diff --git a/kallithea/controllers/admin/admin.py b/kallithea/controllers/admin/admin.py
--- a/kallithea/controllers/admin/admin.py
+++ b/kallithea/controllers/admin/admin.py
@@ -36,7 +36,7 @@ from whoosh import query
from sqlalchemy.sql.expression import or_, and_, func
from kallithea.model.db import UserLog
-from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator
+from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator
from kallithea.lib.base import BaseController, render
from kallithea.lib.utils2 import safe_int, remove_prefix, remove_suffix
from kallithea.lib.indexers import JOURNAL_SCHEMA
@@ -123,7 +123,7 @@ class AdminController(BaseController):
def __before__(self):
super(AdminController, self).__before__()
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def index(self):
users_log = UserLog.query() \
.options(joinedload(UserLog.user)) \
diff --git a/kallithea/controllers/admin/auth_settings.py b/kallithea/controllers/admin/auth_settings.py
--- a/kallithea/controllers/admin/auth_settings.py
+++ b/kallithea/controllers/admin/auth_settings.py
@@ -34,7 +34,7 @@ from webob.exc import HTTPFound
from kallithea.lib import helpers as h
from kallithea.lib.compat import formatted_json
from kallithea.lib.base import BaseController, render
-from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator
+from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator
from kallithea.lib import auth_modules
from kallithea.model.forms import AuthSettingsForm
from kallithea.model.db import Setting
@@ -46,7 +46,7 @@ log = logging.getLogger(__name__)
class AuthSettingsController(BaseController):
@LoginRequired()
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def __before__(self):
super(AuthSettingsController, self).__before__()
diff --git a/kallithea/controllers/admin/defaults.py b/kallithea/controllers/admin/defaults.py
--- a/kallithea/controllers/admin/defaults.py
+++ b/kallithea/controllers/admin/defaults.py
@@ -35,7 +35,7 @@ from pylons.i18n.translation import _
from webob.exc import HTTPFound
from kallithea.lib import helpers as h
-from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator
+from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator
from kallithea.lib.base import BaseController, render
from kallithea.model.forms import DefaultsForm
from kallithea.model.meta import Session
@@ -52,7 +52,7 @@ class DefaultsController(BaseController)
# map.resource('default', 'defaults')
@LoginRequired()
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def __before__(self):
super(DefaultsController, self).__before__()
diff --git a/kallithea/controllers/admin/permissions.py b/kallithea/controllers/admin/permissions.py
--- a/kallithea/controllers/admin/permissions.py
+++ b/kallithea/controllers/admin/permissions.py
@@ -36,7 +36,7 @@ from pylons.i18n.translation import _
from webob.exc import HTTPFound
from kallithea.lib import helpers as h
-from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator
+from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator
from kallithea.lib.base import BaseController, render
from kallithea.model.forms import DefaultPermissionsForm
from kallithea.model.permission import PermissionModel
@@ -53,7 +53,7 @@ class PermissionsController(BaseControll
# map.resource('permission', 'permissions')
@LoginRequired()
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def __before__(self):
super(PermissionsController, self).__before__()
diff --git a/kallithea/controllers/admin/repo_groups.py b/kallithea/controllers/admin/repo_groups.py
--- a/kallithea/controllers/admin/repo_groups.py
+++ b/kallithea/controllers/admin/repo_groups.py
@@ -40,8 +40,8 @@ import kallithea
from kallithea.lib import helpers as h
from kallithea.lib.compat import json
from kallithea.lib.auth import LoginRequired, \
- HasRepoGroupPermissionAnyDecorator, HasRepoGroupPermissionAll, \
- HasPermissionAll
+ HasRepoGroupPermissionAnyDecorator, HasRepoGroupPermissionAny, \
+ HasPermissionAny
from kallithea.lib.base import BaseController, render
from kallithea.model.db import RepoGroup, Repository
from kallithea.model.scm import RepoGroupList, AvailableRepoGroupChoices
@@ -196,7 +196,7 @@ class RepoGroupsController(BaseControlle
def new(self):
"""GET /repo_groups/new: Form to create a new item"""
# url('new_repos_group')
- if HasPermissionAll('hg.admin')('group create'):
+ if HasPermissionAny('hg.admin')('group create'):
#we're global admin, we're ok and we can create TOP level groups
pass
else:
@@ -205,7 +205,7 @@ class RepoGroupsController(BaseControlle
group_id = safe_int(request.GET.get('parent_group'))
group = RepoGroup.get(group_id) if group_id else None
group_name = group.group_name if group else None
- if HasRepoGroupPermissionAll('group.admin')(group_name, 'group create'):
+ if HasRepoGroupPermissionAny('group.admin')(group_name, 'group create'):
pass
else:
raise HTTPForbidden()
@@ -228,7 +228,7 @@ class RepoGroupsController(BaseControlle
exclude=[c.repo_group])
# TODO: kill allow_empty_group - it is only used for redundant form validation!
- if HasPermissionAll('hg.admin')('group edit'):
+ if HasPermissionAny('hg.admin')('group edit'):
#we're global admin, we're ok and we can create TOP level groups
allow_empty_group = True
elif not c.repo_group.parent_group:
diff --git a/kallithea/controllers/admin/repos.py b/kallithea/controllers/admin/repos.py
--- a/kallithea/controllers/admin/repos.py
+++ b/kallithea/controllers/admin/repos.py
@@ -36,8 +36,7 @@ from webob.exc import HTTPFound, HTTPInt
from kallithea.lib import helpers as h
from kallithea.lib.auth import LoginRequired, \
- HasRepoPermissionAllDecorator, NotAnonymous, HasPermissionAny, \
- HasRepoPermissionAnyDecorator
+ HasRepoPermissionAnyDecorator, NotAnonymous, HasPermissionAny
from kallithea.lib.base import BaseRepoController, render
from kallithea.lib.utils import action_logger, jsonify
from kallithea.lib.vcs import RepositoryError
@@ -226,7 +225,7 @@ class ReposController(BaseRepoController
return {'result': True}
return {'result': False}
- @HasRepoPermissionAllDecorator('repository.admin')
+ @HasRepoPermissionAnyDecorator('repository.admin')
def update(self, repo_name):
"""
PUT /repos/repo_name: Update an existing item"""
@@ -283,7 +282,7 @@ class ReposController(BaseRepoController
% repo_name, category='error')
raise HTTPFound(location=url('edit_repo', repo_name=changed_name))
- @HasRepoPermissionAllDecorator('repository.admin')
+ @HasRepoPermissionAnyDecorator('repository.admin')
def delete(self, repo_name):
"""
DELETE /repos/repo_name: Delete an existing item"""
@@ -329,7 +328,7 @@ class ReposController(BaseRepoController
raise HTTPFound(location=url('repos_group_home', group_name=repo.group.group_name))
raise HTTPFound(location=url('repos'))
- @HasRepoPermissionAllDecorator('repository.admin')
+ @HasRepoPermissionAnyDecorator('repository.admin')
def edit(self, repo_name):
"""GET /repo_name/settings: Form to edit an existing item"""
# url('edit_repo', repo_name=ID)
@@ -345,7 +344,7 @@ class ReposController(BaseRepoController
encoding="UTF-8",
force_defaults=False)
- @HasRepoPermissionAllDecorator('repository.admin')
+ @HasRepoPermissionAnyDecorator('repository.admin')
def edit_permissions(self, repo_name):
"""GET /repo_name/settings: Form to edit an existing item"""
# url('edit_repo', repo_name=ID)
@@ -398,7 +397,7 @@ class ReposController(BaseRepoController
category='error')
raise HTTPInternalServerError()
- @HasRepoPermissionAllDecorator('repository.admin')
+ @HasRepoPermissionAnyDecorator('repository.admin')
def edit_fields(self, repo_name):
"""GET /repo_name/settings: Form to edit an existing item"""
# url('edit_repo', repo_name=ID)
@@ -411,7 +410,7 @@ class ReposController(BaseRepoController
raise HTTPFound(location=url('repo_edit_fields'))
return render('admin/repos/repo_edit.html')
- @HasRepoPermissionAllDecorator('repository.admin')
+ @HasRepoPermissionAnyDecorator('repository.admin')
def create_repo_field(self, repo_name):
try:
form_result = RepoFieldForm()().to_python(dict(request.POST))
@@ -432,7 +431,7 @@ class ReposController(BaseRepoController
h.flash(msg, category='error')
raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name))
- @HasRepoPermissionAllDecorator('repository.admin')
+ @HasRepoPermissionAnyDecorator('repository.admin')
def delete_repo_field(self, repo_name, field_id):
field = RepositoryField.get_or_404(field_id)
try:
@@ -444,7 +443,7 @@ class ReposController(BaseRepoController
h.flash(msg, category='error')
raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name))
- @HasRepoPermissionAllDecorator('repository.admin')
+ @HasRepoPermissionAnyDecorator('repository.admin')
def edit_advanced(self, repo_name):
"""GET /repo_name/settings: Form to edit an existing item"""
# url('edit_repo', repo_name=ID)
@@ -474,7 +473,7 @@ class ReposController(BaseRepoController
encoding="UTF-8",
force_defaults=False)
- @HasRepoPermissionAllDecorator('repository.admin')
+ @HasRepoPermissionAnyDecorator('repository.admin')
def edit_advanced_journal(self, repo_name):
"""
Sets this repository to be visible in public journal,
@@ -497,7 +496,7 @@ class ReposController(BaseRepoController
raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name))
- @HasRepoPermissionAllDecorator('repository.admin')
+ @HasRepoPermissionAnyDecorator('repository.admin')
def edit_advanced_fork(self, repo_name):
"""
Mark given repository as a fork of another
@@ -522,7 +521,7 @@ class ReposController(BaseRepoController
raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name))
- @HasRepoPermissionAllDecorator('repository.admin')
+ @HasRepoPermissionAnyDecorator('repository.admin')
def edit_advanced_locking(self, repo_name):
"""
Unlock repository when it is locked !
@@ -568,7 +567,7 @@ class ReposController(BaseRepoController
category='error')
raise HTTPFound(location=url('summary_home', repo_name=repo_name))
- @HasRepoPermissionAllDecorator('repository.admin')
+ @HasRepoPermissionAnyDecorator('repository.admin')
def edit_caches(self, repo_name):
"""GET /repo_name/settings: Form to edit an existing item"""
# url('edit_repo', repo_name=ID)
@@ -588,7 +587,7 @@ class ReposController(BaseRepoController
raise HTTPFound(location=url('edit_repo_caches', repo_name=c.repo_name))
return render('admin/repos/repo_edit.html')
- @HasRepoPermissionAllDecorator('repository.admin')
+ @HasRepoPermissionAnyDecorator('repository.admin')
def edit_remote(self, repo_name):
"""GET /repo_name/settings: Form to edit an existing item"""
# url('edit_repo', repo_name=ID)
@@ -605,7 +604,7 @@ class ReposController(BaseRepoController
raise HTTPFound(location=url('edit_repo_remote', repo_name=c.repo_name))
return render('admin/repos/repo_edit.html')
- @HasRepoPermissionAllDecorator('repository.admin')
+ @HasRepoPermissionAnyDecorator('repository.admin')
def edit_statistics(self, repo_name):
"""GET /repo_name/settings: Form to edit an existing item"""
# url('edit_repo', repo_name=ID)
diff --git a/kallithea/controllers/admin/settings.py b/kallithea/controllers/admin/settings.py
--- a/kallithea/controllers/admin/settings.py
+++ b/kallithea/controllers/admin/settings.py
@@ -35,7 +35,7 @@ from pylons.i18n.translation import _
from webob.exc import HTTPFound
from kallithea.lib import helpers as h
-from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator
+from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator
from kallithea.lib.base import BaseController, render
from kallithea.lib.celerylib import tasks, run_task
from kallithea.lib.exceptions import HgsubversionImportError
@@ -82,7 +82,7 @@ class SettingsController(BaseController)
settings[k] = v
return settings
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def settings_vcs(self):
"""GET /admin/settings: All items in the collection"""
# url('admin_settings')
@@ -160,7 +160,7 @@ class SettingsController(BaseController)
encoding="UTF-8",
force_defaults=False)
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def settings_mapping(self):
"""GET /admin/settings/mapping: All items in the collection"""
# url('admin_settings_mapping')
@@ -200,7 +200,7 @@ class SettingsController(BaseController)
encoding="UTF-8",
force_defaults=False)
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def settings_global(self):
"""GET /admin/settings/global: All items in the collection"""
# url('admin_settings_global')
@@ -260,7 +260,7 @@ class SettingsController(BaseController)
encoding="UTF-8",
force_defaults=False)
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def settings_visual(self):
"""GET /admin/settings/visual: All items in the collection"""
# url('admin_settings_visual')
@@ -318,7 +318,7 @@ class SettingsController(BaseController)
encoding="UTF-8",
force_defaults=False)
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def settings_email(self):
"""GET /admin/settings/email: All items in the collection"""
# url('admin_settings_email')
@@ -359,7 +359,7 @@ class SettingsController(BaseController)
encoding="UTF-8",
force_defaults=False)
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def settings_hooks(self):
"""GET /admin/settings/hooks: All items in the collection"""
# url('admin_settings_hooks')
@@ -410,7 +410,7 @@ class SettingsController(BaseController)
encoding="UTF-8",
force_defaults=False)
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def settings_search(self):
"""GET /admin/settings/search: All items in the collection"""
# url('admin_settings_search')
@@ -431,7 +431,7 @@ class SettingsController(BaseController)
encoding="UTF-8",
force_defaults=False)
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def settings_system(self):
"""GET /admin/settings/system: All items in the collection"""
# url('admin_settings_system')
@@ -453,7 +453,7 @@ class SettingsController(BaseController)
encoding="UTF-8",
force_defaults=False)
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def settings_system_update(self):
"""GET /admin/settings/system/updates: All items in the collection"""
# url('admin_settings_system_update')
diff --git a/kallithea/controllers/admin/users.py b/kallithea/controllers/admin/users.py
--- a/kallithea/controllers/admin/users.py
+++ b/kallithea/controllers/admin/users.py
@@ -39,7 +39,7 @@ import kallithea
from kallithea.lib.exceptions import DefaultUserException, \
UserOwnsReposException, UserCreationError
from kallithea.lib import helpers as h
-from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator, \
+from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator, \
AuthUser
from kallithea.lib import auth_modules
from kallithea.lib.auth_modules import auth_internal
@@ -61,7 +61,7 @@ class UsersController(BaseController):
"""REST Controller styled on the Atom Publishing Protocol"""
@LoginRequired()
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def __before__(self):
super(UsersController, self).__before__()
c.available_permissions = config['available_permissions']
diff --git a/kallithea/controllers/api/api.py b/kallithea/controllers/api/api.py
--- a/kallithea/controllers/api/api.py
+++ b/kallithea/controllers/api/api.py
@@ -33,7 +33,7 @@ from sqlalchemy import or_
from kallithea import EXTERN_TYPE_INTERNAL
from kallithea.controllers.api import JSONRPCController, JSONRPCError
from kallithea.lib.auth import (
- PasswordGenerator, AuthUser, HasPermissionAllDecorator,
+ PasswordGenerator, AuthUser, HasPermissionAnyDecorator,
HasPermissionAnyDecorator, HasPermissionAnyApi, HasRepoPermissionAnyApi,
HasRepoGroupPermissionAnyApi, HasUserGroupPermissionAny)
from kallithea.lib.utils import map_groups, repo2db_mapper
@@ -159,11 +159,11 @@ class ApiController(JSONRPCController):
"""
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def test(self, apiuser, args):
return args
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def pull(self, apiuser, repoid):
"""
Triggers a pull from remote location on given repo. Can be used to
@@ -209,7 +209,7 @@ class ApiController(JSONRPCController):
'Unable to pull changes from `%s`' % repo.repo_name
)
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def rescan_repos(self, apiuser, remove_obsolete=Optional(False)):
"""
Triggers rescan repositories action. If remove_obsolete is set
@@ -470,7 +470,7 @@ class ApiController(JSONRPCController):
return ret
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def get_ip(self, apiuser, userid=Optional(OAttr('apiuser'))):
"""
Shows IP address as seen from Kallithea server, together with all
@@ -511,7 +511,7 @@ class ApiController(JSONRPCController):
# alias for old
show_ip = get_ip
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def get_server_info(self, apiuser):
"""
return server info, including Kallithea version and installed packages
@@ -592,7 +592,7 @@ class ApiController(JSONRPCController):
data['permissions'] = AuthUser(user_id=user.user_id).permissions
return data
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def get_users(self, apiuser):
"""
Lists all existing users. This command can be executed only using api_key
@@ -616,7 +616,7 @@ class ApiController(JSONRPCController):
result.append(user.get_api_data())
return result
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def create_user(self, apiuser, username, email, password=Optional(''),
firstname=Optional(''), lastname=Optional(''),
active=Optional(True), admin=Optional(False),
@@ -702,7 +702,7 @@ class ApiController(JSONRPCController):
log.error(traceback.format_exc())
raise JSONRPCError('failed to create user `%s`' % (username,))
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def update_user(self, apiuser, userid, username=Optional(None),
email=Optional(None), password=Optional(None),
firstname=Optional(None), lastname=Optional(None),
@@ -785,7 +785,7 @@ class ApiController(JSONRPCController):
log.error(traceback.format_exc())
raise JSONRPCError('failed to update user `%s`' % (userid,))
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def delete_user(self, apiuser, userid):
"""
deletes given user if such user exists. This command can
@@ -1767,7 +1767,7 @@ class ApiController(JSONRPCController):
'failed to delete repository `%s`' % (repo.repo_name,)
)
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def grant_user_permission(self, apiuser, repoid, userid, perm):
"""
Grant permission for user on given repository, or update existing one
@@ -1814,7 +1814,7 @@ class ApiController(JSONRPCController):
)
)
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def revoke_user_permission(self, apiuser, repoid, userid):
"""
Revoke permission for user on given repository. This command can be executed
@@ -1985,7 +1985,7 @@ class ApiController(JSONRPCController):
)
)
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def get_repo_group(self, apiuser, repogroupid):
"""
Returns given repo group together with permissions, and repositories
@@ -2023,7 +2023,7 @@ class ApiController(JSONRPCController):
data["members"] = members
return data
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def get_repo_groups(self, apiuser):
"""
Returns all repository groups
@@ -2036,7 +2036,7 @@ class ApiController(JSONRPCController):
result.append(repo_group.get_api_data())
return result
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def create_repo_group(self, apiuser, group_name, description=Optional(''),
owner=Optional(OAttr('apiuser')),
parent=Optional(None),
@@ -2105,7 +2105,7 @@ class ApiController(JSONRPCController):
log.error(traceback.format_exc())
raise JSONRPCError('failed to create repo group `%s`' % (group_name,))
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def update_repo_group(self, apiuser, repogroupid, group_name=Optional(''),
description=Optional(''),
owner=Optional(OAttr('apiuser')),
@@ -2131,7 +2131,7 @@ class ApiController(JSONRPCController):
raise JSONRPCError('failed to update repository group `%s`'
% (repogroupid,))
- @HasPermissionAllDecorator('hg.admin')
+ @HasPermissionAnyDecorator('hg.admin')
def delete_repo_group(self, apiuser, repogroupid):
"""
diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py
--- a/kallithea/lib/auth.py
+++ b/kallithea/lib/auth.py
@@ -859,18 +859,6 @@ class PermsDecorator(object):
raise Exception('You have to write this function in child class')
-class HasPermissionAllDecorator(PermsDecorator):
- """
- Checks for access permission for all given predicates. All of them
- have to be meet in order to fulfill the request
- """
-
- def check_permissions(self):
- if self.required_perms.issubset(self.user_perms.get('global')):
- return True
- return False
-
-
class HasPermissionAnyDecorator(PermsDecorator):
"""
Checks for access permission for any of given predicates. In order to
@@ -883,23 +871,6 @@ class HasPermissionAnyDecorator(PermsDec
return False
-class HasRepoPermissionAllDecorator(PermsDecorator):
- """
- Checks for access permission for all given predicates for specific
- repository. All of them have to be meet in order to fulfill the request
- """
-
- def check_permissions(self):
- repo_name = get_repo_slug(request)
- try:
- user_perms = set([self.user_perms['repositories'][repo_name]])
- except KeyError:
- return False
- if self.required_perms.issubset(user_perms):
- return True
- return False
-
-
class HasRepoPermissionAnyDecorator(PermsDecorator):
"""
Checks for access permission for any of given predicates for specific
@@ -918,24 +889,6 @@ class HasRepoPermissionAnyDecorator(Perm
return False
-class HasRepoGroupPermissionAllDecorator(PermsDecorator):
- """
- Checks for access permission for all given predicates for specific
- repository group. All of them have to be meet in order to fulfill the request
- """
-
- def check_permissions(self):
- group_name = get_repo_group_slug(request)
- try:
- user_perms = set([self.user_perms['repositories_groups'][group_name]])
- except KeyError:
- return False
-
- if self.required_perms.issubset(user_perms):
- return True
- return False
-
-
class HasRepoGroupPermissionAnyDecorator(PermsDecorator):
"""
Checks for access permission for any of given predicates for specific
@@ -954,24 +907,6 @@ class HasRepoGroupPermissionAnyDecorator
return False
-class HasUserGroupPermissionAllDecorator(PermsDecorator):
- """
- Checks for access permission for all given predicates for specific
- user group. All of them have to be meet in order to fulfill the request
- """
-
- def check_permissions(self):
- group_name = get_user_group_slug(request)
- try:
- user_perms = set([self.user_perms['user_groups'][group_name]])
- except KeyError:
- return False
-
- if self.required_perms.issubset(user_perms):
- return True
- return False
-
-
class HasUserGroupPermissionAnyDecorator(PermsDecorator):
"""
Checks for access permission for any of given predicates for specific
@@ -1020,11 +955,8 @@ class PermsFunction(object):
cls_name = self.__class__.__name__
check_scope = {
- 'HasPermissionAll': '',
'HasPermissionAny': '',
- 'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
- 'HasRepoGroupPermissionAll': 'group:%s' % self.group_name,
'HasRepoGroupPermissionAny': 'group:%s' % self.group_name,
}.get(cls_name, '?')
log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
@@ -1051,13 +983,6 @@ class PermsFunction(object):
raise Exception('You have to write this function in child class')
-class HasPermissionAll(PermsFunction):
- def check_permissions(self):
- if self.required_perms.issubset(self.user_perms.get('global')):
- return True
- return False
-
-
class HasPermissionAny(PermsFunction):
def check_permissions(self):
if self.required_perms.intersection(self.user_perms.get('global')):
@@ -1065,26 +990,6 @@ class HasPermissionAny(PermsFunction):
return False
-class HasRepoPermissionAll(PermsFunction):
- def __call__(self, repo_name=None, check_location='', user=None):
- self.repo_name = repo_name
- return super(HasRepoPermissionAll, self).__call__(check_location, user)
-
- def check_permissions(self):
- if not self.repo_name:
- self.repo_name = get_repo_slug(request)
-
- try:
- self._user_perms = set(
- [self.user_perms['repositories'][self.repo_name]]
- )
- except KeyError:
- return False
- if self.required_perms.issubset(self._user_perms):
- return True
- return False
-
-
class HasRepoPermissionAny(PermsFunction):
def __call__(self, repo_name=None, check_location='', user=None):
self.repo_name = repo_name
@@ -1122,23 +1027,6 @@ class HasRepoGroupPermissionAny(PermsFun
return False
-class HasRepoGroupPermissionAll(PermsFunction):
- def __call__(self, group_name=None, check_location='', user=None):
- self.group_name = group_name
- return super(HasRepoGroupPermissionAll, self).__call__(check_location, user)
-
- def check_permissions(self):
- try:
- self._user_perms = set(
- [self.user_perms['repositories_groups'][self.group_name]]
- )
- except KeyError:
- return False
- if self.required_perms.issubset(self._user_perms):
- return True
- return False
-
-
class HasUserGroupPermissionAny(PermsFunction):
def __call__(self, user_group_name=None, check_location='', user=None):
self.user_group_name = user_group_name
@@ -1156,23 +1044,6 @@ class HasUserGroupPermissionAny(PermsFun
return False
-class HasUserGroupPermissionAll(PermsFunction):
- def __call__(self, user_group_name=None, check_location='', user=None):
- self.user_group_name = user_group_name
- return super(HasUserGroupPermissionAll, self).__call__(check_location, user)
-
- def check_permissions(self):
- try:
- self._user_perms = set(
- [self.user_perms['user_groups'][self.user_group_name]]
- )
- except KeyError:
- return False
- if self.required_perms.issubset(self._user_perms):
- return True
- return False
-
-
#==============================================================================
# SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
#==============================================================================
@@ -1252,13 +1123,6 @@ class _BaseApiPerm(object):
raise NotImplementedError()
-class HasPermissionAllApi(_BaseApiPerm):
- def check_permissions(self, perm_defs, repo_name=None, group_name=None):
- if self.required_perms.issubset(perm_defs.get('global')):
- return True
- return False
-
-
class HasPermissionAnyApi(_BaseApiPerm):
def check_permissions(self, perm_defs, repo_name=None, group_name=None):
if self.required_perms.intersection(perm_defs.get('global')):
@@ -1266,18 +1130,6 @@ class HasPermissionAnyApi(_BaseApiPerm):
return False
-class HasRepoPermissionAllApi(_BaseApiPerm):
- def check_permissions(self, perm_defs, repo_name=None, group_name=None):
- try:
- _user_perms = set([perm_defs['repositories'][repo_name]])
- except KeyError:
- log.warning(traceback.format_exc())
- return False
- if self.required_perms.issubset(_user_perms):
- return True
- return False
-
-
class HasRepoPermissionAnyApi(_BaseApiPerm):
def check_permissions(self, perm_defs, repo_name=None, group_name=None):
try:
@@ -1301,16 +1153,6 @@ class HasRepoGroupPermissionAnyApi(_Base
return True
return False
-class HasRepoGroupPermissionAllApi(_BaseApiPerm):
- def check_permissions(self, perm_defs, repo_name=None, group_name=None):
- try:
- _user_perms = set([perm_defs['repositories_groups'][group_name]])
- except KeyError:
- log.warning(traceback.format_exc())
- return False
- if self.required_perms.issubset(_user_perms):
- return True
- return False
def check_ip_access(source_ip, allowed_ips=None):
"""
diff --git a/kallithea/lib/helpers.py b/kallithea/lib/helpers.py
--- a/kallithea/lib/helpers.py
+++ b/kallithea/lib/helpers.py
@@ -835,9 +835,8 @@ def action_parser(user_log, feed=False,
#==============================================================================
# PERMS
#==============================================================================
-from kallithea.lib.auth import HasPermissionAny, HasPermissionAll, \
-HasRepoPermissionAny, HasRepoPermissionAll, HasRepoGroupPermissionAll, \
-HasRepoGroupPermissionAny
+from kallithea.lib.auth import HasPermissionAny, \
+ HasRepoPermissionAny, HasRepoGroupPermissionAny
#==============================================================================
diff --git a/kallithea/model/scm.py b/kallithea/model/scm.py
--- a/kallithea/model/scm.py
+++ b/kallithea/model/scm.py
@@ -50,7 +50,7 @@ from kallithea.lib import helpers as h
from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \
_set_extras
from kallithea.lib.auth import HasRepoPermissionAny, HasRepoGroupPermissionAny, \
- HasUserGroupPermissionAny, HasPermissionAny, HasPermissionAll
+ HasUserGroupPermissionAny, HasPermissionAny, HasPermissionAny
from kallithea.lib.utils import get_filesystem_repos, make_ui, \
action_logger
from kallithea.model import BaseModel
@@ -794,7 +794,7 @@ def AvailableRepoGroupChoices(top_perms,
Top level is -1.
"""
groups = RepoGroup.query().all()
- if HasPermissionAll('hg.admin')('available repo groups'):
+ if HasPermissionAny('hg.admin')('available repo groups'):
groups.append(None)
else:
groups = list(RepoGroupList(groups, perm_set=repo_group_perms))
diff --git a/kallithea/templates/base/base.html b/kallithea/templates/base/base.html
--- a/kallithea/templates/base/base.html
+++ b/kallithea/templates/base/base.html
@@ -138,13 +138,13 @@
- %if h.HasRepoPermissionAll('repository.admin')(c.repo_name):
+ %if h.HasRepoPermissionAny('repository.admin')(c.repo_name):
${_('Options')}
%else:
${_('Options')}
%endif
- % if h.HasPermissionAll('hg.admin')('access admin main page'):
+ % if h.HasPermissionAny('hg.admin')('access admin main page'):