kallithea Changeset - 41e70d120a5e

Changeset - 41e70d120a5e

Parent rev.

Child rev.

[Not reviewed]

default

0 2 0

Mads Kiilerich - 9 years ago 2016-09-12 17:41:19
madski@unity3d.com

api: set authuser in the thread global request instace - and temporarily verify that it matches what is passed explicitly to auth methods

This makes it more like what middleware / controllers do for "normal" HTTP requests.

2 files changed with 14 insertions and 15 deletions:

kallithea/controllers/api/__init__.py

kallithea/lib/auth.py

0 comments (0 inline, 0 general)

kallithea/controllers/api/__init__.py

➞

Show inline comments

@@ @@ -34,6 +34,7 @@ import itertools @@
 from paste.response import replace_header
 from pylons.controllers import WSGIController
 from pylons import request
 from webob.exc import HTTPError
@@ @@ -190,7 +191,7 @@ class JSONRPCController(WSGIController): @@
         # this is little trick to inject logged in user for
         # perms decorators to work they expect the controller class to have
         # authuser attribute set
         self.authuser = auth_u
+        self.authuser = request.user = auth_u
         # This attribute will need to be first param of a method that uses
         # api_key, which is translated to instance of user at that name

kallithea/lib/auth.py

➞

Show inline comments

@@ @@ -940,22 +940,18 @@ class PermsFunction(object): @@
         raise AssertionError(self.__class__.__name__ + ' is not a bool and must be called!')
     def __call__(self, check_location='unspecified location', user=None):
         if not user:
             #TODO: remove this someday,put as user as attribute here
             user = request.user
         if user:
             assert user.user_id == request.user.user_id, (user, request.user)
         # init auth user if not already given
         if not isinstance(user, AuthUser):
             user = AuthUser(user.user_id)
         user = request.user
         assert user
         assert isinstance(user, AuthUser), user
         cls_name = self.__class__.__name__
         check_scope = self._scope()
         log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
                   self.required_perms, user, check_scope,
                   check_location)
         if not user:
             log.debug('Empty request user')
             return False
         self.user_perms = user.permissions
         result = self.check_permissions()
@@ @@ -1081,6 +1077,13 @@ class _BaseApiPerm(object): @@
     def __call__(self, check_location=None, user=None, repo_name=None,
                  group_name=None):
         assert user
         assert user.user_id == request.user.user_id, (user, request.user)
         user = request.user
         assert user
         assert isinstance(user, AuthUser), user
         cls_name = self.__class__.__name__
         check_scope = 'user:%s' % (user)
         if repo_name:
@@ @@ -1091,13 +1094,8 @@ class _BaseApiPerm(object): @@
         log.debug('checking cls:%s %s %s @ %s',
                   cls_name, self.required_perms, check_scope, check_location)
         if not user:
             log.debug('Empty User passed into arguments')
             return False
         ## process user
         if not isinstance(user, AuthUser):
             user = AuthUser(user.user_id)
         if not check_location:
             check_location = 'unspecified'
         if self.check_permissions(user.permissions, repo_name, group_name):

0 comments (0 inline, 0 general)