diff --git a/kallithea/controllers/admin/repo_groups.py b/kallithea/controllers/admin/repo_groups.py --- a/kallithea/controllers/admin/repo_groups.py +++ b/kallithea/controllers/admin/repo_groups.py @@ -58,7 +58,6 @@ log = logging.getLogger(__name__) class RepoGroupsController(BaseController): - """REST Controller styled on the Atom Publishing Protocol""" @LoginRequired() def __before__(self): diff --git a/kallithea/controllers/admin/repos.py b/kallithea/controllers/admin/repos.py --- a/kallithea/controllers/admin/repos.py +++ b/kallithea/controllers/admin/repos.py @@ -37,7 +37,7 @@ from sqlalchemy.sql.expression import fu from kallithea.lib import helpers as h from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator, \ - HasRepoPermissionAllDecorator, NotAnonymous,HasPermissionAny, \ + HasRepoPermissionAllDecorator, NotAnonymous, HasPermissionAny, \ HasRepoGroupPermissionAny, HasRepoPermissionAnyDecorator from kallithea.lib.base import BaseRepoController, render from kallithea.lib.utils import action_logger, repo_name_slug, jsonify @@ -137,7 +137,7 @@ class ReposController(BaseRepoController form_result = {} task_id = None try: - # CanWriteToGroup validators checks permissions of this POST + # CanWriteGroup validators checks permissions of this POST form_result = RepoForm(repo_groups=c.repo_groups_choices, landing_revs=c.landing_revs_choices)()\ .to_python(dict(request.POST)) @@ -149,6 +149,7 @@ class ReposController(BaseRepoController if isinstance(task, BaseAsyncResult): task_id = task.task_id except formencode.Invalid, errors: + log.info(errors) return htmlfill.render( render('admin/repos/repo_add.html'), defaults=errors.value, @@ -290,6 +291,7 @@ class ReposController(BaseRepoController changed_name, self.ip_addr, self.sa) Session().commit() except formencode.Invalid, errors: + log.info(errors) defaults = self.__load_data(repo_name) defaults.update(errors.value) c.users_array = repo_model.get_users_js() diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py --- a/kallithea/lib/auth.py +++ b/kallithea/lib/auth.py @@ -178,8 +178,8 @@ def _cached_perms_data(user_id, user_is_ if user_is_admin: #================================================================== - # admin user have all default rights for repositories - # and groups set to admin + # admin users have all rights; + # based on default permissions, just set everything to admin #================================================================== permissions[GLOBAL].add('hg.admin') permissions[GLOBAL].add('hg.create.write_on_repogroup.true') @@ -206,7 +206,6 @@ def _cached_perms_data(user_id, user_is_ #================================================================== # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS #================================================================== - uid = user_id # default global permissions taken from the default user default_global_perms = UserToPerm.query()\ @@ -219,10 +218,10 @@ def _cached_perms_data(user_id, user_is_ # defaults for repositories, taken from default user for perm in default_repo_perms: r_k = perm.UserRepoToPerm.repository.repo_name - if perm.Repository.private and not (perm.Repository.user_id == uid): + if perm.Repository.private and not (perm.Repository.user_id == user_id): # disable defaults for private repos, p = 'repository.none' - elif perm.Repository.user_id == uid: + elif perm.Repository.user_id == user_id: # set admin if owner p = 'repository.admin' else: @@ -260,7 +259,7 @@ def _cached_perms_data(user_id, user_is_ .options(joinedload(UserGroupToPerm.permission))\ .join((UserGroupMember, UserGroupToPerm.users_group_id == UserGroupMember.users_group_id))\ - .filter(UserGroupMember.user_id == uid)\ + .filter(UserGroupMember.user_id == user_id)\ .join((UserGroup, UserGroupMember.users_group_id == UserGroup.users_group_id))\ .filter(UserGroup.users_group_active == True)\ @@ -286,7 +285,7 @@ def _cached_perms_data(user_id, user_is_ # user specific global permissions user_perms = Session().query(UserToPerm)\ .options(joinedload(UserToPerm.permission))\ - .filter(UserToPerm.user_id == uid).all() + .filter(UserToPerm.user_id == user_id).all() if not user_inherit_default_permissions: # NEED TO IGNORE all configurable permissions and @@ -319,7 +318,7 @@ def _cached_perms_data(user_id, user_is_ .filter(UserGroup.users_group_active == True)\ .join((UserGroupMember, UserGroupRepoToPerm.users_group_id == UserGroupMember.users_group_id))\ - .filter(UserGroupMember.user_id == uid)\ + .filter(UserGroupMember.user_id == user_id)\ .all() multiple_counter = collections.defaultdict(int) @@ -329,7 +328,7 @@ def _cached_perms_data(user_id, user_is_ p = perm.Permission.permission_name cur_perm = permissions[RK][r_k] - if perm.Repository.user_id == uid: + if perm.Repository.user_id == user_id: # set admin if owner p = 'repository.admin' else: @@ -339,12 +338,12 @@ def _cached_perms_data(user_id, user_is_ # user explicit permissions for repositories, overrides any specified # by the group permission - user_repo_perms = Permission.get_default_perms(uid) + user_repo_perms = Permission.get_default_perms(user_id) for perm in user_repo_perms: r_k = perm.UserRepoToPerm.repository.repo_name cur_perm = permissions[RK][r_k] # set admin if owner - if perm.Repository.user_id == uid: + if perm.Repository.user_id == user_id: p = 'repository.admin' else: p = perm.Permission.permission_name @@ -371,7 +370,7 @@ def _cached_perms_data(user_id, user_is_ .filter(UserGroup.users_group_active == True)\ .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id == UserGroupMember.users_group_id))\ - .filter(UserGroupMember.user_id == uid)\ + .filter(UserGroupMember.user_id == user_id)\ .all() multiple_counter = collections.defaultdict(int) @@ -385,7 +384,7 @@ def _cached_perms_data(user_id, user_is_ permissions[GK][g_k] = p # user explicit permissions for repository groups - user_repo_groups_perms = Permission.get_default_group_perms(uid) + user_repo_groups_perms = Permission.get_default_group_perms(user_id) for perm in user_repo_groups_perms: rg_k = perm.UserRepoGroupToPerm.group.group_name p = perm.Permission.permission_name @@ -406,7 +405,7 @@ def _cached_perms_data(user_id, user_is_ == Permission.permission_id))\ .join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id == UserGroupMember.users_group_id))\ - .filter(UserGroupMember.user_id == uid)\ + .filter(UserGroupMember.user_id == user_id)\ .join((UserGroup, UserGroupMember.users_group_id == UserGroup.users_group_id), aliased=True, from_joinpoint=True)\ .filter(UserGroup.users_group_active == True)\ @@ -423,7 +422,7 @@ def _cached_perms_data(user_id, user_is_ permissions[UK][g_k] = p #user explicit permission for user groups - user_user_groups_perms = Permission.get_default_user_group_perms(uid) + user_user_groups_perms = Permission.get_default_user_group_perms(user_id) for perm in user_user_groups_perms: u_k = perm.UserUserGroupToPerm.user_group.users_group_name p = perm.Permission.permission_name @@ -480,9 +479,9 @@ class AuthUser(object): is_external_auth=False): self.user_id = user_id - self._api_key = api_key + self._api_key = api_key # API key passed as parameter - self.api_key = None + self.api_key = None # API key set by user_model.fill_data self.username = username self.name = '' self.lastname = '' diff --git a/kallithea/model/db.py b/kallithea/model/db.py --- a/kallithea/model/db.py +++ b/kallithea/model/db.py @@ -1742,6 +1742,7 @@ class Permission(Base, BaseModel): 'usergroup.read': 1, 'usergroup.write': 3, 'usergroup.admin': 4, + 'hg.repogroup.create.false': 0, 'hg.repogroup.create.true': 1, @@ -1750,6 +1751,7 @@ class Permission(Base, BaseModel): 'hg.fork.none': 0, 'hg.fork.repository': 1, + 'hg.create.none': 0, 'hg.create.repository': 1 }