kallithea Changeset - ad4a680113b7

Changeset - ad4a680113b7

Parent rev.

Child rev.

[Not reviewed]

beta

0 3 0

Marcin Kuzminski - 13 years ago 2013-05-11 23:19:06
marcin@python-works.com

Gist: implemented delete of gists by owner, or super admin

3 files changed with 33 insertions and 7 deletions:

rhodecode/controllers/admin/gists.py

rhodecode/templates/admin/gists/show.html

rhodecode/tests/functional/test_admin_gists.py

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/gists.py

➞

Show inline comments

@@ @@ -32,25 +32,25 @@ from pylons import request, tmpl_context @@
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.model.forms import GistForm
 from rhodecode.model.gist import GistModel
 from rhodecode.model.meta import Session
 from rhodecode.model.db import Gist
 from rhodecode.lib import helpers as h
 from rhodecode.lib.base import BaseController, render
 from rhodecode.lib.auth import LoginRequired, NotAnonymous
 from rhodecode.lib.utils2 import safe_str, safe_int, time_to_datetime
 from rhodecode.lib.helpers import Page
 from webob.exc import HTTPNotFound
+from webob.exc import HTTPNotFound, HTTPForbidden
 from sqlalchemy.sql.expression import or_
 from rhodecode.lib.vcs.exceptions import VCSError
 log = logging.getLogger(__name__)
 class GistsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     def __load_defaults(self):
         c.lifetime_values = [
             (str(-1), _('forever')),
@@ @@ -142,24 +142,34 @@ class GistsController(BaseController): @@
         # url('gist', id=ID)
     @LoginRequired()
     @NotAnonymous()
     def delete(self, id):
         """DELETE /admin/gists/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('gist', id=ID),
         #           method='delete')
         # url('gist', id=ID)
         gist = GistModel().get_gist(id)
         owner = gist.gist_owner == c.rhodecode_user.user_id
         if h.HasPermissionAny('hg.admin')() or owner:
             GistModel().delete(gist)
             Session().commit()
             h.flash(_('Deleted gist %s') % gist.gist_access_id, category='success')
         else:
             raise HTTPForbidden()
         return redirect(url('gists'))
     @LoginRequired()
     def show(self, id, format='html'):
         """GET /admin/gists/id: Show a specific item"""
         # url('gist', id=ID)
         gist_id = id
         c.gist = Gist.get_or_404(gist_id)
         #check if this gist is not expired
         if c.gist.gist_expires != -1:
             if time.time() > c.gist.gist_expires:
                 log.error('Gist expired at %s' %

rhodecode/templates/admin/gists/show.html

➞

Show inline comments

@@ @@ -39,27 +39,29 @@ @@
                           %endif
                         </div>
                        <span style="color: #AAA">
                          %if c.gist.gist_expires == -1:
                           ${_('Expires')}: ${_('never')}
                          %else:
                           ${_('Expires')}: ${h.age(h.time_to_datetime(c.gist.gist_expires))}
                          %endif
                        </span>
                         <div class="left item last">${c.gist.gist_description}</div>
                         <div class="buttons">
                           ## only owner should see that
-                          %if c.gist.owner.username == c.rhodecode_user.username:
+                          %if h.HasPermissionAny('hg.admin')() or c.gist.gist_owner == c.rhodecode_user.user_id:
                             ##${h.link_to(_('Edit'),h.url(''),class_="ui-btn")}
                             ##${h.link_to(_('Delete'),h.url(''),class_="ui-btn red")}
                             ${h.form(url('gist', id=c.gist.gist_id),method='delete')}
                                 ${h.submit('remove_gist', _('Delete'),class_="ui-btn red",onclick="return confirm('"+_('Confirm to delete this gist')+"');")}
                             ${h.end_form()}
                           %endif
                         </div>
                     </div>
                     <div class="author">
                         <div class="gravatar">
                             <img alt="gravatar" src="${h.gravatar_url(h.email_or_none(c.file_changeset.author),16)}"/>
                         </div>
                         <div title="${c.file_changeset.author}" class="user">${h.person(c.file_changeset.author)} - ${_('created')} ${h.age(c.file_changeset.date)}</div>
                     </div>
                     <div class="commit">${h.urlify_commit(c.file_changeset.message,c.repo_name)}</div>
                 </div>

rhodecode/tests/functional/test_admin_gists.py

➞

Show inline comments

 from rhodecode.tests import *
 from rhodecode.model.gist import GistModel
 from rhodecode.model.meta import Session
 from rhodecode.model.db import User, Gist
 def _create_gist(f_name, content='some gist', lifetime=-1,
                  description='gist-desc', gist_type='public'):
                  description='gist-desc', gist_type='public',
                  owner=TEST_USER_ADMIN_LOGIN):
     gist_mapping = {
         f_name: {'content': content}
+    }
-    user = User.get_by_username(TEST_USER_ADMIN_LOGIN)
+    user = User.get_by_username(owner)
     gist = GistModel().create(description, owner=user,
                        gist_mapping=gist_mapping, gist_type=gist_type,
                        lifetime=lifetime)
     Session().commit()
     return gist
 class TestGistsController(TestController):
     def tearDown(self):
         for g in Gist.get_all():
             GistModel().delete(g)
@@ @@ -100,26 +101,39 @@ class TestGistsController(TestController @@
         response.mustcontain('gist-desc')
         response.mustcontain('<div class="ui-btn green badge">Public gist</div>')
     def test_new(self):
         self.log_user()
         response = self.app.get(url('new_gist'))
     def test_update(self):
         self.skipTest('not implemented')
         response = self.app.put(url('gist', id=1))
     def test_delete(self):
         self.skipTest('not implemented')
         response = self.app.delete(url('gist', id=1))
         self.log_user()
         gist = _create_gist('delete-me')
         response = self.app.delete(url('gist', id=gist.gist_id))
         self.checkSessionFlash(response, 'Deleted gist %s' % gist.gist_id)
     def test_delete_normal_user_his_gist(self):
         self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
         gist = _create_gist('delete-me', owner=TEST_USER_REGULAR_LOGIN)
         response = self.app.delete(url('gist', id=gist.gist_id))
         self.checkSessionFlash(response, 'Deleted gist %s' % gist.gist_id)
     def test_delete_normal_user_not_his_own_gist(self):
         self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
         gist = _create_gist('delete-me')
         response = self.app.delete(url('gist', id=gist.gist_id), status=403)
     def test_show(self):
         gist = _create_gist('gist-show-me')
         response = self.app.get(url('gist', id=gist.gist_access_id))
         response.mustcontain('added file: gist-show-me<')
         response.mustcontain('test_admin (RhodeCode Admin) - created')
         response.mustcontain('gist-desc')
         response.mustcontain('<div class="ui-btn green badge">Public gist</div>')
     def test_edit(self):
         self.skipTest('not implemented')
         response = self.app.get(url('edit_gist', id=1))

0 comments (0 inline, 0 general)