_public = request.GET.get('public') and not_default_user @@ -78,17 +78,17 @@ class GistsController(BaseController): # MY private if c.show_private and not c.show_public: gists = gists.filter(Gist.gist_type == Gist.GIST_PRIVATE) \ - .filter(Gist.owner_id == c.authuser.user_id) + .filter(Gist.owner_id == request.authuser.user_id) # MY public elif c.show_public and not c.show_private: gists = gists.filter(Gist.gist_type == Gist.GIST_PUBLIC) \ - .filter(Gist.owner_id == c.authuser.user_id) + .filter(Gist.owner_id == request.authuser.user_id) # MY public+private elif c.show_private and c.show_public: gists = gists.filter(or_(Gist.gist_type == Gist.GIST_PUBLIC, Gist.gist_type == Gist.GIST_PRIVATE)) \ - .filter(Gist.owner_id == c.authuser.user_id) + .filter(Gist.owner_id == request.authuser.user_id) # default show ALL public gists if not c.show_public and not c.show_private: @@ -118,7 +118,7 @@ class GistsController(BaseController): gist_type = Gist.GIST_PUBLIC if _public else Gist.GIST_PRIVATE gist = GistModel().create( description=form_result['description'], - owner=c.authuser.user_id, + owner=request.authuser.user_id, gist_mapping=nodes, gist_type=gist_type, lifetime=form_result['lifetime'] @@ -152,7 +152,7 @@ class GistsController(BaseController): @NotAnonymous() def delete(self, gist_id): gist = GistModel().get_gist(gist_id) - owner = gist.owner_id == c.authuser.user_id + owner = gist.owner_id == request.authuser.user_id if h.HasPermissionAny('hg.admin')() or owner: GistModel().delete(gist) Session().commit() diff --git a/kallithea/controllers/admin/my_account.py b/kallithea/controllers/admin/my_account.py --- a/kallithea/controllers/admin/my_account.py +++ b/kallithea/controllers/admin/my_account.py @@ -65,7 +65,7 @@ class MyAccountController(BaseController super(MyAccountController, self).__before__() def __load_data(self): - c.user = User.get(self.authuser.user_id) + c.user = User.get(request.authuser.user_id) if c.user.username == User.DEFAULT_USER: h.flash(_("You can't edit this user since it's" " crucial for entire application"), category='warning') @@ -77,12 +77,12 @@ class MyAccountController(BaseController repos_list = Session().query(Repository) \ .join(UserFollowing) \ .filter(UserFollowing.user_id == - self.authuser.user_id).all() + request.authuser.user_id).all() else: admin = True repos_list = Session().query(Repository) \ .filter(Repository.owner_id == - self.authuser.user_id).all() + request.authuser.user_id).all() repos_data = RepoModel().get_repos_as_dict(repos_list=repos_list, admin=admin) @@ -92,8 +92,7 @@ class MyAccountController(BaseController def my_account(self): c.active = 'profile' self.__load_data() - c.perm_user = AuthUser(user_id=self.authuser.user_id) - c.ip_addr = self.ip_addr + c.perm_user = AuthUser(user_id=request.authuser.user_id) managed_fields = auth_modules.get_managed_fields(c.user) def_user_perms = User.get_default_user().AuthUser.permissions['global'] if 'hg.register.none' in def_user_perms: @@ -105,8 +104,8 @@ class MyAccountController(BaseController update = False if request.POST: _form = UserForm(edit=True, - old_data={'user_id': self.authuser.user_id, - 'email': self.authuser.email})() + old_data={'user_id': request.authuser.user_id, + 'email': request.authuser.email})() form_result = {} try: post_data = dict(request.POST) @@ -118,7 +117,7 @@ class MyAccountController(BaseController 'new_password', 'password_confirmation', ] + managed_fields - UserModel().update(self.authuser.user_id, form_result, + UserModel().update(request.authuser.user_id, form_result, skip_attrs=skip_attrs) h.flash(_('Your account was updated successfully'), category='success') @@ -153,10 +152,10 @@ class MyAccountController(BaseController c.can_change_password = 'password' not in managed_fields if request.POST and c.can_change_password: - _form = PasswordChangeForm(self.authuser.username)() + _form = PasswordChangeForm(request.authuser.username)() try: form_result = _form.to_python(request.POST) - UserModel().update(self.authuser.user_id, form_result) + UserModel().update(request.authuser.user_id, form_result) Session().commit() h.flash(_("Successfully updated password"), category='success') except formencode.Invalid as errors: @@ -192,8 +191,7 @@ class MyAccountController(BaseController def my_account_perms(self): c.active = 'perms' self.__load_data() - c.perm_user = AuthUser(user_id=self.authuser.user_id) - c.ip_addr = self.ip_addr + c.perm_user = AuthUser(user_id=request.authuser.user_id) return render('admin/my_account/my_account.html') @@ -209,7 +207,7 @@ class MyAccountController(BaseController email = request.POST.get('new_email') try: - UserModel().add_extra_email(self.authuser.user_id, email) + UserModel().add_extra_email(request.authuser.user_id, email) Session().commit() h.flash(_("Added email %s to user") % email, category='success') except formencode.Invalid as error: @@ -224,7 +222,7 @@ class MyAccountController(BaseController def my_account_emails_delete(self): email_id = request.POST.get('del_email_id') user_model = UserModel() - user_model.delete_extra_email(self.authuser.user_id, email_id) + user_model.delete_extra_email(request.authuser.user_id, email_id) Session().commit() h.flash(_("Removed email from user"), category='success') raise HTTPFound(location=url('my_account_emails')) @@ -241,14 +239,14 @@ class MyAccountController(BaseController (str(60 * 24 * 30), _('1 month')), ] c.lifetime_options = [(c.lifetime_values, _("Lifetime"))] - c.user_api_keys = ApiKeyModel().get_api_keys(self.authuser.user_id, + c.user_api_keys = ApiKeyModel().get_api_keys(request.authuser.user_id, show_expired=show_expired) return render('admin/my_account/my_account.html') def my_account_api_keys_add(self): lifetime = safe_int(request.POST.get('lifetime'), -1) description = request.POST.get('description') - ApiKeyModel().create(self.authuser.user_id, description, lifetime) + ApiKeyModel().create(request.authuser.user_id, description, lifetime) Session().commit() h.flash(_("API key successfully created"), category='success') raise HTTPFound(location=url('my_account_api_keys')) @@ -256,12 +254,12 @@ class MyAccountController(BaseController def my_account_api_keys_delete(self): api_key = request.POST.get('del_api_key') if request.POST.get('del_api_key_builtin'): - user = User.get(self.authuser.user_id) + user = User.get(request.authuser.user_id) user.api_key = generate_api_key() Session().commit() h.flash(_("API key successfully reset"), category='success') elif api_key: - ApiKeyModel().delete(api_key, self.authuser.user_id) + ApiKeyModel().delete(api_key, request.authuser.user_id) Session().commit() h.flash(_("API key successfully deleted"), category='success') diff --git a/kallithea/controllers/admin/notifications.py b/kallithea/controllers/admin/notifications.py --- a/kallithea/controllers/admin/notifications.py +++ b/kallithea/controllers/admin/notifications.py @@ -58,8 +58,8 @@ class NotificationsController(BaseContro super(NotificationsController, self).__before__() def index(self, format='html'): - c.user = self.authuser - notif = NotificationModel().query_for_user(self.authuser.user_id, + c.user = request.authuser + notif = NotificationModel().query_for_user(request.authuser.user_id, filter_=request.GET.getall('type')) p = safe_int(request.GET.get('page'), 1) @@ -81,11 +81,11 @@ class NotificationsController(BaseContro if request.environ.get('HTTP_X_PARTIAL_XHR'): nm = NotificationModel() # mark all read - nm.mark_all_read_for_user(self.authuser.user_id, + nm.mark_all_read_for_user(request.authuser.user_id, filter_=request.GET.getall('type')) Session().commit() - c.user = self.authuser - notif = nm.query_for_user(self.authuser.user_id, + c.user = request.authuser + notif = nm.query_for_user(request.authuser.user_id, filter_=request.GET.getall('type')) c.notifications = Page(notif, page=1, items_per_page=10) return render('admin/notifications/notifications_data.html') @@ -93,11 +93,11 @@ class NotificationsController(BaseContro def update(self, notification_id): try: no = Notification.get(notification_id) - owner = all(un.user_id == c.authuser.user_id + owner = all(un.user_id == request.authuser.user_id for un in no.notifications_to_users) if h.HasPermissionAny('hg.admin')() or owner: # deletes only notification2user - NotificationModel().mark_read(c.authuser.user_id, no) + NotificationModel().mark_read(request.authuser.user_id, no) Session().commit() return 'ok' except Exception: @@ -108,11 +108,11 @@ class NotificationsController(BaseContro def delete(self, notification_id): try: no = Notification.get(notification_id) - owner = any(un.user_id == c.authuser.user_id + owner = any(un.user_id == request.authuser.user_id for un in no.notifications_to_users) if h.HasPermissionAny('hg.admin')() or owner: # deletes only notification2user - NotificationModel().delete(c.authuser.user_id, no) + NotificationModel().delete(request.authuser.user_id, no) Session().commit() return 'ok' except Exception: @@ -124,7 +124,7 @@ class NotificationsController(BaseContro notification = Notification.get_or_404(notification_id) unotification = NotificationModel() \ - .get_user_notification(self.authuser.user_id, notification) + .get_user_notification(request.authuser.user_id, notification) # if this association to user is not valid, we don't want to show # this message @@ -136,5 +136,5 @@ class NotificationsController(BaseContro Session().commit() c.notification = notification - c.user = self.authuser + c.user = request.authuser return render('admin/notifications/show_notification.html') diff --git a/kallithea/controllers/admin/repo_groups.py b/kallithea/controllers/admin/repo_groups.py --- a/kallithea/controllers/admin/repo_groups.py +++ b/kallithea/controllers/admin/repo_groups.py @@ -100,9 +100,9 @@ class RepoGroupsController(BaseControlle return data def _revoke_perms_on_yourself(self, form_result): - _up = filter(lambda u: c.authuser.username == u[0], + _up = filter(lambda u: request.authuser.username == u[0], form_result['perms_updates']) - _new = filter(lambda u: c.authuser.username == u[0], + _new = filter(lambda u: request.authuser.username == u[0], form_result['perms_new']) if _new and _new[0][1] != 'group.admin' or _up and _up[0][1] != 'group.admin': return True @@ -163,7 +163,7 @@ class RepoGroupsController(BaseControlle group_name=form_result['group_name'], group_description=form_result['group_description'], parent=form_result['parent_group_id'], - owner=self.authuser.user_id, # TODO: make editable + owner=request.authuser.user_id, # TODO: make editable copy_permissions=form_result['group_copy_permissions'] ) Session().commit() @@ -358,7 +358,7 @@ class RepoGroupsController(BaseControlle c.repo_group = RepoGroupModel()._get_repo_group(group_name) valid_recursive_choices = ['none', 'repos', 'groups', 'all'] form_result = RepoGroupPermsForm(valid_recursive_choices)().to_python(request.POST) - if not c.authuser.is_admin: + if not request.authuser.is_admin: if self._revoke_perms_on_yourself(form_result): msg = _('Cannot revoke permission for yourself as admin') h.flash(msg, category='warning') @@ -372,8 +372,8 @@ class RepoGroupsController(BaseControlle form_result['perms_updates'], recursive) #TODO: implement this - #action_logger(self.authuser, 'admin_changed_repo_permissions', - # repo_name, self.ip_addr, self.sa) + #action_logger(request.authuser, 'admin_changed_repo_permissions', + # repo_name, request.ip_addr, self.sa) Session().commit() h.flash(_('Repository group permissions updated'), category='success') raise HTTPFound(location=url('edit_repo_group_perms', group_name=group_name)) @@ -388,8 +388,8 @@ class RepoGroupsController(BaseControlle elif obj_type == 'user_group': obj_id = safe_int(request.POST.get('user_group_id')) - if not c.authuser.is_admin: - if obj_type == 'user' and c.authuser.user_id == obj_id: + if not request.authuser.is_admin: + if obj_type == 'user' and request.authuser.user_id == obj_id: msg = _('Cannot revoke permission for yourself as admin') h.flash(msg, category='warning') raise Exception('revoke admin permission on self') diff --git a/kallithea/controllers/admin/repos.py b/kallithea/controllers/admin/repos.py --- a/kallithea/controllers/admin/repos.py +++ b/kallithea/controllers/admin/repos.py @@ -121,7 +121,7 @@ class ReposController(BaseRepoController # create is done sometimes async on celery, db transaction # management is handled there. - task = RepoModel().create(form_result, self.authuser.user_id) + task = RepoModel().create(form_result, request.authuser.user_id) task_id = task.task_id except formencode.Invalid as errors: log.info(errors) @@ -239,8 +239,8 @@ class ReposController(BaseRepoController h.flash(_('Repository %s updated successfully') % repo_name, category='success') changed_name = repo.repo_name - action_logger(self.authuser, 'admin_updated_repo', - changed_name, self.ip_addr, self.sa) + action_logger(request.authuser, 'admin_updated_repo', + changed_name, request.ip_addr, self.sa) Session().commit() except formencode.Invalid as errors: log.info(errors) @@ -280,8 +280,8 @@ class ReposController(BaseRepoController handle_forks = 'delete' h.flash(_('Deleted %s forks') % _forks, category='success') repo_model.delete(repo, forks=handle_forks) - action_logger(self.authuser, 'admin_deleted_repo', - repo_name, self.ip_addr, self.sa) + action_logger(request.authuser, 'admin_deleted_repo', + repo_name, request.ip_addr, self.sa) ScmModel().mark_for_invalidation(repo_name) h.flash(_('Deleted repository %s') % repo_name, category='success') Session().commit() @@ -332,8 +332,8 @@ class ReposController(BaseRepoController RepoModel()._update_permissions(repo_name, form['perms_new'], form['perms_updates']) #TODO: implement this - #action_logger(self.authuser, 'admin_changed_repo_permissions', - # repo_name, self.ip_addr, self.sa) + #action_logger(request.authuser, 'admin_changed_repo_permissions', + # repo_name, request.ip_addr, self.sa) Session().commit() h.flash(_('Repository permissions updated'), category='success') raise HTTPFound(location=url('edit_repo_perms', repo_name=repo_name)) @@ -354,8 +354,8 @@ class ReposController(BaseRepoController repo=repo_name, group_name=obj_id ) #TODO: implement this - #action_logger(self.authuser, 'admin_revoked_repo_permissions', - # repo_name, self.ip_addr, self.sa) + #action_logger(request.authuser, 'admin_revoked_repo_permissions', + # repo_name, request.ip_addr, self.sa) Session().commit() except Exception: log.error(traceback.format_exc()) @@ -468,7 +468,7 @@ class ReposController(BaseRepoController try: fork_id = request.POST.get('id_fork_of') repo = ScmModel().mark_as_fork(repo_name, fork_id, - self.authuser.username) + request.authuser.username) fork = repo.fork.repo_name if repo.fork else _('Nothing') Session().commit() h.flash(_('Marked repository %s as fork of %s') % (repo_name, fork), @@ -493,7 +493,7 @@ class ReposController(BaseRepoController try: repo = Repository.get_by_repo_name(repo_name) if request.POST.get('set_lock'): - Repository.lock(repo, c.authuser.user_id) + Repository.lock(repo, request.authuser.user_id) h.flash(_('Repository has been locked'), category='success') elif request.POST.get('set_unlock'): Repository.unlock(repo) @@ -514,7 +514,7 @@ class ReposController(BaseRepoController Repository.unlock(repo) h.flash(_('Repository has been unlocked'), category='success') else: - Repository.lock(repo, c.authuser.user_id) + Repository.lock(repo, request.authuser.user_id) h.flash(_('Repository has been locked'), category='success') except Exception as e: @@ -547,7 +547,7 @@ class ReposController(BaseRepoController c.active = 'remote' if request.POST: try: - ScmModel().pull_changes(repo_name, self.authuser.username) + ScmModel().pull_changes(repo_name, request.authuser.username) h.flash(_('Pulled from remote location'), category='success') except Exception as e: log.error(traceback.format_exc()) diff --git a/kallithea/controllers/admin/settings.py b/kallithea/controllers/admin/settings.py --- a/kallithea/controllers/admin/settings.py +++ b/kallithea/controllers/admin/settings.py @@ -168,7 +168,7 @@ class SettingsController(BaseController) filesystem_repos = ScmModel().repo_scan() added, removed = repo2db_mapper(filesystem_repos, rm_obsolete, install_git_hooks=install_git_hooks, - user=c.authuser.username, + user=request.authuser.username, overwrite_git_hooks=overwrite_git_hooks) h.flash(h.literal(_('Repositories successfully rescanned. Added: %s. Removed: %s.') % (', '.join(h.link_to(safe_unicode(repo_name), h.url('summary_home', repo_name=repo_name)) diff --git a/kallithea/controllers/admin/user_groups.py b/kallithea/controllers/admin/user_groups.py --- a/kallithea/controllers/admin/user_groups.py +++ b/kallithea/controllers/admin/user_groups.py @@ -136,13 +136,13 @@ class UserGroupsController(BaseControlle form_result = users_group_form.to_python(dict(request.POST)) ug = UserGroupModel().create(name=form_result['users_group_name'], description=form_result['user_group_description'], - owner=self.authuser.user_id, + owner=request.authuser.user_id, active=form_result['users_group_active']) gr = form_result['users_group_name'] - action_logger(self.authuser, + action_logger(request.authuser, 'admin_created_users_group:%s' % gr, - None, self.ip_addr, self.sa) + None, request.ip_addr, self.sa) h.flash(h.literal(_('Created user group %s') % h.link_to(h.escape(gr), url('edit_users_group', id=ug.users_group_id))), category='success') Session().commit() @@ -181,9 +181,9 @@ class UserGroupsController(BaseControlle form_result = users_group_form.to_python(request.POST) UserGroupModel().update(c.user_group, form_result) gr = form_result['users_group_name'] - action_logger(self.authuser, + action_logger(request.authuser, 'admin_updated_users_group:%s' % gr, - None, self.ip_addr, self.sa) + None, request.ip_addr, self.sa) h.flash(_('Updated user group %s') % gr, category='success') Session().commit() except formencode.Invalid as errors: @@ -285,8 +285,8 @@ class UserGroupsController(BaseControlle h.flash(_('Target group cannot be the same'), category='error') raise HTTPFound(location=url('edit_user_group_perms', id=id)) #TODO: implement this - #action_logger(self.authuser, 'admin_changed_repo_permissions', - # repo_name, self.ip_addr, self.sa) + #action_logger(request.authuser, 'admin_changed_repo_permissions', + # repo_name, request.ip_addr, self.sa) Session().commit() h.flash(_('User group permissions updated'), category='success') raise HTTPFound(location=url('edit_user_group_perms', id=id)) @@ -301,8 +301,8 @@ class UserGroupsController(BaseControlle elif obj_type == 'user_group': obj_id = safe_int(request.POST.get('user_group_id')) - if not c.authuser.is_admin: - if obj_type == 'user' and c.authuser.user_id == obj_id: + if not request.authuser.is_admin: + if obj_type == 'user' and request.authuser.user_id == obj_id: msg = _('Cannot revoke permission for yourself as admin') h.flash(msg, category='warning') raise Exception('revoke admin permission on self') diff --git a/kallithea/controllers/admin/users.py b/kallithea/controllers/admin/users.py --- a/kallithea/controllers/admin/users.py +++ b/kallithea/controllers/admin/users.py @@ -121,8 +121,8 @@ class UsersController(BaseController): try: form_result = user_form.to_python(dict(request.POST)) user = user_model.create(form_result) - action_logger(self.authuser, 'admin_created_user:%s' % user.username, - None, self.ip_addr, self.sa) + action_logger(request.authuser, 'admin_created_user:%s' % user.username, + None, request.ip_addr, self.sa) h.flash(_('Created user %s') % user.username, category='success') Session().commit() @@ -160,8 +160,8 @@ class UsersController(BaseController): user_model.update(id, form_result, skip_attrs=skip_attrs) usr = form_result['username'] - action_logger(self.authuser, 'admin_updated_user:%s' % usr, - None, self.ip_addr, self.sa) + action_logger(request.authuser, 'admin_updated_user:%s' % usr, + None, request.ip_addr, self.sa) h.flash(_('User updated successfully'), category='success') Session().commit() except formencode.Invalid as errors: @@ -210,7 +210,6 @@ class UsersController(BaseController): c.user = user c.active = 'profile' c.perm_user = AuthUser(dbuser=user) - c.ip_addr = self.ip_addr managed_fields = auth_modules.get_managed_fields(user) c.readonly = lambda n: 'readonly' if n in managed_fields else None return render('admin/users/user_edit.html') @@ -229,7 +228,6 @@ class UsersController(BaseController): c.user = self._get_user_or_raise_if_default(id) c.active = 'advanced' c.perm_user = AuthUser(dbuser=c.user) - c.ip_addr = self.ip_addr umodel = UserModel() defaults = c.user.get_dict() @@ -298,7 +296,6 @@ class UsersController(BaseController): c.user = self._get_user_or_raise_if_default(id) c.active = 'perms' c.perm_user = AuthUser(dbuser=c.user) - c.ip_addr = self.ip_addr umodel = UserModel() defaults = c.user.get_dict() diff --git a/kallithea/controllers/api/__init__.py b/kallithea/controllers/api/__init__.py --- a/kallithea/controllers/api/__init__.py +++ b/kallithea/controllers/api/__init__.py @@ -109,7 +109,7 @@ class JSONRPCController(WSGIController): def _handle_request(self, environ, start_response): start = time.time() - ip_addr = self.ip_addr = self._get_ip_addr(environ) + ip_addr = request.ip_addr = self._get_ip_addr(environ) self._req_id = None if 'CONTENT_LENGTH' not in environ: log.debug("No Content-Length") @@ -188,7 +188,7 @@ class JSONRPCController(WSGIController): # this is little trick to inject logged in user for # perms decorators to work they expect the controller class to have # authuser attribute set - self.authuser = request.user = auth_u + request.authuser = request.user = auth_u # This attribute will need to be first param of a method that uses # api_key, which is translated to instance of user at that name diff --git a/kallithea/controllers/api/api.py b/kallithea/controllers/api/api.py --- a/kallithea/controllers/api/api.py +++ b/kallithea/controllers/api/api.py @@ -30,6 +30,8 @@ import traceback import logging from sqlalchemy import or_ +from pylons import request + from kallithea.controllers.api import JSONRPCController, JSONRPCError from kallithea.lib.auth import ( PasswordGenerator, AuthUser, HasPermissionAnyDecorator, @@ -145,7 +147,7 @@ class ApiController(JSONRPCController): """ API Controller - The authenticated user can be found as self.authuser. + The authenticated user can be found as request.authuser. Example function:: @@ -193,7 +195,7 @@ class ApiController(JSONRPCController): try: ScmModel().pull_changes(repo.repo_name, - self.authuser.username) + request.authuser.username) return dict( msg='Pulled from `%s`' % repo.repo_name, repository=repo.repo_name @@ -344,7 +346,7 @@ class ApiController(JSONRPCController): 'repository.write')(repo_name=repo.repo_name): # make sure normal user does not pass someone else userid, # he is not allowed to do that - if not isinstance(userid, Optional) and userid != self.authuser.user_id: + if not isinstance(userid, Optional) and userid != request.authuser.user_id: raise JSONRPCError( 'userid is not the same as your user' ) @@ -352,7 +354,7 @@ class ApiController(JSONRPCController): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) if isinstance(userid, Optional): - userid = self.authuser.user_id + userid = request.authuser.user_id user = get_user_or_error(userid) @@ -431,7 +433,7 @@ class ApiController(JSONRPCController): if not HasPermissionAny('hg.admin')(): # make sure normal user does not pass someone else userid, # he is not allowed to do that - if not isinstance(userid, Optional) and userid != self.authuser.user_id: + if not isinstance(userid, Optional) and userid != request.authuser.user_id: raise JSONRPCError( 'userid is not the same as your user' ) @@ -484,11 +486,11 @@ class ApiController(JSONRPCController): """ if isinstance(userid, Optional): - userid = self.authuser.user_id + userid = request.authuser.user_id user = get_user_or_error(userid) ips = UserIpMap.query().filter(UserIpMap.user == user).all() return dict( - server_ip_addr=self.ip_addr, + server_ip_addr=request.ip_addr, user_ips=ips ) @@ -559,13 +561,13 @@ class ApiController(JSONRPCController): if not HasPermissionAny('hg.admin')(): # make sure normal user does not pass someone else userid, # he is not allowed to do that - if not isinstance(userid, Optional) and userid != self.authuser.user_id: + if not isinstance(userid, Optional) and userid != request.authuser.user_id: raise JSONRPCError( 'userid is not the same as your user' ) if isinstance(userid, Optional): - userid = self.authuser.user_id + userid = request.authuser.user_id user = get_user_or_error(userid) data = user.get_api_data() @@ -896,7 +898,7 @@ class ApiController(JSONRPCController): try: if isinstance(owner, Optional): - owner = self.authuser.user_id + owner = request.authuser.user_id owner = get_user_or_error(owner) active = Optional.extract(active) @@ -1270,7 +1272,7 @@ class ApiController(JSONRPCController): """ result = [] if not HasPermissionAny('hg.admin')(): - repos = RepoModel().get_all_user_repos(user=self.authuser.user_id) + repos = RepoModel().get_all_user_repos(user=request.authuser.user_id) else: repos = Repository.query() @@ -1404,7 +1406,7 @@ class ApiController(JSONRPCController): 'Only Kallithea admin can specify `owner` param' ) if isinstance(owner, Optional): - owner = self.authuser.user_id + owner = request.authuser.user_id owner = get_user_or_error(owner) @@ -1603,7 +1605,7 @@ class ApiController(JSONRPCController): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) if isinstance(owner, Optional): - owner = self.authuser.user_id + owner = request.authuser.user_id owner = get_user_or_error(owner) @@ -1996,7 +1998,7 @@ class ApiController(JSONRPCController): raise JSONRPCError("repo group `%s` already exist" % (group_name,)) if isinstance(owner, Optional): - owner = self.authuser.user_id + owner = request.authuser.user_id group_description = Optional.extract(description) parent_group = Optional.extract(parent) if not isinstance(parent, Optional): @@ -2380,7 +2382,7 @@ class ApiController(JSONRPCController): """ gist = get_gist_or_error(gistid) if not HasPermissionAny('hg.admin')(): - if gist.owner_id != self.authuser.user_id: + if gist.owner_id != request.authuser.user_id: raise JSONRPCError('gist `%s` does not exist' % (gistid,)) return gist.get_api_data() @@ -2395,13 +2397,13 @@ class ApiController(JSONRPCController): if not HasPermissionAny('hg.admin')(): # make sure normal user does not pass someone else userid, # he is not allowed to do that - if not isinstance(userid, Optional) and userid != self.authuser.user_id: + if not isinstance(userid, Optional) and userid != request.authuser.user_id: raise JSONRPCError( 'userid is not the same as your user' ) if isinstance(userid, Optional): - user_id = self.authuser.user_id + user_id = request.authuser.user_id else: user_id = get_user_or_error(userid).user_id @@ -2454,7 +2456,7 @@ class ApiController(JSONRPCController): """ try: if isinstance(owner, Optional): - owner = self.authuser.user_id + owner = request.authuser.user_id owner = get_user_or_error(owner) description = Optional.extract(description) @@ -2509,7 +2511,7 @@ class ApiController(JSONRPCController): """ gist = get_gist_or_error(gistid) if not HasPermissionAny('hg.admin')(): - if gist.owner_id != self.authuser.user_id: + if gist.owner_id != request.authuser.user_id: raise JSONRPCError('gist `%s` does not exist' % (gistid,)) try: diff --git a/kallithea/controllers/changeset.py b/kallithea/controllers/changeset.py --- a/kallithea/controllers/changeset.py +++ b/kallithea/controllers/changeset.py @@ -179,7 +179,7 @@ def create_comment(text, status, f_path, comment = ChangesetCommentsModel().create( text=text, repo=c.db_repo.repo_id, - author=c.authuser.user_id, + author=request.authuser.user_id, revision=revision, pull_request=pull_request_id, f_path=f_path, @@ -387,7 +387,7 @@ class ChangesetController(BaseRepoContro ChangesetStatusModel().set_status( c.db_repo.repo_id, status, - c.authuser.user_id, + request.authuser.user_id, c.comment, revision=revision, dont_allow_on_closed_pull_request=True, @@ -396,9 +396,9 @@ class ChangesetController(BaseRepoContro log.debug('cannot change status on %s with closed pull request', revision) raise HTTPBadRequest() - action_logger(self.authuser, + action_logger(request.authuser, 'user_commented_revision:%s' % revision, - c.db_repo, self.ip_addr, self.sa) + c.db_repo, request.ip_addr, self.sa) Session().commit() @@ -421,7 +421,7 @@ class ChangesetController(BaseRepoContro co = ChangesetComment.get_or_404(comment_id) if co.repo.repo_name != repo_name: raise HTTPNotFound() - owner = co.author_id == c.authuser.user_id + owner = co.author_id == request.authuser.user_id repo_admin = h.HasRepoPermissionAny('repository.admin')(repo_name) if h.HasPermissionAny('hg.admin')() or repo_admin or owner: ChangesetCommentsModel().delete(comment=co) diff --git a/kallithea/controllers/files.py b/kallithea/controllers/files.py --- a/kallithea/controllers/files.py +++ b/kallithea/controllers/files.py @@ -327,7 +327,7 @@ class FilesController(BaseRepoController c.default_message = _('Deleted file %s via Kallithea') % (f_path) c.f_path = f_path node_path = f_path - author = self.authuser.full_contact + author = request.authuser.full_contact if r_post: message = r_post.get('message') or c.default_message @@ -339,7 +339,7 @@ class FilesController(BaseRepoController } } self.scm_model.delete_nodes( - user=c.authuser.user_id, repo=c.db_repo, + user=request.authuser.user_id, repo=c.db_repo, message=message, nodes=nodes, parent_cs=c.cs, @@ -400,7 +400,7 @@ class FilesController(BaseRepoController content = convert_line_endings(r_post.get('content', ''), mode) message = r_post.get('message') or c.default_message - author = self.authuser.full_contact + author = request.authuser.full_contact if content == old_content: h.flash(_('No changes'), category='warning') @@ -409,7 +409,7 @@ class FilesController(BaseRepoController try: self.scm_model.commit_change(repo=c.db_repo_scm_instance, repo_name=repo_name, cs=c.cs, - user=self.authuser.user_id, + user=request.authuser.user_id, author=author, message=message, content=content, f_path=f_path) h.flash(_('Successfully committed to %s') % f_path, @@ -470,7 +470,7 @@ class FilesController(BaseRepoController #strip all crap out of file, just leave the basename filename = os.path.basename(filename) node_path = posixpath.join(location, filename) - author = self.authuser.full_contact + author = request.authuser.full_contact try: nodes = { @@ -479,7 +479,7 @@ class FilesController(BaseRepoController } } self.scm_model.create_nodes( - user=c.authuser.user_id, repo=c.db_repo, + user=request.authuser.user_id, repo=c.db_repo, message=message, nodes=nodes, parent_cs=c.cs, @@ -582,9 +582,9 @@ class FilesController(BaseRepoController log.debug('Destroying temp archive %s', archive_path) os.remove(archive_path) - action_logger(user=c.authuser, + action_logger(user=request.authuser, action='user_downloaded_archive:%s' % (archive_name), - repo=repo_name, ipaddr=self.ip_addr, commit=True) + repo=repo_name, ipaddr=request.ip_addr, commit=True) response.content_disposition = str('attachment; filename=%s' % (archive_name)) response.content_type = str(content_type) diff --git a/kallithea/controllers/forks.py b/kallithea/controllers/forks.py --- a/kallithea/controllers/forks.py +++ b/kallithea/controllers/forks.py @@ -168,7 +168,7 @@ class ForksController(BaseRepoController # create fork is done sometimes async on celery, db transaction # management is handled there. - task = RepoModel().create_fork(form_result, self.authuser.user_id) + task = RepoModel().create_fork(form_result, request.authuser.user_id) task_id = task.task_id except formencode.Invalid as errors: return htmlfill.render( diff --git a/kallithea/controllers/journal.py b/kallithea/controllers/journal.py --- a/kallithea/controllers/journal.py +++ b/kallithea/controllers/journal.py @@ -196,9 +196,9 @@ class JournalController(BaseController): def index(self): # Return a rendered template p = safe_int(request.GET.get('page'), 1) - c.user = User.get(self.authuser.user_id) + c.user = User.get(request.authuser.user_id) c.following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() @@ -214,7 +214,7 @@ class JournalController(BaseController): return render('journal/journal_data.html') repos_list = Repository.query(sorted=True) \ - .filter_by(owner_id=self.authuser.user_id).all() + .filter_by(owner_id=request.authuser.user_id).all() repos_data = RepoModel().get_repos_as_dict(repos_list=repos_list, admin=True) @@ -230,7 +230,7 @@ class JournalController(BaseController): Produce an atom-1.0 feed via feedgenerator module """ following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() return self._atom_feed(following, public=False) @@ -242,7 +242,7 @@ class JournalController(BaseController): Produce an rss feed via feedgenerator module """ following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() return self._rss_feed(following, public=False) @@ -254,7 +254,7 @@ class JournalController(BaseController): if user_id: try: self.scm_model.toggle_following_user(user_id, - self.authuser.user_id) + request.authuser.user_id) Session.commit() return 'ok' except Exception: @@ -265,7 +265,7 @@ class JournalController(BaseController): if repo_id: try: self.scm_model.toggle_following_repo(repo_id, - self.authuser.user_id) + request.authuser.user_id) Session.commit() return 'ok' except Exception: @@ -280,7 +280,7 @@ class JournalController(BaseController): p = safe_int(request.GET.get('page'), 1) c.following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() @@ -301,7 +301,7 @@ class JournalController(BaseController): Produce an atom-1.0 feed via feedgenerator module """ c.following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() @@ -313,7 +313,7 @@ class JournalController(BaseController): Produce an rss2 feed via feedgenerator module """ c.following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() diff --git a/kallithea/controllers/login.py b/kallithea/controllers/login.py --- a/kallithea/controllers/login.py +++ b/kallithea/controllers/login.py @@ -79,10 +79,10 @@ class LoginController(BaseController): else: c.came_from = url('home') - ip_allowed = AuthUser.check_ip_allowed(self.authuser, self.ip_addr) + ip_allowed = AuthUser.check_ip_allowed(request.authuser, request.ip_addr) # redirect if already logged in - if self.authuser.is_authenticated and ip_allowed: + if request.authuser.is_authenticated and ip_allowed: raise HTTPFound(location=c.came_from) if request.POST: @@ -139,7 +139,7 @@ class LoginController(BaseController): response = submit(request.POST.get('recaptcha_challenge_field'), request.POST.get('recaptcha_response_field'), private_key=captcha_private_key, - remoteip=self.ip_addr) + remoteip=request.ip_addr) if c.captcha_active and not response.is_valid: _value = form_result _msg = _('Bad captcha') @@ -185,7 +185,7 @@ class LoginController(BaseController): response = submit(request.POST.get('recaptcha_challenge_field'), request.POST.get('recaptcha_response_field'), private_key=captcha_private_key, - remoteip=self.ip_addr) + remoteip=request.ip_addr) if c.captcha_active and not response.is_valid: _value = form_result _msg = _('Bad captcha') diff --git a/kallithea/controllers/pullrequests.py b/kallithea/controllers/pullrequests.py --- a/kallithea/controllers/pullrequests.py +++ b/kallithea/controllers/pullrequests.py @@ -181,13 +181,13 @@ class PullrequestsController(BaseRepoCon if pull_request.is_closed(): return False - owner = self.authuser.user_id == pull_request.owner_id + owner = request.authuser.user_id == pull_request.owner_id reviewer = PullRequestReviewer.query() \ .filter(PullRequestReviewer.pull_request == pull_request) \ - .filter(PullRequestReviewer.user_id == self.authuser.user_id) \ + .filter(PullRequestReviewer.user_id == request.authuser.user_id) \ .count() != 0 - return self.authuser.admin or owner or reviewer + return request.authuser.admin or owner or reviewer @LoginRequired() @HasRepoPermissionAnyDecorator('repository.read', 'repository.write', @@ -216,17 +216,17 @@ class PullrequestsController(BaseRepoCon c.my_pull_requests = PullRequest.query( include_closed=c.closed, sorted=True, - ).filter_by(owner_id=self.authuser.user_id).all() + ).filter_by(owner_id=request.authuser.user_id).all() c.participate_in_pull_requests = [] c.participate_in_pull_requests_todo = [] done_status = set([ChangesetStatus.STATUS_APPROVED, ChangesetStatus.STATUS_REJECTED]) for pr in PullRequest.query( include_closed=c.closed, - reviewer_id=self.authuser.user_id, + reviewer_id=request.authuser.user_id, sorted=True, ): - status = pr.user_review_status(c.authuser.user_id) # very inefficient!!! + status = pr.user_review_status(request.authuser.user_id) # very inefficient!!! if status in done_status: c.participate_in_pull_requests.append(pr) else: @@ -380,7 +380,7 @@ class PullrequestsController(BaseRepoCon other_repo_name, h.short_ref(other_ref_type, other_ref_name)) description = _form['pullrequest_desc'].strip() or _('No description') try: - created_by = User.get(self.authuser.user_id) + created_by = User.get(request.authuser.user_id) pull_request = PullRequestModel().create( created_by, org_repo, org_ref, other_repo, other_ref, revisions, title, description, reviewer_ids) @@ -482,7 +482,7 @@ class PullrequestsController(BaseRepoCon description += '\n\n' + descriptions[1].strip() try: - created_by = User.get(self.authuser.user_id) + created_by = User.get(request.authuser.user_id) pull_request = PullRequestModel().create( created_by, org_repo, new_org_ref, other_repo, new_other_ref, revisions, title, description, reviewer_ids) @@ -498,7 +498,7 @@ class PullrequestsController(BaseRepoCon ChangesetCommentsModel().create( text=_('Closed, next iteration: %s .') % pull_request.url(canonical=True), repo=old_pull_request.other_repo_id, - author=c.authuser.user_id, + author=request.authuser.user_id, pull_request=old_pull_request.pull_request_id, closing_pr=True) PullRequestModel().close_pull_request(old_pull_request.pull_request_id) @@ -520,7 +520,7 @@ class PullrequestsController(BaseRepoCon raise HTTPForbidden() assert pull_request.other_repo.repo_name == repo_name #only owner or admin can update it - owner = pull_request.owner_id == c.authuser.user_id + owner = pull_request.owner_id == request.authuser.user_id repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name) if not (h.HasPermissionAny('hg.admin')() or repo_admin or owner): raise HTTPForbidden() @@ -552,7 +552,7 @@ class PullrequestsController(BaseRepoCon pull_request.title = _form['pullrequest_title'] pull_request.description = _form['pullrequest_desc'].strip() or _('No description') pull_request.owner = User.get_by_username(_form['owner']) - user = User.get(c.authuser.user_id) + user = User.get(request.authuser.user_id) add_reviewer_ids = reviewer_ids - org_reviewer_ids - current_reviewer_ids remove_reviewer_ids = (org_reviewer_ids - reviewer_ids) & current_reviewer_ids try: @@ -576,7 +576,7 @@ class PullrequestsController(BaseRepoCon def delete(self, repo_name, pull_request_id): pull_request = PullRequest.get_or_404(pull_request_id) #only owner can delete it ! - if pull_request.owner_id == c.authuser.user_id: + if pull_request.owner_id == request.authuser.user_id: PullRequestModel().delete(pull_request) Session().commit() h.flash(_('Successfully deleted pull request'), @@ -798,7 +798,7 @@ class PullrequestsController(BaseRepoCon raise HTTPForbidden() if delete == "delete": - if (pull_request.owner_id == c.authuser.user_id or + if (pull_request.owner_id == request.authuser.user_id or h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionAny('repository.admin')(pull_request.org_repo.repo_name) or h.HasRepoPermissionAny('repository.admin')(pull_request.other_repo.repo_name) @@ -824,24 +824,24 @@ class PullrequestsController(BaseRepoCon closing_pr=close_pr, ) - action_logger(self.authuser, + action_logger(request.authuser, 'user_commented_pull_request:%s' % pull_request_id, - c.db_repo, self.ip_addr, self.sa) + c.db_repo, request.ip_addr, self.sa) if status: ChangesetStatusModel().set_status( c.db_repo.repo_id, status, - c.authuser.user_id, + request.authuser.user_id, comment, pull_request=pull_request_id ) if close_pr: PullRequestModel().close_pull_request(pull_request_id) - action_logger(self.authuser, + action_logger(request.authuser, 'user_closed_pull_request:%s' % pull_request_id, - c.db_repo, self.ip_addr, self.sa) + c.db_repo, request.ip_addr, self.sa) Session().commit() @@ -870,7 +870,7 @@ class PullrequestsController(BaseRepoCon #don't allow deleting comments on closed pull request raise HTTPForbidden() - owner = co.author_id == c.authuser.user_id + owner = co.author_id == request.authuser.user_id repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name) if h.HasPermissionAny('hg.admin')() or repo_admin or owner: ChangesetCommentsModel().delete(comment=co) diff --git a/kallithea/controllers/summary.py b/kallithea/controllers/summary.py --- a/kallithea/controllers/summary.py +++ b/kallithea/controllers/summary.py @@ -112,10 +112,10 @@ class SummaryController(BaseRepoControll def index(self, repo_name): _load_changelog_summary() - if self.authuser.is_default_user: + if request.authuser.is_default_user: username = '' else: - username = safe_str(self.authuser.username) + username = safe_str(request.authuser.username) _def_clone_uri = _def_clone_uri_by_id = c.clone_uri_tmpl if '{repo}' in _def_clone_uri: diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py --- a/kallithea/lib/auth.py +++ b/kallithea/lib/auth.py @@ -732,12 +732,12 @@ class LoginRequired(object): def __wrapper(self, func, *fargs, **fkwargs): controller = fargs[0] - user = controller.authuser + user = request.authuser loc = "%s:%s" % (controller.__class__.__name__, func.__name__) log.debug('Checking access for user %s @ %s', user, loc) - if not AuthUser.check_ip_allowed(user, controller.ip_addr): - raise _redirect_to_login(_('IP %s not allowed') % controller.ip_addr) + if not AuthUser.check_ip_allowed(user, request.ip_addr): + raise _redirect_to_login(_('IP %s not allowed') % request.ip_addr) # Check if we used an API key to authenticate. api_key = user.authenticating_api_key @@ -782,7 +782,7 @@ class NotAnonymous(object): def __wrapper(self, func, *fargs, **fkwargs): cls = fargs[0] - self.user = cls.authuser + self.user = request.authuser log.debug('Checking if user is not anonymous @%s', cls) @@ -805,7 +805,7 @@ class PermsDecorator(object): def __wrapper(self, func, *fargs, **fkwargs): cls = fargs[0] - self.user = cls.authuser + self.user = request.authuser self.user_perms = self.user.permissions log.debug('checking %s permissions %s for %s %s', self.__class__.__name__, self.required_perms, cls, self.user) diff --git a/kallithea/lib/base.py b/kallithea/lib/base.py --- a/kallithea/lib/base.py +++ b/kallithea/lib/base.py @@ -188,7 +188,6 @@ class BaseVCSController(object): # authenticate this VCS request using the authentication modules self.authenticate = BasicAuth('', auth_modules.authenticate, config.get('auth_ret_code')) - self.ip_addr = '0.0.0.0' def _handle_request(self, environ, start_response): raise NotImplementedError() @@ -358,11 +357,11 @@ class BaseController(WSGIController): c.repo_name = get_repo_slug(request) # can be empty c.backends = BACKENDS.keys() c.unread_notifications = NotificationModel() \ - .get_unread_cnt_for_user(c.authuser.user_id) + .get_unread_cnt_for_user(request.authuser.user_id) self.cut_off_limit = safe_int(config.get('cut_off_limit')) - c.my_pr_count = PullRequest.query(reviewer_id=c.authuser.user_id, include_closed=False).count() + c.my_pr_count = PullRequest.query(reviewer_id=request.authuser.user_id, include_closed=False).count() self.sa = meta.Session self.scm_model = ScmModel(self.sa) @@ -460,7 +459,7 @@ class BaseController(WSGIController): # the request is routed to. This routing information is # available in environ['pylons.routes_dict'] try: - self.ip_addr = _get_ip_addr(environ) + request.ip_addr = _get_ip_addr(environ) # make sure that we update permissions each time we call controller self._basic_security_checks() @@ -477,14 +476,14 @@ class BaseController(WSGIController): if type.lower() == 'bearer': bearer_token = params - self.authuser = c.authuser = request.user = self._determine_auth_user( + request.authuser = request.user = self._determine_auth_user( request.GET.get('api_key'), bearer_token, session.get('authuser'), ) log.info('IP: %s User: %s accessed %s', - self.ip_addr, self.authuser, + request.ip_addr, request.authuser, safe_unicode(_get_access_path(environ)), ) return WSGIController.__call__(self, environ, start_response) @@ -542,7 +541,7 @@ class BaseRepoController(BaseController) c.repository_forks = self.scm_model.get_forks(dbr) c.repository_pull_requests = self.scm_model.get_pull_requests(dbr) c.repository_following = self.scm_model.is_following_repo( - c.repo_name, self.authuser.user_id) + c.repo_name, request.authuser.user_id) @staticmethod def _get_ref_rev(repo, ref_type, ref_name, returnempty=False): diff --git a/kallithea/model/repo.py b/kallithea/model/repo.py --- a/kallithea/model/repo.py +++ b/kallithea/model/repo.py @@ -166,14 +166,14 @@ class RepoModel(BaseModel): @classmethod def _render_datatable(cls, tmpl, *args, **kwargs): import kallithea - from pylons import tmpl_context as c + from pylons import tmpl_context as c, request from pylons.i18n.translation import _ _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup template = _tmpl_lookup.get_template('data_table/_dt_elements.html') tmpl = template.get_def(tmpl) - kwargs.update(dict(_=_, h=h, c=c)) + kwargs.update(dict(_=_, h=h, c=c, request=request)) return tmpl.render(*args, **kwargs) def get_repos_as_dict(self, repos_list=None, admin=False, perm_check=True, diff --git a/kallithea/templates/admin/gists/edit.html b/kallithea/templates/admin/gists/edit.html --- a/kallithea/templates/admin/gists/edit.html +++ b/kallithea/templates/admin/gists/edit.html @@ -45,7 +45,7 @@
${h.form(h.url('edit_gist', gist_id=c.gist.gist_access_id), method='post', id='eform')}
- ${h.gravatar_div(c.authuser.email, size=32)} + ${h.gravatar_div(request.authuser.email, size=32)}
- %if h.HasPermissionAny('hg.admin')() or c.gist.owner_id == c.authuser.user_id: + %if h.HasPermissionAny('hg.admin')() or c.gist.owner_id == request.authuser.user_id:
${h.form(url('gist_delete', gist_id=c.gist.gist_id))} ${h.submit('remove_gist', _('Delete'),class_="btn btn-danger btn-xs",onclick="return confirm('"+_('Confirm to delete this Gist')+"');")} @@ -58,7 +58,7 @@ %endif
## only owner should see that - %if h.HasPermissionAny('hg.admin')() or c.gist.owner_id == c.authuser.user_id: + %if h.HasPermissionAny('hg.admin')() or c.gist.owner_id == request.authuser.user_id: ${h.link_to(_('Edit'),h.url('edit_gist', gist_id=c.gist.gist_access_id),class_="btn btn-default btn-xs")} %endif ${h.link_to(_('Show as Raw'),h.url('formatted_gist', gist_id=c.gist.gist_access_id, format='raw'),class_="btn btn-default btn-xs")} diff --git a/kallithea/templates/admin/my_account/my_account.html b/kallithea/templates/admin/my_account/my_account.html --- a/kallithea/templates/admin/my_account/my_account.html +++ b/kallithea/templates/admin/my_account/my_account.html @@ -2,7 +2,7 @@ <%inherit file="/base/base.html"/> <%block name="title"> - ${_('My Account')} ${c.authuser.username} + ${_('My Account')} ${request.authuser.username} <%def name="breadcrumbs_links()"> diff --git a/kallithea/templates/admin/my_account/my_account_profile.html b/kallithea/templates/admin/my_account/my_account_profile.html --- a/kallithea/templates/admin/my_account/my_account_profile.html +++ b/kallithea/templates/admin/my_account/my_account_profile.html @@ -11,7 +11,7 @@ ${h.form(url('my_account'), method='post %else: ${_('Avatars are disabled')}
${c.user.email or _('Missing email, please update your user email address.')} - [${_('Current IP')}: ${c.ip_addr}] + [${_('Current IP')}: ${request.ip_addr}] %endif

diff --git a/kallithea/templates/admin/notifications/notifications.html b/kallithea/templates/admin/notifications/notifications.html --- a/kallithea/templates/admin/notifications/notifications.html +++ b/kallithea/templates/admin/notifications/notifications.html @@ -2,7 +2,7 @@ <%inherit file="/base/base.html"/> <%block name="title"> - ${_('My Notifications')} ${c.authuser.username} + ${_('My Notifications')} ${request.authuser.username} <%def name="breadcrumbs_links()"> diff --git a/kallithea/templates/admin/notifications/show_notification.html b/kallithea/templates/admin/notifications/show_notification.html --- a/kallithea/templates/admin/notifications/show_notification.html +++ b/kallithea/templates/admin/notifications/show_notification.html @@ -2,7 +2,7 @@ <%inherit file="/base/base.html"/> <%block name="title"> - ${_('Show Notification')} ${c.authuser.username} + ${_('Show Notification')} ${request.authuser.username} <%def name="breadcrumbs_links()"> diff --git a/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html b/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html --- a/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html +++ b/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html @@ -15,7 +15,7 @@ ${h.form(url('edit_repo_group_perms', gr %for r2p in c.repo_group.repo_group_to_perm: ##forbid revoking permission from yourself, except if you're an super admin - %if c.authuser.user_id != r2p.user.user_id or c.authuser.is_admin: + %if request.authuser.user_id != r2p.user.user_id or request.authuser.is_admin: ${h.radio('u_perm_%s' % r2p.user.username,'group.none')} ${h.radio('u_perm_%s' % r2p.user.username,'group.read')} ${h.radio('u_perm_%s' % r2p.user.username,'group.write')} diff --git a/kallithea/templates/admin/repos/repo_add.html b/kallithea/templates/admin/repos/repo_add.html --- a/kallithea/templates/admin/repos/repo_add.html +++ b/kallithea/templates/admin/repos/repo_add.html @@ -6,7 +6,7 @@ <%def name="breadcrumbs_links()"> - %if c.authuser.is_admin: + %if request.authuser.is_admin: ${h.link_to(_('Admin'),h.url('admin_home'))} » ${h.link_to(_('Repositories'),h.url('repos'))} diff --git a/kallithea/templates/admin/user_groups/user_group_edit_perms.html b/kallithea/templates/admin/user_groups/user_group_edit_perms.html --- a/kallithea/templates/admin/user_groups/user_group_edit_perms.html +++ b/kallithea/templates/admin/user_groups/user_group_edit_perms.html @@ -15,7 +15,7 @@ ${h.form(url('edit_user_group_perms_upda %for r2p in c.user_group.user_user_group_to_perm: ##forbid revoking permission from yourself, except if you're an super admin - %if c.authuser.user_id != r2p.user.user_id or c.authuser.is_admin: + %if request.authuser.user_id != r2p.user.user_id or request.authuser.is_admin: ${h.radio('u_perm_%s' % r2p.user.username,'usergroup.none')} ${h.radio('u_perm_%s' % r2p.user.username,'usergroup.read')} ${h.radio('u_perm_%s' % r2p.user.username,'usergroup.write')} diff --git a/kallithea/templates/admin/users/user_edit_profile.html b/kallithea/templates/admin/users/user_edit_profile.html --- a/kallithea/templates/admin/users/user_edit_profile.html +++ b/kallithea/templates/admin/users/user_edit_profile.html @@ -11,8 +11,8 @@ ${h.form(url('update_user', id=c.user.us ${_('Avatars are disabled')}
${c.user.email or _('Missing email, please update this user email address.')} ##show current ip just if we show ourself - %if c.authuser.username == c.user.username: - [${_('Current IP')}: ${c.ip_addr}] + %if request.authuser.username == c.user.username: + [${_('Current IP')}: ${request.ip_addr}] %endif %endif
diff --git a/kallithea/templates/base/base.html b/kallithea/templates/base/base.html --- a/kallithea/templates/base/base.html +++ b/kallithea/templates/base/base.html @@ -153,7 +153,7 @@ %endif ## TODO: this check feels wrong, it would be better to have a check for permissions ## also it feels like a job for the controller - %if c.authuser.username != 'default': + %if request.authuser.username != 'default':
  • ${_('Follow')} @@ -283,7 +283,7 @@
    • ##ROOT MENU - %if c.authuser.username != 'default': + %if request.authuser.username != 'default':
  • ${_('Journal')} @@ -303,7 +303,7 @@