# HG changeset patch
# User Søren Løvborg <sorenl@unity3d.com>
# Date 2016-04-07 17:53:51
# Node ID 9a35244c35b664d7f8d4f645c70508692ace0ad6
# Parent  09bcde0eee6d26b003d90f79e8f5aa3dee533ab6

auth: clean up PermsFunction

Now shows scope in HasUserGroupPermissionAny instead of '?'.

diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py
--- a/kallithea/lib/auth.py
+++ b/kallithea/lib/auth.py
@@ -944,7 +944,7 @@ class PermsFunction(object):
         """
         raise AssertionError(self.__class__.__name__ + ' is not a bool and must be called!')
 
-    def __call__(self, check_location='', user=None):
+    def __call__(self, check_location='unspecified location', user=None):
         if not user:
             #TODO: remove this someday,put as user as attribute here
             user = request.user
@@ -954,34 +954,28 @@ class PermsFunction(object):
             user = AuthUser(user.user_id)
 
         cls_name = self.__class__.__name__
-        check_scope = {
-            'HasPermissionAny': '',
-            'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
-            'HasRepoGroupPermissionAny': 'group:%s' % self.group_name,
-        }.get(cls_name, '?')
+        check_scope = self._scope()
         log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
                   self.required_perms, user, check_scope,
-                  check_location or 'unspecified location')
+                  check_location)
         if not user:
             log.debug('Empty request user')
             return False
         self.user_perms = user.permissions
-        if self.check_permissions():
-            log.debug('Permission to %s granted for user: %s @ %s',
-                      check_scope, user,
-                         check_location or 'unspecified location')
-            return True
 
-        else:
-            log.debug('Permission to %s denied for user: %s @ %s',
-                      check_scope, user,
-                         check_location or 'unspecified location')
-            return False
+        result = self.check_permissions()
+        result_text = 'granted' if result else 'denied'
+        log.debug('Permission to %s %s for user: %s @ %s',
+            check_scope, result_text, user, check_location)
+        return result
 
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')
 
+    def _scope(self):
+        return '(unknown scope)'
+
 
 class HasPermissionAny(PermsFunction):
     def check_permissions(self):
@@ -1009,6 +1003,9 @@ class HasRepoPermissionAny(PermsFunction
             return True
         return False
 
+    def _scope(self):
+        return 'repo:%s' % self.repo_name
+
 
 class HasRepoGroupPermissionAny(PermsFunction):
     def __call__(self, group_name=None, check_location='', user=None):
@@ -1026,6 +1023,9 @@ class HasRepoGroupPermissionAny(PermsFun
             return True
         return False
 
+    def _scope(self):
+        return 'repogroup:%s' % self.group_name
+
 
 class HasUserGroupPermissionAny(PermsFunction):
     def __call__(self, user_group_name=None, check_location='', user=None):
@@ -1043,6 +1043,9 @@ class HasUserGroupPermissionAny(PermsFun
             return True
         return False
 
+    def _scope(self):
+        return 'usergroup:%s' % self.user_group_name
+
 
 #==============================================================================
 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH