# HG changeset patch # User Mads Kiilerich # Date 2016-12-24 01:27:47 # Node ID 3dcf1f82311a1a47b4f326b64b8f494609d5aed4 # Parent 3fcb60a152f36b1a201ea23bd74c60bca45415d9 controllers: avoid setting request state in controller instances - set it in the thread global request variable In TurboGears, controllers are singletons and we should avoid using instance variables for any volatile data. Instead, use the "global thread local" request context. With everything in request, some use of c is dropped. Note: kallithea/controllers/api/__init__.py still use instance variables that will cause problems with TurboGears. diff --git a/kallithea/controllers/admin/gists.py b/kallithea/controllers/admin/gists.py --- a/kallithea/controllers/admin/gists.py +++ b/kallithea/controllers/admin/gists.py @@ -67,7 +67,7 @@ class GistsController(BaseController): @LoginRequired() def index(self): - not_default_user = not c.authuser.is_default_user + not_default_user = not request.authuser.is_default_user c.show_private = request.GET.get('private') and not_default_user c.show_public = request.GET.get('public') and not_default_user @@ -78,17 +78,17 @@ class GistsController(BaseController): # MY private if c.show_private and not c.show_public: gists = gists.filter(Gist.gist_type == Gist.GIST_PRIVATE) \ - .filter(Gist.owner_id == c.authuser.user_id) + .filter(Gist.owner_id == request.authuser.user_id) # MY public elif c.show_public and not c.show_private: gists = gists.filter(Gist.gist_type == Gist.GIST_PUBLIC) \ - .filter(Gist.owner_id == c.authuser.user_id) + .filter(Gist.owner_id == request.authuser.user_id) # MY public+private elif c.show_private and c.show_public: gists = gists.filter(or_(Gist.gist_type == Gist.GIST_PUBLIC, Gist.gist_type == Gist.GIST_PRIVATE)) \ - .filter(Gist.owner_id == c.authuser.user_id) + .filter(Gist.owner_id == request.authuser.user_id) # default show ALL public gists if not c.show_public and not c.show_private: @@ -118,7 +118,7 @@ class GistsController(BaseController): gist_type = Gist.GIST_PUBLIC if _public else Gist.GIST_PRIVATE gist = GistModel().create( description=form_result['description'], - owner=c.authuser.user_id, + owner=request.authuser.user_id, gist_mapping=nodes, gist_type=gist_type, lifetime=form_result['lifetime'] @@ -152,7 +152,7 @@ class GistsController(BaseController): @NotAnonymous() def delete(self, gist_id): gist = GistModel().get_gist(gist_id) - owner = gist.owner_id == c.authuser.user_id + owner = gist.owner_id == request.authuser.user_id if h.HasPermissionAny('hg.admin')() or owner: GistModel().delete(gist) Session().commit() diff --git a/kallithea/controllers/admin/my_account.py b/kallithea/controllers/admin/my_account.py --- a/kallithea/controllers/admin/my_account.py +++ b/kallithea/controllers/admin/my_account.py @@ -65,7 +65,7 @@ class MyAccountController(BaseController super(MyAccountController, self).__before__() def __load_data(self): - c.user = User.get(self.authuser.user_id) + c.user = User.get(request.authuser.user_id) if c.user.username == User.DEFAULT_USER: h.flash(_("You can't edit this user since it's" " crucial for entire application"), category='warning') @@ -77,12 +77,12 @@ class MyAccountController(BaseController repos_list = Session().query(Repository) \ .join(UserFollowing) \ .filter(UserFollowing.user_id == - self.authuser.user_id).all() + request.authuser.user_id).all() else: admin = True repos_list = Session().query(Repository) \ .filter(Repository.owner_id == - self.authuser.user_id).all() + request.authuser.user_id).all() repos_data = RepoModel().get_repos_as_dict(repos_list=repos_list, admin=admin) @@ -92,8 +92,7 @@ class MyAccountController(BaseController def my_account(self): c.active = 'profile' self.__load_data() - c.perm_user = AuthUser(user_id=self.authuser.user_id) - c.ip_addr = self.ip_addr + c.perm_user = AuthUser(user_id=request.authuser.user_id) managed_fields = auth_modules.get_managed_fields(c.user) def_user_perms = User.get_default_user().AuthUser.permissions['global'] if 'hg.register.none' in def_user_perms: @@ -105,8 +104,8 @@ class MyAccountController(BaseController update = False if request.POST: _form = UserForm(edit=True, - old_data={'user_id': self.authuser.user_id, - 'email': self.authuser.email})() + old_data={'user_id': request.authuser.user_id, + 'email': request.authuser.email})() form_result = {} try: post_data = dict(request.POST) @@ -118,7 +117,7 @@ class MyAccountController(BaseController 'new_password', 'password_confirmation', ] + managed_fields - UserModel().update(self.authuser.user_id, form_result, + UserModel().update(request.authuser.user_id, form_result, skip_attrs=skip_attrs) h.flash(_('Your account was updated successfully'), category='success') @@ -153,10 +152,10 @@ class MyAccountController(BaseController c.can_change_password = 'password' not in managed_fields if request.POST and c.can_change_password: - _form = PasswordChangeForm(self.authuser.username)() + _form = PasswordChangeForm(request.authuser.username)() try: form_result = _form.to_python(request.POST) - UserModel().update(self.authuser.user_id, form_result) + UserModel().update(request.authuser.user_id, form_result) Session().commit() h.flash(_("Successfully updated password"), category='success') except formencode.Invalid as errors: @@ -192,8 +191,7 @@ class MyAccountController(BaseController def my_account_perms(self): c.active = 'perms' self.__load_data() - c.perm_user = AuthUser(user_id=self.authuser.user_id) - c.ip_addr = self.ip_addr + c.perm_user = AuthUser(user_id=request.authuser.user_id) return render('admin/my_account/my_account.html') @@ -209,7 +207,7 @@ class MyAccountController(BaseController email = request.POST.get('new_email') try: - UserModel().add_extra_email(self.authuser.user_id, email) + UserModel().add_extra_email(request.authuser.user_id, email) Session().commit() h.flash(_("Added email %s to user") % email, category='success') except formencode.Invalid as error: @@ -224,7 +222,7 @@ class MyAccountController(BaseController def my_account_emails_delete(self): email_id = request.POST.get('del_email_id') user_model = UserModel() - user_model.delete_extra_email(self.authuser.user_id, email_id) + user_model.delete_extra_email(request.authuser.user_id, email_id) Session().commit() h.flash(_("Removed email from user"), category='success') raise HTTPFound(location=url('my_account_emails')) @@ -241,14 +239,14 @@ class MyAccountController(BaseController (str(60 * 24 * 30), _('1 month')), ] c.lifetime_options = [(c.lifetime_values, _("Lifetime"))] - c.user_api_keys = ApiKeyModel().get_api_keys(self.authuser.user_id, + c.user_api_keys = ApiKeyModel().get_api_keys(request.authuser.user_id, show_expired=show_expired) return render('admin/my_account/my_account.html') def my_account_api_keys_add(self): lifetime = safe_int(request.POST.get('lifetime'), -1) description = request.POST.get('description') - ApiKeyModel().create(self.authuser.user_id, description, lifetime) + ApiKeyModel().create(request.authuser.user_id, description, lifetime) Session().commit() h.flash(_("API key successfully created"), category='success') raise HTTPFound(location=url('my_account_api_keys')) @@ -256,12 +254,12 @@ class MyAccountController(BaseController def my_account_api_keys_delete(self): api_key = request.POST.get('del_api_key') if request.POST.get('del_api_key_builtin'): - user = User.get(self.authuser.user_id) + user = User.get(request.authuser.user_id) user.api_key = generate_api_key() Session().commit() h.flash(_("API key successfully reset"), category='success') elif api_key: - ApiKeyModel().delete(api_key, self.authuser.user_id) + ApiKeyModel().delete(api_key, request.authuser.user_id) Session().commit() h.flash(_("API key successfully deleted"), category='success') diff --git a/kallithea/controllers/admin/notifications.py b/kallithea/controllers/admin/notifications.py --- a/kallithea/controllers/admin/notifications.py +++ b/kallithea/controllers/admin/notifications.py @@ -58,8 +58,8 @@ class NotificationsController(BaseContro super(NotificationsController, self).__before__() def index(self, format='html'): - c.user = self.authuser - notif = NotificationModel().query_for_user(self.authuser.user_id, + c.user = request.authuser + notif = NotificationModel().query_for_user(request.authuser.user_id, filter_=request.GET.getall('type')) p = safe_int(request.GET.get('page'), 1) @@ -81,11 +81,11 @@ class NotificationsController(BaseContro if request.environ.get('HTTP_X_PARTIAL_XHR'): nm = NotificationModel() # mark all read - nm.mark_all_read_for_user(self.authuser.user_id, + nm.mark_all_read_for_user(request.authuser.user_id, filter_=request.GET.getall('type')) Session().commit() - c.user = self.authuser - notif = nm.query_for_user(self.authuser.user_id, + c.user = request.authuser + notif = nm.query_for_user(request.authuser.user_id, filter_=request.GET.getall('type')) c.notifications = Page(notif, page=1, items_per_page=10) return render('admin/notifications/notifications_data.html') @@ -93,11 +93,11 @@ class NotificationsController(BaseContro def update(self, notification_id): try: no = Notification.get(notification_id) - owner = all(un.user_id == c.authuser.user_id + owner = all(un.user_id == request.authuser.user_id for un in no.notifications_to_users) if h.HasPermissionAny('hg.admin')() or owner: # deletes only notification2user - NotificationModel().mark_read(c.authuser.user_id, no) + NotificationModel().mark_read(request.authuser.user_id, no) Session().commit() return 'ok' except Exception: @@ -108,11 +108,11 @@ class NotificationsController(BaseContro def delete(self, notification_id): try: no = Notification.get(notification_id) - owner = any(un.user_id == c.authuser.user_id + owner = any(un.user_id == request.authuser.user_id for un in no.notifications_to_users) if h.HasPermissionAny('hg.admin')() or owner: # deletes only notification2user - NotificationModel().delete(c.authuser.user_id, no) + NotificationModel().delete(request.authuser.user_id, no) Session().commit() return 'ok' except Exception: @@ -124,7 +124,7 @@ class NotificationsController(BaseContro notification = Notification.get_or_404(notification_id) unotification = NotificationModel() \ - .get_user_notification(self.authuser.user_id, notification) + .get_user_notification(request.authuser.user_id, notification) # if this association to user is not valid, we don't want to show # this message @@ -136,5 +136,5 @@ class NotificationsController(BaseContro Session().commit() c.notification = notification - c.user = self.authuser + c.user = request.authuser return render('admin/notifications/show_notification.html') diff --git a/kallithea/controllers/admin/repo_groups.py b/kallithea/controllers/admin/repo_groups.py --- a/kallithea/controllers/admin/repo_groups.py +++ b/kallithea/controllers/admin/repo_groups.py @@ -100,9 +100,9 @@ class RepoGroupsController(BaseControlle return data def _revoke_perms_on_yourself(self, form_result): - _up = filter(lambda u: c.authuser.username == u[0], + _up = filter(lambda u: request.authuser.username == u[0], form_result['perms_updates']) - _new = filter(lambda u: c.authuser.username == u[0], + _new = filter(lambda u: request.authuser.username == u[0], form_result['perms_new']) if _new and _new[0][1] != 'group.admin' or _up and _up[0][1] != 'group.admin': return True @@ -163,7 +163,7 @@ class RepoGroupsController(BaseControlle group_name=form_result['group_name'], group_description=form_result['group_description'], parent=form_result['parent_group_id'], - owner=self.authuser.user_id, # TODO: make editable + owner=request.authuser.user_id, # TODO: make editable copy_permissions=form_result['group_copy_permissions'] ) Session().commit() @@ -358,7 +358,7 @@ class RepoGroupsController(BaseControlle c.repo_group = RepoGroupModel()._get_repo_group(group_name) valid_recursive_choices = ['none', 'repos', 'groups', 'all'] form_result = RepoGroupPermsForm(valid_recursive_choices)().to_python(request.POST) - if not c.authuser.is_admin: + if not request.authuser.is_admin: if self._revoke_perms_on_yourself(form_result): msg = _('Cannot revoke permission for yourself as admin') h.flash(msg, category='warning') @@ -372,8 +372,8 @@ class RepoGroupsController(BaseControlle form_result['perms_updates'], recursive) #TODO: implement this - #action_logger(self.authuser, 'admin_changed_repo_permissions', - # repo_name, self.ip_addr, self.sa) + #action_logger(request.authuser, 'admin_changed_repo_permissions', + # repo_name, request.ip_addr, self.sa) Session().commit() h.flash(_('Repository group permissions updated'), category='success') raise HTTPFound(location=url('edit_repo_group_perms', group_name=group_name)) @@ -388,8 +388,8 @@ class RepoGroupsController(BaseControlle elif obj_type == 'user_group': obj_id = safe_int(request.POST.get('user_group_id')) - if not c.authuser.is_admin: - if obj_type == 'user' and c.authuser.user_id == obj_id: + if not request.authuser.is_admin: + if obj_type == 'user' and request.authuser.user_id == obj_id: msg = _('Cannot revoke permission for yourself as admin') h.flash(msg, category='warning') raise Exception('revoke admin permission on self') diff --git a/kallithea/controllers/admin/repos.py b/kallithea/controllers/admin/repos.py --- a/kallithea/controllers/admin/repos.py +++ b/kallithea/controllers/admin/repos.py @@ -121,7 +121,7 @@ class ReposController(BaseRepoController # create is done sometimes async on celery, db transaction # management is handled there. - task = RepoModel().create(form_result, self.authuser.user_id) + task = RepoModel().create(form_result, request.authuser.user_id) task_id = task.task_id except formencode.Invalid as errors: log.info(errors) @@ -239,8 +239,8 @@ class ReposController(BaseRepoController h.flash(_('Repository %s updated successfully') % repo_name, category='success') changed_name = repo.repo_name - action_logger(self.authuser, 'admin_updated_repo', - changed_name, self.ip_addr, self.sa) + action_logger(request.authuser, 'admin_updated_repo', + changed_name, request.ip_addr, self.sa) Session().commit() except formencode.Invalid as errors: log.info(errors) @@ -280,8 +280,8 @@ class ReposController(BaseRepoController handle_forks = 'delete' h.flash(_('Deleted %s forks') % _forks, category='success') repo_model.delete(repo, forks=handle_forks) - action_logger(self.authuser, 'admin_deleted_repo', - repo_name, self.ip_addr, self.sa) + action_logger(request.authuser, 'admin_deleted_repo', + repo_name, request.ip_addr, self.sa) ScmModel().mark_for_invalidation(repo_name) h.flash(_('Deleted repository %s') % repo_name, category='success') Session().commit() @@ -332,8 +332,8 @@ class ReposController(BaseRepoController RepoModel()._update_permissions(repo_name, form['perms_new'], form['perms_updates']) #TODO: implement this - #action_logger(self.authuser, 'admin_changed_repo_permissions', - # repo_name, self.ip_addr, self.sa) + #action_logger(request.authuser, 'admin_changed_repo_permissions', + # repo_name, request.ip_addr, self.sa) Session().commit() h.flash(_('Repository permissions updated'), category='success') raise HTTPFound(location=url('edit_repo_perms', repo_name=repo_name)) @@ -354,8 +354,8 @@ class ReposController(BaseRepoController repo=repo_name, group_name=obj_id ) #TODO: implement this - #action_logger(self.authuser, 'admin_revoked_repo_permissions', - # repo_name, self.ip_addr, self.sa) + #action_logger(request.authuser, 'admin_revoked_repo_permissions', + # repo_name, request.ip_addr, self.sa) Session().commit() except Exception: log.error(traceback.format_exc()) @@ -468,7 +468,7 @@ class ReposController(BaseRepoController try: fork_id = request.POST.get('id_fork_of') repo = ScmModel().mark_as_fork(repo_name, fork_id, - self.authuser.username) + request.authuser.username) fork = repo.fork.repo_name if repo.fork else _('Nothing') Session().commit() h.flash(_('Marked repository %s as fork of %s') % (repo_name, fork), @@ -493,7 +493,7 @@ class ReposController(BaseRepoController try: repo = Repository.get_by_repo_name(repo_name) if request.POST.get('set_lock'): - Repository.lock(repo, c.authuser.user_id) + Repository.lock(repo, request.authuser.user_id) h.flash(_('Repository has been locked'), category='success') elif request.POST.get('set_unlock'): Repository.unlock(repo) @@ -514,7 +514,7 @@ class ReposController(BaseRepoController Repository.unlock(repo) h.flash(_('Repository has been unlocked'), category='success') else: - Repository.lock(repo, c.authuser.user_id) + Repository.lock(repo, request.authuser.user_id) h.flash(_('Repository has been locked'), category='success') except Exception as e: @@ -547,7 +547,7 @@ class ReposController(BaseRepoController c.active = 'remote' if request.POST: try: - ScmModel().pull_changes(repo_name, self.authuser.username) + ScmModel().pull_changes(repo_name, request.authuser.username) h.flash(_('Pulled from remote location'), category='success') except Exception as e: log.error(traceback.format_exc()) diff --git a/kallithea/controllers/admin/settings.py b/kallithea/controllers/admin/settings.py --- a/kallithea/controllers/admin/settings.py +++ b/kallithea/controllers/admin/settings.py @@ -168,7 +168,7 @@ class SettingsController(BaseController) filesystem_repos = ScmModel().repo_scan() added, removed = repo2db_mapper(filesystem_repos, rm_obsolete, install_git_hooks=install_git_hooks, - user=c.authuser.username, + user=request.authuser.username, overwrite_git_hooks=overwrite_git_hooks) h.flash(h.literal(_('Repositories successfully rescanned. Added: %s. Removed: %s.') % (', '.join(h.link_to(safe_unicode(repo_name), h.url('summary_home', repo_name=repo_name)) diff --git a/kallithea/controllers/admin/user_groups.py b/kallithea/controllers/admin/user_groups.py --- a/kallithea/controllers/admin/user_groups.py +++ b/kallithea/controllers/admin/user_groups.py @@ -136,13 +136,13 @@ class UserGroupsController(BaseControlle form_result = users_group_form.to_python(dict(request.POST)) ug = UserGroupModel().create(name=form_result['users_group_name'], description=form_result['user_group_description'], - owner=self.authuser.user_id, + owner=request.authuser.user_id, active=form_result['users_group_active']) gr = form_result['users_group_name'] - action_logger(self.authuser, + action_logger(request.authuser, 'admin_created_users_group:%s' % gr, - None, self.ip_addr, self.sa) + None, request.ip_addr, self.sa) h.flash(h.literal(_('Created user group %s') % h.link_to(h.escape(gr), url('edit_users_group', id=ug.users_group_id))), category='success') Session().commit() @@ -181,9 +181,9 @@ class UserGroupsController(BaseControlle form_result = users_group_form.to_python(request.POST) UserGroupModel().update(c.user_group, form_result) gr = form_result['users_group_name'] - action_logger(self.authuser, + action_logger(request.authuser, 'admin_updated_users_group:%s' % gr, - None, self.ip_addr, self.sa) + None, request.ip_addr, self.sa) h.flash(_('Updated user group %s') % gr, category='success') Session().commit() except formencode.Invalid as errors: @@ -285,8 +285,8 @@ class UserGroupsController(BaseControlle h.flash(_('Target group cannot be the same'), category='error') raise HTTPFound(location=url('edit_user_group_perms', id=id)) #TODO: implement this - #action_logger(self.authuser, 'admin_changed_repo_permissions', - # repo_name, self.ip_addr, self.sa) + #action_logger(request.authuser, 'admin_changed_repo_permissions', + # repo_name, request.ip_addr, self.sa) Session().commit() h.flash(_('User group permissions updated'), category='success') raise HTTPFound(location=url('edit_user_group_perms', id=id)) @@ -301,8 +301,8 @@ class UserGroupsController(BaseControlle elif obj_type == 'user_group': obj_id = safe_int(request.POST.get('user_group_id')) - if not c.authuser.is_admin: - if obj_type == 'user' and c.authuser.user_id == obj_id: + if not request.authuser.is_admin: + if obj_type == 'user' and request.authuser.user_id == obj_id: msg = _('Cannot revoke permission for yourself as admin') h.flash(msg, category='warning') raise Exception('revoke admin permission on self') diff --git a/kallithea/controllers/admin/users.py b/kallithea/controllers/admin/users.py --- a/kallithea/controllers/admin/users.py +++ b/kallithea/controllers/admin/users.py @@ -121,8 +121,8 @@ class UsersController(BaseController): try: form_result = user_form.to_python(dict(request.POST)) user = user_model.create(form_result) - action_logger(self.authuser, 'admin_created_user:%s' % user.username, - None, self.ip_addr, self.sa) + action_logger(request.authuser, 'admin_created_user:%s' % user.username, + None, request.ip_addr, self.sa) h.flash(_('Created user %s') % user.username, category='success') Session().commit() @@ -160,8 +160,8 @@ class UsersController(BaseController): user_model.update(id, form_result, skip_attrs=skip_attrs) usr = form_result['username'] - action_logger(self.authuser, 'admin_updated_user:%s' % usr, - None, self.ip_addr, self.sa) + action_logger(request.authuser, 'admin_updated_user:%s' % usr, + None, request.ip_addr, self.sa) h.flash(_('User updated successfully'), category='success') Session().commit() except formencode.Invalid as errors: @@ -210,7 +210,6 @@ class UsersController(BaseController): c.user = user c.active = 'profile' c.perm_user = AuthUser(dbuser=user) - c.ip_addr = self.ip_addr managed_fields = auth_modules.get_managed_fields(user) c.readonly = lambda n: 'readonly' if n in managed_fields else None return render('admin/users/user_edit.html') @@ -229,7 +228,6 @@ class UsersController(BaseController): c.user = self._get_user_or_raise_if_default(id) c.active = 'advanced' c.perm_user = AuthUser(dbuser=c.user) - c.ip_addr = self.ip_addr umodel = UserModel() defaults = c.user.get_dict() @@ -298,7 +296,6 @@ class UsersController(BaseController): c.user = self._get_user_or_raise_if_default(id) c.active = 'perms' c.perm_user = AuthUser(dbuser=c.user) - c.ip_addr = self.ip_addr umodel = UserModel() defaults = c.user.get_dict() diff --git a/kallithea/controllers/api/__init__.py b/kallithea/controllers/api/__init__.py --- a/kallithea/controllers/api/__init__.py +++ b/kallithea/controllers/api/__init__.py @@ -109,7 +109,7 @@ class JSONRPCController(WSGIController): def _handle_request(self, environ, start_response): start = time.time() - ip_addr = self.ip_addr = self._get_ip_addr(environ) + ip_addr = request.ip_addr = self._get_ip_addr(environ) self._req_id = None if 'CONTENT_LENGTH' not in environ: log.debug("No Content-Length") @@ -188,7 +188,7 @@ class JSONRPCController(WSGIController): # this is little trick to inject logged in user for # perms decorators to work they expect the controller class to have # authuser attribute set - self.authuser = request.user = auth_u + request.authuser = request.user = auth_u # This attribute will need to be first param of a method that uses # api_key, which is translated to instance of user at that name diff --git a/kallithea/controllers/api/api.py b/kallithea/controllers/api/api.py --- a/kallithea/controllers/api/api.py +++ b/kallithea/controllers/api/api.py @@ -30,6 +30,8 @@ import traceback import logging from sqlalchemy import or_ +from pylons import request + from kallithea.controllers.api import JSONRPCController, JSONRPCError from kallithea.lib.auth import ( PasswordGenerator, AuthUser, HasPermissionAnyDecorator, @@ -145,7 +147,7 @@ class ApiController(JSONRPCController): """ API Controller - The authenticated user can be found as self.authuser. + The authenticated user can be found as request.authuser. Example function:: @@ -193,7 +195,7 @@ class ApiController(JSONRPCController): try: ScmModel().pull_changes(repo.repo_name, - self.authuser.username) + request.authuser.username) return dict( msg='Pulled from `%s`' % repo.repo_name, repository=repo.repo_name @@ -344,7 +346,7 @@ class ApiController(JSONRPCController): 'repository.write')(repo_name=repo.repo_name): # make sure normal user does not pass someone else userid, # he is not allowed to do that - if not isinstance(userid, Optional) and userid != self.authuser.user_id: + if not isinstance(userid, Optional) and userid != request.authuser.user_id: raise JSONRPCError( 'userid is not the same as your user' ) @@ -352,7 +354,7 @@ class ApiController(JSONRPCController): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) if isinstance(userid, Optional): - userid = self.authuser.user_id + userid = request.authuser.user_id user = get_user_or_error(userid) @@ -431,7 +433,7 @@ class ApiController(JSONRPCController): if not HasPermissionAny('hg.admin')(): # make sure normal user does not pass someone else userid, # he is not allowed to do that - if not isinstance(userid, Optional) and userid != self.authuser.user_id: + if not isinstance(userid, Optional) and userid != request.authuser.user_id: raise JSONRPCError( 'userid is not the same as your user' ) @@ -484,11 +486,11 @@ class ApiController(JSONRPCController): """ if isinstance(userid, Optional): - userid = self.authuser.user_id + userid = request.authuser.user_id user = get_user_or_error(userid) ips = UserIpMap.query().filter(UserIpMap.user == user).all() return dict( - server_ip_addr=self.ip_addr, + server_ip_addr=request.ip_addr, user_ips=ips ) @@ -559,13 +561,13 @@ class ApiController(JSONRPCController): if not HasPermissionAny('hg.admin')(): # make sure normal user does not pass someone else userid, # he is not allowed to do that - if not isinstance(userid, Optional) and userid != self.authuser.user_id: + if not isinstance(userid, Optional) and userid != request.authuser.user_id: raise JSONRPCError( 'userid is not the same as your user' ) if isinstance(userid, Optional): - userid = self.authuser.user_id + userid = request.authuser.user_id user = get_user_or_error(userid) data = user.get_api_data() @@ -896,7 +898,7 @@ class ApiController(JSONRPCController): try: if isinstance(owner, Optional): - owner = self.authuser.user_id + owner = request.authuser.user_id owner = get_user_or_error(owner) active = Optional.extract(active) @@ -1270,7 +1272,7 @@ class ApiController(JSONRPCController): """ result = [] if not HasPermissionAny('hg.admin')(): - repos = RepoModel().get_all_user_repos(user=self.authuser.user_id) + repos = RepoModel().get_all_user_repos(user=request.authuser.user_id) else: repos = Repository.query() @@ -1404,7 +1406,7 @@ class ApiController(JSONRPCController): 'Only Kallithea admin can specify `owner` param' ) if isinstance(owner, Optional): - owner = self.authuser.user_id + owner = request.authuser.user_id owner = get_user_or_error(owner) @@ -1603,7 +1605,7 @@ class ApiController(JSONRPCController): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) if isinstance(owner, Optional): - owner = self.authuser.user_id + owner = request.authuser.user_id owner = get_user_or_error(owner) @@ -1996,7 +1998,7 @@ class ApiController(JSONRPCController): raise JSONRPCError("repo group `%s` already exist" % (group_name,)) if isinstance(owner, Optional): - owner = self.authuser.user_id + owner = request.authuser.user_id group_description = Optional.extract(description) parent_group = Optional.extract(parent) if not isinstance(parent, Optional): @@ -2380,7 +2382,7 @@ class ApiController(JSONRPCController): """ gist = get_gist_or_error(gistid) if not HasPermissionAny('hg.admin')(): - if gist.owner_id != self.authuser.user_id: + if gist.owner_id != request.authuser.user_id: raise JSONRPCError('gist `%s` does not exist' % (gistid,)) return gist.get_api_data() @@ -2395,13 +2397,13 @@ class ApiController(JSONRPCController): if not HasPermissionAny('hg.admin')(): # make sure normal user does not pass someone else userid, # he is not allowed to do that - if not isinstance(userid, Optional) and userid != self.authuser.user_id: + if not isinstance(userid, Optional) and userid != request.authuser.user_id: raise JSONRPCError( 'userid is not the same as your user' ) if isinstance(userid, Optional): - user_id = self.authuser.user_id + user_id = request.authuser.user_id else: user_id = get_user_or_error(userid).user_id @@ -2454,7 +2456,7 @@ class ApiController(JSONRPCController): """ try: if isinstance(owner, Optional): - owner = self.authuser.user_id + owner = request.authuser.user_id owner = get_user_or_error(owner) description = Optional.extract(description) @@ -2509,7 +2511,7 @@ class ApiController(JSONRPCController): """ gist = get_gist_or_error(gistid) if not HasPermissionAny('hg.admin')(): - if gist.owner_id != self.authuser.user_id: + if gist.owner_id != request.authuser.user_id: raise JSONRPCError('gist `%s` does not exist' % (gistid,)) try: diff --git a/kallithea/controllers/changeset.py b/kallithea/controllers/changeset.py --- a/kallithea/controllers/changeset.py +++ b/kallithea/controllers/changeset.py @@ -179,7 +179,7 @@ def create_comment(text, status, f_path, comment = ChangesetCommentsModel().create( text=text, repo=c.db_repo.repo_id, - author=c.authuser.user_id, + author=request.authuser.user_id, revision=revision, pull_request=pull_request_id, f_path=f_path, @@ -387,7 +387,7 @@ class ChangesetController(BaseRepoContro ChangesetStatusModel().set_status( c.db_repo.repo_id, status, - c.authuser.user_id, + request.authuser.user_id, c.comment, revision=revision, dont_allow_on_closed_pull_request=True, @@ -396,9 +396,9 @@ class ChangesetController(BaseRepoContro log.debug('cannot change status on %s with closed pull request', revision) raise HTTPBadRequest() - action_logger(self.authuser, + action_logger(request.authuser, 'user_commented_revision:%s' % revision, - c.db_repo, self.ip_addr, self.sa) + c.db_repo, request.ip_addr, self.sa) Session().commit() @@ -421,7 +421,7 @@ class ChangesetController(BaseRepoContro co = ChangesetComment.get_or_404(comment_id) if co.repo.repo_name != repo_name: raise HTTPNotFound() - owner = co.author_id == c.authuser.user_id + owner = co.author_id == request.authuser.user_id repo_admin = h.HasRepoPermissionAny('repository.admin')(repo_name) if h.HasPermissionAny('hg.admin')() or repo_admin or owner: ChangesetCommentsModel().delete(comment=co) diff --git a/kallithea/controllers/files.py b/kallithea/controllers/files.py --- a/kallithea/controllers/files.py +++ b/kallithea/controllers/files.py @@ -327,7 +327,7 @@ class FilesController(BaseRepoController c.default_message = _('Deleted file %s via Kallithea') % (f_path) c.f_path = f_path node_path = f_path - author = self.authuser.full_contact + author = request.authuser.full_contact if r_post: message = r_post.get('message') or c.default_message @@ -339,7 +339,7 @@ class FilesController(BaseRepoController } } self.scm_model.delete_nodes( - user=c.authuser.user_id, repo=c.db_repo, + user=request.authuser.user_id, repo=c.db_repo, message=message, nodes=nodes, parent_cs=c.cs, @@ -400,7 +400,7 @@ class FilesController(BaseRepoController content = convert_line_endings(r_post.get('content', ''), mode) message = r_post.get('message') or c.default_message - author = self.authuser.full_contact + author = request.authuser.full_contact if content == old_content: h.flash(_('No changes'), category='warning') @@ -409,7 +409,7 @@ class FilesController(BaseRepoController try: self.scm_model.commit_change(repo=c.db_repo_scm_instance, repo_name=repo_name, cs=c.cs, - user=self.authuser.user_id, + user=request.authuser.user_id, author=author, message=message, content=content, f_path=f_path) h.flash(_('Successfully committed to %s') % f_path, @@ -470,7 +470,7 @@ class FilesController(BaseRepoController #strip all crap out of file, just leave the basename filename = os.path.basename(filename) node_path = posixpath.join(location, filename) - author = self.authuser.full_contact + author = request.authuser.full_contact try: nodes = { @@ -479,7 +479,7 @@ class FilesController(BaseRepoController } } self.scm_model.create_nodes( - user=c.authuser.user_id, repo=c.db_repo, + user=request.authuser.user_id, repo=c.db_repo, message=message, nodes=nodes, parent_cs=c.cs, @@ -582,9 +582,9 @@ class FilesController(BaseRepoController log.debug('Destroying temp archive %s', archive_path) os.remove(archive_path) - action_logger(user=c.authuser, + action_logger(user=request.authuser, action='user_downloaded_archive:%s' % (archive_name), - repo=repo_name, ipaddr=self.ip_addr, commit=True) + repo=repo_name, ipaddr=request.ip_addr, commit=True) response.content_disposition = str('attachment; filename=%s' % (archive_name)) response.content_type = str(content_type) diff --git a/kallithea/controllers/forks.py b/kallithea/controllers/forks.py --- a/kallithea/controllers/forks.py +++ b/kallithea/controllers/forks.py @@ -168,7 +168,7 @@ class ForksController(BaseRepoController # create fork is done sometimes async on celery, db transaction # management is handled there. - task = RepoModel().create_fork(form_result, self.authuser.user_id) + task = RepoModel().create_fork(form_result, request.authuser.user_id) task_id = task.task_id except formencode.Invalid as errors: return htmlfill.render( diff --git a/kallithea/controllers/journal.py b/kallithea/controllers/journal.py --- a/kallithea/controllers/journal.py +++ b/kallithea/controllers/journal.py @@ -196,9 +196,9 @@ class JournalController(BaseController): def index(self): # Return a rendered template p = safe_int(request.GET.get('page'), 1) - c.user = User.get(self.authuser.user_id) + c.user = User.get(request.authuser.user_id) c.following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() @@ -214,7 +214,7 @@ class JournalController(BaseController): return render('journal/journal_data.html') repos_list = Repository.query(sorted=True) \ - .filter_by(owner_id=self.authuser.user_id).all() + .filter_by(owner_id=request.authuser.user_id).all() repos_data = RepoModel().get_repos_as_dict(repos_list=repos_list, admin=True) @@ -230,7 +230,7 @@ class JournalController(BaseController): Produce an atom-1.0 feed via feedgenerator module """ following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() return self._atom_feed(following, public=False) @@ -242,7 +242,7 @@ class JournalController(BaseController): Produce an rss feed via feedgenerator module """ following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() return self._rss_feed(following, public=False) @@ -254,7 +254,7 @@ class JournalController(BaseController): if user_id: try: self.scm_model.toggle_following_user(user_id, - self.authuser.user_id) + request.authuser.user_id) Session.commit() return 'ok' except Exception: @@ -265,7 +265,7 @@ class JournalController(BaseController): if repo_id: try: self.scm_model.toggle_following_repo(repo_id, - self.authuser.user_id) + request.authuser.user_id) Session.commit() return 'ok' except Exception: @@ -280,7 +280,7 @@ class JournalController(BaseController): p = safe_int(request.GET.get('page'), 1) c.following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() @@ -301,7 +301,7 @@ class JournalController(BaseController): Produce an atom-1.0 feed via feedgenerator module """ c.following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() @@ -313,7 +313,7 @@ class JournalController(BaseController): Produce an rss2 feed via feedgenerator module """ c.following = self.sa.query(UserFollowing) \ - .filter(UserFollowing.user_id == self.authuser.user_id) \ + .filter(UserFollowing.user_id == request.authuser.user_id) \ .options(joinedload(UserFollowing.follows_repository)) \ .all() diff --git a/kallithea/controllers/login.py b/kallithea/controllers/login.py --- a/kallithea/controllers/login.py +++ b/kallithea/controllers/login.py @@ -79,10 +79,10 @@ class LoginController(BaseController): else: c.came_from = url('home') - ip_allowed = AuthUser.check_ip_allowed(self.authuser, self.ip_addr) + ip_allowed = AuthUser.check_ip_allowed(request.authuser, request.ip_addr) # redirect if already logged in - if self.authuser.is_authenticated and ip_allowed: + if request.authuser.is_authenticated and ip_allowed: raise HTTPFound(location=c.came_from) if request.POST: @@ -139,7 +139,7 @@ class LoginController(BaseController): response = submit(request.POST.get('recaptcha_challenge_field'), request.POST.get('recaptcha_response_field'), private_key=captcha_private_key, - remoteip=self.ip_addr) + remoteip=request.ip_addr) if c.captcha_active and not response.is_valid: _value = form_result _msg = _('Bad captcha') @@ -185,7 +185,7 @@ class LoginController(BaseController): response = submit(request.POST.get('recaptcha_challenge_field'), request.POST.get('recaptcha_response_field'), private_key=captcha_private_key, - remoteip=self.ip_addr) + remoteip=request.ip_addr) if c.captcha_active and not response.is_valid: _value = form_result _msg = _('Bad captcha') diff --git a/kallithea/controllers/pullrequests.py b/kallithea/controllers/pullrequests.py --- a/kallithea/controllers/pullrequests.py +++ b/kallithea/controllers/pullrequests.py @@ -181,13 +181,13 @@ class PullrequestsController(BaseRepoCon if pull_request.is_closed(): return False - owner = self.authuser.user_id == pull_request.owner_id + owner = request.authuser.user_id == pull_request.owner_id reviewer = PullRequestReviewer.query() \ .filter(PullRequestReviewer.pull_request == pull_request) \ - .filter(PullRequestReviewer.user_id == self.authuser.user_id) \ + .filter(PullRequestReviewer.user_id == request.authuser.user_id) \ .count() != 0 - return self.authuser.admin or owner or reviewer + return request.authuser.admin or owner or reviewer @LoginRequired() @HasRepoPermissionAnyDecorator('repository.read', 'repository.write', @@ -216,17 +216,17 @@ class PullrequestsController(BaseRepoCon c.my_pull_requests = PullRequest.query( include_closed=c.closed, sorted=True, - ).filter_by(owner_id=self.authuser.user_id).all() + ).filter_by(owner_id=request.authuser.user_id).all() c.participate_in_pull_requests = [] c.participate_in_pull_requests_todo = [] done_status = set([ChangesetStatus.STATUS_APPROVED, ChangesetStatus.STATUS_REJECTED]) for pr in PullRequest.query( include_closed=c.closed, - reviewer_id=self.authuser.user_id, + reviewer_id=request.authuser.user_id, sorted=True, ): - status = pr.user_review_status(c.authuser.user_id) # very inefficient!!! + status = pr.user_review_status(request.authuser.user_id) # very inefficient!!! if status in done_status: c.participate_in_pull_requests.append(pr) else: @@ -380,7 +380,7 @@ class PullrequestsController(BaseRepoCon other_repo_name, h.short_ref(other_ref_type, other_ref_name)) description = _form['pullrequest_desc'].strip() or _('No description') try: - created_by = User.get(self.authuser.user_id) + created_by = User.get(request.authuser.user_id) pull_request = PullRequestModel().create( created_by, org_repo, org_ref, other_repo, other_ref, revisions, title, description, reviewer_ids) @@ -482,7 +482,7 @@ class PullrequestsController(BaseRepoCon description += '\n\n' + descriptions[1].strip() try: - created_by = User.get(self.authuser.user_id) + created_by = User.get(request.authuser.user_id) pull_request = PullRequestModel().create( created_by, org_repo, new_org_ref, other_repo, new_other_ref, revisions, title, description, reviewer_ids) @@ -498,7 +498,7 @@ class PullrequestsController(BaseRepoCon ChangesetCommentsModel().create( text=_('Closed, next iteration: %s .') % pull_request.url(canonical=True), repo=old_pull_request.other_repo_id, - author=c.authuser.user_id, + author=request.authuser.user_id, pull_request=old_pull_request.pull_request_id, closing_pr=True) PullRequestModel().close_pull_request(old_pull_request.pull_request_id) @@ -520,7 +520,7 @@ class PullrequestsController(BaseRepoCon raise HTTPForbidden() assert pull_request.other_repo.repo_name == repo_name #only owner or admin can update it - owner = pull_request.owner_id == c.authuser.user_id + owner = pull_request.owner_id == request.authuser.user_id repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name) if not (h.HasPermissionAny('hg.admin')() or repo_admin or owner): raise HTTPForbidden() @@ -552,7 +552,7 @@ class PullrequestsController(BaseRepoCon pull_request.title = _form['pullrequest_title'] pull_request.description = _form['pullrequest_desc'].strip() or _('No description') pull_request.owner = User.get_by_username(_form['owner']) - user = User.get(c.authuser.user_id) + user = User.get(request.authuser.user_id) add_reviewer_ids = reviewer_ids - org_reviewer_ids - current_reviewer_ids remove_reviewer_ids = (org_reviewer_ids - reviewer_ids) & current_reviewer_ids try: @@ -576,7 +576,7 @@ class PullrequestsController(BaseRepoCon def delete(self, repo_name, pull_request_id): pull_request = PullRequest.get_or_404(pull_request_id) #only owner can delete it ! - if pull_request.owner_id == c.authuser.user_id: + if pull_request.owner_id == request.authuser.user_id: PullRequestModel().delete(pull_request) Session().commit() h.flash(_('Successfully deleted pull request'), @@ -798,7 +798,7 @@ class PullrequestsController(BaseRepoCon raise HTTPForbidden() if delete == "delete": - if (pull_request.owner_id == c.authuser.user_id or + if (pull_request.owner_id == request.authuser.user_id or h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionAny('repository.admin')(pull_request.org_repo.repo_name) or h.HasRepoPermissionAny('repository.admin')(pull_request.other_repo.repo_name) @@ -824,24 +824,24 @@ class PullrequestsController(BaseRepoCon closing_pr=close_pr, ) - action_logger(self.authuser, + action_logger(request.authuser, 'user_commented_pull_request:%s' % pull_request_id, - c.db_repo, self.ip_addr, self.sa) + c.db_repo, request.ip_addr, self.sa) if status: ChangesetStatusModel().set_status( c.db_repo.repo_id, status, - c.authuser.user_id, + request.authuser.user_id, comment, pull_request=pull_request_id ) if close_pr: PullRequestModel().close_pull_request(pull_request_id) - action_logger(self.authuser, + action_logger(request.authuser, 'user_closed_pull_request:%s' % pull_request_id, - c.db_repo, self.ip_addr, self.sa) + c.db_repo, request.ip_addr, self.sa) Session().commit() @@ -870,7 +870,7 @@ class PullrequestsController(BaseRepoCon #don't allow deleting comments on closed pull request raise HTTPForbidden() - owner = co.author_id == c.authuser.user_id + owner = co.author_id == request.authuser.user_id repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name) if h.HasPermissionAny('hg.admin')() or repo_admin or owner: ChangesetCommentsModel().delete(comment=co) diff --git a/kallithea/controllers/summary.py b/kallithea/controllers/summary.py --- a/kallithea/controllers/summary.py +++ b/kallithea/controllers/summary.py @@ -112,10 +112,10 @@ class SummaryController(BaseRepoControll def index(self, repo_name): _load_changelog_summary() - if self.authuser.is_default_user: + if request.authuser.is_default_user: username = '' else: - username = safe_str(self.authuser.username) + username = safe_str(request.authuser.username) _def_clone_uri = _def_clone_uri_by_id = c.clone_uri_tmpl if '{repo}' in _def_clone_uri: diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py --- a/kallithea/lib/auth.py +++ b/kallithea/lib/auth.py @@ -732,12 +732,12 @@ class LoginRequired(object): def __wrapper(self, func, *fargs, **fkwargs): controller = fargs[0] - user = controller.authuser + user = request.authuser loc = "%s:%s" % (controller.__class__.__name__, func.__name__) log.debug('Checking access for user %s @ %s', user, loc) - if not AuthUser.check_ip_allowed(user, controller.ip_addr): - raise _redirect_to_login(_('IP %s not allowed') % controller.ip_addr) + if not AuthUser.check_ip_allowed(user, request.ip_addr): + raise _redirect_to_login(_('IP %s not allowed') % request.ip_addr) # Check if we used an API key to authenticate. api_key = user.authenticating_api_key @@ -782,7 +782,7 @@ class NotAnonymous(object): def __wrapper(self, func, *fargs, **fkwargs): cls = fargs[0] - self.user = cls.authuser + self.user = request.authuser log.debug('Checking if user is not anonymous @%s', cls) @@ -805,7 +805,7 @@ class PermsDecorator(object): def __wrapper(self, func, *fargs, **fkwargs): cls = fargs[0] - self.user = cls.authuser + self.user = request.authuser self.user_perms = self.user.permissions log.debug('checking %s permissions %s for %s %s', self.__class__.__name__, self.required_perms, cls, self.user) diff --git a/kallithea/lib/base.py b/kallithea/lib/base.py --- a/kallithea/lib/base.py +++ b/kallithea/lib/base.py @@ -188,7 +188,6 @@ class BaseVCSController(object): # authenticate this VCS request using the authentication modules self.authenticate = BasicAuth('', auth_modules.authenticate, config.get('auth_ret_code')) - self.ip_addr = '0.0.0.0' def _handle_request(self, environ, start_response): raise NotImplementedError() @@ -358,11 +357,11 @@ class BaseController(WSGIController): c.repo_name = get_repo_slug(request) # can be empty c.backends = BACKENDS.keys() c.unread_notifications = NotificationModel() \ - .get_unread_cnt_for_user(c.authuser.user_id) + .get_unread_cnt_for_user(request.authuser.user_id) self.cut_off_limit = safe_int(config.get('cut_off_limit')) - c.my_pr_count = PullRequest.query(reviewer_id=c.authuser.user_id, include_closed=False).count() + c.my_pr_count = PullRequest.query(reviewer_id=request.authuser.user_id, include_closed=False).count() self.sa = meta.Session self.scm_model = ScmModel(self.sa) @@ -460,7 +459,7 @@ class BaseController(WSGIController): # the request is routed to. This routing information is # available in environ['pylons.routes_dict'] try: - self.ip_addr = _get_ip_addr(environ) + request.ip_addr = _get_ip_addr(environ) # make sure that we update permissions each time we call controller self._basic_security_checks() @@ -477,14 +476,14 @@ class BaseController(WSGIController): if type.lower() == 'bearer': bearer_token = params - self.authuser = c.authuser = request.user = self._determine_auth_user( + request.authuser = request.user = self._determine_auth_user( request.GET.get('api_key'), bearer_token, session.get('authuser'), ) log.info('IP: %s User: %s accessed %s', - self.ip_addr, self.authuser, + request.ip_addr, request.authuser, safe_unicode(_get_access_path(environ)), ) return WSGIController.__call__(self, environ, start_response) @@ -542,7 +541,7 @@ class BaseRepoController(BaseController) c.repository_forks = self.scm_model.get_forks(dbr) c.repository_pull_requests = self.scm_model.get_pull_requests(dbr) c.repository_following = self.scm_model.is_following_repo( - c.repo_name, self.authuser.user_id) + c.repo_name, request.authuser.user_id) @staticmethod def _get_ref_rev(repo, ref_type, ref_name, returnempty=False): diff --git a/kallithea/model/repo.py b/kallithea/model/repo.py --- a/kallithea/model/repo.py +++ b/kallithea/model/repo.py @@ -166,14 +166,14 @@ class RepoModel(BaseModel): @classmethod def _render_datatable(cls, tmpl, *args, **kwargs): import kallithea - from pylons import tmpl_context as c + from pylons import tmpl_context as c, request from pylons.i18n.translation import _ _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup template = _tmpl_lookup.get_template('data_table/_dt_elements.html') tmpl = template.get_def(tmpl) - kwargs.update(dict(_=_, h=h, c=c)) + kwargs.update(dict(_=_, h=h, c=c, request=request)) return tmpl.render(*args, **kwargs) def get_repos_as_dict(self, repos_list=None, admin=False, perm_check=True, diff --git a/kallithea/templates/admin/gists/edit.html b/kallithea/templates/admin/gists/edit.html --- a/kallithea/templates/admin/gists/edit.html +++ b/kallithea/templates/admin/gists/edit.html @@ -45,7 +45,7 @@
${h.form(h.url('edit_gist', gist_id=c.gist.gist_access_id), method='post', id='eform')}
- ${h.gravatar_div(c.authuser.email, size=32)} + ${h.gravatar_div(request.authuser.email, size=32)}
- %if h.HasPermissionAny('hg.admin')() or c.gist.owner_id == c.authuser.user_id: + %if h.HasPermissionAny('hg.admin')() or c.gist.owner_id == request.authuser.user_id:
${h.form(url('gist_delete', gist_id=c.gist.gist_id))} ${h.submit('remove_gist', _('Delete'),class_="btn btn-danger btn-xs",onclick="return confirm('"+_('Confirm to delete this Gist')+"');")} @@ -58,7 +58,7 @@ %endif
## only owner should see that - %if h.HasPermissionAny('hg.admin')() or c.gist.owner_id == c.authuser.user_id: + %if h.HasPermissionAny('hg.admin')() or c.gist.owner_id == request.authuser.user_id: ${h.link_to(_('Edit'),h.url('edit_gist', gist_id=c.gist.gist_access_id),class_="btn btn-default btn-xs")} %endif ${h.link_to(_('Show as Raw'),h.url('formatted_gist', gist_id=c.gist.gist_access_id, format='raw'),class_="btn btn-default btn-xs")} diff --git a/kallithea/templates/admin/my_account/my_account.html b/kallithea/templates/admin/my_account/my_account.html --- a/kallithea/templates/admin/my_account/my_account.html +++ b/kallithea/templates/admin/my_account/my_account.html @@ -2,7 +2,7 @@ <%inherit file="/base/base.html"/> <%block name="title"> - ${_('My Account')} ${c.authuser.username} + ${_('My Account')} ${request.authuser.username} <%def name="breadcrumbs_links()"> diff --git a/kallithea/templates/admin/my_account/my_account_profile.html b/kallithea/templates/admin/my_account/my_account_profile.html --- a/kallithea/templates/admin/my_account/my_account_profile.html +++ b/kallithea/templates/admin/my_account/my_account_profile.html @@ -11,7 +11,7 @@ ${h.form(url('my_account'), method='post %else: ${_('Avatars are disabled')}
${c.user.email or _('Missing email, please update your user email address.')} - [${_('Current IP')}: ${c.ip_addr}] + [${_('Current IP')}: ${request.ip_addr}] %endif

diff --git a/kallithea/templates/admin/notifications/notifications.html b/kallithea/templates/admin/notifications/notifications.html --- a/kallithea/templates/admin/notifications/notifications.html +++ b/kallithea/templates/admin/notifications/notifications.html @@ -2,7 +2,7 @@ <%inherit file="/base/base.html"/> <%block name="title"> - ${_('My Notifications')} ${c.authuser.username} + ${_('My Notifications')} ${request.authuser.username} <%def name="breadcrumbs_links()"> diff --git a/kallithea/templates/admin/notifications/show_notification.html b/kallithea/templates/admin/notifications/show_notification.html --- a/kallithea/templates/admin/notifications/show_notification.html +++ b/kallithea/templates/admin/notifications/show_notification.html @@ -2,7 +2,7 @@ <%inherit file="/base/base.html"/> <%block name="title"> - ${_('Show Notification')} ${c.authuser.username} + ${_('Show Notification')} ${request.authuser.username} <%def name="breadcrumbs_links()"> diff --git a/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html b/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html --- a/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html +++ b/kallithea/templates/admin/repo_groups/repo_group_edit_perms.html @@ -15,7 +15,7 @@ ${h.form(url('edit_repo_group_perms', gr %for r2p in c.repo_group.repo_group_to_perm: ##forbid revoking permission from yourself, except if you're an super admin - %if c.authuser.user_id != r2p.user.user_id or c.authuser.is_admin: + %if request.authuser.user_id != r2p.user.user_id or request.authuser.is_admin: ${h.radio('u_perm_%s' % r2p.user.username,'group.none')} ${h.radio('u_perm_%s' % r2p.user.username,'group.read')} ${h.radio('u_perm_%s' % r2p.user.username,'group.write')} diff --git a/kallithea/templates/admin/repos/repo_add.html b/kallithea/templates/admin/repos/repo_add.html --- a/kallithea/templates/admin/repos/repo_add.html +++ b/kallithea/templates/admin/repos/repo_add.html @@ -6,7 +6,7 @@ <%def name="breadcrumbs_links()"> - %if c.authuser.is_admin: + %if request.authuser.is_admin: ${h.link_to(_('Admin'),h.url('admin_home'))} » ${h.link_to(_('Repositories'),h.url('repos'))} diff --git a/kallithea/templates/admin/user_groups/user_group_edit_perms.html b/kallithea/templates/admin/user_groups/user_group_edit_perms.html --- a/kallithea/templates/admin/user_groups/user_group_edit_perms.html +++ b/kallithea/templates/admin/user_groups/user_group_edit_perms.html @@ -15,7 +15,7 @@ ${h.form(url('edit_user_group_perms_upda %for r2p in c.user_group.user_user_group_to_perm: ##forbid revoking permission from yourself, except if you're an super admin - %if c.authuser.user_id != r2p.user.user_id or c.authuser.is_admin: + %if request.authuser.user_id != r2p.user.user_id or request.authuser.is_admin: ${h.radio('u_perm_%s' % r2p.user.username,'usergroup.none')} ${h.radio('u_perm_%s' % r2p.user.username,'usergroup.read')} ${h.radio('u_perm_%s' % r2p.user.username,'usergroup.write')} diff --git a/kallithea/templates/admin/users/user_edit_profile.html b/kallithea/templates/admin/users/user_edit_profile.html --- a/kallithea/templates/admin/users/user_edit_profile.html +++ b/kallithea/templates/admin/users/user_edit_profile.html @@ -11,8 +11,8 @@ ${h.form(url('update_user', id=c.user.us ${_('Avatars are disabled')}
${c.user.email or _('Missing email, please update this user email address.')} ##show current ip just if we show ourself - %if c.authuser.username == c.user.username: - [${_('Current IP')}: ${c.ip_addr}] + %if request.authuser.username == c.user.username: + [${_('Current IP')}: ${request.ip_addr}] %endif %endif
diff --git a/kallithea/templates/base/base.html b/kallithea/templates/base/base.html --- a/kallithea/templates/base/base.html +++ b/kallithea/templates/base/base.html @@ -153,7 +153,7 @@ %endif ## TODO: this check feels wrong, it would be better to have a check for permissions ## also it feels like a job for the controller - %if c.authuser.username != 'default': + %if request.authuser.username != 'default':
  • ${_('Follow')} @@ -283,7 +283,7 @@
    • ##ROOT MENU - %if c.authuser.username != 'default': + %if request.authuser.username != 'default':
  • ${_('Journal')} @@ -303,7 +303,7 @@