Changeset - c6ce891312ef
Parent rev.
Child rev.
[Not reviewed]
default
0 4 0
Mads Kiilerich - 7 years ago 2018-12-26 02:21:26
mads@kiilerich.com
auth: consistently use request.authuser - drop request.user

This seems like old tech debt. Now, just get rid of it.
4 files changed with 8 insertions and 8 deletions:
kallithea/controllers/api/__init__.py
1
1
kallithea/lib/auth.py
5
5
kallithea/lib/base.py
1
1
kallithea/tests/fixture.py
1
1
0 comments (0 inline, 0 general)
kallithea/controllers/api/__init__.py
Show inline comments
 
@@ -182,7 +182,7 @@ class JSONRPCController(TGController):
 
        # this is little trick to inject logged in user for
 
        # perms decorators to work they expect the controller class to have
 
        # authuser attribute set
 
        request.authuser = request.user = auth_u
 
        request.authuser = auth_u
 

			




	
	
	
		
 
        # This attribute will need to be first param of a method that uses

			




	
	
	
		
 
        # api_key, which is translated to instance of user at that name

			




        

    


    
    

    

        

                

                    kallithea/lib/auth.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -944,11 +944,11 @@ class _PermsFunction(object):

			




	
	
	
		
 
class HasPermissionAny(_PermsFunction):

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, purpose=None):

			




	
	
	
		
 
        global_permissions = request.user.permissions['global'] # usually very short

			




	
	
	
		
 
        global_permissions = request.authuser.permissions['global'] # usually very short

			




	
	
	
		
 
        ok = any(p in global_permissions for p in self.required_perms)

			




	
	
	
		
 

			




	
	
	
		
 
        log.debug('Check %s for global %s (%s): %s' %

			




	
	
	
		
 
            (request.user.username, self.required_perms, purpose, ok))

			




	
	
	
		
 
            (request.authuser.username, self.required_perms, purpose, ok))

			




	
	
	
		
 
        return ok

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
		
 
@@ -963,19 +963,19 @@ class _PermFunction(_PermsFunction):

			




	
	
	
		
 
class HasRepoPermissionLevel(_PermFunction):

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, repo_name, purpose=None):

			




	
	
	
		
 
        return request.user.has_repository_permission_level(repo_name, self.required_perm, purpose)

			




	
	
	
		
 
        return request.authuser.has_repository_permission_level(repo_name, self.required_perm, purpose)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class HasRepoGroupPermissionLevel(_PermFunction):

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, group_name, purpose=None):

			




	
	
	
		
 
        return request.user.has_repository_group_permission_level(group_name, self.required_perm, purpose)

			




	
	
	
		
 
        return request.authuser.has_repository_group_permission_level(group_name, self.required_perm, purpose)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class HasUserGroupPermissionLevel(_PermFunction):

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, user_group_name, purpose=None):

			




	
	
	
		
 
        return request.user.has_user_group_permission_level(user_group_name, self.required_perm, purpose)

			




	
	
	
		
 
        return request.authuser.has_user_group_permission_level(user_group_name, self.required_perm, purpose)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
#==============================================================================

			




        

    


    
    

    

        

                

                    kallithea/lib/base.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -529,7 +529,7 @@ class BaseController(TGController):

			




	
	
	
		
 
                if type.lower() == 'bearer':

			




	
	
	
		
 
                    bearer_token = params

			




	
	
	
		
 

			




	
	
	
		
 
            request.authuser = request.user = self._determine_auth_user(

			




	
	
	
		
 
            request.authuser = self._determine_auth_user(

			




	
	
	
		
 
                request.GET.get('api_key'),

			




	
	
	
		
 
                bearer_token,

			




	
	
	
		
 
                session.get('authuser'),

			




        

    


    
    

    

        

                

                    kallithea/tests/fixture.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -333,7 +333,7 @@ class Fixture(object):

			




	
	
	
		
 
            org_repo = other_repo = Repository.get_by_repo_name(repo_name)

			




	
	
	
		
 
            owner_user = User.get_by_username(TEST_USER_ADMIN_LOGIN)

			




	
	
	
		
 
            reviewers = [User.get_by_username(TEST_USER_REGULAR_LOGIN)]

			




	
	
	
		
 
            request.authuser = request.user = AuthUser(dbuser=owner_user)

			




	
	
	
		
 
            request.authuser = AuthUser(dbuser=owner_user)

			




	
	
	
		
 
            # creating a PR sends a message with an absolute URL - without routing that requires mocking

			




	
	
	
		
 
            with mock.patch.object(helpers, 'url', (lambda arg, qualified=False, **kwargs: ('https://localhost' if qualified else '') + '/fake/' + arg)):

			




	
	
	
		
 
                cmd = CreatePullRequestAction(org_repo, other_repo, org_ref, other_ref, title, u'No description', owner_user, reviewers)

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.