kallithea Changeset - a17c8e5f6712

Changeset - a17c8e5f6712

Parent rev.

Child rev.

[Not reviewed]

default

0 26 0

Søren Løvborg - 9 years ago 2017-02-20 17:23:25
sorenl@unity3d.com

auth: simplify repository permission checks

In practice, Kallithea has the 'repository.admin' permission imply the
'repository.write' permission, which again implies 'repository.read'.

This codifies/enforces this practice by replacing HasRepoPermissionAny
"perm function" with the new HasRepositoryLevel function, reducing the
risk of errors and saving quite a lot of typing.

26 files changed with 129 insertions and 192 deletions:

kallithea/controllers/admin/repos.py

kallithea/controllers/api/api.py

kallithea/controllers/changelog.py

kallithea/controllers/changeset.py

kallithea/controllers/compare.py

kallithea/controllers/feed.py

kallithea/controllers/files.py

kallithea/controllers/followers.py

kallithea/controllers/forks.py

kallithea/controllers/home.py

kallithea/controllers/pullrequests.py

kallithea/controllers/summary.py

kallithea/lib/auth.py

kallithea/lib/helpers.py

kallithea/model/repo.py

kallithea/model/scm.py

kallithea/templates/base/base.html

kallithea/templates/changelog/changelog_summary_data.html

kallithea/templates/changeset/changeset_file_comment.html

kallithea/templates/files/files_edit.html

kallithea/templates/files/files_source.html

kallithea/templates/files/files_ypjax.html

kallithea/templates/pullrequests/pullrequest_show.html

kallithea/templates/search/search_commit.html

kallithea/templates/search/search_content.html

kallithea/templates/search/search_path.html

0 comments (0 inline, 0 general)

kallithea/controllers/admin/repos.py

➞

Show inline comments

@@ @@ -34,13 +34,13 @@ from pylons.i18n.translation import _ @@
 from sqlalchemy.sql.expression import func
 from webob.exc import HTTPFound, HTTPInternalServerError, HTTPForbidden, HTTPNotFound
 from kallithea.config.routing import url
 from kallithea.lib import helpers as h
 from kallithea.lib.auth import LoginRequired, \
-    HasRepoPermissionAnyDecorator, NotAnonymous, HasPermissionAny
+    HasRepoPermissionLevelDecorator, NotAnonymous, HasPermissionAny
 from kallithea.lib.base import BaseRepoController, render, jsonify
 from kallithea.lib.utils import action_logger
 from kallithea.lib.vcs import RepositoryError
 from kallithea.model.meta import Session
 from kallithea.model.db import User, Repository, UserFollowing, RepoGroup, \
     Setting, RepositoryField
@@ @@ -97,13 +97,13 @@ class ReposController(BaseRepoController @@
         return defaults
     def index(self, format='html'):
         _list = Repository.query(sorted=True).all()
-        c.repos_list = RepoList(_list, perm_set=['repository.admin'])
+        c.repos_list = RepoList(_list, perm_level='admin')
         repos_data = RepoModel().get_repos_as_dict(repos_list=c.repos_list,
                                                    admin=True,
                                                    super_user_actions=True)
         #json used to render the grid
         c.data = json.dumps(repos_data)
@@ @@ -209,13 +209,13 @@ class ReposController(BaseRepoController @@
                 else:
                     h.flash(h.literal(_('Created repository %s') % repo_url),
                             category='success')
             return {'result': True}
         return {'result': False}
-    @HasRepoPermissionAnyDecorator('repository.admin')
+    @HasRepoPermissionLevelDecorator('admin')
     def update(self, repo_name):
         c.repo_info = self._load_repo()
         self.__load_defaults(c.repo_info)
         c.active = 'settings'
         c.repo_fields = RepositoryField.query() \
             .filter(RepositoryField.repository == c.repo_info).all()
@@ @@ -258,13 +258,13 @@ class ReposController(BaseRepoController @@
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('Error occurred during update of repository %s') \
                     % repo_name, category='error')
         raise HTTPFound(location=url('edit_repo', repo_name=changed_name))
-    @HasRepoPermissionAnyDecorator('repository.admin')
+    @HasRepoPermissionLevelDecorator('admin')
     def delete(self, repo_name):
         repo_model = RepoModel()
         repo = repo_model.get_by_repo_name(repo_name)
         if not repo:
             h.not_mapped_error(repo_name)
             raise HTTPFound(location=url('repos'))
@@ @@ -295,13 +295,13 @@ class ReposController(BaseRepoController @@
                     category='error')
         if repo.group:
             raise HTTPFound(location=url('repos_group_home', group_name=repo.group.group_name))
         raise HTTPFound(location=url('repos'))
-    @HasRepoPermissionAnyDecorator('repository.admin')
+    @HasRepoPermissionLevelDecorator('admin')
     def edit(self, repo_name):
         defaults = self.__load_data()
         c.repo_fields = RepositoryField.query() \
             .filter(RepositoryField.repository == c.repo_info).all()
         repo_model = RepoModel()
         c.users_array = repo_model.get_users_js()
@@ @@ -309,13 +309,13 @@ class ReposController(BaseRepoController @@
         return htmlfill.render(
             render('admin/repos/repo_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False)
-    @HasRepoPermissionAnyDecorator('repository.admin')
+    @HasRepoPermissionLevelDecorator('admin')
     def edit_permissions(self, repo_name):
         c.repo_info = self._load_repo()
         repo_model = RepoModel()
         c.users_array = repo_model.get_users_js()
         c.user_groups_array = repo_model.get_user_groups_js()
         c.active = 'permissions'
@@ @@ -360,24 +360,24 @@ class ReposController(BaseRepoController @@
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during revoking of permission'),
                     category='error')
             raise HTTPInternalServerError()
-    @HasRepoPermissionAnyDecorator('repository.admin')
+    @HasRepoPermissionLevelDecorator('admin')
     def edit_fields(self, repo_name):
         c.repo_info = self._load_repo()
         c.repo_fields = RepositoryField.query() \
             .filter(RepositoryField.repository == c.repo_info).all()
         c.active = 'fields'
         if request.POST:
             raise HTTPFound(location=url('repo_edit_fields'))
         return render('admin/repos/repo_edit.html')
-    @HasRepoPermissionAnyDecorator('repository.admin')
+    @HasRepoPermissionLevelDecorator('admin')
     def create_repo_field(self, repo_name):
         try:
             form_result = RepoFieldForm()().to_python(dict(request.POST))
             new_field = RepositoryField()
             new_field.repository = Repository.get_by_repo_name(repo_name)
             new_field.field_key = form_result['new_field_key']
@@ @@ -392,34 +392,34 @@ class ReposController(BaseRepoController @@
             msg = _('An error occurred during creation of field')
             if isinstance(e, formencode.Invalid):
                 msg += ". " + e.msg
             h.flash(msg, category='error')
         raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name))
-    @HasRepoPermissionAnyDecorator('repository.admin')
+    @HasRepoPermissionLevelDecorator('admin')
     def delete_repo_field(self, repo_name, field_id):
         field = RepositoryField.get_or_404(field_id)
         try:
             Session().delete(field)
             Session().commit()
         except Exception as e:
             log.error(traceback.format_exc())
             msg = _('An error occurred during removal of field')
             h.flash(msg, category='error')
         raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name))
-    @HasRepoPermissionAnyDecorator('repository.admin')
+    @HasRepoPermissionLevelDecorator('admin')
     def edit_advanced(self, repo_name):
         c.repo_info = self._load_repo()
         c.default_user_id = User.get_default_user().user_id
         c.in_public_journal = UserFollowing.query() \
             .filter(UserFollowing.user_id == c.default_user_id) \
             .filter(UserFollowing.follows_repository == c.repo_info).scalar()
         _repos = Repository.query(sorted=True).all()
         read_access_repos = RepoList(_repos)
+        read_access_repos = RepoList(_repos, perm_level='read')
         c.repos_list = [(None, _('-- Not a fork --'))]
         c.repos_list += [(x.repo_id, x.repo_name)
                          for x in read_access_repos
                          if x.repo_id != c.repo_info.repo_id]
         defaults = {
@@ @@ -432,13 +432,13 @@ class ReposController(BaseRepoController @@
         return htmlfill.render(
             render('admin/repos/repo_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False)
-    @HasRepoPermissionAnyDecorator('repository.admin')
+    @HasRepoPermissionLevelDecorator('admin')
     def edit_advanced_journal(self, repo_name):
         """
         Sets this repository to be visible in public journal,
         in other words asking default user to follow this repo
         :param repo_name:
@@ @@ -455,13 +455,13 @@ class ReposController(BaseRepoController @@
             h.flash(_('An error occurred during setting this'
                       ' repository in public journal'),
                     category='error')
         raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name))
-    @HasRepoPermissionAnyDecorator('repository.admin')
+    @HasRepoPermissionLevelDecorator('admin')
     def edit_advanced_fork(self, repo_name):
         """
         Mark given repository as a fork of another
         :param repo_name:
         """
@@ @@ -480,13 +480,13 @@ class ReposController(BaseRepoController @@
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during this operation'),
                     category='error')
         raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name))
-    @HasRepoPermissionAnyDecorator('repository.admin')
+    @HasRepoPermissionLevelDecorator('admin')
     def edit_advanced_locking(self, repo_name):
         """
         Unlock repository when it is locked !
         :param repo_name:
         """
@@ @@ -501,13 +501,13 @@ class ReposController(BaseRepoController @@
         except Exception as e:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during unlocking'),
                     category='error')
         raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name))
-    @HasRepoPermissionAnyDecorator('repository.write', 'repository.admin')
+    @HasRepoPermissionLevelDecorator('write')
     def toggle_locking(self, repo_name):
         try:
             repo = Repository.get_by_repo_name(repo_name)
             if repo.enable_locking:
                 if repo.locked[0]:
@@ @@ -520,13 +520,13 @@ class ReposController(BaseRepoController @@
         except Exception as e:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during unlocking'),
                     category='error')
         raise HTTPFound(location=url('summary_home', repo_name=repo_name))
-    @HasRepoPermissionAnyDecorator('repository.admin')
+    @HasRepoPermissionLevelDecorator('admin')
     def edit_caches(self, repo_name):
         c.repo_info = self._load_repo()
         c.active = 'caches'
         if request.POST:
             try:
                 ScmModel().mark_for_invalidation(repo_name)
@@ @@ -538,13 +538,13 @@ class ReposController(BaseRepoController @@
                 h.flash(_('An error occurred during cache invalidation'),
                         category='error')
             raise HTTPFound(location=url('edit_repo_caches', repo_name=c.repo_name))
         return render('admin/repos/repo_edit.html')
-    @HasRepoPermissionAnyDecorator('repository.admin')
+    @HasRepoPermissionLevelDecorator('admin')
     def edit_remote(self, repo_name):
         c.repo_info = self._load_repo()
         c.active = 'remote'
         if request.POST:
             try:
                 ScmModel().pull_changes(repo_name, request.authuser.username)
@@ @@ -553,13 +553,13 @@ class ReposController(BaseRepoController @@
                 log.error(traceback.format_exc())
                 h.flash(_('An error occurred during pull from remote location'),
                         category='error')
             raise HTTPFound(location=url('edit_repo_remote', repo_name=c.repo_name))
         return render('admin/repos/repo_edit.html')
-    @HasRepoPermissionAnyDecorator('repository.admin')
+    @HasRepoPermissionLevelDecorator('admin')
     def edit_statistics(self, repo_name):
         c.repo_info = self._load_repo()
         repo = c.repo_info.scm_instance
         if c.repo_info.stats:
             # this is on what revision we ended up so we add +1 for count

kallithea/controllers/api/api.py

➞

Show inline comments

@@ @@ -32,13 +32,13 @@ from sqlalchemy import or_ @@
 from pylons import request
 from kallithea.controllers.api import JSONRPCController, JSONRPCError
 from kallithea.lib.auth import (
     PasswordGenerator, AuthUser, HasPermissionAnyDecorator,
-    HasPermissionAnyDecorator, HasPermissionAny, HasRepoPermissionAny,
+    HasPermissionAnyDecorator, HasPermissionAny, HasRepoPermissionLevel,
     HasRepoGroupPermissionAny, HasUserGroupPermissionAny)
 from kallithea.lib.utils import map_groups, repo2db_mapper
 from kallithea.lib.utils2 import (
     str2bool, time_to_datetime, safe_int, Optional, OAttr)
 from kallithea.model.meta import Session
 from kallithea.model.repo_group import RepoGroupModel
@@ @@ -274,16 +274,13 @@ class ApiController(JSONRPCController): @@
             'Error occurred during cache invalidation action'
+          }
         """
         repo = get_repo_or_error(repoid)
         if not HasPermissionAny('hg.admin')():
             # check if we have admin permission for this repo !
             if not HasRepoPermissionAny('repository.admin',
                                         'repository.write')(
                     repo_name=repo.repo_name):
             if not HasRepoPermissionLevel('write')(repo.repo_name):
                 raise JSONRPCError('repository `%s` does not exist' % (repoid,))
         try:
             ScmModel().mark_for_invalidation(repo.repo_name)
             return dict(
                 msg='Cache for repository `%s` was invalidated' % (repoid,),
@@ @@ -339,14 +336,13 @@ class ApiController(JSONRPCController): @@
+          }
         """
         repo = get_repo_or_error(repoid)
         if HasPermissionAny('hg.admin')():
             pass
         elif HasRepoPermissionAny('repository.admin',
                                   'repository.write')(repo_name=repo.repo_name):
         elif HasRepoPermissionLevel('write')(repo.repo_name):
             # make sure normal user does not pass someone else userid,
             # he is not allowed to do that
             if not isinstance(userid, Optional) and userid != request.authuser.user_id:
                 raise JSONRPCError(
                     'userid is not the same as your user'
+                )
@@ @@ -1201,15 +1197,13 @@ class ApiController(JSONRPCController): @@
           error :  null
         """
         repo = get_repo_or_error(repoid)
         if not HasPermissionAny('hg.admin')():
             # check if we have admin permission for this repo !
             perms = ('repository.admin', 'repository.write', 'repository.read')
             if not HasRepoPermissionAny(*perms)(repo_name=repo.repo_name):
             if not HasRepoPermissionLevel('read')(repo.repo_name):
                 raise JSONRPCError('repository `%s` does not exist' % (repoid,))
         members = []
         followers = []
         for user in repo.repo_to_perm:
             perm = user.permission.permission_name
@@ @@ -1311,15 +1305,13 @@ class ApiController(JSONRPCController): @@
+                    ]
             error:  null
         """
         repo = get_repo_or_error(repoid)
         if not HasPermissionAny('hg.admin')():
             # check if we have admin permission for this repo !
             perms = ('repository.admin', 'repository.write', 'repository.read')
             if not HasRepoPermissionAny(*perms)(repo_name=repo.repo_name):
             if not HasRepoPermissionLevel('read')(repo.repo_name):
                 raise JSONRPCError('repository `%s` does not exist' % (repoid,))
         ret_type = Optional.extract(ret_type)
         _map = {}
         try:
             _d, _f = ScmModel().get_nodes(repo, revision, root_path,
@@ @@ -1489,14 +1481,13 @@ class ApiController(JSONRPCController): @@
         :param enable_statistics:
         :param enable_locking:
         :param enable_downloads:
         """
         repo = get_repo_or_error(repoid)
         if not HasPermissionAny('hg.admin')():
             # check if we have admin permission for this repo !
             if not HasRepoPermissionAny('repository.admin')(repo_name=repo.repo_name):
             if not HasRepoPermissionLevel('admin')(repo.repo_name):
                 raise JSONRPCError('repository `%s` does not exist' % (repoid,))
             if (name != repo.repo_name and
                 not HasPermissionAny('hg.create.repository')()
                 ):
                 raise JSONRPCError('no permission to create (or move) repositories')
@@ @@ -1587,15 +1578,13 @@ class ApiController(JSONRPCController): @@
         if _repo:
             type_ = 'fork' if _repo.fork else 'repo'
             raise JSONRPCError("%s `%s` already exist" % (type_, fork_name))
         if HasPermissionAny('hg.admin')():
             pass
         elif HasRepoPermissionAny('repository.admin',
                                   'repository.write',
                                   'repository.read')(repo_name=repo.repo_name):
         elif HasRepoPermissionLevel('read')(repo.repo_name):
             if not isinstance(owner, Optional):
                 # forbid setting owner for non-admins
                 raise JSONRPCError(
                     'Only Kallithea admin can specify `owner` param'
+                )
@@ @@ -1666,14 +1655,13 @@ class ApiController(JSONRPCController): @@
             error:  null
         """
         repo = get_repo_or_error(repoid)
         if not HasPermissionAny('hg.admin')():
             # check if we have admin permission for this repo !
             if not HasRepoPermissionAny('repository.admin')(repo_name=repo.repo_name):
             if not HasRepoPermissionLevel('admin')(repo.repo_name):
                 raise JSONRPCError('repository `%s` does not exist' % (repoid,))
         try:
             handle_forks = Optional.extract(forks)
             _forks_msg = ''
             _forks = [f for f in repo.forks]
@@ @@ -1818,16 +1806,13 @@ class ApiController(JSONRPCController): @@
         """
         repo = get_repo_or_error(repoid)
         perm = get_perm_or_error(perm)
         user_group = get_user_group_or_error(usergroupid)
         if not HasPermissionAny('hg.admin')():
             # check if we have admin permission for this repo !
             _perms = ('repository.admin',)
             if not HasRepoPermissionAny(*_perms)(
                     repo_name=repo.repo_name):
             if not HasRepoPermissionLevel('admin')(repo.repo_name):
                 raise JSONRPCError('repository `%s` does not exist' % (repoid,))
             # check if we have at least read permission for this user group !
             _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
             if not HasUserGroupPermissionAny(*_perms)(
                     user_group_name=user_group.users_group_name):
@@ @@ -1874,16 +1859,13 @@ class ApiController(JSONRPCController): @@
+                    }
             error:  null
         """
         repo = get_repo_or_error(repoid)
         user_group = get_user_group_or_error(usergroupid)
         if not HasPermissionAny('hg.admin')():
             # check if we have admin permission for this repo !
             _perms = ('repository.admin',)
             if not HasRepoPermissionAny(*_perms)(
                     repo_name=repo.repo_name):
             if not HasRepoPermissionLevel('admin')(repo.repo_name):
                 raise JSONRPCError('repository `%s` does not exist' % (repoid,))
             # check if we have at least read permission for this user group !
             _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
             if not HasUserGroupPermissionAny(*_perms)(
                     user_group_name=user_group.users_group_name):

kallithea/controllers/changelog.py

➞

Show inline comments

@@ @@ -31,13 +31,13 @@ import traceback @@
 from pylons import request, session, tmpl_context as c
 from pylons.i18n.translation import _
 from webob.exc import HTTPFound, HTTPNotFound, HTTPBadRequest
 import kallithea.lib.helpers as h
 from kallithea.config.routing import url
-from kallithea.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
+from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator
 from kallithea.lib.base import BaseRepoController, render
 from kallithea.lib.compat import json
 from kallithea.lib.graphmod import graph_data
 from kallithea.lib.page import RepoPage
 from kallithea.lib.vcs.exceptions import RepositoryError, ChangesetDoesNotExistError, \
     ChangesetError, NodeDoesNotExistError, EmptyRepositoryError
@@ @@ -89,14 +89,13 @@ class ChangelogController(BaseRepoContro @@
         except RepositoryError as e:
             log.error(traceback.format_exc())
             h.flash(safe_str(e), category='error')
         raise HTTPBadRequest()
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def index(self, repo_name, revision=None, f_path=None):
         # Fix URL after page size form submission via GET
         # TODO: Somehow just don't send this extra junk in the GET URL
         if request.GET.get('set'):
             request.GET.pop('set', None)
             if revision is None:
@@ @@ -176,23 +175,21 @@ class ChangelogController(BaseRepoContro @@
         c.revision = revision # requested revision ref
         c.first_revision = c.pagination[0] # pagination is never empty here!
         return render('changelog/changelog.html')
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def changelog_details(self, cs):
         if request.environ.get('HTTP_X_PARTIAL_XHR'):
             c.cs = c.db_repo_scm_instance.get_changeset(cs)
             return render('changelog/changelog_details.html')
         raise HTTPNotFound()
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def changelog_summary(self, repo_name):
         if request.environ.get('HTTP_X_PARTIAL_XHR'):
             _load_changelog_summary()
             return render('changelog/changelog_summary_data.html')
         raise HTTPNotFound()

kallithea/controllers/changeset.py

➞

Show inline comments

@@ @@ -35,13 +35,13 @@ from webob.exc import HTTPFound, HTTPFor @@
 from kallithea.lib.vcs.exceptions import RepositoryError, \
     ChangesetDoesNotExistError, EmptyRepositoryError
 from kallithea.lib.compat import json
 import kallithea.lib.helpers as h
-from kallithea.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator, \
+from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator, \
     NotAnonymous
 from kallithea.lib.base import BaseRepoController, render, jsonify
 from kallithea.lib.utils import action_logger
 from kallithea.lib.compat import OrderedDict
 from kallithea.lib import diffs
 from kallithea.model.db import ChangesetComment, ChangesetStatus
@@ @@ -334,39 +334,34 @@ class ChangesetController(BaseRepoContro @@
                 c.cs_comments = {}
                 revs = [ctx.revision for ctx in reversed(c.cs_ranges)]
                 c.jsdata = json.dumps(graph_data(c.db_repo_scm_instance, revs))
                 return render('changeset/changeset_range.html')
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def index(self, revision, method='show'):
         return self._index(revision, method=method)
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def changeset_raw(self, revision):
         return self._index(revision, method='raw')
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def changeset_patch(self, revision):
         return self._index(revision, method='patch')
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def changeset_download(self, revision):
         return self._index(revision, method='download')
     @LoginRequired()
     @NotAnonymous()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     @jsonify
     def comment(self, repo_name, revision):
         assert request.environ.get('HTTP_X_PARTIAL_XHR')
         status = request.POST.get('changeset_status')
         text = request.POST.get('text', '').strip()
@@ @@ -411,58 +406,54 @@ class ChangesetController(BaseRepoContro @@
                          render('changeset/changeset_comment_block.html')})
         return data
     @LoginRequired()
     @NotAnonymous()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     @jsonify
     def delete_comment(self, repo_name, comment_id):
         co = ChangesetComment.get_or_404(comment_id)
         if co.repo.repo_name != repo_name:
             raise HTTPNotFound()
         owner = co.author_id == request.authuser.user_id
-        repo_admin = h.HasRepoPermissionAny('repository.admin')(repo_name)
+        repo_admin = h.HasRepoPermissionLevel('admin')(repo_name)
         if h.HasPermissionAny('hg.admin')() or repo_admin or owner:
             ChangesetCommentsModel().delete(comment=co)
             Session().commit()
             return True
         else:
             raise HTTPForbidden()
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     @jsonify
     def changeset_info(self, repo_name, revision):
         if request.is_xhr:
             try:
                 return c.db_repo_scm_instance.get_changeset(revision)
             except ChangesetDoesNotExistError as e:
                 return EmptyChangeset(message=str(e))
         else:
             raise HTTPBadRequest()
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     @jsonify
     def changeset_children(self, repo_name, revision):
         if request.is_xhr:
             changeset = c.db_repo_scm_instance.get_changeset(revision)
             result = {"results": []}
             if changeset.children:
                 result = {"results": changeset.children}
             return result
         else:
             raise HTTPBadRequest()
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     @jsonify
     def changeset_parents(self, repo_name, revision):
         if request.is_xhr:
             changeset = c.db_repo_scm_instance.get_changeset(revision)
             result = {"results": []}
             if changeset.parents:

kallithea/controllers/compare.py

➞

Show inline comments

@@ @@ -36,13 +36,13 @@ from webob.exc import HTTPFound, HTTPBad @@
 from kallithea.config.routing import url
 from kallithea.lib.utils2 import safe_str, safe_int
 from kallithea.lib.vcs.utils.hgcompat import unionrepo
 from kallithea.lib import helpers as h
 from kallithea.lib.base import BaseRepoController, render
-from kallithea.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
+from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator
 from kallithea.lib import diffs
 from kallithea.model.db import Repository
 from kallithea.lib.diffs import LimitedDiffContainer
 from kallithea.controllers.changeset import _ignorews_url, _context_url
 from kallithea.lib.graphmod import graph_data
 from kallithea.lib.compat import json, OrderedDict
@@ @@ -165,22 +165,20 @@ class CompareController(BaseRepoControll @@
         else:
             raise Exception('Bad alias only git and hg is allowed')
         return other_changesets, org_changesets, ancestors
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def index(self, repo_name):
         c.compare_home = True
         c.a_ref_name = c.cs_ref_name = _('Select changeset')
         return render('compare/compare_diff.html')
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def compare(self, repo_name, org_ref_type, org_ref_name, other_ref_type, other_ref_name):
         org_ref_name = org_ref_name.strip()
         other_ref_name = other_ref_name.strip()
         # If merge is True:
         #   Show what org would get if merged with other:

kallithea/controllers/feed.py

➞

Show inline comments

@@ @@ -33,13 +33,13 @@ from pylons.i18n.translation import _ @@
 from beaker.cache import cache_region, region_invalidate
 from webhelpers.feedgenerator import Atom1Feed, Rss201rev2Feed
 from kallithea import CONFIG
 from kallithea.lib import helpers as h
-from kallithea.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
+from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator
 from kallithea.lib.base import BaseRepoController
 from kallithea.lib.diffs import DiffProcessor, LimitedDiffContainer
 from kallithea.model.db import CacheInvalidation
 from kallithea.lib.utils2 import safe_int, str2bool, safe_unicode
 log = logging.getLogger(__name__)
@@ @@ -49,14 +49,13 @@ language = 'en-us' @@
 ttl = "5"
 class FeedController(BaseRepoController):
     @LoginRequired(api_access=True)
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def __before__(self):
         super(FeedController, self).__before__()
     def _get_title(self, cs):
         return h.shorter(cs.message, 160)

kallithea/controllers/files.py

➞

Show inline comments

@@ @@ -41,13 +41,13 @@ from kallithea.lib.utils import action_l @@
 from kallithea.lib import diffs
 from kallithea.lib import helpers as h
 from kallithea.lib.compat import OrderedDict
 from kallithea.lib.utils2 import convert_line_endings, detect_mode, safe_str, \
     str2bool, safe_int
-from kallithea.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
+from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator
 from kallithea.lib.base import BaseRepoController, render, jsonify
 from kallithea.lib.vcs.backends.base import EmptyChangeset
 from kallithea.lib.vcs.conf import settings
 from kallithea.lib.vcs.exceptions import RepositoryError, \
     ChangesetDoesNotExistError, EmptyRepositoryError, \
     ImproperArchiveTypeError, VCSError, NodeAlreadyExistsError, \
@@ @@ -122,14 +122,13 @@ class FilesController(BaseRepoController @@
             h.flash(safe_str(e), category='error')
             raise HTTPNotFound()
         return file_node
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def index(self, repo_name, revision, f_path, annotate=False):
         # redirect to given revision from form if given
         post_revision = request.POST.get('at_rev', None)
         if post_revision:
             cs = self.__get_cs(post_revision) # FIXME - unused!
@@ @@ -196,14 +195,13 @@ class FilesController(BaseRepoController @@
             c.revision_options += [('-', '-')] + \
                 [(n, prefix + b) for b, n in c.db_repo_scm_instance.closed_branches.items()]
         return render('files/files.html')
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     @jsonify
     def history(self, repo_name, revision, f_path):
         changeset = self.__get_cs(revision)
         _file = changeset.get_node(f_path)
         if _file.is_file():
             file_history, _hist = self._get_node_history(changeset, f_path)
@@ @@ -219,40 +217,37 @@ class FilesController(BaseRepoController @@
                 'more': False,
                 'results': res
+            }
             return data
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def authors(self, repo_name, revision, f_path):
         changeset = self.__get_cs(revision)
         _file = changeset.get_node(f_path)
         if _file.is_file():
             file_history, _hist = self._get_node_history(changeset, f_path)
             c.authors = []
             for a in set([x.author for x in _hist]):
                 c.authors.append((h.email(a), h.person(a)))
             return render('files/files_history_box.html')
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def rawfile(self, repo_name, revision, f_path):
         cs = self.__get_cs(revision)
         file_node = self.__get_filenode(cs, f_path)
         response.content_disposition = 'attachment; filename=%s' % \
             safe_str(f_path.split(Repository.url_sep())[-1])
         response.content_type = file_node.mimetype
         return file_node.content
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def raw(self, repo_name, revision, f_path):
         cs = self.__get_cs(revision)
         file_node = self.__get_filenode(cs, f_path)
         raw_mimetype_mapping = {
             # map original mimetype to a mimetype used for "show as raw"
@@ @@ -292,13 +287,13 @@ class FilesController(BaseRepoController @@
         response.content_disposition = dispo
         response.content_type = mimetype
         return file_node.content
     @LoginRequired()
-    @HasRepoPermissionAnyDecorator('repository.write', 'repository.admin')
+    @HasRepoPermissionLevelDecorator('write')
     def delete(self, repo_name, revision, f_path):
         repo = c.db_repo
         if repo.enable_locking and repo.locked[0]:
             h.flash(_('This repository has been locked by %s on %s')
                 % (h.person_by_id(repo.locked[0]),
                    h.fmt_date(h.time_to_datetime(repo.locked[1]))),
@@ @@ -352,13 +347,13 @@ class FilesController(BaseRepoController @@
             raise HTTPFound(location=url('changeset_home',
                                 repo_name=c.repo_name, revision='tip'))
         return render('files/files_delete.html')
     @LoginRequired()
-    @HasRepoPermissionAnyDecorator('repository.write', 'repository.admin')
+    @HasRepoPermissionLevelDecorator('write')
     def edit(self, repo_name, revision, f_path):
         repo = c.db_repo
         if repo.enable_locking and repo.locked[0]:
             h.flash(_('This repository has been locked by %s on %s')
                 % (h.person_by_id(repo.locked[0]),
                    h.fmt_date(h.time_to_datetime(repo.locked[1]))),
@@ @@ -418,13 +413,13 @@ class FilesController(BaseRepoController @@
             raise HTTPFound(location=url('changeset_home',
                                 repo_name=c.repo_name, revision='tip'))
         return render('files/files_edit.html')
     @LoginRequired()
-    @HasRepoPermissionAnyDecorator('repository.write', 'repository.admin')
+    @HasRepoPermissionLevelDecorator('write')
     def add(self, repo_name, revision, f_path):
         repo = c.db_repo
         if repo.enable_locking and repo.locked[0]:
             h.flash(_('This repository has been locked by %s on %s')
                 % (h.person_by_id(repo.locked[0]),
@@ @@ -499,14 +494,13 @@ class FilesController(BaseRepoController @@
             raise HTTPFound(location=url('changeset_home',
                                 repo_name=c.repo_name, revision='tip'))
         return render('files/files_add.html')
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def archivefile(self, repo_name, fname):
         fileformat = None
         revision = None
         ext = None
         subrepos = request.GET.get('subrepos') == 'true'
@@ @@ -586,14 +580,13 @@ class FilesController(BaseRepoController @@
         response.content_disposition = str('attachment; filename=%s' % (archive_name))
         response.content_type = str(content_type)
         return get_chunked_archive(archive_path)
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def diff(self, repo_name, f_path):
         ignore_whitespace = request.GET.get('ignorews') == '1'
         line_context = safe_int(request.GET.get('context'), 3)
         diff2 = request.GET.get('diff2', '')
         diff1 = request.GET.get('diff1', '') or diff2
         c.action = request.GET.get('diff')
@@ @@ -690,14 +683,13 @@ class FilesController(BaseRepoController @@
                                          enable_comments=False)
             c.file_diff_data = [(fid, fid, op, a_path, node2.path, diff, st)]
             return render('files/file_diff.html')
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def diff_2way(self, repo_name, f_path):
         diff1 = request.GET.get('diff1', '')
         diff2 = request.GET.get('diff2', '')
         try:
             if diff1 not in ['', None, 'None', '0' * 12, '0' * 40]:
                 c.changeset_1 = c.db_repo_scm_instance.get_changeset(diff1)
@@ @@ -778,14 +770,13 @@ class FilesController(BaseRepoController @@
             tags_group[0].append((chs, name),)
         hist_l.append(tags_group)
         return hist_l, changesets
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     @jsonify
     def nodelist(self, repo_name, revision, f_path):
         if request.environ.get('HTTP_X_PARTIAL_XHR'):
             cs = self.__get_cs(revision)
             _d, _f = ScmModel().get_nodes(repo_name, cs.raw_id, f_path,
                                           flat=False)

kallithea/controllers/followers.py

➞

Show inline comments

@@ @@ -26,13 +26,13 @@ Original author and date, and relevant c @@
 """
 import logging
 from pylons import tmpl_context as c, request
-from kallithea.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
+from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator
 from kallithea.lib.base import BaseRepoController, render
 from kallithea.lib.page import Page
 from kallithea.lib.utils2 import safe_int
 from kallithea.model.db import UserFollowing
 log = logging.getLogger(__name__)
@@ @@ -41,14 +41,13 @@ log = logging.getLogger(__name__) @@
 class FollowersController(BaseRepoController):
     def __before__(self):
         super(FollowersController, self).__before__()
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def followers(self, repo_name):
         p = safe_int(request.GET.get('page'), 1)
         repo_id = c.db_repo.repo_id
         d = UserFollowing.get_repo_followers(repo_id) \
             .order_by(UserFollowing.follows_from)
         c.followers_pager = Page(d, page=p, items_per_page=20)

kallithea/controllers/forks.py

➞

Show inline comments

@@ @@ -34,14 +34,14 @@ from pylons import tmpl_context as c, re @@
 from pylons.i18n.translation import _
 from webob.exc import HTTPFound
 import kallithea.lib.helpers as h
 from kallithea.config.routing import url
 from kallithea.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator, \
     NotAnonymous, HasRepoPermissionAny, HasPermissionAnyDecorator, HasPermissionAny
 from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator, \
     NotAnonymous, HasRepoPermissionLevel, HasPermissionAnyDecorator, HasPermissionAny
 from kallithea.lib.base import BaseRepoController, render
 from kallithea.lib.page import Page
 from kallithea.lib.utils2 import safe_int
 from kallithea.model.db import Repository, UserFollowing, User, Ui
 from kallithea.model.repo import RepoModel
 from kallithea.model.forms import RepoForkForm
@@ @@ -105,36 +105,32 @@ class ForksController(BaseRepoController @@
         # add suffix to fork
         defaults['repo_name'] = '%s-fork' % defaults['repo_name']
         return defaults
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def forks(self, repo_name):
         p = safe_int(request.GET.get('page'), 1)
         repo_id = c.db_repo.repo_id
         d = []
         for r in Repository.get_repo_forks(repo_id):
             if not HasRepoPermissionAny(
                 'repository.read', 'repository.write', 'repository.admin'
             )(r.repo_name, 'get forks check'):
             if not HasRepoPermissionLevel('read')(r.repo_name, 'get forks check'):
                 continue
             d.append(r)
         c.forks_pager = Page(d, page=p, items_per_page=20)
         if request.environ.get('HTTP_X_PARTIAL_XHR'):
             return render('/forks/forks_data.html')
         return render('/forks/forks.html')
     @LoginRequired()
     @NotAnonymous()
     @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository')
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def fork(self, repo_name):
         c.repo_info = Repository.get_by_repo_name(repo_name)
         if not c.repo_info:
             h.not_mapped_error(repo_name)
             raise HTTPFound(location=url('home'))
@@ @@ -146,14 +142,13 @@ class ForksController(BaseRepoController @@
             encoding="UTF-8",
             force_defaults=False)
     @LoginRequired()
     @NotAnonymous()
     @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository')
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def fork_create(self, repo_name):
         self.__load_defaults()
         c.repo_info = Repository.get_by_repo_name(repo_name)
         _form = RepoForkForm(old_data={'repo_type': c.repo_info.repo_type},
                              repo_groups=c.repo_groups,
                              landing_revs=c.landing_revs_choices)()

kallithea/controllers/home.py

➞

Show inline comments

@@ @@ -32,13 +32,13 @@ from pylons import tmpl_context as c, re @@
 from pylons.i18n.translation import _
 from webob.exc import HTTPBadRequest
 from sqlalchemy.sql.expression import func
 from kallithea.lib.utils import conditional_cache
 from kallithea.lib.compat import json
-from kallithea.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
+from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator
 from kallithea.lib.base import BaseController, render, jsonify
 from kallithea.model.db import Repository, RepoGroup
 from kallithea.model.repo import RepoModel
 log = logging.getLogger(__name__)
@@ @@ -110,14 +110,13 @@ class HomeController(BaseController): @@
                                         condition=condition, func=_c)
             return compute()
         else:
             raise HTTPBadRequest()
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     @jsonify
     def repo_refs_data(self, repo_name):
         repo = Repository.get_by_repo_name(repo_name).scm_instance
         res = []
         _branches = repo.branches.items()
         if _branches:

kallithea/controllers/pullrequests.py

➞

Show inline comments

@@ @@ -34,13 +34,13 @@ from pylons import request, tmpl_context @@
 from pylons.i18n.translation import _
 from webob.exc import HTTPFound, HTTPNotFound, HTTPForbidden, HTTPBadRequest
 from kallithea.config.routing import url
 from kallithea.lib import helpers as h
 from kallithea.lib import diffs
-from kallithea.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator, \
+from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator, \
     NotAnonymous
 from kallithea.lib.base import BaseRepoController, render, jsonify
 from kallithea.lib.compat import json, OrderedDict
 from kallithea.lib.diffs import LimitedDiffContainer
 from kallithea.lib.exceptions import UserInvalidException
 from kallithea.lib.page import Page
@@ @@ -187,14 +187,13 @@ class PullrequestsController(BaseRepoCon @@
             .filter(PullRequestReviewer.user_id == request.authuser.user_id) \
             .count() != 0
         return request.authuser.admin or owner or reviewer
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def show_all(self, repo_name):
         c.from_ = request.GET.get('from_') or ''
         c.closed = request.GET.get('closed') or ''
         p = safe_int(request.GET.get('page'), 1)
         q = PullRequest.query(include_closed=c.closed, sorted=True)
@@ @@ -233,14 +232,13 @@ class PullrequestsController(BaseRepoCon @@
                 c.participate_in_pull_requests_todo.append(pr)
         return render('/pullrequests/pullrequest_show_my.html')
     @LoginRequired()
     @NotAnonymous()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def index(self):
         org_repo = c.db_repo
         org_scm_instance = org_repo.scm_instance
         try:
             org_scm_instance.get_changeset()
         except EmptyRepositoryError as e:
@@ @@ -290,28 +288,26 @@ class PullrequestsController(BaseRepoCon @@
             c.a_repos.append((fork.repo_name, fork.repo_name))
         return render('/pullrequests/pullrequest.html')
     @LoginRequired()
     @NotAnonymous()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     @jsonify
     def repo_info(self, repo_name):
         repo = c.db_repo
         refs, selected_ref = self._get_repo_refs(repo.scm_instance)
         return {
             'description': repo.description.split('\n', 1)[0],
             'selected_ref': selected_ref,
             'refs': refs,
+            }
     @LoginRequired()
     @NotAnonymous()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def create(self, repo_name):
         repo = c.db_repo
         try:
             _form = PullRequestForm(repo.repo_id)().to_python(request.POST)
         except formencode.Invalid as errors:
             log.error(traceback.format_exc())
@@ @@ -510,22 +506,21 @@ class PullrequestsController(BaseRepoCon @@
         raise HTTPFound(location=pull_request.url())
     # pullrequest_post for PR editing
     @LoginRequired()
     @NotAnonymous()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def post(self, repo_name, pull_request_id):
         pull_request = PullRequest.get_or_404(pull_request_id)
         if pull_request.is_closed():
             raise HTTPForbidden()
         assert pull_request.other_repo.repo_name == repo_name
         #only owner or admin can update it
         owner = pull_request.owner_id == request.authuser.user_id
-        repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name)
+        repo_admin = h.HasRepoPermissionLevel('admin')(c.repo_name)
         if not (h.HasPermissionAny('hg.admin')() or repo_admin or owner):
             raise HTTPForbidden()
         _form = PullRequestPostForm()().to_python(request.POST)
         reviewer_ids = set(int(s) for s in _form['review_members'])
@@ @@ -568,14 +563,13 @@ class PullrequestsController(BaseRepoCon @@
         h.flash(_('Pull request updated'), category='success')
         raise HTTPFound(location=pull_request.url())
     @LoginRequired()
     @NotAnonymous()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     @jsonify
     def delete(self, repo_name, pull_request_id):
         pull_request = PullRequest.get_or_404(pull_request_id)
         #only owner can delete it !
         if pull_request.owner_id == request.authuser.user_id:
             PullRequestModel().delete(pull_request)
@@ @@ -583,14 +577,13 @@ class PullrequestsController(BaseRepoCon @@
             h.flash(_('Successfully deleted pull request'),
                     category='success')
             raise HTTPFound(location=url('my_pullrequests'))
         raise HTTPForbidden()
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def show(self, repo_name, pull_request_id, extra=None):
         repo_model = RepoModel()
         c.users_array = repo_model.get_users_js()
         c.user_groups_array = repo_model.get_user_groups_js()
         c.pull_request = PullRequest.get_or_404(pull_request_id)
         c.allowed_to_change_status = self._get_is_allowed_change_status(c.pull_request)
@@ @@ -772,14 +765,13 @@ class PullrequestsController(BaseRepoCon @@
         c.as_form = False
         c.ancestors = None # [c.a_rev] ... but that is shown in an other way
         return render('/pullrequests/pullrequest_show.html')
     @LoginRequired()
     @NotAnonymous()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     @jsonify
     def comment(self, repo_name, pull_request_id):
         pull_request = PullRequest.get_or_404(pull_request_id)
         status = request.POST.get('changeset_status')
         close_pr = request.POST.get('save_close')
@@ @@ -797,14 +789,14 @@ class PullrequestsController(BaseRepoCon @@
                 h.flash(_('No permission to change pull request status'), 'error')
                 raise HTTPForbidden()
         if delete == "delete":
             if (pull_request.owner_id == request.authuser.user_id or
                 h.HasPermissionAny('hg.admin')() or
                 h.HasRepoPermissionAny('repository.admin')(pull_request.org_repo.repo_name) or
                 h.HasRepoPermissionAny('repository.admin')(pull_request.other_repo.repo_name)
                 h.HasRepoPermissionLevel('admin')(pull_request.org_repo.repo_name) or
                 h.HasRepoPermissionLevel('admin')(pull_request.other_repo.repo_name)
                 ) and not pull_request.is_closed():
                 PullRequestModel().delete(pull_request)
                 Session().commit()
                 h.flash(_('Successfully deleted pull request %s') % pull_request_id,
                         category='success')
                 return {
@@ @@ -858,23 +850,22 @@ class PullrequestsController(BaseRepoCon @@
                          render('changeset/changeset_comment_block.html')})
         return data
     @LoginRequired()
     @NotAnonymous()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     @jsonify
     def delete_comment(self, repo_name, comment_id):
         co = ChangesetComment.get(comment_id)
         if co.pull_request.is_closed():
             #don't allow deleting comments on closed pull request
             raise HTTPForbidden()
         owner = co.author_id == request.authuser.user_id
-        repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name)
+        repo_admin = h.HasRepoPermissionLevel('admin')(c.repo_name)
         if h.HasPermissionAny('hg.admin')() or repo_admin or owner:
             ChangesetCommentsModel().delete(comment=co)
             Session().commit()
             return True
         else:
             raise HTTPForbidden()

kallithea/controllers/summary.py

➞

Show inline comments

@@ @@ -40,13 +40,13 @@ from beaker.cache import cache_region, r @@
 from kallithea.lib.vcs.exceptions import ChangesetError, EmptyRepositoryError, \
     NodeDoesNotExistError
 from kallithea.config.conf import ALL_READMES, ALL_EXTS, LANGUAGES_EXTENSIONS_MAP
 from kallithea.model.db import Statistics, CacheInvalidation, User
 from kallithea.lib.utils2 import safe_str
-from kallithea.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator, \
+from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator, \
     NotAnonymous
 from kallithea.lib.base import BaseRepoController, render, jsonify
 from kallithea.lib.vcs.backends.base import EmptyChangeset
 from kallithea.lib.markup_renderer import MarkupRenderer
 from kallithea.lib.celerylib.tasks import get_commits_stats
 from kallithea.lib.compat import json
@@ @@ -104,14 +104,13 @@ class SummaryController(BaseRepoControll @@
         valid = CacheInvalidation.test_and_set_valid(repo_name, kind)
         if not valid:
             region_invalidate(_get_readme_from_cache, None, '_get_readme_from_cache', repo_name, kind)
         return _get_readme_from_cache(repo_name, kind)
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def index(self, repo_name):
         _load_changelog_summary()
         if request.authuser.is_default_user:
             username = ''
         else:
@@ @@ -158,24 +157,22 @@ class SummaryController(BaseRepoControll @@
         c.readme_data, c.readme_file = \
             self.__get_readme_data(c.db_repo)
         return render('summary/summary.html')
     @LoginRequired()
     @NotAnonymous()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     @jsonify
     def repo_size(self, repo_name):
         if request.is_xhr:
             return c.db_repo._repo_size()
         else:
             raise HTTPBadRequest()
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     @HasRepoPermissionLevelDecorator('read')
     def statistics(self, repo_name):
         if c.db_repo.enable_statistics:
             c.show_stats = True
             c.no_data_msg = _('No data ready yet')
         else:
             c.show_stats = False

kallithea/lib/auth.py

➞

Show inline comments

@@ @@ -534,12 +534,24 @@ class AuthUser(object): @@
         return False
     @LazyProperty
     def permissions(self):
         return self.__get_perms(user=self, cache=False)
     def has_repository_permission_level(self, repo_name, level, purpose=None):
         required_perms = {
             'read': ['repository.read', 'repository.write', 'repository.admin'],
             'write': ['repository.write', 'repository.admin'],
             'admin': ['repository.admin'],
         }[level]
         actual_perm = self.permissions['repositories'].get(repo_name)
         ok = actual_perm in required_perms
         log.debug('Checking if user %r can %r repo %r (%s): %s (has %r)',
             self.username, level, repo_name, purpose, ok, actual_perm)
         return ok
     @property
     def api_keys(self):
         return self._get_api_keys()
     def __get_perms(self, user, explicit=True, algo='higherwin', cache=False):
         """
@@ @@ -833,23 +845,21 @@ class HasPermissionAnyDecorator(_PermsDe @@
     def check_permissions(self, user):
         global_permissions = user.permissions['global'] # usually very short
         return any(p in global_permissions for p in self.required_perms)
-class HasRepoPermissionAnyDecorator(_PermsDecorator):
+class HasRepoPermissionLevelDecorator(_PermsDecorator):
     """
-    Checks the user has any of given permissions for the requested repository.
+    Checks the user has at least the specified permission level for the requested repository.
     """
     def check_permissions(self, user):
         repo_name = get_repo_slug(request)
         try:
             return user.permissions['repositories'][repo_name] in self.required_perms
         except KeyError:
             return False
         (level,) = self.required_perms
         return user.has_repository_permission_level(repo_name, level)
 class HasRepoGroupPermissionAnyDecorator(_PermsDecorator):
     """
     Checks the user has any of given permissions for the requested repository group.
     """
@@ @@ -905,23 +915,17 @@ class HasPermissionAny(_PermsFunction): @@
         log.debug('Check %s for global %s (%s): %s' %
             (request.user.username, self.required_perms, purpose, ok))
         return ok
-class HasRepoPermissionAny(_PermsFunction):
+class HasRepoPermissionLevel(_PermsFunction):
     def __call__(self, repo_name, purpose=None):
         try:
             ok = request.user.permissions['repositories'][repo_name] in self.required_perms
         except KeyError:
             ok = False
         log.debug('Check %s for %s for repo %s (%s): %s' %
             (request.user.username, self.required_perms, repo_name, purpose, ok))
         return ok
         (level,) = self.required_perms
         return request.user.has_repository_permission_level(repo_name, level, purpose)
 class HasRepoGroupPermissionAny(_PermsFunction):
     def __call__(self, group_name, purpose=None):
         try:

kallithea/lib/helpers.py

➞

Show inline comments

@@ @@ -775,13 +775,13 @@ def action_parser(user_log, feed=False, @@
 #==============================================================================
 # PERMS
 #==============================================================================
 from kallithea.lib.auth import HasPermissionAny, \
-    HasRepoPermissionAny, HasRepoGroupPermissionAny
+    HasRepoPermissionLevel, HasRepoGroupPermissionAny
 #==============================================================================
 # GRAVATAR URL
 #==============================================================================
 def gravatar_div(email_address, cls='', size=30, **div_attributes):

kallithea/model/repo.py

➞

Show inline comments

@@ @@ -44,13 +44,13 @@ from kallithea.lib.hooks import log_dele @@
 from kallithea.model.base import BaseModel
 from kallithea.model.db import Repository, UserRepoToPerm, UserGroupRepoToPerm, \
     UserRepoGroupToPerm, UserGroupRepoGroupToPerm, User, Permission, \
     Statistics, UserGroup, Ui, RepoGroup, RepositoryField
 from kallithea.lib import helpers as h
-from kallithea.lib.auth import HasRepoPermissionAny, HasUserGroupPermissionAny
+from kallithea.lib.auth import HasRepoPermissionLevel, HasUserGroupPermissionAny
 from kallithea.lib.exceptions import AttachedForksError
 from kallithea.model.scm import UserGroupList
 log = logging.getLogger(__name__)
@@ @@ -204,16 +204,13 @@ class RepoModel(BaseModel): @@
             return _render('user_name', owner_id, username)
         repos_data = []
         for repo in repos_list:
             if perm_check:
                 # check permission at this level
                 if not HasRepoPermissionAny(
                         'repository.read', 'repository.write',
                         'repository.admin'
                 )(repo.repo_name, 'get_repos_as_dict check'):
                 if not HasRepoPermissionLevel('read')(repo.repo_name, 'get_repos_as_dict check'):
                     continue
             cs_cache = repo.changeset_cache
             row = {
                 "raw_name": repo.repo_name,
                 "just_name": repo.just_name,
                 "name": repo_lnk(repo.repo_name, repo.repo_type,

kallithea/model/scm.py

➞

Show inline comments

@@ @@ -46,13 +46,13 @@ from kallithea.lib.vcs.nodes import File @@
 from kallithea.lib.vcs.backends.base import EmptyChangeset
 from kallithea import BACKENDS
 from kallithea.lib import helpers as h
 from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \
     _set_extras
-from kallithea.lib.auth import HasRepoPermissionAny, HasRepoGroupPermissionAny, \
+from kallithea.lib.auth import HasRepoPermissionLevel, HasRepoGroupPermissionAny, \
     HasUserGroupPermissionAny, HasPermissionAny, HasPermissionAny
 from kallithea.lib.utils import get_filesystem_repos, make_ui, \
     action_logger
 from kallithea.model.base import BaseModel
 from kallithea.model.db import Repository, Ui, CacheInvalidation, \
     UserFollowing, UserLog, User, RepoGroup, PullRequest
@@ @@ -111,19 +111,16 @@ class _PermCheckIterator(object): @@
             yield db_obj
 class RepoList(_PermCheckIterator):
     def __init__(self, db_repo_list, perm_set=None, extra_kwargs=None):
         if not perm_set:
             perm_set = ['repository.read', 'repository.write', 'repository.admin']
     def __init__(self, db_repo_list, perm_level, extra_kwargs=None):
         super(RepoList, self).__init__(obj_list=db_repo_list,
                     obj_attr='repo_name', perm_set=perm_set,
                     perm_checker=HasRepoPermissionAny,
                     obj_attr='repo_name', perm_set=[perm_level],
                     perm_checker=HasRepoPermissionLevel,
                     extra_kwargs=extra_kwargs)
 class RepoGroupList(_PermCheckIterator):
     def __init__(self, db_repo_group_list, perm_set=None, extra_kwargs=None):
@@ @@ -213,13 +210,13 @@ class ScmModel(BaseModel): @@
                 continue
         log.debug('found %s paths with repositories', len(repos))
         return repos
     def get_repos(self, repos):
         """Return the repos the user has access to"""
         return RepoList(repos)
+        return RepoList(repos, perm_level='read')
     def get_repo_groups(self, groups=None):
         """Return the repo groups the user has access to
         If no groups are specified, use top level groups.
         """
         if groups is None:

kallithea/templates/base/base.html

➞

Show inline comments

@@ @@ -130,30 +130,30 @@ @@
         %endif
         <li class="${'active' if current == 'files' else ''}" data-context="files"><a href="${h.url('files_home', repo_name=c.repo_name, revision=rev or 'tip')}"><i class="icon-doc-inv"></i> ${_('Files')}</a></li>
         <li class="${'active' if current == 'switch-to' else ''}" data-context="switch-to">
           <input id="branch_switcher" name="branch_switcher" type="hidden">
         </li>
         <li class="${'active' if current == 'options' else ''} dropdown" data-context="options">
-             %if h.HasRepoPermissionAny('repository.admin')(c.repo_name):
+             %if h.HasRepoPermissionLevel('admin')(c.repo_name):
                <a href="${h.url('edit_repo',repo_name=c.repo_name)}" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a>
              %else:
                <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a>
              %endif
           <ul class="dropdown-menu" role="menu" aria-hidden="true">
-             %if h.HasRepoPermissionAny('repository.admin')(c.repo_name):
+             %if h.HasRepoPermissionLevel('admin')(c.repo_name):
                    <li><a href="${h.url('edit_repo',repo_name=c.repo_name)}"><i class="icon-gear"></i> ${_('Settings')}</a></li>
              %endif
               %if c.db_repo.fork:
                <li><a href="${h.url('compare_url',repo_name=c.db_repo.fork.repo_name,org_ref_type=c.db_repo.landing_rev[0],org_ref_name=c.db_repo.landing_rev[1], other_repo=c.repo_name,other_ref_type='branch' if request.GET.get('branch') else c.db_repo.landing_rev[0],other_ref_name=request.GET.get('branch') or c.db_repo.landing_rev[1], merge=1)}">
                    <i class="icon-git-compare"></i> ${_('Compare Fork')}</a></li>
               %endif
               <li><a href="${h.url('compare_home',repo_name=c.repo_name)}"><i class="icon-git-compare"></i> ${_('Compare')}</a></li>
               <li><a href="${h.url('search_repo',repo_name=c.repo_name)}"><i class="icon-search"></i> ${_('Search')}</a></li>
-              %if h.HasRepoPermissionAny('repository.write','repository.admin')(c.repo_name) and c.db_repo.enable_locking:
+              %if h.HasRepoPermissionLevel('write')(c.repo_name) and c.db_repo.enable_locking:
                 %if c.db_repo.locked[0]:
                   <li><a href="${h.url('toggle_locking', repo_name=c.repo_name)}"><i class="icon-lock"></i> ${_('Unlock')}</a></li>
                 %else:
                   <li><a href="${h.url('toggle_locking', repo_name=c.repo_name)}"><i class="icon-lock-open-alt"></i> ${_('Lock')}</li>
                 %endif
               %endif

kallithea/templates/changelog/changelog_summary_data.html

➞

Show inline comments

@@ @@ -77,13 +77,13 @@ @@
 <ul class="pagination">
     ${c.repo_changesets.pager()}
 </ul>
 %else:
-%if h.HasRepoPermissionAny('repository.write','repository.admin')(c.repo_name):
+%if h.HasRepoPermissionLevel('write')(c.repo_name):
 <h4>${_('Add or upload files directly via Kallithea')}</h4>
 <div style="margin: 20px 30px;">
   <div id="add_node_id" class="add_node">
       <a class="btn btn-default btn-xs" href="${h.url('files_add_home',repo_name=c.repo_name,revision=0,f_path='', anchor='edit')}">${_('Add New File')}</a>
   </div>
 </div>

kallithea/templates/changeset/changeset_file_comment.html

➞

Show inline comments

@@ @@ -21,13 +21,13 @@ @@
               %else:
                 ${_('on this changeset')}
               %endif
               <a class="permalink" href="${co.url()}">&para;</a>
           </span>
-          %if co.author_id == request.authuser.user_id or h.HasRepoPermissionAny('repository.admin')(c.repo_name):
+          %if co.author_id == request.authuser.user_id or h.HasRepoPermissionLevel('admin')(c.repo_name):
             %if co.deletable():
               <div onClick="confirm('${_('Delete comment?')}') && deleteComment(${co.comment_id})" class="buttons delete-comment btn btn-default btn-xs" style="margin:0 5px">${_('Delete')}</div>
             %endif
           %endif
       </div>
       <div class="text">
@@ @@ -77,13 +77,13 @@ @@
                         <input type="radio" class="status_change_radio" name="changeset_status" id="${status}" value="${status}">
                         ${lbl}<i class="icon-circle changeset-status-${status}"></i>
                     </label>
                 %endfor
                 %if c.pull_request is not None and ( \
-                    h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionAny('repository.admin')(c.repo_name) \
+                    h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionLevel('admin')(c.repo_name) \
                     or c.pull_request.owner_id == request.authuser.user_id):
                 <div>
                   ${_('Finish pull request')}:
                   <label class="checkbox-inline">
                     <input id="save_close" type="checkbox" name="save_close">
                     ${_("Close")}

kallithea/templates/files/files_edit.html

➞

Show inline comments

@@ @@ -45,13 +45,13 @@ ${self.repo_context_bar('files')} @@
                     <div class="left item">${h.format_byte_size(c.file.size,binary=True)}</div>
                     <div class="left item last">${c.file.mimetype}</div>
                     <div class="pull-right buttons">
                       ${h.link_to(_('Show Annotation'),h.url('files_annotate_home',repo_name=c.repo_name,revision=c.cs.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")}
                       ${h.link_to(_('Show as Raw'),h.url('files_raw_home',repo_name=c.repo_name,revision=c.cs.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")}
                       ${h.link_to(_('Download as Raw'),h.url('files_rawfile_home',repo_name=c.repo_name,revision=c.cs.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")}
-                      % if h.HasRepoPermissionAny('repository.write','repository.admin')(c.repo_name):
+                      % if h.HasRepoPermissionLevel('write')(c.repo_name):
                        % if not c.file.is_binary:
                         ${h.link_to(_('Source'),h.url('files_home',repo_name=c.repo_name,revision=c.cs.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")}
                        % endif
                       % endif
                     </div>
                 </div>

kallithea/templates/files/files_source.html

➞

Show inline comments

@@ @@ -31,13 +31,13 @@ @@
                 ${h.link_to(_('Show Source'),    h.url('files_home',         repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")}
               %else:
                 ${h.link_to(_('Show Annotation'),h.url('files_annotate_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")}
               %endif
               ${h.link_to(_('Show as Raw'),h.url('files_raw_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")}
               ${h.link_to(_('Download as Raw'),h.url('files_rawfile_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")}
-              %if h.HasRepoPermissionAny('repository.write','repository.admin')(c.repo_name):
+              %if h.HasRepoPermissionLevel('write')(c.repo_name):
                %if c.on_branch_head and not c.file.is_binary:
                 ${h.link_to(_('Edit on Branch: %s') % c.changeset.branch, h.url('files_edit_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path, anchor='edit'),class_="btn btn-default btn-xs")}
                 ${h.link_to(_('Delete'), h.url('files_delete_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path, anchor='edit'),class_="btn btn-danger btn-xs")}
                %elif c.on_branch_head and c.file.is_binary:
                 ${h.link_to(_('Edit'), '#', class_="btn btn-default btn-xs disabled", title=_('Editing binary files not allowed'),**{'data-toggle':'tooltip'})}
                 ${h.link_to(_('Delete'), h.url('files_delete_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path, anchor='edit'),class_="btn btn-danger btn-xs")}

kallithea/templates/files/files_ypjax.html

➞

Show inline comments

@@ @@ -2,13 +2,13 @@ @@
     <h3 class="files_location">
         ${_('Location')}: ${h.files_breadcrumbs(c.repo_name,c.changeset.raw_id,c.file.path)}
         %if c.annotate:
         - ${_('annotation')}
         %endif
         %if c.file.is_dir():
-          % if h.HasRepoPermissionAny('repository.write','repository.admin')(c.repo_name):
+          % if h.HasRepoPermissionLevel('write')(c.repo_name):
              / <span title="${_('Add New File')}">
                <a href="${h.url('files_add_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path, anchor='edit')}">
                    <i class="icon-plus-circled" style="color:#5bb75b; font-size: 16px"></i></a>
                </span>
           % endif
         %endif

kallithea/templates/pullrequests/pullrequest_show.html

➞

Show inline comments

@@ @@ -12,13 +12,13 @@ @@
 <%block name="header_menu">
     ${self.menu('repositories')}
 </%block>
 <%def name="main()">
-<% editable = not c.pull_request.is_closed() and (h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionAny('repository.admin')(c.repo_name) or c.pull_request.owner_id == request.authuser.user_id) %>
+<% editable = not c.pull_request.is_closed() and (h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionLevel('admin')(c.repo_name) or c.pull_request.owner_id == request.authuser.user_id) %>
 ${self.repo_context_bar('showpullrequest')}
 <div class="panel panel-primary">
   <div class="panel-heading clearfix">
     ${self.breadcrumbs()}
   </div>

kallithea/templates/search/search_commit.html

➞

Show inline comments

 ##commit highlighting
 %for cnt,sr in enumerate(c.formated_results):
-    %if h.HasRepoPermissionAny('repository.write','repository.read','repository.admin')(sr['repository'],'search results check'):
+    %if h.HasRepoPermissionLevel('read')(sr['repository'],'search results check'):
         <div id="body${cnt}" class="codeblock">
             <div class="code-header">
                 <div class="search-path">${h.link_to(h.literal('%s &raquo; %s' % (sr['repository'],sr['raw_id'])),
                 h.url('changeset_home',repo_name=sr['repository'],revision=sr['raw_id']))}
                 ${h.fmt_date(h.time_to_datetime(sr['date']))}
                 </div>

kallithea/templates/search/search_content.html

➞

Show inline comments

 ##content highlighting
 %for cnt,sr in enumerate(c.formated_results):
-    %if h.HasRepoPermissionAny('repository.write','repository.read','repository.admin')(sr['repository'],'search results check'):
+    %if h.HasRepoPermissionLevel('read')(sr['repository'],'search results check'):
         <div id="body${cnt}" class="codeblock">
             <div class="code-header">
                 <div class="search-path">${h.link_to(h.literal('%s &raquo; %s' % (sr['repository'],sr['f_path'])),
                 h.url('files_home',repo_name=sr['repository'],revision='tip',f_path=sr['f_path']))}
                 </div>
             </div>

kallithea/templates/search/search_path.html

➞

Show inline comments

 ##path search
 %for cnt,sr in enumerate(c.formated_results):
-    %if h.HasRepoPermissionAny('repository.write','repository.read','repository.admin')(sr['repository'],'search results check'):
+    %if h.HasRepoPermissionLevel('read')(sr['repository'],'search results check'):
         <div class="panel panel-default">
             <div class="panel-heading">
                 ${h.link_to(h.literal('%s &raquo; %s' % (sr['repository'],sr['f_path'])),
                     h.url('files_home',repo_name=sr['repository'],revision='tip',f_path=sr['f_path']))}
             </div>
         </div>

0 comments (0 inline, 0 general)