kallithea Changeset - 520d27f40b51

Changeset - 520d27f40b51

Parent rev.

Child rev.

[Not reviewed]

beta

0 3 0

Marcin Kuzminski - 15 years ago 2011-02-15 23:19:01
marcin@python-works.com

#113 removed anonymous access from forking, added system messages in login box.

3 files changed with 22 insertions and 3 deletions:

rhodecode/controllers/settings.py

rhodecode/lib/auth.py

rhodecode/templates/login.html

0 comments (0 inline, 0 general)

rhodecode/controllers/settings.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.settings
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Settings controller for rhodecode
     :created_on: Jun 30, 2010
     :author: marcink
     :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 import logging
 import traceback
 import formencode
 from pylons import tmpl_context as c, request, url
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 import rhodecode.lib.helpers as h
 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAllDecorator
 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAllDecorator, \
     NotAnonymous
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.lib.utils import invalidate_cache, action_logger
 from rhodecode.model.forms import RepoSettingsForm, RepoForkForm
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.db import User
 log = logging.getLogger(__name__)
 class SettingsController(BaseRepoController):
     @LoginRequired()
     def __before__(self):
         super(SettingsController, self).__before__()
     @HasRepoPermissionAllDecorator('repository.admin')
     def index(self, repo_name):
         repo_model = RepoModel()
         c.repo_info = repo = repo_model.get_by_repo_name(repo_name)
         if not repo:
             h.flash(_('%s repository is not mapped to db perhaps'
                       ' it was created or renamed from the file system'
                       ' please run the application again'
                       ' in order to rescan repositories') % repo_name,
                       category='error')
             return redirect(url('home'))
         c.users_array = repo_model.get_users_js()
         c.users_groups_array = repo_model.get_users_groups_js()
         defaults = c.repo_info.get_dict()
         #fill owner
         if c.repo_info.user:
             defaults.update({'user':c.repo_info.user.username})
         else:
             replacement_user = self.sa.query(User)\
             .filter(User.admin == True).first().username
             defaults.update({'user':replacement_user})
         #fill repository users
         for p in c.repo_info.repo_to_perm:
             defaults.update({'u_perm_%s' % p.user.username:
                              p.permission.permission_name})
         #fill repository groups
         for p in c.repo_info.users_group_to_perm:
             defaults.update({'g_perm_%s' % p.users_group.users_group_name:
                              p.permission.permission_name})
@@ @@ -112,91 +115,92 @@ class SettingsController(BaseRepoControl @@
             c.users_array = repo_model.get_users_js()
             errors.value.update({'user':c.repo_info.user.username})
             return formencode.htmlfill.render(
                 render('settings/repo_settings.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occurred during update of repository %s') \
                     % repo_name, category='error')
         return redirect(url('repo_settings_home', repo_name=changed_name))
     @HasRepoPermissionAllDecorator('repository.admin')
     def delete(self, repo_name):
         """DELETE /repos/repo_name: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('repo_settings_delete', repo_name=ID),
         #           method='delete')
         # url('repo_settings_delete', repo_name=ID)
         repo_model = RepoModel()
         repo = repo_model.get_by_repo_name(repo_name)
         if not repo:
             h.flash(_('%s repository is not mapped to db perhaps'
                       ' it was moved or renamed  from the filesystem'
                       ' please run the application again'
                       ' in order to rescan repositories') % repo_name,
                       category='error')
             return redirect(url('home'))
         try:
             action_logger(self.rhodecode_user, 'user_deleted_repo',
                               repo_name, '', self.sa)
             repo_model.delete(repo)
             invalidate_cache('get_repo_cached_%s' % repo_name)
             h.flash(_('deleted repository %s') % repo_name, category='success')
         except Exception:
             h.flash(_('An error occurred during deletion of %s') % repo_name,
                     category='error')
         return redirect(url('home'))
     @NotAnonymous()
     @HasRepoPermissionAllDecorator('repository.read')
     def fork(self, repo_name):
         repo_model = RepoModel()
         c.repo_info = repo = repo_model.get_by_repo_name(repo_name)
         if not repo:
             h.flash(_('%s repository is not mapped to db perhaps'
                       ' it was created or renamed from the file system'
                       ' please run the application again'
                       ' in order to rescan repositories') % repo_name,
                       category='error')
             return redirect(url('home'))
         return render('settings/repo_fork.html')
+    @NotAnonymous()
     @HasRepoPermissionAllDecorator('repository.read')
     def fork_create(self, repo_name):
         repo_model = RepoModel()
         c.repo_info = repo_model.get_by_repo_name(repo_name)
         _form = RepoForkForm(old_data={'repo_type':c.repo_info.repo_type})()
         form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
             form_result.update({'repo_name':repo_name})
             repo_model.create_fork(form_result, c.rhodecode_user)
             h.flash(_('forked %s repository as %s') \
                       % (repo_name, form_result['fork_name']),
                     category='success')
             action_logger(self.rhodecode_user,
                           'user_forked_repo:%s' % form_result['fork_name'],
                            repo_name, '', self.sa)
         except formencode.Invalid, errors:
             c.new_repo = errors.value['fork_name']
             r = render('settings/repo_fork.html')
             return formencode.htmlfill.render(
                 r,
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         return redirect(url('home'))

rhodecode/lib/auth.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.lib.auth
     ~~~~~~~~~~~~~~~~~~
     authentication and permission libraries
     :created_on: Apr 4, 2010
     :copyright: (c) 2010 by marcink.
     :license: LICENSE_NAME, see LICENSE_FILE for more details.
 """
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 import bcrypt
 import random
 import logging
 import traceback
 from decorator import decorator
 from pylons import config, session, url, request
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.lib.auth_ldap import AuthLdap
 from rhodecode.model import meta
 from rhodecode.model.user import UserModel
 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
     UserToPerm, UsersGroupToPerm, UsersGroupMember
 log = logging.getLogger(__name__)
 PERM_WEIGHTS = {'repository.none':0,
                 'repository.read':1,
                 'repository.write':3,
                 'repository.admin':3}
 class PasswordGenerator(object):
     """This is a simple class for generating password from
         different sets of characters
         usage:
         passwd_gen = PasswordGenerator()
         #print 8-letter password containing only big and small letters of alphabet
         print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
     """
     ALPHABETS_NUM = r'''1234567890'''#[0]
     ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1]
     ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2]
     ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''    #[3]
     ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4]
     ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5]
     ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
     ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]
     ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]
     def __init__(self, passwd=''):
         self.passwd = passwd
     def gen_password(self, len, type):
         self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
         return self.passwd
 def get_crypt_password(password):
     """Cryptographic function used for password hashing based on pybcrypt
@@ @@ -339,96 +340,100 @@ def get_user(session): @@
 class LoginRequired(object):
     """Must be logged in to execute this function else
     redirect to login page"""
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         user = session.get('rhodecode_user', AuthUser())
         log.debug('Checking login required for user:%s', user.username)
         if user.is_authenticated:
             log.debug('user %s is authenticated', user.username)
             return func(*fargs, **fkwargs)
         else:
             log.warn('user %s not authenticated', user.username)
             p = ''
             if request.environ.get('SCRIPT_NAME') != '/':
                 p += request.environ.get('SCRIPT_NAME')
             p += request.environ.get('PATH_INFO')
             if request.environ.get('QUERY_STRING'):
                 p += '?' + request.environ.get('QUERY_STRING')
             log.debug('redirecting to login page with %s', p)
             return redirect(url('login_home', came_from=p))
 class NotAnonymous(object):
     """Must be logged in to execute this function else
     redirect to login page"""
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         user = session.get('rhodecode_user', AuthUser())
         log.debug('Checking if user is not anonymous')
         anonymous = user.username == 'default'
         if anonymous:
             p = ''
             if request.environ.get('SCRIPT_NAME') != '/':
                 p += request.environ.get('SCRIPT_NAME')
             p += request.environ.get('PATH_INFO')
             if request.environ.get('QUERY_STRING'):
                 p += '?' + request.environ.get('QUERY_STRING')
             import rhodecode.lib.helpers as h
             h.flash(_('You need to be a registered user to perform this action'),
                     category='warning')
             return redirect(url('login_home', came_from=p))
         else:
             return func(*fargs, **fkwargs)
 class PermsDecorator(object):
     """Base class for decorators"""
     def __init__(self, *required_perms):
         available_perms = config['available_permissions']
         for perm in required_perms:
             if perm not in available_perms:
                 raise Exception("'%s' permission is not defined" % perm)
         self.required_perms = set(required_perms)
         self.user_perms = None
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
 #        _wrapper.__name__ = func.__name__
 #        _wrapper.__dict__.update(func.__dict__)
 #        _wrapper.__doc__ = func.__doc__
         self.user = session.get('rhodecode_user', AuthUser())
         self.user_perms = self.user.permissions
         log.debug('checking %s permissions %s for %s %s',
            self.__class__.__name__, self.required_perms, func.__name__,
                self.user)
         if self.check_permissions():
             log.debug('Permission granted for %s %s', func.__name__, self.user)
             return func(*fargs, **fkwargs)
         else:
             log.warning('Permission denied for %s %s', func.__name__, self.user)
             #redirect with forbidden ret code
             return abort(403)
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')
 class HasPermissionAllDecorator(PermsDecorator):
     """Checks for access permission for all given predicates. All of them
     have to be meet in order to fulfill the request

rhodecode/templates/login.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" id="mainhtml">
     <head>
         <title>${_('Sign In')} - ${c.rhodecode_name}</title>
         <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
         <link rel="icon" href="${h.url("/images/icons/database_gear.png")}" type="image/png" />
         <meta name="robots" content="index, nofollow"/>
         <!-- stylesheets -->
         <link rel="stylesheet" type="text/css" href="${h.url('/css/style.css')}" media="screen" />
     </head>
     <body>
 <div id="login">
         <div id="login">
         <div class="flash_msg">
             <% messages = h.flash.pop_messages() %>
             % if messages:
             <ul id="flash-messages">
                 % for message in messages:
                 <li class="${message.category}_msg">${message}</li>
                 % endfor
             </ul>
             % endif
         </div>
             <!-- login -->
             <div class="title top-left-rounded-corner top-right-rounded-corner">
                 <h5>${_('Sign In to')} ${c.rhodecode_name}</h5>
             </div>
             <div class="inner">
                 ${h.form(h.url.current(came_from=c.came_from))}
                 <div class="form">
                     <!-- fields -->
                     <div class="fields">
                         <div class="field">
                             <div class="label">
                                 <label for="username">${_('Username')}:</label>
                             </div>
                             <div class="input">
                                 ${h.text('username',class_='focus',size=40)}
                             </div>
                         </div>
                         <div class="field">
                             <div class="label">
                                 <label for="password">${_('Password')}:</label>
                             </div>
                             <div class="input">
                                 ${h.password('password',class_='focus',size=40)}
                             </div>
                         </div>
                         ##<div class="field">
                         ##    <div class="checkbox">
                         ##        <input type="checkbox" id="remember" name="remember" />
                         ##        <label for="remember">Remember me</label>
                         ##    </div>
                         ##</div>
                         <div class="buttons">
                             ${h.submit('sign_in','Sign In',class_="ui-button")}
                         </div>
                     </div>
                     <!-- end fields -->
                     <!-- links -->
                     <div class="links">
                         ${h.link_to(_('Forgot your password ?'),h.url('reset_password'))}
                         %if h.HasPermissionAny('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')():
+	                         /
 	                        ${h.link_to(_("Don't have an account ?"),h.url('register'))}
                         %endif
                     </div>

0 comments (0 inline, 0 general)