kallithea Changeset - 069884383cc7

Changeset - 069884383cc7

Parent rev.

Child rev.

[Not reviewed]

beta

1 5 0

Marcin Kuzminski - 13 years ago 2013-02-05 03:04:46
marcin@python-works.com

Implemented #738 Giving a user WRITE+ permissions on folder should not allow repo creation in root folder.
user can create repos only if he got explicitly permission for creating repos globally, or have WRITE+ permission on a group.
Then he can create repositories inside this group

6 files changed with 43 insertions and 50 deletions:

rhodecode/controllers/admin/repos.py

rhodecode/controllers/admin/settings.py

rhodecode/templates/admin/repos/repo_add.html

rhodecode/templates/admin/repos/repo_add_base.html

rhodecode/templates/admin/repos/repo_add_create_repository.html

rhodecode/templates/index_base.html

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/repos.py

➞

Show inline comments

@@ @@ -19,58 +19,58 @@ @@
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 import formencode
 from formencode import htmlfill
 from webob.exc import HTTPInternalServerError
+from webob.exc import HTTPInternalServerError, HTTPForbidden
 from pylons import request, session, tmpl_context as c, url
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 from sqlalchemy.exc import IntegrityError
 import rhodecode
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator, HasRepoPermissionAllDecorator
     HasPermissionAnyDecorator, HasRepoPermissionAllDecorator, NotAnonymous,\
     HasPermissionAny, HasReposGroupPermissionAny
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.lib.utils import invalidate_cache, action_logger, repo_name_slug
 from rhodecode.lib.helpers import get_token
 from rhodecode.model.meta import Session
 from rhodecode.model.db import User, Repository, UserFollowing, RepoGroup,\
     RhodeCodeSetting, RepositoryField
 from rhodecode.model.forms import RepoForm, RepoFieldForm
 from rhodecode.model.scm import ScmModel, GroupList
 from rhodecode.model.repo import RepoModel
 from rhodecode.lib.compat import json
 from sqlalchemy.sql.expression import func
 log = logging.getLogger(__name__)
 class ReposController(BaseRepoController):
     """
     REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('repo', 'repos')
     @LoginRequired()
     @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(ReposController, self).__before__()
     def __load_defaults(self):
         acl_groups = GroupList(RepoGroup.query().all(),
                                perm_set=['group.write', 'group.admin'])
         c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         repo_model = RepoModel()
@@ @@ -139,93 +139,98 @@ class ReposController(BaseRepoController @@
         c.repos_list = Repository.query()\
                         .order_by(func.lower(Repository.repo_name))\
                         .all()
         repos_data = RepoModel().get_repos_as_dict(repos_list=c.repos_list,
                                                    admin=True,
                                                    super_user_actions=True)
         #json used to render the grid
         c.data = json.dumps(repos_data)
         return render('admin/repos/repos.html')
-    @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
+    @NotAnonymous()
     def create(self):
         """
         POST /repos: Create a new item"""
         # url('repos')
         self.__load_defaults()
         form_result = {}
         try:
             form_result = RepoForm(repo_groups=c.repo_groups_choices,
                                    landing_revs=c.landing_revs_choices)()\
                             .to_python(dict(request.POST))
             #we check ACLs after form, since we want to display nicer errors
             #if form forbids creation of repos inside a group we don't have
             #perms for
             if not HasPermissionAny('hg.admin', 'hg.create.repository')():
                 #you're not super admin nor have global create permissions,
                 #but maybe you have at least write permission to a parent group ?
                 parent_group = request.POST.get('repo_group')
                 _gr = RepoGroup.get(parent_group)
                 gr_name = _gr.group_name if _gr else None
                 if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name):
                     msg = _('no permission to create repository in root location')
                     raise formencode.Invalid('', form_result, None,
                                              error_dict={'repo_group': msg})
             new_repo = RepoModel().create(form_result,
                                           self.rhodecode_user.user_id)
             if form_result['clone_uri']:
                 h.flash(_('created repository %s from %s') \
                     % (form_result['repo_name'], form_result['clone_uri']),
                     category='success')
             else:
                 h.flash(_('created repository %s') % form_result['repo_name'],
                     category='success')
             if request.POST.get('user_created'):
                 # created by regular non admin user
                 action_logger(self.rhodecode_user, 'user_created_repo',
                               form_result['repo_name_full'], self.ip_addr,
                               self.sa)
             else:
                 action_logger(self.rhodecode_user, 'admin_created_repo',
                               form_result['repo_name_full'], self.ip_addr,
                               self.sa)
             Session().commit()
         except formencode.Invalid, errors:
             c.new_repo = errors.value['repo_name']
             if request.POST.get('user_created'):
                 r = render('admin/repos/repo_add_create_repository.html')
             else:
                 r = render('admin/repos/repo_add.html')
             return htmlfill.render(
-                r,
+                render('admin/repos/repo_add.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             msg = _('error occurred during creation of repository %s') \
                     % form_result.get('repo_name')
             h.flash(msg, category='error')
             if c.rhodecode_user.is_admin:
             return redirect(url('repos'))
             return redirect(url('home'))
         #redirect to our new repo !
         return redirect(url('summary_home', repo_name=new_repo.repo_name))
     @HasPermissionAllDecorator('hg.admin')
     def new(self, format='html'):
         """
         WARNING: this function is depracated see settings.create_repo !!
         GET /repos/new: Form to create a new item
         """
         new_repo = request.GET.get('repo', '')
         parent_group = request.GET.get('parent_group')
         c.new_repo = repo_name_slug(new_repo)
         self.__load_defaults()
         ## apply the defaults from defaults page
         defaults = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True)
         if parent_group:
             defaults.update({'repo_group': parent_group})
         return htmlfill.render(
             render('admin/repos/repo_add.html'),
             defaults=defaults,
             errors={},
             prefix_error=False,
             encoding="UTF-8"

rhodecode/controllers/admin/settings.py

➞

Show inline comments

@@ @@ -28,41 +28,43 @@ import traceback @@
 import formencode
 import pkg_resources
 import platform
 from sqlalchemy import func
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url, config
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator, NotAnonymous
     HasPermissionAnyDecorator, NotAnonymous, HasPermissionAny,\
     HasReposGroupPermissionAll, HasReposGroupPermissionAny
 from rhodecode.lib.base import BaseController, render
 from rhodecode.lib.celerylib import tasks, run_task
 from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \
     set_rhodecode_config, repo_name_slug, check_git_version
 from rhodecode.model.db import RhodeCodeUi, Repository, RepoGroup, \
     RhodeCodeSetting, PullRequest, PullRequestReviewers
 from rhodecode.model.forms import UserForm, ApplicationSettingsForm, \
     ApplicationUiSettingsForm, ApplicationVisualisationForm
 from rhodecode.model.scm import ScmModel, GroupList
 from rhodecode.model.user import UserModel
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.db import User
 from rhodecode.model.notification import EmailNotificationModel
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils2 import str2bool, safe_unicode
 from rhodecode.lib.compat import json
 from webob.exc import HTTPForbidden
 log = logging.getLogger(__name__)
 class SettingsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('setting', 'settings', controller='admin/settings',
     #         path_prefix='/admin', name_prefix='admin_')
     @LoginRequired()
     def __before__(self):
@@ @@ -475,45 +477,51 @@ class SettingsController(BaseController) @@
         c.my_pull_requests = PullRequest.query()\
                                 .filter(PullRequest.user_id ==
                                         self.rhodecode_user.user_id)\
                                 .all()
         c.participate_in_pull_requests = \
             [x.pull_request for x in PullRequestReviewers.query()\
                                     .filter(PullRequestReviewers.user_id ==
                                             self.rhodecode_user.user_id)\
                                     .all()]
         return render('admin/users/user_edit_my_account_pullrequests.html')
     @NotAnonymous()
     @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
     def create_repository(self):
         """GET /_admin/create_repository: Form to create a new item"""
         new_repo = request.GET.get('repo', '')
         parent_group = request.GET.get('parent_group')
         if not HasPermissionAny('hg.admin', 'hg.create.repository')():
             #you're not super admin nor have global create permissions,
             #but maybe you have at least write permission to a parent group ?
             _gr = RepoGroup.get(parent_group)
             gr_name = _gr.group_name if _gr else None
             if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name):
                 raise HTTPForbidden
         acl_groups = GroupList(RepoGroup.query().all(),
                                perm_set=['group.write', 'group.admin'])
         c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         choices, c.landing_revs = ScmModel().get_repo_landing_revs()
         new_repo = request.GET.get('repo', '')
         parent_group = request.GET.get('parent_group')
         c.new_repo = repo_name_slug(new_repo)
         ## apply the defaults from defaults page
         defaults = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True)
         if parent_group:
             defaults.update({'repo_group': parent_group})
         return htmlfill.render(
-            render('admin/repos/repo_add_create_repository.html'),
+            render('admin/repos/repo_add.html'),
             defaults=defaults,
             errors={},
             prefix_error=False,
             encoding="UTF-8"
+        )
     def _get_hg_ui_settings(self):
         ret = RhodeCodeUi.query().all()
         if not ret:
             raise Exception('Could not get application ui settings !')
         settings = {}

rhodecode/templates/admin/repos/repo_add.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <%inherit file="/base/base.html"/>
 <%def name="title()">
     ${_('Add repository')} - ${c.rhodecode_name}
 </%def>
 <%def name="breadcrumbs_links()">
     %if c.rhodecode_user.is_admin:
     ${h.link_to(_('Admin'),h.url('admin_home'))}
     &raquo;
     ${h.link_to(_('Repositories'),h.url('repos'))}
     %else:
     ${_('Admin')}
     &raquo;
     ${_('Repositories')}
     %endif
     &raquo;
     ${_('add new')}
 </%def>
 <%def name="page_nav()">
     ${self.menu('admin')}
 </%def>
 <%def name="main()">
     <div class="box">
         <!-- box / title -->
         <div class="title">

rhodecode/templates/admin/repos/repo_add_base.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 ${h.form(url('repos'))}
 <div class="form">
     <!-- fields -->
     <div class="fields">
         <div class="field">
             <div class="label">
                 <label for="repo_name">${_('Name')}:</label>
             </div>
             <div class="input">
                 ${h.text('repo_name',c.new_repo,class_="small")}
                 %if not h.HasPermissionAll('hg.admin')('repo create form'):
                 ${h.text('repo_name',class_="small")}
                 %if not c.rhodecode_user.is_admin:
                     ${h.hidden('user_created',True)}
                 %endif
             </div>
          </div>
         <div class="field">
             <div class="label">
                 <label for="clone_uri">${_('Clone from')}:</label>
             </div>
             <div class="input">
                 ${h.text('clone_uri',class_="small")}
                 <span class="help-block">${_('Optional http[s] url from which repository should be cloned.')}</span>
             </div>

rhodecode/templates/admin/repos/repo_add_create_repository.html

➞

Show inline comments

deleted file

rhodecode/templates/index_base.html

➞

Show inline comments

 <%page args="parent" />
     <div class="box">
         <!-- box / title -->
         <div class="title">
             <h5>
             <input class="q_filter_box" id="q_filter" size="15" type="text" name="filter" value="${_('quick filter...')}"/> ${parent.breadcrumbs()} <span id="repo_count">0</span> ${_('repositories')}
             </h5>
             %if c.rhodecode_user.username != 'default':
               <ul class="links">
                 %if h.HasPermissionAny('hg.admin','hg.create.repository')():
+                %if h.HasPermissionAny('hg.admin','hg.create.repository')() or h.HasReposGroupPermissionAny('group.write', 'group.admin')(c.group.group_name if c.group else None):
                   <li>
                   %if c.group:
                     %if h.HasReposGroupPermissionAny('group.write', 'group.admin')(c.group.group_name):
                         <span>${h.link_to(_('Add repository'),h.url('admin_settings_create_repository',parent_group=c.group.group_id))}</span>
                     %endif
                   %else:
                     <span>${h.link_to(_('Add repository'),h.url('admin_settings_create_repository'))}</span>
                   %endif
                   </li>
                 %endif
                 %if c.group and h.HasReposGroupPermissionAny('group.admin')(c.group.group_name):
                 <li>
                     <span>${h.link_to(_('Edit group'),h.url('edit_repos_group',group_name=c.group.group_name), title=_('You have admin right to this group, and can edit it'))}</span>
                 </li>
                 %endif
               </ul>
             %endif

0 comments (0 inline, 0 general)