kallithea Changeset - 069884383cc7

Changeset - 069884383cc7

Parent rev.

Child rev.

[Not reviewed]

beta

1 5 0

Marcin Kuzminski - 13 years ago 2013-02-05 03:04:46
marcin@python-works.com

Implemented #738 Giving a user WRITE+ permissions on folder should not allow repo creation in root folder.
user can create repos only if he got explicitly permission for creating repos globally, or have WRITE+ permission on a group.
Then he can create repositories inside this group

6 files changed with 44 insertions and 51 deletions:

rhodecode/controllers/admin/repos.py

rhodecode/controllers/admin/settings.py

rhodecode/templates/admin/repos/repo_add.html

rhodecode/templates/admin/repos/repo_add_base.html

rhodecode/templates/admin/repos/repo_add_create_repository.html

rhodecode/templates/index_base.html

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/repos.py

➞

Show inline comments

@@ @@ -25,22 +25,23 @@ @@
 import logging
 import traceback
 import formencode
 from formencode import htmlfill
 from webob.exc import HTTPInternalServerError
+from webob.exc import HTTPInternalServerError, HTTPForbidden
 from pylons import request, session, tmpl_context as c, url
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 from sqlalchemy.exc import IntegrityError
 import rhodecode
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator, HasRepoPermissionAllDecorator
     HasPermissionAnyDecorator, HasRepoPermissionAllDecorator, NotAnonymous,\
     HasPermissionAny, HasReposGroupPermissionAny
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.lib.utils import invalidate_cache, action_logger, repo_name_slug
 from rhodecode.lib.helpers import get_token
 from rhodecode.model.meta import Session
 from rhodecode.model.db import User, Repository, UserFollowing, RepoGroup,\
     RhodeCodeSetting, RepositoryField
@@ @@ -58,13 +59,12 @@ class ReposController(BaseRepoController @@
     REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('repo', 'repos')
     @LoginRequired()
     @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(ReposController, self).__before__()
     def __load_defaults(self):
@@ @@ -145,24 +145,38 @@ class ReposController(BaseRepoController @@
                                                    super_user_actions=True)
         #json used to render the grid
         c.data = json.dumps(repos_data)
         return render('admin/repos/repos.html')
-    @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
+    @NotAnonymous()
     def create(self):
         """
         POST /repos: Create a new item"""
         # url('repos')
         self.__load_defaults()
         form_result = {}
         try:
             form_result = RepoForm(repo_groups=c.repo_groups_choices,
                                    landing_revs=c.landing_revs_choices)()\
                             .to_python(dict(request.POST))
             #we check ACLs after form, since we want to display nicer errors
             #if form forbids creation of repos inside a group we don't have
             #perms for
             if not HasPermissionAny('hg.admin', 'hg.create.repository')():
                 #you're not super admin nor have global create permissions,
                 #but maybe you have at least write permission to a parent group ?
                 parent_group = request.POST.get('repo_group')
                 _gr = RepoGroup.get(parent_group)
                 gr_name = _gr.group_name if _gr else None
                 if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name):
                     msg = _('no permission to create repository in root location')
                     raise formencode.Invalid('', form_result, None,
                                              error_dict={'repo_group': msg})
             new_repo = RepoModel().create(form_result,
                                           self.rhodecode_user.user_id)
             if form_result['clone_uri']:
                 h.flash(_('created repository %s from %s') \
                     % (form_result['repo_name'], form_result['clone_uri']),
                     category='success')
@@ @@ -178,48 +192,39 @@ class ReposController(BaseRepoController @@
             else:
                 action_logger(self.rhodecode_user, 'admin_created_repo',
                               form_result['repo_name_full'], self.ip_addr,
                               self.sa)
             Session().commit()
         except formencode.Invalid, errors:
             c.new_repo = errors.value['repo_name']
             if request.POST.get('user_created'):
                 r = render('admin/repos/repo_add_create_repository.html')
             else:
                 r = render('admin/repos/repo_add.html')
             return htmlfill.render(
-                r,
+                render('admin/repos/repo_add.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             msg = _('error occurred during creation of repository %s') \
                     % form_result.get('repo_name')
             h.flash(msg, category='error')
             return redirect(url('repos'))
             if c.rhodecode_user.is_admin:
                 return redirect(url('repos'))
             return redirect(url('home'))
         #redirect to our new repo !
         return redirect(url('summary_home', repo_name=new_repo.repo_name))
     @HasPermissionAllDecorator('hg.admin')
     def new(self, format='html'):
         """
         WARNING: this function is depracated see settings.create_repo !!
         GET /repos/new: Form to create a new item
         """
         new_repo = request.GET.get('repo', '')
         parent_group = request.GET.get('parent_group')
         c.new_repo = repo_name_slug(new_repo)
         self.__load_defaults()
         ## apply the defaults from defaults page
         defaults = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True)
         if parent_group:
             defaults.update({'repo_group': parent_group})

rhodecode/controllers/admin/settings.py

➞

Show inline comments

@@ @@ -34,13 +34,14 @@ from formencode import htmlfill @@
 from pylons import request, session, tmpl_context as c, url, config
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator, NotAnonymous
     HasPermissionAnyDecorator, NotAnonymous, HasPermissionAny,\
     HasReposGroupPermissionAll, HasReposGroupPermissionAny
 from rhodecode.lib.base import BaseController, render
 from rhodecode.lib.celerylib import tasks, run_task
 from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \
     set_rhodecode_config, repo_name_slug, check_git_version
 from rhodecode.model.db import RhodeCodeUi, Repository, RepoGroup, \
     RhodeCodeSetting, PullRequest, PullRequestReviewers
@@ @@ -51,12 +52,13 @@ from rhodecode.model.user import UserMod @@
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.db import User
 from rhodecode.model.notification import EmailNotificationModel
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils2 import str2bool, safe_unicode
 from rhodecode.lib.compat import json
 from webob.exc import HTTPForbidden
 log = logging.getLogger(__name__)
 class SettingsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
@@ @@ -481,33 +483,39 @@ class SettingsController(BaseController) @@
                                     .filter(PullRequestReviewers.user_id ==
                                             self.rhodecode_user.user_id)\
                                     .all()]
         return render('admin/users/user_edit_my_account_pullrequests.html')
     @NotAnonymous()
     @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
     def create_repository(self):
         """GET /_admin/create_repository: Form to create a new item"""
         new_repo = request.GET.get('repo', '')
         parent_group = request.GET.get('parent_group')
         if not HasPermissionAny('hg.admin', 'hg.create.repository')():
             #you're not super admin nor have global create permissions,
             #but maybe you have at least write permission to a parent group ?
             _gr = RepoGroup.get(parent_group)
             gr_name = _gr.group_name if _gr else None
             if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name):
                 raise HTTPForbidden
         acl_groups = GroupList(RepoGroup.query().all(),
                                perm_set=['group.write', 'group.admin'])
         c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         choices, c.landing_revs = ScmModel().get_repo_landing_revs()
         new_repo = request.GET.get('repo', '')
         parent_group = request.GET.get('parent_group')
         c.new_repo = repo_name_slug(new_repo)
         ## apply the defaults from defaults page
         defaults = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True)
         if parent_group:
             defaults.update({'repo_group': parent_group})
         return htmlfill.render(
-            render('admin/repos/repo_add_create_repository.html'),
+            render('admin/repos/repo_add.html'),
             defaults=defaults,
             errors={},
             prefix_error=False,
             encoding="UTF-8"
+        )

rhodecode/templates/admin/repos/repo_add.html

➞

Show inline comments

@@ @@ -3,15 +3,21 @@ @@
 <%def name="title()">
     ${_('Add repository')} - ${c.rhodecode_name}
 </%def>
 <%def name="breadcrumbs_links()">
     %if c.rhodecode_user.is_admin:
     ${h.link_to(_('Admin'),h.url('admin_home'))}
     &raquo;
     ${h.link_to(_('Repositories'),h.url('repos'))}
     %else:
     ${_('Admin')}
     &raquo;
     ${_('Repositories')}
     %endif
     &raquo;
     ${_('add new')}
 </%def>
 <%def name="page_nav()">
     ${self.menu('admin')}

rhodecode/templates/admin/repos/repo_add_base.html

➞

Show inline comments

@@ @@ -6,14 +6,14 @@ ${h.form(url('repos'))} @@
     <div class="fields">
         <div class="field">
             <div class="label">
                 <label for="repo_name">${_('Name')}:</label>
             </div>
             <div class="input">
                 ${h.text('repo_name',c.new_repo,class_="small")}
                 %if not h.HasPermissionAll('hg.admin')('repo create form'):
                 ${h.text('repo_name',class_="small")}
                 %if not c.rhodecode_user.is_admin:
                     ${h.hidden('user_created',True)}
                 %endif
             </div>
          </div>
         <div class="field">
             <div class="label">

rhodecode/templates/admin/repos/repo_add_create_repository.html

➞

Show inline comments

deleted file

rhodecode/templates/index_base.html

➞

Show inline comments

@@ @@ -4,18 +4,16 @@ @@
         <div class="title">
             <h5>
             <input class="q_filter_box" id="q_filter" size="15" type="text" name="filter" value="${_('quick filter...')}"/> ${parent.breadcrumbs()} <span id="repo_count">0</span> ${_('repositories')}
             </h5>
             %if c.rhodecode_user.username != 'default':
               <ul class="links">
                 %if h.HasPermissionAny('hg.admin','hg.create.repository')():
+                %if h.HasPermissionAny('hg.admin','hg.create.repository')() or h.HasReposGroupPermissionAny('group.write', 'group.admin')(c.group.group_name if c.group else None):
                   <li>
                   %if c.group:
                     %if h.HasReposGroupPermissionAny('group.write', 'group.admin')(c.group.group_name):
                         <span>${h.link_to(_('Add repository'),h.url('admin_settings_create_repository',parent_group=c.group.group_id))}</span>
                     %endif
                   %else:
                     <span>${h.link_to(_('Add repository'),h.url('admin_settings_create_repository'))}</span>
                   %endif
                   </li>
                 %endif
                 %if c.group and h.HasReposGroupPermissionAny('group.admin')(c.group.group_name):

0 comments (0 inline, 0 general)