Changeset - 493ccf3e22e6
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Mads Kiilerich - 11 years ago 2014-07-14 21:12:23
madski@unity3d.com
user edit: always define c.EXTERN_TYPE_INTERNAL (issue 3)

It is needed by user_edit_profile.html when user_edit.html includes it because
.active='profile'. Some non-obvious code paths could lead to that - such as
editing other user's password.

Instead, set the value it in the controller initialization.
1 file changed with 1 insertions and 1 deletions:
kallithea/controllers/admin/users.py
1
1
0 comments (0 inline, 0 general)
kallithea/controllers/admin/users.py
Show inline comments
 
@@ -45,48 +45,49 @@ from kallithea.lib.auth import LoginRequ
 
import kallithea.lib.auth_modules.auth_internal
 
from kallithea.lib import auth_modules
 
from kallithea.lib.base import BaseController, render
 
from kallithea.model.api_key import ApiKeyModel
 

			




	
	
	
		
 
from kallithea.model.db import User, UserEmailMap, UserIpMap, UserToPerm

			




	
	
	
		
 
from kallithea.model.forms import UserForm, CustomDefaultPermissionsForm

			




	
	
	
		
 
from kallithea.model.user import UserModel

			




	
	
	
		
 
from kallithea.model.meta import Session

			




	
	
	
		
 
from kallithea.lib.utils import action_logger

			




	
	
	
		
 
from kallithea.lib.compat import json

			




	
	
	
		
 
from kallithea.lib.utils2 import datetime_to_time, str2bool, safe_int

			




	
	
	
		
 

			




	
	
	
		
 
log = logging.getLogger(__name__)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UsersController(BaseController):

			




	
	
	
		
 
    """REST Controller styled on the Atom Publishing Protocol"""

			




	
	
	
		
 

			




	
	
	
		
 
    @LoginRequired()

			




	
	
	
		
 
    @HasPermissionAllDecorator('hg.admin')

			




	
	
	
		
 
    def __before__(self):

			




	
	
	
		
 
        super(UsersController, self).__before__()

			




	
	
	
		
 
        c.available_permissions = config['available_permissions']

			




	
	
	
		
 
        c.EXTERN_TYPE_INTERNAL = kallithea.EXTERN_TYPE_INTERNAL

			




	
	
	
		
 

			




	
	
	
		
 
    def index(self, format='html'):

			




	
	
	
		
 
        """GET /users: All items in the collection"""

			




	
	
	
		
 
        # url('users')

			




	
	
	
		
 

			




	
	
	
		
 
        c.users_list = User.query().order_by(User.username)\

			




	
	
	
		
 
                        .filter(User.username != User.DEFAULT_USER)\

			




	
	
	
		
 
                        .order_by(func.lower(User.username))\

			




	
	
	
		
 
                        .all()

			




	
	
	
		
 

			




	
	
	
		
 
        users_data = []

			




	
	
	
		
 
        total_records = len(c.users_list)

			




	
	
	
		
 
        _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup

			




	
	
	
		
 
        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

			




	
	
	
		
 

			




	
	
	
		
 
        grav_tmpl = lambda user_email, size: (

			




	
	
	
		
 
                template.get_def("user_gravatar")

			




	
	
	
		
 
                .render(user_email, size, _=_, h=h, c=c))

			




	
	
	
		
 

			




	
	
	
		
 
        username = lambda user_id, username: (

			




	
	
	
		
 
                template.get_def("user_name")

			




	
	
	
		
 
                .render(user_id, username, _=_, h=h, c=c))

			




	
	
	
		
 

			




	
	
	
		
 
        user_actions = lambda user_id, username: (

			




	
	
		
 
@@ -224,49 +225,48 @@ class UsersController(BaseController):

			




	
	
	
		
 
        except (UserOwnsReposException, DefaultUserException), e:

			




	
	
	
		
 
            h.flash(e, category='warning')

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            h.flash(_('An error occurred during deletion of user'),

			




	
	
	
		
 
                    category='error')

			




	
	
	
		
 
        return redirect(url('users'))

			




	
	
	
		
 

			




	
	
	
		
 
    def show(self, id, format='html'):

			




	
	
	
		
 
        """GET /users/id: Show a specific item"""

			




	
	
	
		
 
        # url('user', id=ID)

			




	
	
	
		
 
        User.get_or_404(-1)

			




	
	
	
		
 

			




	
	
	
		
 
    def edit(self, id, format='html'):

			




	
	
	
		
 
        """GET /users/id/edit: Form to edit an existing item"""

			




	
	
	
		
 
        # url('edit_user', id=ID)

			




	
	
	
		
 
        c.user = User.get_or_404(id)

			




	
	
	
		
 
        if c.user.username == User.DEFAULT_USER:

			




	
	
	
		
 
            h.flash(_("You can't edit this user"), category='warning')

			




	
	
	
		
 
            return redirect(url('users'))

			




	
	
	
		
 

			




	
	
	
		
 
        c.active = 'profile'

			




	
	
	
		
 
        c.extern_type = c.user.extern_type

			




	
	
	
		
 
        c.extern_name = c.user.extern_name

			




	
	
	
		
 
        c.EXTERN_TYPE_INTERNAL = kallithea.EXTERN_TYPE_INTERNAL

			




	
	
	
		
 
        c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)

			




	
	
	
		
 

			




	
	
	
		
 
        defaults = c.user.get_dict()

			




	
	
	
		
 
        return htmlfill.render(

			




	
	
	
		
 
            render('admin/users/user_edit.html'),

			




	
	
	
		
 
            defaults=defaults,

			




	
	
	
		
 
            encoding="UTF-8",

			




	
	
	
		
 
            force_defaults=False)

			




	
	
	
		
 

			




	
	
	
		
 
    def edit_advanced(self, id):

			




	
	
	
		
 
        c.user = User.get_or_404(id)

			




	
	
	
		
 
        if c.user.username == User.DEFAULT_USER:

			




	
	
	
		
 
            h.flash(_("You can't edit this user"), category='warning')

			




	
	
	
		
 
            return redirect(url('users'))

			




	
	
	
		
 

			




	
	
	
		
 
        c.active = 'advanced'

			




	
	
	
		
 
        c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)

			




	
	
	
		
 

			




	
	
	
		
 
        umodel = UserModel()

			




	
	
	
		
 
        defaults = c.user.get_dict()

			




	
	
	
		
 
        defaults.update({

			




	
	
	
		
 
            'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),

			




	
	
	
		
 
            'create_user_group_perm': umodel.has_perm(c.user,

			




	
	
	
		
 
                                                      'hg.usergroup.create.true'),

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.