Changeset - 35120990752f
Parent rev.
Child rev.
[Not reviewed]
default
0 2 0
Christian Oyarzun - 10 years ago 2015-05-21 21:52:30
oyarzun@gmail.com
admin: use POST in routing for adding API keys for users - match template change in 6f6aab7ca754
2 files changed with 3 insertions and 3 deletions:
kallithea/config/routing.py
1
1
kallithea/tests/functional/test_admin_users.py
2
2
0 comments (0 inline, 0 general)
kallithea/config/routing.py
Show inline comments
 
@@ -17,385 +17,385 @@ Routes configuration
 
The more specific and detailed routes should be defined first so they
 
may take precedent over the more generic routes. For more information
 
refer to the routes manual at http://routes.groovie.org/docs/
 
"""
 

			




	
	
	
		
 
from __future__ import with_statement

			




	
	
	
		
 
from routes import Mapper

			




	
	
	
		
 

			




	
	
	
		
 
# prefix for non repository related links needs to be prefixed with `/`

			




	
	
	
		
 
ADMIN_PREFIX = '/_admin'

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def make_map(config):

			




	
	
	
		
 
    """Create, configure and return the routes Mapper"""

			




	
	
	
		
 
    rmap = Mapper(directory=config['pylons.paths']['controllers'],

			




	
	
	
		
 
                  always_scan=config['debug'])

			




	
	
	
		
 
    rmap.minimization = False

			




	
	
	
		
 
    rmap.explicit = False

			




	
	
	
		
 

			




	
	
	
		
 
    from kallithea.lib.utils import (is_valid_repo, is_valid_repo_group,

			




	
	
	
		
 
                                     get_repo_by_id)

			




	
	
	
		
 

			




	
	
	
		
 
    def check_repo(environ, match_dict):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        check for valid repository for proper 404 handling

			




	
	
	
		
 

			




	
	
	
		
 
        :param environ:

			




	
	
	
		
 
        :param match_dict:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        repo_name = match_dict.get('repo_name')

			




	
	
	
		
 

			




	
	
	
		
 
        if match_dict.get('f_path'):

			




	
	
	
		
 
            #fix for multiple initial slashes that causes errors

			




	
	
	
		
 
            match_dict['f_path'] = match_dict['f_path'].lstrip('/')

			




	
	
	
		
 

			




	
	
	
		
 
        by_id_match = get_repo_by_id(repo_name)

			




	
	
	
		
 
        if by_id_match:

			




	
	
	
		
 
            repo_name = by_id_match

			




	
	
	
		
 
            match_dict['repo_name'] = repo_name

			




	
	
	
		
 

			




	
	
	
		
 
        return is_valid_repo(repo_name, config['base_path'])

			




	
	
	
		
 

			




	
	
	
		
 
    def check_group(environ, match_dict):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        check for valid repository group for proper 404 handling

			




	
	
	
		
 

			




	
	
	
		
 
        :param environ:

			




	
	
	
		
 
        :param match_dict:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        repo_group_name = match_dict.get('group_name')

			




	
	
	
		
 
        return is_valid_repo_group(repo_group_name, config['base_path'])

			




	
	
	
		
 

			




	
	
	
		
 
    def check_group_skip_path(environ, match_dict):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        check for valid repository group for proper 404 handling, but skips

			




	
	
	
		
 
        verification of existing path

			




	
	
	
		
 

			




	
	
	
		
 
        :param environ:

			




	
	
	
		
 
        :param match_dict:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        repo_group_name = match_dict.get('group_name')

			




	
	
	
		
 
        return is_valid_repo_group(repo_group_name, config['base_path'],

			




	
	
	
		
 
                                   skip_path_check=True)

			




	
	
	
		
 

			




	
	
	
		
 
    def check_user_group(environ, match_dict):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        check for valid user group for proper 404 handling

			




	
	
	
		
 

			




	
	
	
		
 
        :param environ:

			




	
	
	
		
 
        :param match_dict:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return True

			




	
	
	
		
 

			




	
	
	
		
 
    def check_int(environ, match_dict):

			




	
	
	
		
 
        return match_dict.get('id').isdigit()

			




	
	
	
		
 

			




	
	
	
		
 
    # The ErrorController route (handles 404/500 error pages); it should

			




	
	
	
		
 
    # likely stay at the top, ensuring it can always be resolved

			




	
	
	
		
 
    rmap.connect('/error/{action}', controller='error')

			




	
	
	
		
 
    rmap.connect('/error/{action}/{id}', controller='error')

			




	
	
	
		
 

			




	
	
	
		
 
    #==========================================================================

			




	
	
	
		
 
    # CUSTOM ROUTES HERE

			




	
	
	
		
 
    #==========================================================================

			




	
	
	
		
 

			




	
	
	
		
 
    #MAIN PAGE

			




	
	
	
		
 
    rmap.connect('home', '/', controller='home', action='index')

			




	
	
	
		
 
    rmap.connect('about', '/about', controller='home', action='about')

			




	
	
	
		
 
    rmap.connect('repo_switcher_data', '/_repos', controller='home',

			




	
	
	
		
 
                 action='repo_switcher_data')

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('rst_help',

			




	
	
	
		
 
                 "http://docutils.sourceforge.net/docs/user/rst/quickref.html",

			




	
	
	
		
 
                 _static=True)

			




	
	
	
		
 
    rmap.connect('kallithea_project_url', "https://kallithea-scm.org/", _static=True)

			




	
	
	
		
 
    rmap.connect('issues_url', 'https://bitbucket.org/conservancy/kallithea/issues', _static=True)

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN REPOSITORY ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/repos') as m:

			




	
	
	
		
 
        m.connect("repos", "/repos",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("repos", "/repos",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_repo", "/create_repository",

			




	
	
	
		
 
                  action="create_repository", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("/repos/{repo_name:.*?}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["PUT"],

			




	
	
	
		
 
                  function=check_repo))

			




	
	
	
		
 
        m.connect("delete_repo", "/repos/{repo_name:.*?}",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["DELETE"],

			




	
	
	
		
 
                  ))

			




	
	
	
		
 
        m.connect("repo", "/repos/{repo_name:.*?}",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"],

			




	
	
	
		
 
                  function=check_repo))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN REPOSITORY GROUPS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/repo_groups') as m:

			




	
	
	
		
 
        m.connect("repos_groups", "/repo_groups",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("repos_groups", "/repo_groups",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_repos_group", "/repo_groups/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_repos_group", "/repo_groups/{group_name:.*?}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["PUT"],

			




	
	
	
		
 
                                                   function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("repos_group", "/repo_groups/{group_name:.*?}",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"],

			




	
	
	
		
 
                                                 function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        #EXTRAS REPO GROUP ROUTES

			




	
	
	
		
 
        m.connect("edit_repo_group", "/repo_groups/{group_name:.*?}/edit",

			




	
	
	
		
 
                  action="edit",

			




	
	
	
		
 
                  conditions=dict(method=["GET"], function=check_group))

			




	
	
	
		
 
        m.connect("edit_repo_group", "/repo_groups/{group_name:.*?}/edit",

			




	
	
	
		
 
                  action="edit",

			




	
	
	
		
 
                  conditions=dict(method=["PUT"], function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_repo_group_advanced", "/repo_groups/{group_name:.*?}/edit/advanced",

			




	
	
	
		
 
                  action="edit_repo_group_advanced",

			




	
	
	
		
 
                  conditions=dict(method=["GET"], function=check_group))

			




	
	
	
		
 
        m.connect("edit_repo_group_advanced", "/repo_groups/{group_name:.*?}/edit/advanced",

			




	
	
	
		
 
                  action="edit_repo_group_advanced",

			




	
	
	
		
 
                  conditions=dict(method=["PUT"], function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_repo_group_perms", "/repo_groups/{group_name:.*?}/edit/permissions",

			




	
	
	
		
 
                  action="edit_repo_group_perms",

			




	
	
	
		
 
                  conditions=dict(method=["GET"], function=check_group))

			




	
	
	
		
 
        m.connect("edit_repo_group_perms", "/repo_groups/{group_name:.*?}/edit/permissions",

			




	
	
	
		
 
                  action="update_perms",

			




	
	
	
		
 
                  conditions=dict(method=["PUT"], function=check_group))

			




	
	
	
		
 
        m.connect("edit_repo_group_perms", "/repo_groups/{group_name:.*?}/edit/permissions",

			




	
	
	
		
 
                  action="delete_perms",

			




	
	
	
		
 
                  conditions=dict(method=["DELETE"], function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("delete_repo_group", "/repo_groups/{group_name:.*?}",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["DELETE"],

			




	
	
	
		
 
                                                   function=check_group_skip_path))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN USER ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/users') as m:

			




	
	
	
		
 
        m.connect("users", "/users",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("users", "/users",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("formatted_users", "/users.{format}",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_user", "/users/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_user", "/users/{id}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["PUT"]))

			




	
	
	
		
 
        m.connect("delete_user", "/users/{id}",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["DELETE"]))

			




	
	
	
		
 
        m.connect("edit_user", "/users/{id}/edit",

			




	
	
	
		
 
                  action="edit", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("user", "/users/{id}",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        #EXTRAS USER ROUTES

			




	
	
	
		
 
        m.connect("edit_user_advanced", "/users/{id}/edit/advanced",

			




	
	
	
		
 
                  action="edit_advanced", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_advanced", "/users/{id}/edit/advanced",

			




	
	
	
		
 
                  action="update_advanced", conditions=dict(method=["PUT"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

			




	
	
	
		
 
                  action="edit_api_keys", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

			




	
	
	
		
 
                  action="add_api_key", conditions=dict(method=["PUT"]))

			




	
	
	
		
 
                  action="add_api_key", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

			




	
	
	
		
 
                  action="delete_api_key", conditions=dict(method=["DELETE"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

			




	
	
	
		
 
                  action="edit_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

			




	
	
	
		
 
                  action="update_perms", conditions=dict(method=["PUT"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_emails", "/users/{id}/edit/emails",

			




	
	
	
		
 
                  action="edit_emails", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_emails", "/users/{id}/edit/emails",

			




	
	
	
		
 
                  action="add_email", conditions=dict(method=["PUT"]))

			




	
	
	
		
 
        m.connect("edit_user_emails", "/users/{id}/edit/emails",

			




	
	
	
		
 
                  action="delete_email", conditions=dict(method=["DELETE"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_ips", "/users/{id}/edit/ips",

			




	
	
	
		
 
                  action="edit_ips", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_ips", "/users/{id}/edit/ips",

			




	
	
	
		
 
                  action="add_ip", conditions=dict(method=["PUT"]))

			




	
	
	
		
 
        m.connect("edit_user_ips", "/users/{id}/edit/ips",

			




	
	
	
		
 
                  action="delete_ip", conditions=dict(method=["DELETE"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN USER GROUPS REST ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/user_groups') as m:

			




	
	
	
		
 
        m.connect("users_groups", "/user_groups",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("users_groups", "/user_groups",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_users_group", "/user_groups/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_users_group", "/user_groups/{id}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["PUT"]))

			




	
	
	
		
 
        m.connect("delete_users_group", "/user_groups/{id}",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["DELETE"]))

			




	
	
	
		
 
        m.connect("edit_users_group", "/user_groups/{id}/edit",

			




	
	
	
		
 
                  action="edit", conditions=dict(method=["GET"]),

			




	
	
	
		
 
                  function=check_user_group)

			




	
	
	
		
 
        m.connect("users_group", "/user_groups/{id}",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        #EXTRAS USER GROUP ROUTES

			




	
	
	
		
 
        m.connect("edit_user_group_default_perms", "/user_groups/{id}/edit/default_perms",

			




	
	
	
		
 
                  action="edit_default_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_group_default_perms", "/user_groups/{id}/edit/default_perms",

			




	
	
	
		
 
                  action="update_default_perms", conditions=dict(method=["PUT"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_group_perms", "/user_groups/{id}/edit/perms",

			




	
	
	
		
 
                  action="edit_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_group_perms", "/user_groups/{id}/edit/perms",

			




	
	
	
		
 
                  action="update_perms", conditions=dict(method=["PUT"]))

			




	
	
	
		
 
        m.connect("edit_user_group_perms", "/user_groups/{id}/edit/perms",

			




	
	
	
		
 
                  action="delete_perms", conditions=dict(method=["DELETE"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_group_advanced", "/user_groups/{id}/edit/advanced",

			




	
	
	
		
 
                  action="edit_advanced", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_group_members", "/user_groups/{id}/edit/members",

			




	
	
	
		
 
                  action="edit_members", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN PERMISSIONS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/permissions') as m:

			




	
	
	
		
 
        m.connect("admin_permissions", "/permissions",

			




	
	
	
		
 
                  action="permission_globals", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_permissions", "/permissions",

			




	
	
	
		
 
                  action="permission_globals", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_permissions_ips", "/permissions/ips",

			




	
	
	
		
 
                  action="permission_ips", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_permissions_ips", "/permissions/ips",

			




	
	
	
		
 
                  action="permission_ips", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_permissions_perms", "/permissions/perms",

			




	
	
	
		
 
                  action="permission_perms", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_permissions_perms", "/permissions/perms",

			




	
	
	
		
 
                  action="permission_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN DEFAULTS REST ROUTES

			




	
	
	
		
 
    rmap.resource('default', 'defaults',

			




	
	
	
		
 
                  controller='admin/defaults', path_prefix=ADMIN_PREFIX)

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN AUTH SETTINGS

			




	
	
	
		
 
    rmap.connect('auth_settings', '%s/auth' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='admin/auth_settings', action='auth_settings',

			




	
	
	
		
 
                 conditions=dict(method=["POST"]))

			




	
	
	
		
 
    rmap.connect('auth_home', '%s/auth' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='admin/auth_settings')

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN SETTINGS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/settings') as m:

			




	
	
	
		
 
        m.connect("admin_settings", "/settings",

			




	
	
	
		
 
                  action="settings_vcs", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings", "/settings",

			




	
	
	
		
 
                  action="settings_vcs", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_mapping", "/settings/mapping",

			




	
	
	
		
 
                  action="settings_mapping", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_mapping", "/settings/mapping",

			




	
	
	
		
 
                  action="settings_mapping", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_global", "/settings/global",

			




	
	
	
		
 
                  action="settings_global", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_global", "/settings/global",

			




	
	
	
		
 
                  action="settings_global", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_visual", "/settings/visual",

			




	
	
	
		
 
                  action="settings_visual", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_visual", "/settings/visual",

			




	
	
	
		
 
                  action="settings_visual", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_email", "/settings/email",

			




	
	
	
		
 
                  action="settings_email", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_email", "/settings/email",

			




	
	
	
		
 
                  action="settings_email", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_hooks", "/settings/hooks",

			




	
	
	
		
 
                  action="settings_hooks", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_hooks", "/settings/hooks",

			




	
	
	
		
 
                  action="settings_hooks", conditions=dict(method=["DELETE"]))

			




	
	
	
		
 
        m.connect("admin_settings_hooks", "/settings/hooks",

			




	
	
	
		
 
                  action="settings_hooks", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_search", "/settings/search",

			




	
	
	
		
 
                  action="settings_search", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_search", "/settings/search",

			




	
	
	
		
 
                  action="settings_search", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_system", "/settings/system",

			




	
	
	
		
 
                  action="settings_system", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_system", "/settings/system",

			




	
	
	
		
 
                  action="settings_system", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("admin_settings_system_update", "/settings/system/updates",

			




	
	
	
		
 
                  action="settings_system_update", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN MY ACCOUNT

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/my_account') as m:

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account", "/my_account",

			




	
	
	
		
 
                  action="my_account", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("my_account", "/my_account",

			




	
	
	
		
 
                  action="my_account", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account_password", "/my_account/password",

			




	
	
	
		
 
                  action="my_account_password", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("my_account_password", "/my_account/password",

			




	
	
	
		
 
                  action="my_account_password", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account_repos", "/my_account/repos",

			




	
	
	
		
 
                  action="my_account_repos", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account_watched", "/my_account/watched",

			




	
	
	
		
 
                  action="my_account_watched", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account_perms", "/my_account/perms",

			




	
	
	
		
 
                  action="my_account_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account_emails", "/my_account/emails",

			




	
	
	
		
 
                  action="my_account_emails", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("my_account_emails", "/my_account/emails",

			




	
	
	
		
 
                  action="my_account_emails_add", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("my_account_emails", "/my_account/emails",

			




	
	
	
		
 
                  action="my_account_emails_delete", conditions=dict(method=["DELETE"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account_api_keys", "/my_account/api_keys",

			




	
	
	
		
 
                  action="my_account_api_keys", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("my_account_api_keys", "/my_account/api_keys",

			




	
	
	
		
 
                  action="my_account_api_keys_add", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("my_account_api_keys", "/my_account/api_keys",

			




	
	
	
		
 
                  action="my_account_api_keys_delete", conditions=dict(method=["DELETE"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #NOTIFICATION REST ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/notifications') as m:

			




	
	
	
		
 
        m.connect("notifications", "/notifications",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("notifications", "/notifications",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("notifications_mark_all_read", "/notifications/mark_all_read",

			




	
	
	
		
 
                  action="mark_all_read", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("formatted_notifications", "/notifications.{format}",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_notification", "/notifications/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("formatted_new_notification", "/notifications/new.{format}",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




        

    


    
    

    

        

                

                    kallithea/tests/functional/test_admin_users.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -262,238 +262,238 @@ class TestAdminUsersController(TestContr

			




	
	
	
		
 
                                            lastname='b')

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        uid = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            self.assertEqual(UserModel().has_perm(user, perm_none), False)

			




	
	
	
		
 
            self.assertEqual(UserModel().has_perm(user, perm_create), False)

			




	
	
	
		
 

			




	
	
	
		
 
            response = self.app.post(url('edit_user_perms', id=uid),

			




	
	
	
		
 
                                     params=dict(_method='put',

			




	
	
	
		
 
                                                 create_repo_perm=True,

			




	
	
	
		
 
                                                 _authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
            perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
            perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            self.assertEqual(UserModel().has_perm(uid, perm_none), False)

			




	
	
	
		
 
            self.assertEqual(UserModel().has_perm(uid, perm_create), True)

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            UserModel().delete(uid)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_revoke_perm_create_repo(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
        perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
        user = UserModel().create_or_update(username='dummy', password='qwe',

			




	
	
	
		
 
                                            email='dummy', firstname='a',

			




	
	
	
		
 
                                            lastname='b')

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        uid = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            self.assertEqual(UserModel().has_perm(user, perm_none), False)

			




	
	
	
		
 
            self.assertEqual(UserModel().has_perm(user, perm_create), False)

			




	
	
	
		
 

			




	
	
	
		
 
            response = self.app.post(url('edit_user_perms', id=uid),

			




	
	
	
		
 
                                     params=dict(_method='put', _authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
            perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
            perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            self.assertEqual(UserModel().has_perm(uid, perm_none), True)

			




	
	
	
		
 
            self.assertEqual(UserModel().has_perm(uid, perm_create), False)

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            UserModel().delete(uid)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_add_perm_fork_repo(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        perm_none = Permission.get_by_key('hg.fork.none')

			




	
	
	
		
 
        perm_fork = Permission.get_by_key('hg.fork.repository')

			




	
	
	
		
 

			




	
	
	
		
 
        user = UserModel().create_or_update(username='dummy', password='qwe',

			




	
	
	
		
 
                                            email='dummy', firstname='a',

			




	
	
	
		
 
                                            lastname='b')

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        uid = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            self.assertEqual(UserModel().has_perm(user, perm_none), False)

			




	
	
	
		
 
            self.assertEqual(UserModel().has_perm(user, perm_fork), False)

			




	
	
	
		
 

			




	
	
	
		
 
            response = self.app.post(url('edit_user_perms', id=uid),

			




	
	
	
		
 
                                     params=dict(_method='put',

			




	
	
	
		
 
                                                 create_repo_perm=True,

			




	
	
	
		
 
                                                 _authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
            perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
            perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            self.assertEqual(UserModel().has_perm(uid, perm_none), False)

			




	
	
	
		
 
            self.assertEqual(UserModel().has_perm(uid, perm_create), True)

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            UserModel().delete(uid)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_revoke_perm_fork_repo(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        perm_none = Permission.get_by_key('hg.fork.none')

			




	
	
	
		
 
        perm_fork = Permission.get_by_key('hg.fork.repository')

			




	
	
	
		
 

			




	
	
	
		
 
        user = UserModel().create_or_update(username='dummy', password='qwe',

			




	
	
	
		
 
                                            email='dummy', firstname='a',

			




	
	
	
		
 
                                            lastname='b')

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        uid = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            self.assertEqual(UserModel().has_perm(user, perm_none), False)

			




	
	
	
		
 
            self.assertEqual(UserModel().has_perm(user, perm_fork), False)

			




	
	
	
		
 

			




	
	
	
		
 
            response = self.app.post(url('edit_user_perms', id=uid),

			




	
	
	
		
 
                                     params=dict(_method='put', _authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
            perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
            perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            self.assertEqual(UserModel().has_perm(uid, perm_none), True)

			




	
	
	
		
 
            self.assertEqual(UserModel().has_perm(uid, perm_create), False)

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            UserModel().delete(uid)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_ips(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        response = self.app.get(url('edit_user_ips', id=user.user_id))

			




	
	
	
		
 
        response.mustcontain('All IP addresses are allowed')

			




	
	
	
		
 

			




	
	
	
		
 
    @parameterized.expand([

			




	
	
	
		
 
        ('127/24', '127.0.0.1/24', '127.0.0.0 - 127.0.0.255', False),

			




	
	
	
		
 
        ('10/32', '10.0.0.10/32', '10.0.0.10 - 10.0.0.10', False),

			




	
	
	
		
 
        ('0/16', '0.0.0.0/16', '0.0.0.0 - 0.0.255.255', False),

			




	
	
	
		
 
        ('0/8', '0.0.0.0/8', '0.0.0.0 - 0.255.255.255', False),

			




	
	
	
		
 
        ('127_bad_mask', '127.0.0.1/99', '127.0.0.1 - 127.0.0.1', True),

			




	
	
	
		
 
        ('127_bad_ip', 'foobar', 'foobar', True),

			




	
	
	
		
 
    ])

			




	
	
	
		
 
    def test_add_ip(self, test_name, ip, ip_range, failure):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        user_id = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.put(url('edit_user_ips', id=user_id),

			




	
	
	
		
 
                                params=dict(new_ip=ip, _authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
        if failure:

			




	
	
	
		
 
            self.checkSessionFlash(response, 'Please enter a valid IPv4 or IpV6 address')

			




	
	
	
		
 
            response = self.app.get(url('edit_user_ips', id=user_id))

			




	
	
	
		
 
            response.mustcontain(no=[ip])

			




	
	
	
		
 
            response.mustcontain(no=[ip_range])

			




	
	
	
		
 

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            response = self.app.get(url('edit_user_ips', id=user_id))

			




	
	
	
		
 
            response.mustcontain(ip)

			




	
	
	
		
 
            response.mustcontain(ip_range)

			




	
	
	
		
 

			




	
	
	
		
 
        ## cleanup

			




	
	
	
		
 
        for del_ip in UserIpMap.query().filter(UserIpMap.user_id == user_id).all():

			




	
	
	
		
 
            Session().delete(del_ip)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete_ip(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        user_id = user.user_id

			




	
	
	
		
 
        ip = '127.0.0.1/32'

			




	
	
	
		
 
        ip_range = '127.0.0.1 - 127.0.0.1'

			




	
	
	
		
 
        new_ip = UserModel().add_extra_ip(user_id, ip)

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        new_ip_id = new_ip.ip_id

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.get(url('edit_user_ips', id=user_id))

			




	
	
	
		
 
        response.mustcontain(ip)

			




	
	
	
		
 
        response.mustcontain(ip_range)

			




	
	
	
		
 

			




	
	
	
		
 
        self.app.post(url('edit_user_ips', id=user_id),

			




	
	
	
		
 
                      params=dict(_method='delete', del_ip_id=new_ip_id, _authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.get(url('edit_user_ips', id=user_id))

			




	
	
	
		
 
        response.mustcontain('All IP addresses are allowed')

			




	
	
	
		
 
        response.mustcontain(no=[ip])

			




	
	
	
		
 
        response.mustcontain(no=[ip_range])

			




	
	
	
		
 

			




	
	
	
		
 
    def test_api_keys(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        response = self.app.get(url('edit_user_api_keys', id=user.user_id))

			




	
	
	
		
 
        response.mustcontain(user.api_key)

			




	
	
	
		
 
        response.mustcontain('Expires: Never')

			




	
	
	
		
 

			




	
	
	
		
 
    @parameterized.expand([

			




	
	
	
		
 
        ('forever', -1),

			




	
	
	
		
 
        ('5mins', 60*5),

			




	
	
	
		
 
        ('30days', 60*60*24*30),

			




	
	
	
		
 
    ])

			




	
	
	
		
 
    def test_add_api_keys(self, desc, lifetime):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        user_id = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('edit_user_api_keys', id=user_id),

			




	
	
	
		
 
                 {'_method': 'put', 'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
                 {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'API key successfully created')

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            response = response.follow()

			




	
	
	
		
 
            user = User.get(user_id)

			




	
	
	
		
 
            for api_key in user.api_keys:

			




	
	
	
		
 
                response.mustcontain(api_key)

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            for api_key in UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all():

			




	
	
	
		
 
                Session().delete(api_key)

			




	
	
	
		
 
                Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_remove_api_key(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        user_id = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('edit_user_api_keys', id=user_id),

			




	
	
	
		
 
                {'_method': 'put', 'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
                {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'API key successfully created')

			




	
	
	
		
 
        response = response.follow()

			




	
	
	
		
 

			




	
	
	
		
 
        #now delete our key

			




	
	
	
		
 
        keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()

			




	
	
	
		
 
        self.assertEqual(1, len(keys))

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('edit_user_api_keys', id=user_id),

			




	
	
	
		
 
                 {'_method': 'delete', 'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'API key successfully deleted')

			




	
	
	
		
 
        keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()

			




	
	
	
		
 
        self.assertEqual(0, len(keys))

			




	
	
	
		
 

			




	
	
	
		
 
    def test_reset_main_api_key(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        user_id = user.user_id

			




	
	
	
		
 
        api_key = user.api_key

			




	
	
	
		
 
        response = self.app.get(url('edit_user_api_keys', id=user_id))

			




	
	
	
		
 
        response.mustcontain(api_key)

			




	
	
	
		
 
        response.mustcontain('Expires: Never')

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('edit_user_api_keys', id=user_id),

			




	
	
	
		
 
                 {'_method': 'delete', 'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'API key successfully reset')

			




	
	
	
		
 
        response = response.follow()

			




	
	
	
		
 
        response.mustcontain(no=[api_key])

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.