kallithea Changeset - 32dbf759fa98

Changeset - 32dbf759fa98

Parent rev.

Child rev.

[Not reviewed]

beta

0 2 0

Marcin Kuzminski - 15 years ago 2011-02-15 23:03:16
marcin@python-works.com

fixed #113 to high permission was required to fork a repository

2 files changed with 6 insertions and 4 deletions:

rhodecode/controllers/settings.py

rhodecode/templates/base/base.html

0 comments (0 inline, 0 general)

rhodecode/controllers/settings.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.settings
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Settings controller for rhodecode
     :created_on: Jun 30, 2010
     :author: marcink
     :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 import logging
 import traceback
 import formencode
 from pylons import tmpl_context as c, request, url
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 import rhodecode.lib.helpers as h
 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAllDecorator
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.lib.utils import invalidate_cache, action_logger
 from rhodecode.model.forms import RepoSettingsForm, RepoForkForm
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.db import User
 log = logging.getLogger(__name__)
 class SettingsController(BaseRepoController):
     @LoginRequired()
     @HasRepoPermissionAllDecorator('repository.admin')
     def __before__(self):
         super(SettingsController, self).__before__()
     @HasRepoPermissionAllDecorator('repository.admin')
     def index(self, repo_name):
         repo_model = RepoModel()
         c.repo_info = repo = repo_model.get_by_repo_name(repo_name)
         if not repo:
             h.flash(_('%s repository is not mapped to db perhaps'
                       ' it was created or renamed from the file system'
                       ' please run the application again'
                       ' in order to rescan repositories') % repo_name,
                       category='error')
             return redirect(url('home'))
         c.users_array = repo_model.get_users_js()
         c.users_groups_array = repo_model.get_users_groups_js()
         defaults = c.repo_info.get_dict()
         #fill owner
         if c.repo_info.user:
             defaults.update({'user':c.repo_info.user.username})
         else:
             replacement_user = self.sa.query(User)\
             .filter(User.admin == True).first().username
             defaults.update({'user':replacement_user})
         #fill repository users
         for p in c.repo_info.repo_to_perm:
             defaults.update({'u_perm_%s' % p.user.username:
                              p.permission.permission_name})
         #fill repository groups
         for p in c.repo_info.users_group_to_perm:
             defaults.update({'g_perm_%s' % p.users_group.users_group_name:
                              p.permission.permission_name})
         return formencode.htmlfill.render(
             render('settings/repo_settings.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
     @HasRepoPermissionAllDecorator('repository.admin')
     def update(self, repo_name):
         repo_model = RepoModel()
         changed_name = repo_name
         _form = RepoSettingsForm(edit=True, old_data={'repo_name':repo_name})()
         try:
             form_result = _form.to_python(dict(request.POST))
             repo_model.update(repo_name, form_result)
             invalidate_cache('get_repo_cached_%s' % repo_name)
             h.flash(_('Repository %s updated successfully' % repo_name),
                     category='success')
             changed_name = form_result['repo_name']
             action_logger(self.rhodecode_user, 'user_updated_repo',
                               changed_name, '', self.sa)
         except formencode.Invalid, errors:
             c.repo_info = repo_model.get_by_repo_name(repo_name)
             c.users_array = repo_model.get_users_js()
             errors.value.update({'user':c.repo_info.user.username})
             return formencode.htmlfill.render(
                 render('settings/repo_settings.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occurred during update of repository %s') \
                     % repo_name, category='error')
         return redirect(url('repo_settings_home', repo_name=changed_name))
+    @HasRepoPermissionAllDecorator('repository.admin')
     def delete(self, repo_name):
         """DELETE /repos/repo_name: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('repo_settings_delete', repo_name=ID),
         #           method='delete')
         # url('repo_settings_delete', repo_name=ID)
         repo_model = RepoModel()
         repo = repo_model.get_by_repo_name(repo_name)
         if not repo:
             h.flash(_('%s repository is not mapped to db perhaps'
                       ' it was moved or renamed  from the filesystem'
                       ' please run the application again'
                       ' in order to rescan repositories') % repo_name,
                       category='error')
             return redirect(url('home'))
         try:
             action_logger(self.rhodecode_user, 'user_deleted_repo',
                               repo_name, '', self.sa)
             repo_model.delete(repo)
             invalidate_cache('get_repo_cached_%s' % repo_name)
             h.flash(_('deleted repository %s') % repo_name, category='success')
         except Exception:
             h.flash(_('An error occurred during deletion of %s') % repo_name,
                     category='error')
         return redirect(url('home'))
     @HasRepoPermissionAllDecorator('repository.read')
     def fork(self, repo_name):
         repo_model = RepoModel()
         c.repo_info = repo = repo_model.get_by_repo_name(repo_name)
         if not repo:
             h.flash(_('%s repository is not mapped to db perhaps'
                       ' it was created or renamed from the file system'
                       ' please run the application again'
                       ' in order to rescan repositories') % repo_name,
                       category='error')
             return redirect(url('home'))
         return render('settings/repo_fork.html')
+    @HasRepoPermissionAllDecorator('repository.read')
     def fork_create(self, repo_name):
         repo_model = RepoModel()
         c.repo_info = repo_model.get_by_repo_name(repo_name)
         _form = RepoForkForm(old_data={'repo_type':c.repo_info.repo_type})()
         form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
             form_result.update({'repo_name':repo_name})
             repo_model.create_fork(form_result, c.rhodecode_user)
             h.flash(_('forked %s repository as %s') \
                       % (repo_name, form_result['fork_name']),
                     category='success')
             action_logger(self.rhodecode_user,
                           'user_forked_repo:%s' % form_result['fork_name'],
                            repo_name, '', self.sa)
         except formencode.Invalid, errors:
             c.new_repo = errors.value['fork_name']
             r = render('settings/repo_fork.html')
             return formencode.htmlfill.render(
                 r,
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         return redirect(url('home'))

rhodecode/templates/base/base.html

➞

Show inline comments

@@ @@ -140,194 +140,194 @@ @@
                     <span>&darr;</span>
 					</a>
 					<ul class="repo_switcher">
                         %for repo in c.cached_repo_list:
                           %if repo['dbrepo']['private']:
                              <li><img src="${h.url("/images/icons/lock.png")}" alt="${_('Private repository')}" class="repo_switcher_type"/>${h.link_to(repo['repo'].name,h.url('summary_home',repo_name=repo['repo'].name),class_="%s" % repo['dbrepo']['repo_type'])}</li>
                           %else:
                              <li><img src="${h.url("/images/icons/lock_open.png")}" alt="${_('Public repository')}" class="repo_switcher_type" />${h.link_to(repo['repo'].name,h.url('summary_home',repo_name=repo['repo'].name),class_="%s" % repo['dbrepo']['repo_type'])}</li>
                           %endif
                         %endfor
 					</ul>
 				</li>
 	            <li ${is_current('summary')}>
 	               <a title="${_('Summary')}" href="${h.url('summary_home',repo_name=c.repo_name)}">
 	               <span class="icon">
 	                   <img src="${h.url("/images/icons/clipboard_16.png")}" alt="${_('Summary')}" />
 	               </span>
 	               <span>${_('Summary')}</span>
 	               </a>
 	            </li>
                 ##<li ${is_current('shortlog')}>
                 ##   <a title="${_('Shortlog')}" href="${h.url('shortlog_home',repo_name=c.repo_name)}">
                 ##   <span class="icon">
                 ##       <img src="${h.url("/images/icons/application_view_list.png")}" alt="${_('Shortlog')}" />
                 ##   </span>
                 ##   <span>${_('Shortlog')}</span>
                 ##   </a>
                 ##</li>
                 <li ${is_current('changelog')}>
                    <a title="${_('Changelog')}" href="${h.url('changelog_home',repo_name=c.repo_name)}">
                    <span class="icon">
                        <img src="${h.url("/images/icons/time.png")}" alt="${_('Changelog')}" />
                    </span>
                    <span>${_('Changelog')}</span>
                    </a>
                 </li>
                 <li ${is_current('switch_to')}>
                    <a title="${_('Switch to')}" href="#">
                    <span class="icon">
                        <img src="${h.url("/images/icons/arrow_switch.png")}" alt="${_('Switch to')}" />
                    </span>
                    <span>${_('Switch to')}</span>
                    </a>
                     <ul>
                         <li>
                             ${h.link_to('%s (%s)' % (_('branches'),len(c.rhodecode_repo.branches.values()),),h.url('branches_home',repo_name=c.repo_name),class_='branches childs')}
                             <ul>
                             %if c.rhodecode_repo.branches.values():
 						        %for cnt,branch in enumerate(c.rhodecode_repo.branches.items()):
 						            <li>${h.link_to('%s - %s' % (branch[0],h.short_id(branch[1])),h.url('files_home',repo_name=c.repo_name,revision=branch[1]))}</li>
 						        %endfor
 						    %else:
 						    	<li>${h.link_to(_('There are no branches yet'),'#')}</li>
 						    %endif
                             </ul>
                         </li>
                         <li>
                             ${h.link_to('%s (%s)' % (_('tags'),len(c.rhodecode_repo.tags.values()),),h.url('tags_home',repo_name=c.repo_name),class_='tags childs')}
                             <ul>
                             %if c.rhodecode_repo.tags.values():
                                 %for cnt,tag in enumerate(c.rhodecode_repo.tags.items()):
                                  <li>${h.link_to('%s - %s' % (tag[0],h.short_id(tag[1])),h.url('files_home',repo_name=c.repo_name,revision=tag[1]))}</li>
                                 %endfor
                             %else:
                             	<li>${h.link_to(_('There are no tags yet'),'#')}</li>
                             %endif
                             </ul>
                         </li>
                     </ul>
                 </li>
                 <li ${is_current('files')}>
                    <a title="${_('Files')}" href="${h.url('files_home',repo_name=c.repo_name)}">
                    <span class="icon">
                        <img src="${h.url("/images/icons/file.png")}" alt="${_('Files')}" />
                    </span>
                    <span>${_('Files')}</span>
                    </a>
                 </li>
                 <li ${is_current('options')}>
                    <a title="${_('Options')}" href="#">
                    <span class="icon">
                        <img src="${h.url("/images/icons/table_gear.png")}" alt="${_('Admin')}" />
                    </span>
                    <span>${_('Options')}</span>
                    </a>
                    <ul>
                    %if h.HasRepoPermissionAll('repository.admin')(c.repo_name):
                      %if h.HasPermissionAll('hg.admin')('access settings on repository'):
                          <li>${h.link_to(_('settings'),h.url('edit_repo',repo_name=c.repo_name),class_='settings')}</li>
                      %else:
                          <li>${h.link_to(_('settings'),h.url('repo_settings_home',repo_name=c.repo_name),class_='settings')}</li>
                      %endif
                    %endif
                    	<li>${h.link_to(_('fork'),h.url('repo_fork_home',repo_name=c.repo_name),class_='fork')}</li>
                    %endif
                    	<li>${h.link_to(_('search'),h.url('search_repo',search_repo=c.repo_name),class_='search')}</li>
                     %if h.HasPermissionAll('hg.admin')('access admin main page'):
                     <li>
                        ${h.link_to(_('admin'),h.url('admin_home'),class_='admin')}
                         <%def name="admin_menu()">
                         <ul>
                             <li>${h.link_to(_('journal'),h.url('admin_home'),class_='journal')}</li>
                             <li>${h.link_to(_('repositories'),h.url('repos'),class_='repos')}</li>
                             <li>${h.link_to(_('users'),h.url('users'),class_='users')}</li>
                             <li>${h.link_to(_('users groups'),h.url('users_groups'),class_='groups')}</li>
                             <li>${h.link_to(_('permissions'),h.url('edit_permission',id='default'),class_='permissions')}</li>
                             <li>${h.link_to(_('ldap'),h.url('ldap_home'),class_='ldap')}</li>
                             <li class="last">${h.link_to(_('settings'),h.url('admin_settings'),class_='settings')}</li>
                         </ul>
                         </%def>
                         ${admin_menu()}
                     </li>
                     %endif
                    </ul>
                 </li>
                 <li>
                     <a title="${_('Followers')}" href="#">
                     <span class="icon_short">
                         <img src="${h.url("/images/icons/heart.png")}" alt="${_('Followers')}" />
                     </span>
                     <span class="short">${c.repository_followers}</span>
                     </a>
                 </li>
                 <li>
                     <a title="${_('Forks')}" href="#">
                     <span class="icon_short">
                         <img src="${h.url("/images/icons/arrow_divide.png")}" alt="${_('Forks')}" />
                     </span>
                     <span class="short">${c.repository_forks}</span>
                     </a>
                 </li>
 	        </ul>
 		%else:
 		    ##ROOT MENU
             <ul id="quick">
                 <li>
                     <a title="${_('Home')}"  href="${h.url('home')}">
                     <span class="icon">
                         <img src="${h.url("/images/icons/home_16.png")}" alt="${_('Home')}" />
                     </span>
                     <span>${_('Home')}</span>
                     </a>
                 </li>
                 %if c.rhodecode_user.username != 'default':
                 <li>
                     <a title="${_('Journal')}"  href="${h.url('journal')}">
                     <span class="icon">
                         <img src="${h.url("/images/icons/book.png")}" alt="${_('Journal')}" />
                     </span>
                     <span>${_('Journal')}</span>
                     </a>
                 </li>
                 %endif
                 <li>
                     <a title="${_('Search')}"  href="${h.url('search')}">
                     <span class="icon">
                         <img src="${h.url("/images/icons/search_16.png")}" alt="${_('Search')}" />
                     </span>
                     <span>${_('Search')}</span>
                     </a>
                 </li>
 				%if h.HasPermissionAll('hg.admin')('access admin main page'):
                 <li ${is_current('admin')}>
                    <a title="${_('Admin')}" href="${h.url('admin_home')}">
                    <span class="icon">
                        <img src="${h.url("/images/icons/cog_edit.png")}" alt="${_('Admin')}" />
                    </span>
                    <span>${_('Admin')}</span>
                    </a>
                     ${admin_menu()}
                 </li>
 				%endif
 			</ul>
 		%endif
 </%def>
 <%def name="css()">
 <link rel="stylesheet" type="text/css" href="${h.url('/css/style.css')}" media="screen" />
 <link rel="stylesheet" type="text/css" href="${h.url('/css/pygments.css')}"  />
 <link rel="stylesheet" type="text/css" href="${h.url('/css/diff.css')}"  />
 </%def>

0 comments (0 inline, 0 general)