# HG changeset patch # User Søren Løvborg # Date 2017-02-23 20:26:27 # Node ID 3505a6be29884d45115e5d123edfa55ac2dab51a # Parent 588c556aa00b3154080efe32f4cd34d6239bd383 repogroups: fix private repo recursion check The purpose of this check is to ensure that we don't recursively assign "default" user perms for a repo with the "private" flag set (because in that case, the "default" user perms should always be "no access"). (The check, and this fix, is of course only applicable to Kallithea instances that have anonymous access enabled to begin with.) However, the check was only functional if the user was specified as a username. This is apparently always the case when Kallithea is running, but was not e.g. the case in the test suite, which consistently passed a user ID instead of a username. This commit ensures that the user is always resolved before the check is made. There's no significant overhead to this, as the code immediately calls RepoModel().grant_user_permission, which resolved the user anyway. This change just moves the database lookup a bit earlier. Fixing this revealed the matching test case to be broken, so it has been fixed as well. Down the road, we should eliminate Kallithea's bizarre practice of passing around usernames and user IDs, in favor of passing actual User objects. That'll get rid of mistakes like these, as well as repeated needless database lookups. diff --git a/kallithea/model/repo_group.py b/kallithea/model/repo_group.py --- a/kallithea/model/repo_group.py +++ b/kallithea/model/repo_group.py @@ -198,9 +198,11 @@ class RepoGroupModel(BaseModel): if isinstance(obj, RepoGroup): self.grant_user_permission(repo_group=obj, user=user, perm=perm) elif isinstance(obj, Repository): + user = User.guess_instance(user) + # private repos will not allow to change the default permissions # using recursive mode - if obj.private and user == User.DEFAULT_USER: + if obj.private and user.username == User.DEFAULT_USER: return # we set group permission but we have to switch to repo diff --git a/kallithea/tests/models/test_user_permissions_on_repo_groups.py b/kallithea/tests/models/test_user_permissions_on_repo_groups.py --- a/kallithea/tests/models/test_user_permissions_on_repo_groups.py +++ b/kallithea/tests/models/test_user_permissions_on_repo_groups.py @@ -1,7 +1,7 @@ import functools from kallithea.model.repo_group import RepoGroupModel -from kallithea.model.db import RepoGroup, User +from kallithea.model.db import RepoGroup, Repository, User from kallithea.model.meta import Session from kallithea.tests.models.common import _create_project_tree, check_tree_perms, \ @@ -133,7 +133,9 @@ def test_user_permissions_on_group_with_ _check_expected_count(items, repo_items, expected_count(group, True)) for name, perm in repo_items: - check_tree_perms(name, perm, group, 'repository.write') + # default user permissions do not "recurse into" private repos + is_private = Repository.get_by_repo_name(name).private + check_tree_perms(name, perm, group, 'repository.none' if is_private else 'repository.write') for name, perm in items: check_tree_perms(name, perm, group, 'group.write')