kallithea Changeset - 32f66c839c54

Changeset - 32f66c839c54

Parent rev.

Child rev.

[Not reviewed]

beta

0 3 0

Marcin Kuzminski - 13 years ago 2013-04-23 02:55:50
marcin@python-works.com

managing users groups enforce permissions checks.
User needs at least a read permissions on usergroup to be able
to assign it somewhere.

3 files changed with 39 insertions and 16 deletions:

rhodecode/model/repo.py

rhodecode/model/repos_group.py

rhodecode/model/users_group.py

0 comments (0 inline, 0 general)

rhodecode/model/repo.py

➞

Show inline comments

@@ @@ -41,8 +41,9 @@ from rhodecode.model.db import Repositor @@
     Statistics, UserGroup, UserGroupRepoToPerm, RhodeCodeUi, RepoGroup,\
     RhodeCodeSetting, RepositoryField
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import HasRepoPermissionAny
+from rhodecode.lib.auth import HasRepoPermissionAny, HasUserGroupPermissionAny
 from rhodecode.lib.exceptions import AttachedForksError
 from rhodecode.model.scm import UserGroupList
 log = logging.getLogger(__name__)
@@ @@ -140,7 +141,9 @@ class RepoModel(BaseModel): @@
     def get_users_groups_js(self):
         users_groups = self.sa.query(UserGroup)\
             .filter(UserGroup.users_group_active == True).all()
         users_groups = UserGroupList(users_groups, perm_set=['usergroup.read',
                                                              'usergroup.write',
                                                              'usergroup.admin'])
         return json.dumps([
+            {
              'id': gr.users_group_id,
@@ @@ -472,9 +475,12 @@ class RepoModel(BaseModel): @@
                     repo=repo, user=member, perm=perm
+                )
             else:
                 self.grant_users_group_permission(
                     repo=repo, group_name=member, perm=perm
+                )
                 #check if we have permissions to alter this usergroup
                 if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
                                              'usergroup.admin')(member):
                     self.grant_users_group_permission(
                         repo=repo, group_name=member, perm=perm
+                    )
         # set new permissions
         for member, perm, member_type in perms_new:
             if member_type == 'user':
@@ @@ -482,9 +488,12 @@ class RepoModel(BaseModel): @@
                     repo=repo, user=member, perm=perm
+                )
             else:
                 self.grant_users_group_permission(
                     repo=repo, group_name=member, perm=perm
+                )
                 #check if we have permissions to alter this usergroup
                 if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
                                              'usergroup.admin')(member):
                     self.grant_users_group_permission(
                         repo=repo, group_name=member, perm=perm
+                    )
     def create_fork(self, form_data, cur_user):
         """

rhodecode/model/repos_group.py

➞

Show inline comments

@@ @@ -169,6 +169,7 @@ class ReposGroupModel(BaseModel): @@
     def _update_permissions(self, repos_group, perms_new=None,
                             perms_updates=None, recursive=False):
         from rhodecode.model.repo import RepoModel
         from rhodecode.lib.auth import HasUserGroupPermissionAny
         if not perms_new:
             perms_new = []
         if not perms_updates:
@@ @@ -220,13 +221,19 @@ class ReposGroupModel(BaseModel): @@
                     _set_perm_user(obj, user=member, perm=perm)
                 ## set for user group
                 else:
                     _set_perm_group(obj, users_group=member, perm=perm)
                     #check if we have permissions to alter this usergroup
                     if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
                                                  'usergroup.admin')(member):
                         _set_perm_group(obj, users_group=member, perm=perm)
             # set new permissions
             for member, perm, member_type in perms_new:
                 if member_type == 'user':
                     _set_perm_user(obj, user=member, perm=perm)
                 else:
                     _set_perm_group(obj, users_group=member, perm=perm)
                     #check if we have permissions to alter this usergroup
                     if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
                                                  'usergroup.admin')(member):
                         _set_perm_group(obj, users_group=member, perm=perm)
             updates.append(obj)
             #if it's not recursive call
             # break the loop and don't proceed with other changes

rhodecode/model/users_group.py

➞

Show inline comments

@@ @@ -63,6 +63,7 @@ class UserGroupModel(BaseModel): @@
     def _update_permissions(self, user_group, perms_new=None,
                             perms_updates=None):
         from rhodecode.lib.auth import HasUserGroupPermissionAny
         if not perms_new:
             perms_new = []
         if not perms_updates:
@@ @@ -76,9 +77,12 @@ class UserGroupModel(BaseModel): @@
                     user_group=user_group, user=member, perm=perm
+                )
             else:
                 self.grant_users_group_permission(
                     target_user_group=user_group, user_group=member, perm=perm
+                )
                 #check if we have permissions to alter this usergroup
                 if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
                                              'usergroup.admin')(member):
                     self.grant_users_group_permission(
                         target_user_group=user_group, user_group=member, perm=perm
+                    )
         # set new permissions
         for member, perm, member_type in perms_new:
             if member_type == 'user':
@@ @@ -86,9 +90,12 @@ class UserGroupModel(BaseModel): @@
                     user_group=user_group, user=member, perm=perm
+                )
             else:
                 self.grant_users_group_permission(
                     target_user_group=user_group, user_group=member, perm=perm
+                )
                 #check if we have permissions to alter this usergroup
                 if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
                                              'usergroup.admin')(member):
                     self.grant_users_group_permission(
                         target_user_group=user_group, user_group=member, perm=perm
+                    )
     def get(self, users_group_id, cache=False):
         return UserGroup.get(users_group_id)

0 comments (0 inline, 0 general)