kallithea Changeset - 09bcde0eee6d

Changeset - 09bcde0eee6d

Parent rev.

Child rev.

[Not reviewed]

default

0 15 0

Søren Løvborg - 9 years ago 2016-07-28 13:57:16
sorenl@unity3d.com

auth: remove HasPermissionAll and variants

First, find all calls to HasPermissionAll with only a single permission
given, and convert to equivalent calls to HasPermissionAny.

Next, observe that it's hard to envision situations requiring multiple
permissions (of the same scope: global/repo/repo group) to be satisfied.
Sufficiently hard that there are actually no such examples in the code.

Finally, considering that (should it ever be needed) HasPermissionAll
can be trivially built as a conjunction of HasPermissionAny calls (the
decorators, too) with only a small performance impact, simply remove
HasPermissionAll and related classes and functions.

15 files changed with 67 insertions and 227 deletions:

kallithea/controllers/admin/admin.py

kallithea/controllers/admin/auth_settings.py

kallithea/controllers/admin/defaults.py

kallithea/controllers/admin/permissions.py

kallithea/controllers/admin/repo_groups.py

kallithea/controllers/admin/repos.py

kallithea/controllers/admin/settings.py

kallithea/controllers/admin/users.py

kallithea/controllers/api/api.py

kallithea/lib/auth.py

158

kallithea/lib/helpers.py

kallithea/model/scm.py

kallithea/templates/base/base.html

kallithea/templates/summary/statistics.html

kallithea/templates/summary/summary.html

0 comments (0 inline, 0 general)

kallithea/controllers/admin/admin.py

➞

Show inline comments

@@ @@ -36,7 +36,7 @@ from whoosh import query @@
 from sqlalchemy.sql.expression import or_, and_, func
 from kallithea.model.db import UserLog
-from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator
+from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator
 from kallithea.lib.base import BaseController, render
 from kallithea.lib.utils2 import safe_int, remove_prefix, remove_suffix
 from kallithea.lib.indexers import JOURNAL_SCHEMA
@@ @@ -123,7 +123,7 @@ class AdminController(BaseController): @@
     def __before__(self):
         super(AdminController, self).__before__()
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def index(self):
         users_log = UserLog.query() \
                 .options(joinedload(UserLog.user)) \

kallithea/controllers/admin/auth_settings.py

➞

Show inline comments

@@ @@ -34,7 +34,7 @@ from webob.exc import HTTPFound @@
 from kallithea.lib import helpers as h
 from kallithea.lib.compat import formatted_json
 from kallithea.lib.base import BaseController, render
-from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator
+from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator
 from kallithea.lib import auth_modules
 from kallithea.model.forms import AuthSettingsForm
 from kallithea.model.db import Setting
@@ @@ -46,7 +46,7 @@ log = logging.getLogger(__name__) @@
 class AuthSettingsController(BaseController):
     @LoginRequired()
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def __before__(self):
         super(AuthSettingsController, self).__before__()

kallithea/controllers/admin/defaults.py

➞

Show inline comments

@@ @@ -35,7 +35,7 @@ from pylons.i18n.translation import _ @@
 from webob.exc import HTTPFound
 from kallithea.lib import helpers as h
-from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator
+from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator
 from kallithea.lib.base import BaseController, render
 from kallithea.model.forms import DefaultsForm
 from kallithea.model.meta import Session
@@ @@ -52,7 +52,7 @@ class DefaultsController(BaseController) @@
     #     map.resource('default', 'defaults')
     @LoginRequired()
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def __before__(self):
         super(DefaultsController, self).__before__()

kallithea/controllers/admin/permissions.py

➞

Show inline comments

@@ @@ -36,7 +36,7 @@ from pylons.i18n.translation import _ @@
 from webob.exc import HTTPFound
 from kallithea.lib import helpers as h
-from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator
+from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator
 from kallithea.lib.base import BaseController, render
 from kallithea.model.forms import DefaultPermissionsForm
 from kallithea.model.permission import PermissionModel
@@ @@ -53,7 +53,7 @@ class PermissionsController(BaseControll @@
     #     map.resource('permission', 'permissions')
     @LoginRequired()
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def __before__(self):
         super(PermissionsController, self).__before__()

kallithea/controllers/admin/repo_groups.py

➞

Show inline comments

@@ @@ -40,8 +40,8 @@ import kallithea @@
 from kallithea.lib import helpers as h
 from kallithea.lib.compat import json
 from kallithea.lib.auth import LoginRequired, \
     HasRepoGroupPermissionAnyDecorator, HasRepoGroupPermissionAll, \
     HasPermissionAll
     HasRepoGroupPermissionAnyDecorator, HasRepoGroupPermissionAny, \
     HasPermissionAny
 from kallithea.lib.base import BaseController, render
 from kallithea.model.db import RepoGroup, Repository
 from kallithea.model.scm import RepoGroupList, AvailableRepoGroupChoices
@@ @@ -196,7 +196,7 @@ class RepoGroupsController(BaseControlle @@
     def new(self):
         """GET /repo_groups/new: Form to create a new item"""
         # url('new_repos_group')
-        if HasPermissionAll('hg.admin')('group create'):
+        if HasPermissionAny('hg.admin')('group create'):
             #we're global admin, we're ok and we can create TOP level groups
             pass
         else:
@@ @@ -205,7 +205,7 @@ class RepoGroupsController(BaseControlle @@
             group_id = safe_int(request.GET.get('parent_group'))
             group = RepoGroup.get(group_id) if group_id else None
             group_name = group.group_name if group else None
-            if HasRepoGroupPermissionAll('group.admin')(group_name, 'group create'):
+            if HasRepoGroupPermissionAny('group.admin')(group_name, 'group create'):
                 pass
             else:
                 raise HTTPForbidden()
@@ @@ -228,7 +228,7 @@ class RepoGroupsController(BaseControlle @@
                              exclude=[c.repo_group])
         # TODO: kill allow_empty_group - it is only used for redundant form validation!
-        if HasPermissionAll('hg.admin')('group edit'):
+        if HasPermissionAny('hg.admin')('group edit'):
             #we're global admin, we're ok and we can create TOP level groups
             allow_empty_group = True
         elif not c.repo_group.parent_group:

kallithea/controllers/admin/repos.py

➞

Show inline comments

@@ @@ -36,8 +36,7 @@ from webob.exc import HTTPFound, HTTPInt @@
 from kallithea.lib import helpers as h
 from kallithea.lib.auth import LoginRequired, \
     HasRepoPermissionAllDecorator, NotAnonymous, HasPermissionAny, \
     HasRepoPermissionAnyDecorator
     HasRepoPermissionAnyDecorator, NotAnonymous, HasPermissionAny
 from kallithea.lib.base import BaseRepoController, render
 from kallithea.lib.utils import action_logger, jsonify
 from kallithea.lib.vcs import RepositoryError
@@ @@ -226,7 +225,7 @@ class ReposController(BaseRepoController @@
             return {'result': True}
         return {'result': False}
-    @HasRepoPermissionAllDecorator('repository.admin')
+    @HasRepoPermissionAnyDecorator('repository.admin')
     def update(self, repo_name):
         """
         PUT /repos/repo_name: Update an existing item"""
@@ @@ -283,7 +282,7 @@ class ReposController(BaseRepoController @@
                     % repo_name, category='error')
         raise HTTPFound(location=url('edit_repo', repo_name=changed_name))
-    @HasRepoPermissionAllDecorator('repository.admin')
+    @HasRepoPermissionAnyDecorator('repository.admin')
     def delete(self, repo_name):
         """
         DELETE /repos/repo_name: Delete an existing item"""
@@ @@ -329,7 +328,7 @@ class ReposController(BaseRepoController @@
             raise HTTPFound(location=url('repos_group_home', group_name=repo.group.group_name))
         raise HTTPFound(location=url('repos'))
-    @HasRepoPermissionAllDecorator('repository.admin')
+    @HasRepoPermissionAnyDecorator('repository.admin')
     def edit(self, repo_name):
         """GET /repo_name/settings: Form to edit an existing item"""
         # url('edit_repo', repo_name=ID)
@@ @@ -345,7 +344,7 @@ class ReposController(BaseRepoController @@
             encoding="UTF-8",
             force_defaults=False)
-    @HasRepoPermissionAllDecorator('repository.admin')
+    @HasRepoPermissionAnyDecorator('repository.admin')
     def edit_permissions(self, repo_name):
         """GET /repo_name/settings: Form to edit an existing item"""
         # url('edit_repo', repo_name=ID)
@@ @@ -398,7 +397,7 @@ class ReposController(BaseRepoController @@
                     category='error')
             raise HTTPInternalServerError()
-    @HasRepoPermissionAllDecorator('repository.admin')
+    @HasRepoPermissionAnyDecorator('repository.admin')
     def edit_fields(self, repo_name):
         """GET /repo_name/settings: Form to edit an existing item"""
         # url('edit_repo', repo_name=ID)
@@ @@ -411,7 +410,7 @@ class ReposController(BaseRepoController @@
             raise HTTPFound(location=url('repo_edit_fields'))
         return render('admin/repos/repo_edit.html')
-    @HasRepoPermissionAllDecorator('repository.admin')
+    @HasRepoPermissionAnyDecorator('repository.admin')
     def create_repo_field(self, repo_name):
         try:
             form_result = RepoFieldForm()().to_python(dict(request.POST))
@@ @@ -432,7 +431,7 @@ class ReposController(BaseRepoController @@
             h.flash(msg, category='error')
         raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name))
-    @HasRepoPermissionAllDecorator('repository.admin')
+    @HasRepoPermissionAnyDecorator('repository.admin')
     def delete_repo_field(self, repo_name, field_id):
         field = RepositoryField.get_or_404(field_id)
         try:
@@ @@ -444,7 +443,7 @@ class ReposController(BaseRepoController @@
             h.flash(msg, category='error')
         raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name))
-    @HasRepoPermissionAllDecorator('repository.admin')
+    @HasRepoPermissionAnyDecorator('repository.admin')
     def edit_advanced(self, repo_name):
         """GET /repo_name/settings: Form to edit an existing item"""
         # url('edit_repo', repo_name=ID)
@@ @@ -474,7 +473,7 @@ class ReposController(BaseRepoController @@
             encoding="UTF-8",
             force_defaults=False)
-    @HasRepoPermissionAllDecorator('repository.admin')
+    @HasRepoPermissionAnyDecorator('repository.admin')
     def edit_advanced_journal(self, repo_name):
         """
         Sets this repository to be visible in public journal,
@@ @@ -497,7 +496,7 @@ class ReposController(BaseRepoController @@
         raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name))
-    @HasRepoPermissionAllDecorator('repository.admin')
+    @HasRepoPermissionAnyDecorator('repository.admin')
     def edit_advanced_fork(self, repo_name):
         """
         Mark given repository as a fork of another
@@ @@ -522,7 +521,7 @@ class ReposController(BaseRepoController @@
         raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name))
-    @HasRepoPermissionAllDecorator('repository.admin')
+    @HasRepoPermissionAnyDecorator('repository.admin')
     def edit_advanced_locking(self, repo_name):
         """
         Unlock repository when it is locked !
@@ @@ -568,7 +567,7 @@ class ReposController(BaseRepoController @@
                     category='error')
         raise HTTPFound(location=url('summary_home', repo_name=repo_name))
-    @HasRepoPermissionAllDecorator('repository.admin')
+    @HasRepoPermissionAnyDecorator('repository.admin')
     def edit_caches(self, repo_name):
         """GET /repo_name/settings: Form to edit an existing item"""
         # url('edit_repo', repo_name=ID)
@@ @@ -588,7 +587,7 @@ class ReposController(BaseRepoController @@
             raise HTTPFound(location=url('edit_repo_caches', repo_name=c.repo_name))
         return render('admin/repos/repo_edit.html')
-    @HasRepoPermissionAllDecorator('repository.admin')
+    @HasRepoPermissionAnyDecorator('repository.admin')
     def edit_remote(self, repo_name):
         """GET /repo_name/settings: Form to edit an existing item"""
         # url('edit_repo', repo_name=ID)
@@ @@ -605,7 +604,7 @@ class ReposController(BaseRepoController @@
             raise HTTPFound(location=url('edit_repo_remote', repo_name=c.repo_name))
         return render('admin/repos/repo_edit.html')
-    @HasRepoPermissionAllDecorator('repository.admin')
+    @HasRepoPermissionAnyDecorator('repository.admin')
     def edit_statistics(self, repo_name):
         """GET /repo_name/settings: Form to edit an existing item"""
         # url('edit_repo', repo_name=ID)

kallithea/controllers/admin/settings.py

➞

Show inline comments

@@ @@ -35,7 +35,7 @@ from pylons.i18n.translation import _ @@
 from webob.exc import HTTPFound
 from kallithea.lib import helpers as h
-from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator
+from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator
 from kallithea.lib.base import BaseController, render
 from kallithea.lib.celerylib import tasks, run_task
 from kallithea.lib.exceptions import HgsubversionImportError
@@ @@ -82,7 +82,7 @@ class SettingsController(BaseController) @@
             settings[k] = v
         return settings
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def settings_vcs(self):
         """GET /admin/settings: All items in the collection"""
         # url('admin_settings')
@@ @@ -160,7 +160,7 @@ class SettingsController(BaseController) @@
             encoding="UTF-8",
             force_defaults=False)
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def settings_mapping(self):
         """GET /admin/settings/mapping: All items in the collection"""
         # url('admin_settings_mapping')
@@ @@ -200,7 +200,7 @@ class SettingsController(BaseController) @@
             encoding="UTF-8",
             force_defaults=False)
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def settings_global(self):
         """GET /admin/settings/global: All items in the collection"""
         # url('admin_settings_global')
@@ @@ -260,7 +260,7 @@ class SettingsController(BaseController) @@
             encoding="UTF-8",
             force_defaults=False)
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def settings_visual(self):
         """GET /admin/settings/visual: All items in the collection"""
         # url('admin_settings_visual')
@@ @@ -318,7 +318,7 @@ class SettingsController(BaseController) @@
             encoding="UTF-8",
             force_defaults=False)
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def settings_email(self):
         """GET /admin/settings/email: All items in the collection"""
         # url('admin_settings_email')
@@ @@ -359,7 +359,7 @@ class SettingsController(BaseController) @@
             encoding="UTF-8",
             force_defaults=False)
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def settings_hooks(self):
         """GET /admin/settings/hooks: All items in the collection"""
         # url('admin_settings_hooks')
@@ @@ -410,7 +410,7 @@ class SettingsController(BaseController) @@
             encoding="UTF-8",
             force_defaults=False)
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def settings_search(self):
         """GET /admin/settings/search: All items in the collection"""
         # url('admin_settings_search')
@@ @@ -431,7 +431,7 @@ class SettingsController(BaseController) @@
             encoding="UTF-8",
             force_defaults=False)
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def settings_system(self):
         """GET /admin/settings/system: All items in the collection"""
         # url('admin_settings_system')
@@ @@ -453,7 +453,7 @@ class SettingsController(BaseController) @@
             encoding="UTF-8",
             force_defaults=False)
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def settings_system_update(self):
         """GET /admin/settings/system/updates: All items in the collection"""
         # url('admin_settings_system_update')

kallithea/controllers/admin/users.py

➞

Show inline comments

@@ @@ -39,7 +39,7 @@ import kallithea @@
 from kallithea.lib.exceptions import DefaultUserException, \
     UserOwnsReposException, UserCreationError
 from kallithea.lib import helpers as h
-from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator, \
+from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator, \
     AuthUser
 from kallithea.lib import auth_modules
 from kallithea.lib.auth_modules import auth_internal
@@ @@ -61,7 +61,7 @@ class UsersController(BaseController): @@
     """REST Controller styled on the Atom Publishing Protocol"""
     @LoginRequired()
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def __before__(self):
         super(UsersController, self).__before__()
         c.available_permissions = config['available_permissions']

kallithea/controllers/api/api.py

➞

Show inline comments

@@ @@ -33,7 +33,7 @@ from sqlalchemy import or_ @@
 from kallithea import EXTERN_TYPE_INTERNAL
 from kallithea.controllers.api import JSONRPCController, JSONRPCError
 from kallithea.lib.auth import (
-    PasswordGenerator, AuthUser, HasPermissionAllDecorator,
+    PasswordGenerator, AuthUser, HasPermissionAnyDecorator,
     HasPermissionAnyDecorator, HasPermissionAnyApi, HasRepoPermissionAnyApi,
     HasRepoGroupPermissionAnyApi, HasUserGroupPermissionAny)
 from kallithea.lib.utils import map_groups, repo2db_mapper
@@ @@ -159,11 +159,11 @@ class ApiController(JSONRPCController): @@
     """
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def test(self, apiuser, args):
         return args
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def pull(self, apiuser, repoid):
         """
         Triggers a pull from remote location on given repo. Can be used to
@@ @@ -209,7 +209,7 @@ class ApiController(JSONRPCController): @@
                 'Unable to pull changes from `%s`' % repo.repo_name
+            )
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def rescan_repos(self, apiuser, remove_obsolete=Optional(False)):
         """
         Triggers rescan repositories action. If remove_obsolete is set
@@ @@ -470,7 +470,7 @@ class ApiController(JSONRPCController): @@
         return ret
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def get_ip(self, apiuser, userid=Optional(OAttr('apiuser'))):
         """
         Shows IP address as seen from Kallithea server, together with all
@@ @@ -511,7 +511,7 @@ class ApiController(JSONRPCController): @@
     # alias for old
     show_ip = get_ip
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def get_server_info(self, apiuser):
         """
         return server info, including Kallithea version and installed packages
@@ @@ -592,7 +592,7 @@ class ApiController(JSONRPCController): @@
         data['permissions'] = AuthUser(user_id=user.user_id).permissions
         return data
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def get_users(self, apiuser):
         """
         Lists all existing users. This command can be executed only using api_key
@@ @@ -616,7 +616,7 @@ class ApiController(JSONRPCController): @@
             result.append(user.get_api_data())
         return result
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def create_user(self, apiuser, username, email, password=Optional(''),
                     firstname=Optional(''), lastname=Optional(''),
                     active=Optional(True), admin=Optional(False),
@@ @@ -702,7 +702,7 @@ class ApiController(JSONRPCController): @@
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to create user `%s`' % (username,))
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def update_user(self, apiuser, userid, username=Optional(None),
                     email=Optional(None), password=Optional(None),
                     firstname=Optional(None), lastname=Optional(None),
@@ @@ -785,7 +785,7 @@ class ApiController(JSONRPCController): @@
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to update user `%s`' % (userid,))
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def delete_user(self, apiuser, userid):
         """
         deletes given user if such user exists. This command can
@@ @@ -1767,7 +1767,7 @@ class ApiController(JSONRPCController): @@
                 'failed to delete repository `%s`' % (repo.repo_name,)
+            )
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def grant_user_permission(self, apiuser, repoid, userid, perm):
         """
         Grant permission for user on given repository, or update existing one
@@ @@ -1814,7 +1814,7 @@ class ApiController(JSONRPCController): @@
+                )
+            )
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def revoke_user_permission(self, apiuser, repoid, userid):
         """
         Revoke permission for user on given repository. This command can be executed
@@ @@ -1985,7 +1985,7 @@ class ApiController(JSONRPCController): @@
+                )
+            )
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def get_repo_group(self, apiuser, repogroupid):
         """
         Returns given repo group together with permissions, and repositories
@@ @@ -2023,7 +2023,7 @@ class ApiController(JSONRPCController): @@
         data["members"] = members
         return data
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def get_repo_groups(self, apiuser):
         """
         Returns all repository groups
@@ @@ -2036,7 +2036,7 @@ class ApiController(JSONRPCController): @@
             result.append(repo_group.get_api_data())
         return result
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def create_repo_group(self, apiuser, group_name, description=Optional(''),
                           owner=Optional(OAttr('apiuser')),
                           parent=Optional(None),
@@ @@ -2105,7 +2105,7 @@ class ApiController(JSONRPCController): @@
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to create repo group `%s`' % (group_name,))
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def update_repo_group(self, apiuser, repogroupid, group_name=Optional(''),
                           description=Optional(''),
                           owner=Optional(OAttr('apiuser')),
@@ @@ -2131,7 +2131,7 @@ class ApiController(JSONRPCController): @@
             raise JSONRPCError('failed to update repository group `%s`'
                                % (repogroupid,))
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin')
     def delete_repo_group(self, apiuser, repogroupid):
         """

kallithea/lib/auth.py

➞

Show inline comments

@@ @@ -859,18 +859,6 @@ class PermsDecorator(object): @@
         raise Exception('You have to write this function in child class')
 class HasPermissionAllDecorator(PermsDecorator):
     """
     Checks for access permission for all given predicates. All of them
     have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         if self.required_perms.issubset(self.user_perms.get('global')):
             return True
         return False
 class HasPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates. In order to
@@ @@ -883,23 +871,6 @@ class HasPermissionAnyDecorator(PermsDec @@
         return False
 class HasRepoPermissionAllDecorator(PermsDecorator):
     """
     Checks for access permission for all given predicates for specific
     repository. All of them have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         repo_name = get_repo_slug(request)
         try:
             user_perms = set([self.user_perms['repositories'][repo_name]])
         except KeyError:
             return False
         if self.required_perms.issubset(user_perms):
             return True
         return False
 class HasRepoPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates for specific
@@ @@ -918,24 +889,6 @@ class HasRepoPermissionAnyDecorator(Perm @@
         return False
 class HasRepoGroupPermissionAllDecorator(PermsDecorator):
     """
     Checks for access permission for all given predicates for specific
     repository group. All of them have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         group_name = get_repo_group_slug(request)
         try:
             user_perms = set([self.user_perms['repositories_groups'][group_name]])
         except KeyError:
             return False
         if self.required_perms.issubset(user_perms):
             return True
         return False
 class HasRepoGroupPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates for specific
@@ @@ -954,24 +907,6 @@ class HasRepoGroupPermissionAnyDecorator @@
         return False
 class HasUserGroupPermissionAllDecorator(PermsDecorator):
     """
     Checks for access permission for all given predicates for specific
     user group. All of them have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         group_name = get_user_group_slug(request)
         try:
             user_perms = set([self.user_perms['user_groups'][group_name]])
         except KeyError:
             return False
         if self.required_perms.issubset(user_perms):
             return True
         return False
 class HasUserGroupPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates for specific
@@ @@ -1020,11 +955,8 @@ class PermsFunction(object): @@
         cls_name = self.__class__.__name__
         check_scope = {
             'HasPermissionAll': '',
             'HasPermissionAny': '',
             'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
             'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
             'HasRepoGroupPermissionAll': 'group:%s' % self.group_name,
             'HasRepoGroupPermissionAny': 'group:%s' % self.group_name,
         }.get(cls_name, '?')
         log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
@@ @@ -1051,13 +983,6 @@ class PermsFunction(object): @@
         raise Exception('You have to write this function in child class')
 class HasPermissionAll(PermsFunction):
     def check_permissions(self):
         if self.required_perms.issubset(self.user_perms.get('global')):
             return True
         return False
 class HasPermissionAny(PermsFunction):
     def check_permissions(self):
         if self.required_perms.intersection(self.user_perms.get('global')):
@@ @@ -1065,26 +990,6 @@ class HasPermissionAny(PermsFunction): @@
         return False
 class HasRepoPermissionAll(PermsFunction):
     def __call__(self, repo_name=None, check_location='', user=None):
         self.repo_name = repo_name
         return super(HasRepoPermissionAll, self).__call__(check_location, user)
     def check_permissions(self):
         if not self.repo_name:
             self.repo_name = get_repo_slug(request)
         try:
             self._user_perms = set(
                 [self.user_perms['repositories'][self.repo_name]]
+            )
         except KeyError:
             return False
         if self.required_perms.issubset(self._user_perms):
             return True
         return False
 class HasRepoPermissionAny(PermsFunction):
     def __call__(self, repo_name=None, check_location='', user=None):
         self.repo_name = repo_name
@@ @@ -1122,23 +1027,6 @@ class HasRepoGroupPermissionAny(PermsFun @@
         return False
 class HasRepoGroupPermissionAll(PermsFunction):
     def __call__(self, group_name=None, check_location='', user=None):
         self.group_name = group_name
         return super(HasRepoGroupPermissionAll, self).__call__(check_location, user)
     def check_permissions(self):
         try:
             self._user_perms = set(
                 [self.user_perms['repositories_groups'][self.group_name]]
+            )
         except KeyError:
             return False
         if self.required_perms.issubset(self._user_perms):
             return True
         return False
 class HasUserGroupPermissionAny(PermsFunction):
     def __call__(self, user_group_name=None, check_location='', user=None):
         self.user_group_name = user_group_name
@@ @@ -1156,23 +1044,6 @@ class HasUserGroupPermissionAny(PermsFun @@
         return False
 class HasUserGroupPermissionAll(PermsFunction):
     def __call__(self, user_group_name=None, check_location='', user=None):
         self.user_group_name = user_group_name
         return super(HasUserGroupPermissionAll, self).__call__(check_location, user)
     def check_permissions(self):
         try:
             self._user_perms = set(
                 [self.user_perms['user_groups'][self.user_group_name]]
+            )
         except KeyError:
             return False
         if self.required_perms.issubset(self._user_perms):
             return True
         return False
 #==============================================================================
 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
 #==============================================================================
@@ @@ -1252,13 +1123,6 @@ class _BaseApiPerm(object): @@
         raise NotImplementedError()
 class HasPermissionAllApi(_BaseApiPerm):
     def check_permissions(self, perm_defs, repo_name=None, group_name=None):
         if self.required_perms.issubset(perm_defs.get('global')):
             return True
         return False
 class HasPermissionAnyApi(_BaseApiPerm):
     def check_permissions(self, perm_defs, repo_name=None, group_name=None):
         if self.required_perms.intersection(perm_defs.get('global')):
@@ @@ -1266,18 +1130,6 @@ class HasPermissionAnyApi(_BaseApiPerm): @@
         return False
 class HasRepoPermissionAllApi(_BaseApiPerm):
     def check_permissions(self, perm_defs, repo_name=None, group_name=None):
         try:
             _user_perms = set([perm_defs['repositories'][repo_name]])
         except KeyError:
             log.warning(traceback.format_exc())
             return False
         if self.required_perms.issubset(_user_perms):
             return True
         return False
 class HasRepoPermissionAnyApi(_BaseApiPerm):
     def check_permissions(self, perm_defs, repo_name=None, group_name=None):
         try:
@@ @@ -1301,16 +1153,6 @@ class HasRepoGroupPermissionAnyApi(_Base @@
             return True
         return False
 class HasRepoGroupPermissionAllApi(_BaseApiPerm):
     def check_permissions(self, perm_defs, repo_name=None, group_name=None):
         try:
             _user_perms = set([perm_defs['repositories_groups'][group_name]])
         except KeyError:
             log.warning(traceback.format_exc())
             return False
         if self.required_perms.issubset(_user_perms):
             return True
         return False
 def check_ip_access(source_ip, allowed_ips=None):
     """

kallithea/lib/helpers.py

➞

Show inline comments

@@ @@ -835,9 +835,8 @@ def action_parser(user_log, feed=False, @@
 #==============================================================================
 # PERMS
 #==============================================================================
 from kallithea.lib.auth import HasPermissionAny, HasPermissionAll, \
 HasRepoPermissionAny, HasRepoPermissionAll, HasRepoGroupPermissionAll, \
 HasRepoGroupPermissionAny
 from kallithea.lib.auth import HasPermissionAny, \
     HasRepoPermissionAny, HasRepoGroupPermissionAny
 #==============================================================================

kallithea/model/scm.py

➞

Show inline comments

@@ @@ -50,7 +50,7 @@ from kallithea.lib import helpers as h @@
 from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \
     _set_extras
 from kallithea.lib.auth import HasRepoPermissionAny, HasRepoGroupPermissionAny, \
-    HasUserGroupPermissionAny, HasPermissionAny, HasPermissionAll
+    HasUserGroupPermissionAny, HasPermissionAny, HasPermissionAny
 from kallithea.lib.utils import get_filesystem_repos, make_ui, \
     action_logger
 from kallithea.model import BaseModel
@@ @@ -794,7 +794,7 @@ def AvailableRepoGroupChoices(top_perms, @@
     Top level is -1.
     """
     groups = RepoGroup.query().all()
-    if HasPermissionAll('hg.admin')('available repo groups'):
+    if HasPermissionAny('hg.admin')('available repo groups'):
         groups.append(None)
     else:
         groups = list(RepoGroupList(groups, perm_set=repo_group_perms))

kallithea/templates/base/base.html

➞

Show inline comments

@@ @@ -138,13 +138,13 @@ @@
           <input id="branch_switcher" name="branch_switcher" type="hidden">
         </li>
         <li ${is_current('options')} data-context="options">
-             %if h.HasRepoPermissionAll('repository.admin')(c.repo_name):
+             %if h.HasRepoPermissionAny('repository.admin')(c.repo_name):
                <a href="${h.url('edit_repo',repo_name=c.repo_name)}" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a>
              %else:
                <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a>
              %endif
           <ul class="dropdown-menu" role="menu">
-             %if h.HasRepoPermissionAll('repository.admin')(c.repo_name):
+             %if h.HasRepoPermissionAny('repository.admin')(c.repo_name):
                    <li><a href="${h.url('edit_repo',repo_name=c.repo_name)}"><i class="icon-gear"></i> ${_('Settings')}</a></li>
              %endif
               %if c.db_repo.fork:
@@ @@ -331,7 +331,7 @@ @@
           <i class="icon-search"></i> ${_('Search')}
         </a>
     </li>
-    % if h.HasPermissionAll('hg.admin')('access admin main page'):
+    % if h.HasPermissionAny('hg.admin')('access admin main page'):
       <li ${is_current('admin')} class="dropdown">
         <a class="menu_link dropdown-toggle" data-toggle="dropdown" role="button" title="${_('Admin')}" href="${h.url('admin_home')}">
           <i class="icon-gear"></i> ${_('Admin')} <span class="caret"></span>

kallithea/templates/summary/statistics.html

➞

Show inline comments

@@ @@ -32,7 +32,7 @@ ${self.repo_context_bar('summary')} @@
          <div style="padding:0 10px 10px 17px;">
          %if c.no_data:
            ${c.no_data_msg}
-           %if h.HasPermissionAll('hg.admin')('enable stats on from summary'):
+           %if h.HasPermissionAny('hg.admin')('enable stats on from summary'):
                 ${h.link_to(_('Enable'),h.url('edit_repo',repo_name=c.repo_name),class_="btn btn-mini")}
            %endif
         %else:

kallithea/templates/summary/summary.html

➞

Show inline comments

@@ @@ -96,7 +96,7 @@ summary = lambda n:{False:'summary-short @@
                 <div id="lang_stats"></div>
                 %else:
                    ${_('Statistics are disabled for this repository')}
-                   %if h.HasPermissionAll('hg.admin')('enable stats on from summary'):
+                   %if h.HasPermissionAny('hg.admin')('enable stats on from summary'):
                         ${h.link_to(_('Enable'),h.url('edit_repo',repo_name=c.repo_name, anchor='repo_enable_statistics'),class_="btn btn-mini")}
                    %endif
                 %endif
@@ @@ -112,7 +112,7 @@ summary = lambda n:{False:'summary-short @@
                   ${_('There are no downloads yet')}
                 %elif not c.enable_downloads:
                   ${_('Downloads are disabled for this repository')}
-                    %if h.HasPermissionAll('hg.admin')('enable downloads on from summary'):
+                    %if h.HasPermissionAny('hg.admin')('enable downloads on from summary'):
                         ${h.link_to(_('Enable'),h.url('edit_repo',repo_name=c.repo_name, anchor='repo_enable_downloads'),class_="btn btn-mini")}
                     %endif
                 %else:

0 comments (0 inline, 0 general)