kallithea Changeset - c734686b3cf2

Changeset - c734686b3cf2

Parent rev.

Child rev.

[Not reviewed]

beta

0 5 0

Marcin Kuzminski - 13 years ago 2013-03-28 02:11:26
marcin@python-works.com

moved permission management into separate entity.
- this solves issues when whole form submision could influence permission management
particular case is that when repo group permission is revoked and user is no longer able to update repository settings

5 files changed with 79 insertions and 34 deletions:

rhodecode/config/routing.py

rhodecode/controllers/admin/repos.py

rhodecode/model/forms.py

rhodecode/model/repo.py

rhodecode/templates/admin/repos/repo_edit.html

0 comments (0 inline, 0 general)

rhodecode/config/routing.py

➞

Show inline comments

@@ @@ -127,6 +127,11 @@ def make_map(config): @@
         m.connect("formatted_repo", "/repos/{repo_name:.*?}.{format}",
              action="show", conditions=dict(method=["GET"],
                                             function=check_repo))
         #add repo perm member
         m.connect('set_repo_perm_member', "/set_repo_perm_member/{repo_name:.*?}",
              action="set_repo_perm_member",
              conditions=dict(method=["POST"], function=check_repo))
         #ajax delete repo perm user
         m.connect('delete_repo_user', "/repos_delete_user/{repo_name:.*?}",
              action="delete_perm_user",

rhodecode/controllers/admin/repos.py

➞

Show inline comments

@@ @@ -45,7 +45,7 @@ from rhodecode.lib.helpers import get_to @@
 from rhodecode.model.meta import Session
 from rhodecode.model.db import User, Repository, UserFollowing, RepoGroup,\
     RhodeCodeSetting, RepositoryField
 from rhodecode.model.forms import RepoForm, RepoFieldForm
+from rhodecode.model.forms import RepoForm, RepoFieldForm, RepoPermsForm
 from rhodecode.model.scm import ScmModel, GroupList
 from rhodecode.model.repo import RepoModel
 from rhodecode.lib.compat import json
@@ @@ -330,6 +330,42 @@ class ReposController(BaseRepoController @@
         return redirect(url('repos'))
     @HasRepoPermissionAllDecorator('repository.admin')
     def set_repo_perm_member(self, repo_name):
         form = RepoPermsForm()().to_python(request.POST)
         perms_new = form['perms_new']
         perms_updates = form['perms_updates']
         cur_repo = repo_name
         # update permissions
         for member, perm, member_type in perms_updates:
             if member_type == 'user':
                 # this updates existing one
                 RepoModel().grant_user_permission(
                     repo=cur_repo, user=member, perm=perm
+                )
             else:
                 RepoModel().grant_users_group_permission(
                     repo=cur_repo, group_name=member, perm=perm
+                )
         # set new permissions
         for member, perm, member_type in perms_new:
             if member_type == 'user':
                 RepoModel().grant_user_permission(
                     repo=cur_repo, user=member, perm=perm
+                )
             else:
                 RepoModel().grant_users_group_permission(
                     repo=cur_repo, group_name=member, perm=perm
+                )
         #TODO: implement this
         #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions',
         #              repo_name, self.ip_addr, self.sa)
         Session().commit()
         h.flash(_('updated repository permissions'), category='success')
         return redirect(url('edit_repo', repo_name=repo_name))
     @HasRepoPermissionAllDecorator('repository.admin')
     def delete_perm_user(self, repo_name):
         """
         DELETE an existing repository permission user
@@ @@ -339,6 +375,9 @@ class ReposController(BaseRepoController @@
         try:
             RepoModel().revoke_user_permission(repo=repo_name,
                                                user=request.POST['user_id'])
             #TODO: implement this
             #action_logger(self.rhodecode_user, 'admin_revoked_repo_permissions',
             #              repo_name, self.ip_addr, self.sa)
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())

rhodecode/model/forms.py

➞

Show inline comments

@@ @@ -199,11 +199,18 @@ def RepoForm(edit=False, old_data={}, su @@
             user = All(v.UnicodeString(not_empty=True), v.ValidRepoUser())
         chained_validators = [v.ValidCloneUri(),
                               v.ValidRepoName(edit, old_data),
                               v.ValidPerms()]
                               v.ValidRepoName(edit, old_data)]
     return _RepoForm
 def RepoPermsForm():
     class _RepoPermsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         chained_validators = [v.ValidPerms()]
     return _RepoPermsForm
 def RepoFieldForm():
     class _RepoFieldForm(formencode.Schema):
         filter_extra_fields = True

rhodecode/model/repo.py

➞

Show inline comments

@@ @@ -279,28 +279,6 @@ class RepoModel(BaseModel): @@
         try:
             cur_repo = self.get_by_repo_name(org_repo_name, cache=False)
             # update permissions
             for member, perm, member_type in kwargs['perms_updates']:
                 if member_type == 'user':
                     # this updates existing one
                     RepoModel().grant_user_permission(
                         repo=cur_repo, user=member, perm=perm
+                    )
                 else:
                     RepoModel().grant_users_group_permission(
                         repo=cur_repo, group_name=member, perm=perm
+                    )
             # set new permissions
             for member, perm, member_type in kwargs['perms_new']:
                 if member_type == 'user':
                     RepoModel().grant_user_permission(
                         repo=cur_repo, user=member, perm=perm
+                    )
                 else:
                     RepoModel().grant_users_group_permission(
                         repo=cur_repo, group_name=member, perm=perm
+                    )
             if 'user' in kwargs:
                 cur_repo.user = User.get_by_username(kwargs['user'])

rhodecode/templates/admin/repos/repo_edit.html

➞

Show inline comments

@@ @@ -144,15 +144,6 @@ ${self.context_bar('options')} @@
                  </div>
               %endfor
             %endif
             <div class="field">
                 <div class="label">
                     <label for="input">${_('Permissions')}:</label>
                 </div>
                 <div class="input">
                     <%include file="repo_edit_perms.html"/>
                 </div>
             </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
@@ @@ -164,6 +155,31 @@ ${self.context_bar('options')} @@
 <div class="box box-right">
     <div class="title">
         <h5>${_('Permissions')}</h5>
     </div>
     ${h.form(url('set_repo_perm_member', repo_name=c.repo_info.repo_name),method='post')}
     <div class="form">
        <div class="fields">
             <div class="field">
                 <div class="label">
                     <label for="input">${_('Permissions')}:</label>
                 </div>
                 <div class="input">
                     <%include file="repo_edit_perms.html"/>
                 </div>
             </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
        </div>
     </div>
     ${h.end_form()}
 </div>
 <div class="box box-right"  style="clear:right">
     <div class="title">
         <h5>${_('Advanced settings')}</h5>
     </div>

0 comments (0 inline, 0 general)