kallithea Changeset - 216ed3859869

Changeset - 216ed3859869

Parent rev.

Child rev.

[Not reviewed]

default

0 4 0

Mads Kiilerich - 5 years ago 2020-10-29 14:48:03
mads@kiilerich.com

Grafted from: f2023707a875

lib: use auth functions directly - not through h

4 files changed with 15 insertions and 13 deletions:

kallithea/controllers/admin/gists.py

kallithea/controllers/changeset.py

kallithea/controllers/pullrequests.py

kallithea/model/pull_request.py

0 comments (0 inline, 0 general)

kallithea/controllers/admin/gists.py

➞

Show inline comments

@@ @@ -35,6 +35,7 @@ from tg import tmpl_context as c @@
 from tg.i18n import ugettext as _
 from webob.exc import HTTPForbidden, HTTPFound, HTTPNotFound
 from kallithea.lib import auth
 from kallithea.lib import helpers as h
 from kallithea.lib.auth import LoginRequired
 from kallithea.lib.base import BaseController, jsonify, render
@@ @@ -156,7 +157,7 @@ class GistsController(BaseController): @@
     def delete(self, gist_id):
         gist = GistModel().get_gist(gist_id)
         owner = gist.owner_id == request.authuser.user_id
-        if h.HasPermissionAny('hg.admin')() or owner:
+        if auth.HasPermissionAny('hg.admin')() or owner:
             GistModel().delete(gist)
             meta.Session().commit()
             h.flash(_('Deleted gist %s') % gist.gist_access_id, category='success')

kallithea/controllers/changeset.py

➞

Show inline comments

@@ @@ -36,7 +36,7 @@ from tg.i18n import ugettext as _ @@
 from webob.exc import HTTPBadRequest, HTTPForbidden, HTTPNotFound
 import kallithea.lib.helpers as h
 from kallithea.lib import diffs, webutils
+from kallithea.lib import auth, diffs, webutils
 from kallithea.lib.auth import HasRepoPermissionLevelDecorator, LoginRequired
 from kallithea.lib.base import BaseRepoController, jsonify, render
 from kallithea.lib.graphmod import graph_data
@@ @@ -91,9 +91,9 @@ def create_cs_pr_comment(repo_name, revi @@
     if pull_request and delete == "delete":
         if (pull_request.owner_id == request.authuser.user_id or
             h.HasPermissionAny('hg.admin')() or
             h.HasRepoPermissionLevel('admin')(pull_request.org_repo.repo_name) or
             h.HasRepoPermissionLevel('admin')(pull_request.other_repo.repo_name)
             auth.HasPermissionAny('hg.admin')() or
             auth.HasRepoPermissionLevel('admin')(pull_request.org_repo.repo_name) or
             auth.HasRepoPermissionLevel('admin')(pull_request.other_repo.repo_name)
         ) and not pull_request.is_closed():
             PullRequestModel().delete(pull_request)
             meta.Session().commit()
@@ @@ -163,8 +163,8 @@ def delete_cs_pr_comment(repo_name, comm @@
         raise HTTPForbidden()
     owner = co.author_id == request.authuser.user_id
     repo_admin = h.HasRepoPermissionLevel('admin')(repo_name)
     if h.HasPermissionAny('hg.admin')() or repo_admin or owner:
     repo_admin = auth.HasRepoPermissionLevel('admin')(repo_name)
     if auth.HasPermissionAny('hg.admin')() or repo_admin or owner:
         ChangesetCommentsModel().delete(comment=co)
         meta.Session().commit()
         return True

kallithea/controllers/pullrequests.py

➞

Show inline comments

@@ @@ -36,7 +36,7 @@ from tg.i18n import ugettext as _ @@
 from webob.exc import HTTPBadRequest, HTTPForbidden, HTTPFound, HTTPNotFound
 from kallithea.controllers.changeset import create_cs_pr_comment, delete_cs_pr_comment
 from kallithea.lib import diffs
+from kallithea.lib import auth, diffs
 from kallithea.lib import helpers as h
 from kallithea.lib.auth import HasRepoPermissionLevelDecorator, LoginRequired
 from kallithea.lib.base import BaseRepoController, jsonify, render
@@ @@ -382,8 +382,8 @@ class PullrequestsController(BaseRepoCon @@
         assert pull_request.other_repo.repo_name == repo_name
         # only owner or admin can update it
         owner = pull_request.owner_id == request.authuser.user_id
         repo_admin = h.HasRepoPermissionLevel('admin')(c.repo_name)
         if not (h.HasPermissionAny('hg.admin')() or repo_admin or owner):
         repo_admin = auth.HasRepoPermissionLevel('admin')(c.repo_name)
         if not (auth.HasPermissionAny('hg.admin')() or repo_admin or owner):
             raise HTTPForbidden()
         _form = PullRequestPostForm()().to_python(request.POST)

kallithea/model/pull_request.py

➞

Show inline comments

@@ @@ -32,6 +32,7 @@ import re @@
 from tg import request
 from tg.i18n import ugettext as _
 from kallithea.lib import auth
 from kallithea.lib import helpers as h
 from kallithea.lib.hooks import log_create_pullrequest
 from kallithea.lib.utils import extract_mentioned_users
@@ @@ -183,8 +184,8 @@ class CreatePullRequestAction(object): @@
         information needed for such a check, rather than a full command
         object.
         """
         if (h.HasRepoPermissionLevel('read')(org_repo.repo_name) and
             h.HasRepoPermissionLevel('read')(other_repo.repo_name)
         if (auth.HasRepoPermissionLevel('read')(org_repo.repo_name) and
             auth.HasRepoPermissionLevel('read')(other_repo.repo_name)
         ):
             return True
@@ @@ -305,7 +306,7 @@ class CreatePullRequestIterationAction(o @@
         information needed for such a check, rather than a full command
         object.
         """
-        if h.HasPermissionAny('hg.admin')():
+        if auth.HasPermissionAny('hg.admin')():
             return True
         # Authorized to edit the old PR?

0 comments (0 inline, 0 general)