kallithea Changeset - 2d0de5aa95d1

Changeset - 2d0de5aa95d1

Parent rev.

Child rev.

[Not reviewed]

default

0 3 0

Mads Kiilerich - 9 years ago 2017-04-07 04:22:42
mads@kiilerich.com

lib: pass full user to _check_locking_state - not just user_id

3 files changed with 5 insertions and 12 deletions:

kallithea/lib/base.py

kallithea/lib/middleware/simplegit.py

kallithea/lib/middleware/simplehg.py

0 comments (0 inline, 0 general)

kallithea/lib/base.py

➞

Show inline comments

@@ @@ -315,37 +315,35 @@ class BaseVCSController(object): @@
             #any other action need at least read permission
             if not HasPermissionAnyMiddleware('repository.read',
                                               'repository.write',
                                               'repository.admin')(user,
                                                                   repo_name):
                 return False
         return True
     def _get_ip_addr(self, environ):
         return _get_ip_addr(environ)
-    def _check_locking_state(self, action, repo, user_id):
+    def _check_locking_state(self, action, repo_name, user):
         """
         Checks locking on this repository, if locking is enabled, and if lock
         is present. Returns a tuple of make_lock, locked, locked_by. make_lock
         can have 3 states: None (do nothing), True (make lock), and False
         (release lock). This value is later propagated to hooks, telling them
         what to do.
         """
         locked = False  # defines that locked error should be thrown to user
         make_lock = None
         repo = Repository.get_by_repo_name(repo)
         user = User.get(user_id)
         repo = Repository.get_by_repo_name(repo_name)
         locked_by = repo.locked
         if repo and repo.enable_locking:
             if action == 'push':
                 # Check if repo already is locked !, if it is compare users
                 user_id, _date = locked_by
                 if user.user_id == user_id:
                     log.debug('Got push from user %s, now unlocking', user)
                     # Unlock if we have push from the user who locked
                     make_lock = False
                 else:
                     # Another used tried to push - deny access with something like 423 Locked!
                     locked = True

kallithea/lib/middleware/simplegit.py

➞

Show inline comments

@@ @@ -27,25 +27,25 @@ Original author and date, and relevant c @@
 """
 import os
 import re
 import logging
 import traceback
 from paste.httpheaders import REMOTE_USER, AUTH_TYPE
 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
     HTTPNotAcceptable
-from kallithea.model.db import User, Ui
 from kallithea.model.db import Ui
 from kallithea.lib.utils2 import safe_str, safe_unicode, fix_PATH, get_server_url, \
     _set_extras
 from kallithea.lib.base import BaseVCSController, WSGIResultCloseCallback
 from kallithea.lib.utils import make_ui, is_valid_repo
 from kallithea.lib.exceptions import HTTPLockedRC
 from kallithea.lib.hooks import pre_pull
 from kallithea.lib import auth_modules
 log = logging.getLogger(__name__)
@@ @@ -115,27 +115,25 @@ class SimpleGit(BaseVCSController): @@
             'locked_by': [None, None]
+        }
         #===================================================================
         # GIT REQUEST HANDLING
         #===================================================================
         repo_path = os.path.join(safe_str(self.basepath),str_repo_name)
         log.debug('Repository path is %s', repo_path)
         # CHECK LOCKING only if it's not ANONYMOUS USER
         if not user.is_default_user:
             log.debug('Checking locking on repository')
             (make_lock,
              locked,
              locked_by) = self._check_locking_state(action, repo_name, user.user_id)
             make_lock, locked, locked_by = self._check_locking_state(action, repo_name, user)
             # store the make_lock for later evaluation in hooks
             extras.update({'make_lock': make_lock,
                            'locked_by': locked_by})
         fix_PATH()
         log.debug('HOOKS extras is %s', extras)
         baseui = make_ui('db')
         self.__inject_extras(repo_path, baseui, extras)
         try:
             self._handle_githooks(repo_name, action, baseui, environ)
             log.info('%s action on Git repo "%s" by "%s" from %s',

kallithea/lib/middleware/simplehg.py

➞

Show inline comments

@@ @@ -25,25 +25,24 @@ Original author and date, and relevant c @@
 :copyright: (c) 2013 RhodeCode GmbH, and others.
 :license: GPLv3, see LICENSE.md for more details.
 """
 import os
 import logging
 import traceback
 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
     HTTPNotAcceptable, HTTPBadRequest
 from kallithea.model.db import User
 from kallithea.lib.utils2 import safe_str, safe_unicode, fix_PATH, get_server_url, \
     _set_extras
 from kallithea.lib.base import BaseVCSController, WSGIResultCloseCallback
 from kallithea.lib.utils import make_ui, is_valid_repo, ui_sections
 from kallithea.lib.vcs.utils.hgcompat import RepoError, hgweb_mod
 from kallithea.lib.exceptions import HTTPLockedRC
 log = logging.getLogger(__name__)
 def is_mercurial(environ):
@@ @@ -125,27 +124,25 @@ class SimpleHg(BaseVCSController): @@
         #======================================================================
         repo_path = os.path.join(safe_str(self.basepath), str_repo_name)
         log.debug('Repository path is %s', repo_path)
         # A Mercurial HTTP server will see listkeys operations (bookmarks,
         # phases and obsolescence marker) in a different request - we don't
         # want to check locking on those
         if environ['QUERY_STRING'] == 'cmd=listkeys':
             pass
         # CHECK LOCKING only if it's not ANONYMOUS USER
         elif not user.is_default_user:
             log.debug('Checking locking on repository')
             (make_lock,
              locked,
              locked_by) = self._check_locking_state(action, repo_name, user.user_id)
             make_lock, locked, locked_by = self._check_locking_state(action, repo_name, user)
             # store the make_lock for later evaluation in hooks
             extras.update({'make_lock': make_lock,
                            'locked_by': locked_by})
         fix_PATH()
         log.debug('HOOKS extras is %s', extras)
         baseui = make_ui('db')
         self.__inject_extras(repo_path, baseui, extras)
         try:
             log.info('%s action on Mercurial repo "%s" by "%s" from %s',
                      action, str_repo_name, safe_str(user.username), ip_addr)

0 comments (0 inline, 0 general)