Changeset - 157231a4fcb7
Parent rev.
Child rev.
[Not reviewed]
beta
0 2 0
Marcin Kuzminski - 13 years ago 2013-02-15 01:27:18
marcin@python-works.com
move permission check of write access to repo groups inside a form.
- it's runned via create/edit/fork forms
- in case we have disabled repo creation, it will check root location write access for people that are not super admins, or have explicity create repo permission
- in case there's a group value passed to form, it checks just admin or write access
2 files changed with 13 insertions and 16 deletions:
rhodecode/controllers/admin/repos.py
13
rhodecode/model/validators.py
13
3
0 comments (0 inline, 0 general)
rhodecode/controllers/admin/repos.py
Show inline comments
 
@@ -160,19 +160,6 @@ class ReposController(BaseRepoController
 
            form_result = RepoForm(repo_groups=c.repo_groups_choices,
 
                                   landing_revs=c.landing_revs_choices)()\
 
                            .to_python(dict(request.POST))
 
            #we check ACLs after form, since we want to display nicer errors
 
            #if form forbids creation of repos inside a group we don't have
 
            #perms for
 
            if not HasPermissionAny('hg.admin', 'hg.create.repository')():
 
                #you're not super admin nor have global create permissions,
 
                #but maybe you have at least write permission to a parent group ?
 
                parent_group = request.POST.get('repo_group')
 
                _gr = RepoGroup.get(parent_group)
 
                gr_name = _gr.group_name if _gr else None
 
                if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name):
 
                    msg = _('no permission to create repository in root location')
 
                    raise formencode.Invalid('', form_result, None,
 
                                             error_dict={'repo_group': msg})
 

			




	
	
	
		
 
            new_repo = RepoModel().create(form_result,

			




	
	
	
		
 
                                          self.rhodecode_user.user_id)

			




        

    


    
    

    

        

                

                    rhodecode/model/validators.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -20,7 +20,7 @@ from rhodecode.model.db import RepoGroup

			




	
	
	
		
 
    ChangesetStatus

			




	
	
	
		
 
from rhodecode.lib.exceptions import LdapImportError

			




	
	
	
		
 
from rhodecode.config.routing import ADMIN_PREFIX

			




	
	
	
		
 
from rhodecode.lib.auth import HasReposGroupPermissionAny

			




	
	
	
		
 
from rhodecode.lib.auth import HasReposGroupPermissionAny, HasPermissionAny

			




	
	
	
		
 

			




	
	
	
		
 
# silence warnings and pylint

			




	
	
	
		
 
UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \

			




	
	
		
 
@@ -472,10 +472,12 @@ def CanWriteGroup():

			




	
	
	
		
 
    class _validator(formencode.validators.FancyValidator):

			




	
	
	
		
 
        messages = {

			




	
	
	
		
 
            'permission_denied': _(u"You don't have permissions "

			




	
	
	
		
 
                                   "to create repository in this group")

			




	
	
	
		
 
                                   "to create repository in this group"),

			




	
	
	
		
 
            'permission_denied_root': _(u"no permission to create repository "

			




	
	
	
		
 
                                        "in root location")

			




	
	
	
		
 
        }

			




	
	
	
		
 

			




	
	
	
		
 
        def to_python(self, value, state):

			




	
	
	
		
 
        def _to_python(self, value, state):

			




	
	
	
		
 
            #root location

			




	
	
	
		
 
            if value in [-1, "-1"]:

			




	
	
	
		
 
                return None

			




	
	
		
 
@@ -485,6 +487,7 @@ def CanWriteGroup():

			




	
	
	
		
 
            gr = RepoGroup.get(value)

			




	
	
	
		
 
            gr_name = gr.group_name if gr else None  # None means ROOT location

			




	
	
	
		
 
            val = HasReposGroupPermissionAny('group.write', 'group.admin')

			




	
	
	
		
 
            can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository')

			




	
	
	
		
 
            forbidden = not val(gr_name, 'can write into group validator')

			




	
	
	
		
 
            #parent group need to be existing

			




	
	
	
		
 
            if gr and forbidden:

			




	
	
		
 
@@ -492,6 +495,13 @@ def CanWriteGroup():

			




	
	
	
		
 
                raise formencode.Invalid(msg, value, state,

			




	
	
	
		
 
                    error_dict=dict(repo_type=msg)

			




	
	
	
		
 
                )

			




	
	
	
		
 
            ## check if we can write to root location !

			




	
	
	
		
 
            elif gr is None and can_create_repos() is False:

			




	
	
	
		
 
                msg = M(self, 'permission_denied_root', state)

			




	
	
	
		
 
                raise formencode.Invalid(msg, value, state,

			




	
	
	
		
 
                    error_dict=dict(repo_type=msg)

			




	
	
	
		
 
                )

			




	
	
	
		
 

			




	
	
	
		
 
    return _validator

			




	
	
	
		
 

			




	
	
	
		
 

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.