# HG changeset patch # User Mads Kiilerich # Date 2016-09-12 17:41:19 # Node ID c96e05599877d109f671ec338ac121b413d54d8b # Parent 41e70d120a5eb5f549e66c8df9731f837682e7b0 api: stop explicitly passing apiuser to auth methods - use the global user instead diff --git a/kallithea/controllers/api/api.py b/kallithea/controllers/api/api.py --- a/kallithea/controllers/api/api.py +++ b/kallithea/controllers/api/api.py @@ -282,11 +282,11 @@ class ApiController(JSONRPCController): """ repo = get_repo_or_error(repoid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo ! if not HasRepoPermissionAnyApi('repository.admin', 'repository.write')( - user=apiuser, repo_name=repo.repo_name): + repo_name=repo.repo_name): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) try: @@ -348,11 +348,10 @@ class ApiController(JSONRPCController): """ repo = get_repo_or_error(repoid) - if HasPermissionAnyApi('hg.admin')(user=apiuser): + if HasPermissionAnyApi('hg.admin')(): pass elif HasRepoPermissionAnyApi('repository.admin', - 'repository.write')(user=apiuser, - repo_name=repo.repo_name): + 'repository.write')(repo_name=repo.repo_name): # make sure normal user does not pass someone else userid, # he is not allowed to do that if not isinstance(userid, Optional) and userid != apiuser.user_id: @@ -441,7 +440,7 @@ class ApiController(JSONRPCController): error : null """ - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # make sure normal user does not pass someone else userid, # he is not allowed to do that if not isinstance(userid, Optional) and userid != apiuser.user_id: @@ -575,7 +574,7 @@ class ApiController(JSONRPCController): error: null """ - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # make sure normal user does not pass someone else userid, # he is not allowed to do that if not isinstance(userid, Optional) and userid != apiuser.user_id: @@ -850,11 +849,11 @@ class ApiController(JSONRPCController): """ user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have at least read permission for this user group ! _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) data = user_group.get_api_data() @@ -879,9 +878,8 @@ class ApiController(JSONRPCController): result = [] _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) - extras = {'user': apiuser} for user_group in UserGroupList(UserGroup.get_all(), - perm_set=_perms, extra_kwargs=extras): + perm_set=_perms): result.append(user_group.get_api_data()) return result @@ -986,11 +984,11 @@ class ApiController(JSONRPCController): """ user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this user group ! _perms = ('usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) if not isinstance(owner, Optional): @@ -1045,11 +1043,11 @@ class ApiController(JSONRPCController): """ user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this user group ! _perms = ('usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) try: @@ -1106,11 +1104,11 @@ class ApiController(JSONRPCController): """ user = get_user_or_error(userid) user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this user group ! _perms = ('usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) try: @@ -1160,11 +1158,11 @@ class ApiController(JSONRPCController): """ user = get_user_or_error(userid) user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this user group ! _perms = ('usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) try: @@ -1245,10 +1243,10 @@ class ApiController(JSONRPCController): """ repo = get_repo_or_error(repoid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo ! perms = ('repository.admin', 'repository.write', 'repository.read') - if not HasRepoPermissionAnyApi(*perms)(user=apiuser, repo_name=repo.repo_name): + if not HasRepoPermissionAnyApi(*perms)(repo_name=repo.repo_name): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) members = [] @@ -1315,7 +1313,7 @@ class ApiController(JSONRPCController): error: null """ result = [] - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): repos = RepoModel().get_all_user_repos(user=apiuser) else: repos = Repository.get_all() @@ -1359,10 +1357,10 @@ class ApiController(JSONRPCController): """ repo = get_repo_or_error(repoid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo ! perms = ('repository.admin', 'repository.write', 'repository.read') - if not HasRepoPermissionAnyApi(*perms)(user=apiuser, repo_name=repo.repo_name): + if not HasRepoPermissionAnyApi(*perms)(repo_name=repo.repo_name): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) ret_type = Optional.extract(ret_type) @@ -1447,7 +1445,7 @@ class ApiController(JSONRPCController): } """ - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): if not isinstance(owner, Optional): # forbid setting owner for non-admins raise JSONRPCError( @@ -1541,14 +1539,13 @@ class ApiController(JSONRPCController): :param enable_downloads: """ repo = get_repo_or_error(repoid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo ! - if not HasRepoPermissionAnyApi('repository.admin')(user=apiuser, - repo_name=repo.repo_name): + if not HasRepoPermissionAnyApi('repository.admin')(repo_name=repo.repo_name): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) if (name != repo.repo_name and - not HasPermissionAnyApi('hg.create.repository')(user=apiuser) + not HasPermissionAnyApi('hg.create.repository')() ): raise JSONRPCError('no permission to create (or move) repositories') @@ -1641,19 +1638,18 @@ class ApiController(JSONRPCController): type_ = 'fork' if _repo.fork else 'repo' raise JSONRPCError("%s `%s` already exist" % (type_, fork_name)) - if HasPermissionAnyApi('hg.admin')(user=apiuser): + if HasPermissionAnyApi('hg.admin')(): pass elif HasRepoPermissionAnyApi('repository.admin', 'repository.write', - 'repository.read')(user=apiuser, - repo_name=repo.repo_name): + 'repository.read')(repo_name=repo.repo_name): if not isinstance(owner, Optional): # forbid setting owner for non-admins raise JSONRPCError( 'Only Kallithea admin can specify `owner` param' ) - if not HasPermissionAnyApi('hg.create.repository')(user=apiuser): + if not HasPermissionAnyApi('hg.create.repository')(): raise JSONRPCError('no permission to create repositories') else: raise JSONRPCError('repository `%s` does not exist' % (repoid,)) @@ -1724,10 +1720,9 @@ class ApiController(JSONRPCController): """ repo = get_repo_or_error(repoid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo ! - if not HasRepoPermissionAnyApi('repository.admin')(user=apiuser, - repo_name=repo.repo_name): + if not HasRepoPermissionAnyApi('repository.admin')(repo_name=repo.repo_name): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) try: @@ -1883,17 +1878,17 @@ class ApiController(JSONRPCController): repo = get_repo_or_error(repoid) perm = get_perm_or_error(perm) user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo ! _perms = ('repository.admin',) if not HasRepoPermissionAnyApi(*_perms)( - user=apiuser, repo_name=repo.repo_name): + repo_name=repo.repo_name): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) # check if we have at least read permission for this user group ! _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) try: @@ -1941,17 +1936,17 @@ class ApiController(JSONRPCController): """ repo = get_repo_or_error(repoid) user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo ! _perms = ('repository.admin',) if not HasRepoPermissionAnyApi(*_perms)( - user=apiuser, repo_name=repo.repo_name): + repo_name=repo.repo_name): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) # check if we have at least read permission for this user group ! _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) try: @@ -2203,10 +2198,9 @@ class ApiController(JSONRPCController): repo_group = get_repo_group_or_error(repogroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo group ! - if not HasRepoGroupPermissionAnyApi('group.admin')(user=apiuser, - group_name=repo_group.group_name): + if not HasRepoGroupPermissionAnyApi('group.admin')(group_name=repo_group.group_name): raise JSONRPCError('repository group `%s` does not exist' % (repogroupid,)) user = get_user_or_error(userid) @@ -2270,10 +2264,9 @@ class ApiController(JSONRPCController): repo_group = get_repo_group_or_error(repogroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo group ! - if not HasRepoGroupPermissionAnyApi('group.admin')(user=apiuser, - group_name=repo_group.group_name): + if not HasRepoGroupPermissionAnyApi('group.admin')(group_name=repo_group.group_name): raise JSONRPCError('repository group `%s` does not exist' % (repogroupid,)) user = get_user_or_error(userid) @@ -2341,18 +2334,18 @@ class ApiController(JSONRPCController): repo_group = get_repo_group_or_error(repogroupid) perm = get_perm_or_error(perm, prefix='group.') user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo group ! _perms = ('group.admin',) if not HasRepoGroupPermissionAnyApi(*_perms)( - user=apiuser, group_name=repo_group.group_name): + group_name=repo_group.group_name): raise JSONRPCError( 'repository group `%s` does not exist' % (repogroupid,)) # check if we have at least read permission for this user group ! _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError( 'user group `%s` does not exist' % (usergroupid,)) @@ -2419,18 +2412,18 @@ class ApiController(JSONRPCController): """ repo_group = get_repo_group_or_error(repogroupid) user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo group ! _perms = ('group.admin',) if not HasRepoGroupPermissionAnyApi(*_perms)( - user=apiuser, group_name=repo_group.group_name): + group_name=repo_group.group_name): raise JSONRPCError( 'repository group `%s` does not exist' % (repogroupid,)) # check if we have at least read permission for this user group ! _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError( 'user group `%s` does not exist' % (usergroupid,)) @@ -2466,7 +2459,7 @@ class ApiController(JSONRPCController): :type gistid: str """ gist = get_gist_or_error(gistid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): if gist.gist_owner != apiuser.user_id: raise JSONRPCError('gist `%s` does not exist' % (gistid,)) return gist.get_api_data() @@ -2481,7 +2474,7 @@ class ApiController(JSONRPCController): :param userid: user to get gists for :type userid: Optional(str or int) """ - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # make sure normal user does not pass someone else userid, # he is not allowed to do that if not isinstance(userid, Optional) and userid != apiuser.user_id: @@ -2601,7 +2594,7 @@ class ApiController(JSONRPCController): """ gist = get_gist_or_error(gistid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): if gist.gist_owner != apiuser.user_id: raise JSONRPCError('gist `%s` does not exist' % (gistid,)) diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py --- a/kallithea/lib/auth.py +++ b/kallithea/lib/auth.py @@ -939,10 +939,7 @@ class PermsFunction(object): """ raise AssertionError(self.__class__.__name__ + ' is not a bool and must be called!') - def __call__(self, check_location='unspecified location', user=None): - if user: - assert user.user_id == request.user.user_id, (user, request.user) - + def __call__(self, check_location='unspecified location'): user = request.user assert user assert isinstance(user, AuthUser), user @@ -976,9 +973,9 @@ class HasPermissionAny(PermsFunction): class HasRepoPermissionAny(PermsFunction): - def __call__(self, repo_name=None, check_location='', user=None): + def __call__(self, repo_name=None, check_location=''): self.repo_name = repo_name - return super(HasRepoPermissionAny, self).__call__(check_location, user) + return super(HasRepoPermissionAny, self).__call__(check_location) def check_permissions(self): if not self.repo_name: @@ -999,9 +996,9 @@ class HasRepoPermissionAny(PermsFunction class HasRepoGroupPermissionAny(PermsFunction): - def __call__(self, group_name=None, check_location='', user=None): + def __call__(self, group_name=None, check_location=''): self.group_name = group_name - return super(HasRepoGroupPermissionAny, self).__call__(check_location, user) + return super(HasRepoGroupPermissionAny, self).__call__(check_location) def check_permissions(self): try: @@ -1019,9 +1016,9 @@ class HasRepoGroupPermissionAny(PermsFun class HasUserGroupPermissionAny(PermsFunction): - def __call__(self, user_group_name=None, check_location='', user=None): + def __call__(self, user_group_name=None, check_location=''): self.user_group_name = user_group_name - return super(HasUserGroupPermissionAny, self).__call__(check_location, user) + return super(HasUserGroupPermissionAny, self).__call__(check_location) def check_permissions(self): try: @@ -1075,11 +1072,7 @@ class _BaseApiPerm(object): def __init__(self, *perms): self.required_perms = set(perms) - def __call__(self, check_location=None, user=None, repo_name=None, - group_name=None): - assert user - assert user.user_id == request.user.user_id, (user, request.user) - + def __call__(self, check_location=None, repo_name=None, group_name=None): user = request.user assert user assert isinstance(user, AuthUser), user