kallithea Changeset - 3505a6be2988

Changeset - 3505a6be2988

Parent rev.

Child rev.

[Not reviewed]

default

0 2 0

Søren Løvborg - 9 years ago 2017-02-23 20:26:27
sorenl@unity3d.com

repogroups: fix private repo recursion check

The purpose of this check is to ensure that we don't recursively assign
"default" user perms for a repo with the "private" flag set (because in
that case, the "default" user perms should always be "no access").

(The check, and this fix, is of course only applicable to Kallithea
instances that have anonymous access enabled to begin with.)

However, the check was only functional if the user was specified as a
username. This is apparently always the case when Kallithea is running,
but was not e.g. the case in the test suite, which consistently passed
a user ID instead of a username.

This commit ensures that the user is always resolved before the check is
made. There's no significant overhead to this, as the code immediately
calls RepoModel().grant_user_permission, which resolved the user anyway.
This change just moves the database lookup a bit earlier.

Fixing this revealed the matching test case to be broken, so it has been
fixed as well.

Down the road, we should eliminate Kallithea's bizarre practice of
passing around usernames and user IDs, in favor of passing actual User
objects. That'll get rid of mistakes like these, as well as repeated
needless database lookups.

2 files changed with 7 insertions and 3 deletions:

kallithea/model/repo_group.py

kallithea/tests/models/test_user_permissions_on_repo_groups.py

0 comments (0 inline, 0 general)

kallithea/model/repo_group.py

➞

Show inline comments

@@ @@ -198,9 +198,11 @@ class RepoGroupModel(BaseModel): @@
             if isinstance(obj, RepoGroup):
                 self.grant_user_permission(repo_group=obj, user=user, perm=perm)
             elif isinstance(obj, Repository):
                 user = User.guess_instance(user)
                 # private repos will not allow to change the default permissions
                 # using recursive mode
                 if obj.private and user == User.DEFAULT_USER:
+                if obj.private and user.username == User.DEFAULT_USER:
                     return
                 # we set group permission but we have to switch to repo

kallithea/tests/models/test_user_permissions_on_repo_groups.py

➞

Show inline comments

 import functools
 from kallithea.model.repo_group import RepoGroupModel
 from kallithea.model.db import RepoGroup, User
+from kallithea.model.db import RepoGroup, Repository, User
 from kallithea.model.meta import Session
 from kallithea.tests.models.common import _create_project_tree, check_tree_perms, \
@@ @@ -133,7 +133,9 @@ def test_user_permissions_on_group_with_ @@
     _check_expected_count(items, repo_items, expected_count(group, True))
     for name, perm in repo_items:
         check_tree_perms(name, perm, group, 'repository.write')
         # default user permissions do not "recurse into" private repos
         is_private = Repository.get_by_repo_name(name).private
         check_tree_perms(name, perm, group, 'repository.none' if is_private else 'repository.write')
     for name, perm in items:
         check_tree_perms(name, perm, group, 'group.write')

0 comments (0 inline, 0 general)