diff --git a/rhodecode/controllers/admin/repos.py b/rhodecode/controllers/admin/repos.py --- a/rhodecode/controllers/admin/repos.py +++ b/rhodecode/controllers/admin/repos.py @@ -66,7 +66,7 @@ class ReposController(BaseController): super(ReposController, self).__before__() def __load_defaults(self): - c.repo_groups = RepoGroup.groups_choices() + c.repo_groups = RepoGroup.groups_choices(check_perms=True) c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) repo_model = RepoModel() diff --git a/rhodecode/controllers/admin/settings.py b/rhodecode/controllers/admin/settings.py --- a/rhodecode/controllers/admin/settings.py +++ b/rhodecode/controllers/admin/settings.py @@ -451,7 +451,7 @@ class SettingsController(BaseController) def create_repository(self): """GET /_admin/create_repository: Form to create a new item""" - c.repo_groups = RepoGroup.groups_choices() + c.repo_groups = RepoGroup.groups_choices(check_perms=True) c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) choices, c.landing_revs = ScmModel().get_repo_landing_revs() diff --git a/rhodecode/controllers/forks.py b/rhodecode/controllers/forks.py --- a/rhodecode/controllers/forks.py +++ b/rhodecode/controllers/forks.py @@ -53,7 +53,7 @@ class ForksController(BaseRepoController super(ForksController, self).__before__() def __load_defaults(self): - c.repo_groups = RepoGroup.groups_choices() + c.repo_groups = RepoGroup.groups_choices(check_perms=True) c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) choices, c.landing_revs = ScmModel().get_repo_landing_revs() c.landing_revs_choices = choices diff --git a/rhodecode/controllers/settings.py b/rhodecode/controllers/settings.py --- a/rhodecode/controllers/settings.py +++ b/rhodecode/controllers/settings.py @@ -56,7 +56,7 @@ class SettingsController(BaseRepoControl super(SettingsController, self).__before__() def __load_defaults(self): - c.repo_groups = RepoGroup.groups_choices() + c.repo_groups = RepoGroup.groups_choices(check_perms=True) c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) repo_model = RepoModel() diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py --- a/rhodecode/model/db.py +++ b/rhodecode/model/db.py @@ -1027,14 +1027,20 @@ class RepoGroup(Base, BaseModel): self.group_name) @classmethod - def groups_choices(cls): + def groups_choices(cls, check_perms=False): from webhelpers.html import literal as _literal + from rhodecode.model.scm import ScmModel + groups = cls.query().all() + if check_perms: + #filter group user have access to, it's done + #magically inside ScmModel based on current user + groups = ScmModel().get_repos_groups(groups) repo_groups = [('', '')] sep = ' » ' _name = lambda k: _literal(sep.join(k)) repo_groups.extend([(x.group_id, _name(x.full_path_splitted)) - for x in cls.query().all()]) + for x in groups]) repo_groups = sorted(repo_groups, key=lambda t: t[1].split(sep)[0]) return repo_groups diff --git a/rhodecode/model/forms.py b/rhodecode/model/forms.py --- a/rhodecode/model/forms.py +++ b/rhodecode/model/forms.py @@ -177,7 +177,8 @@ def RepoForm(edit=False, old_data={}, su repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True), v.SlugifyName()) clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False)) - repo_group = v.OneOf(repo_groups, hideList=True) + repo_group = All(v.CanWriteGroup(), + v.OneOf(repo_groups, hideList=True)) repo_type = v.OneOf(supported_backends) description = v.UnicodeString(strip=True, min=1, not_empty=False) private = v.StringBoolean(if_missing=False) @@ -203,7 +204,8 @@ def RepoForkForm(edit=False, old_data={} filter_extra_fields = False repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True), v.SlugifyName()) - repo_group = v.OneOf(repo_groups, hideList=True) + repo_group = All(v.CanWriteGroup(), + v.OneOf(repo_groups, hideList=True)) repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends)) description = v.UnicodeString(strip=True, min=1, not_empty=True) private = v.StringBoolean(if_missing=False) diff --git a/rhodecode/model/validators.py b/rhodecode/model/validators.py --- a/rhodecode/model/validators.py +++ b/rhodecode/model/validators.py @@ -19,6 +19,7 @@ from rhodecode.model.db import RepoGroup ChangesetStatus from rhodecode.lib.exceptions import LdapImportError from rhodecode.config.routing import ADMIN_PREFIX +from rhodecode.lib.auth import HasReposGroupPermissionAny # silence warnings and pylint UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \ @@ -466,6 +467,25 @@ def ValidForkType(old_data={}): return _validator +def CanWriteGroup(): + class _validator(formencode.validators.FancyValidator): + messages = { + 'permission_denied': _(u"You don't have permissions " + "to create repository in this group") + } + + def validate_python(self, value, state): + gr = RepoGroup.get(value) + if not HasReposGroupPermissionAny( + 'group.write', 'group.admin' + )(gr.group_name, 'get group of repo form'): + msg = M(self, 'permission_denied', state) + raise formencode.Invalid(msg, value, state, + error_dict=dict(repo_type=msg) + ) + return _validator + + def ValidPerms(type_='repo'): if type_ == 'group': EMPTY_PERM = 'group.none'