kallithea Changeset - c734686b3cf2

Changeset - c734686b3cf2

Parent rev.

Child rev.

[Not reviewed]

beta

0 5 0

Marcin Kuzminski - 13 years ago 2013-03-28 02:11:26
marcin@python-works.com

moved permission management into separate entity.
- this solves issues when whole form submision could influence permission management
particular case is that when repo group permission is revoked and user is no longer able to update repository settings

5 files changed with 79 insertions and 34 deletions:

rhodecode/config/routing.py

rhodecode/controllers/admin/repos.py

rhodecode/model/forms.py

rhodecode/model/repo.py

rhodecode/templates/admin/repos/repo_edit.html

0 comments (0 inline, 0 general)

rhodecode/config/routing.py

➞

Show inline comments

@@ @@ -118,24 +118,29 @@ def make_map(config): @@
         m.connect("edit_repo_admin", "/repos/{repo_name:.*?}/edit",
              action="edit", conditions=dict(method=["GET"],
                                             function=check_repo))
         m.connect("formatted_edit_repo", "/repos/{repo_name:.*?}.{format}/edit",
              action="edit", conditions=dict(method=["GET"],
                                             function=check_repo))
         m.connect("repo", "/repos/{repo_name:.*?}",
              action="show", conditions=dict(method=["GET"],
                                             function=check_repo))
         m.connect("formatted_repo", "/repos/{repo_name:.*?}.{format}",
              action="show", conditions=dict(method=["GET"],
                                             function=check_repo))
         #add repo perm member
         m.connect('set_repo_perm_member', "/set_repo_perm_member/{repo_name:.*?}",
              action="set_repo_perm_member",
              conditions=dict(method=["POST"], function=check_repo))
         #ajax delete repo perm user
         m.connect('delete_repo_user', "/repos_delete_user/{repo_name:.*?}",
              action="delete_perm_user",
              conditions=dict(method=["DELETE"], function=check_repo))
         #ajax delete repo perm users_group
         m.connect('delete_repo_users_group',
                   "/repos_delete_users_group/{repo_name:.*?}",
                   action="delete_perm_users_group",
                   conditions=dict(method=["DELETE"], function=check_repo))
         #settings actions

rhodecode/controllers/admin/repos.py

➞

Show inline comments

@@ @@ -36,25 +36,25 @@ from sqlalchemy.exc import IntegrityErro @@
 import rhodecode
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator, HasRepoPermissionAllDecorator, NotAnonymous,\
     HasPermissionAny, HasReposGroupPermissionAny
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.lib.utils import invalidate_cache, action_logger, repo_name_slug
 from rhodecode.lib.helpers import get_token
 from rhodecode.model.meta import Session
 from rhodecode.model.db import User, Repository, UserFollowing, RepoGroup,\
     RhodeCodeSetting, RepositoryField
 from rhodecode.model.forms import RepoForm, RepoFieldForm
+from rhodecode.model.forms import RepoForm, RepoFieldForm, RepoPermsForm
 from rhodecode.model.scm import ScmModel, GroupList
 from rhodecode.model.repo import RepoModel
 from rhodecode.lib.compat import json
 from sqlalchemy.sql.expression import func
 log = logging.getLogger(__name__)
 class ReposController(BaseRepoController):
     """
     REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
@@ @@ -321,33 +321,72 @@ class ReposController(BaseRepoController @@
                 h.flash(_('An error occurred during '
                           'deletion of %s') % repo_name,
                         category='error')
         except Exception, e:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of %s') % repo_name,
                     category='error')
         return redirect(url('repos'))
     @HasRepoPermissionAllDecorator('repository.admin')
     def set_repo_perm_member(self, repo_name):
         form = RepoPermsForm()().to_python(request.POST)
         perms_new = form['perms_new']
         perms_updates = form['perms_updates']
         cur_repo = repo_name
         # update permissions
         for member, perm, member_type in perms_updates:
             if member_type == 'user':
                 # this updates existing one
                 RepoModel().grant_user_permission(
                     repo=cur_repo, user=member, perm=perm
+                )
             else:
                 RepoModel().grant_users_group_permission(
                     repo=cur_repo, group_name=member, perm=perm
+                )
         # set new permissions
         for member, perm, member_type in perms_new:
             if member_type == 'user':
                 RepoModel().grant_user_permission(
                     repo=cur_repo, user=member, perm=perm
+                )
             else:
                 RepoModel().grant_users_group_permission(
                     repo=cur_repo, group_name=member, perm=perm
+                )
         #TODO: implement this
         #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions',
         #              repo_name, self.ip_addr, self.sa)
         Session().commit()
         h.flash(_('updated repository permissions'), category='success')
         return redirect(url('edit_repo', repo_name=repo_name))
     @HasRepoPermissionAllDecorator('repository.admin')
     def delete_perm_user(self, repo_name):
         """
         DELETE an existing repository permission user
         :param repo_name:
         """
         try:
             RepoModel().revoke_user_permission(repo=repo_name,
                                                user=request.POST['user_id'])
             #TODO: implement this
             #action_logger(self.rhodecode_user, 'admin_revoked_repo_permissions',
             #              repo_name, self.ip_addr, self.sa)
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of repository user'),
                     category='error')
             raise HTTPInternalServerError()
     @HasRepoPermissionAllDecorator('repository.admin')
     def delete_perm_users_group(self, repo_name):
         """
         DELETE an existing repository permission user group

rhodecode/model/forms.py

➞

Show inline comments

@@ @@ -190,29 +190,36 @@ def RepoForm(edit=False, old_data={}, su @@
         repo_landing_rev = v.OneOf(landing_revs, hideList=True)
         clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))
         repo_enable_statistics = v.StringBoolean(if_missing=False)
         repo_enable_downloads = v.StringBoolean(if_missing=False)
         repo_enable_locking = v.StringBoolean(if_missing=False)
         if edit:
             #this is repo owner
             user = All(v.UnicodeString(not_empty=True), v.ValidRepoUser())
         chained_validators = [v.ValidCloneUri(),
                               v.ValidRepoName(edit, old_data),
                               v.ValidPerms()]
                               v.ValidRepoName(edit, old_data)]
     return _RepoForm
 def RepoPermsForm():
     class _RepoPermsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         chained_validators = [v.ValidPerms()]
     return _RepoPermsForm
 def RepoFieldForm():
     class _RepoFieldForm(formencode.Schema):
         filter_extra_fields = True
         allow_extra_fields = True
         new_field_key = All(v.FieldKey(),
                             v.UnicodeString(strip=True, min=3, not_empty=True))
         new_field_value = v.UnicodeString(not_empty=False, if_missing='')
         new_field_type = v.OneOf(['str', 'unicode', 'list', 'tuple'],
                                  if_missing='str')
         new_field_label = v.UnicodeString(not_empty=False)
         new_field_desc = v.UnicodeString(not_empty=False)

rhodecode/model/repo.py

➞

Show inline comments

@@ @@ -270,46 +270,24 @@ class RepoModel(BaseModel): @@
         # fill repository groups
         for p in repo_info.users_group_to_perm:
             defaults.update({'g_perm_%s' % p.users_group.users_group_name:
                              p.permission.permission_name})
         return defaults
     def update(self, org_repo_name, **kwargs):
         try:
             cur_repo = self.get_by_repo_name(org_repo_name, cache=False)
             # update permissions
             for member, perm, member_type in kwargs['perms_updates']:
                 if member_type == 'user':
                     # this updates existing one
                     RepoModel().grant_user_permission(
                         repo=cur_repo, user=member, perm=perm
+                    )
                 else:
                     RepoModel().grant_users_group_permission(
                         repo=cur_repo, group_name=member, perm=perm
+                    )
             # set new permissions
             for member, perm, member_type in kwargs['perms_new']:
                 if member_type == 'user':
                     RepoModel().grant_user_permission(
                         repo=cur_repo, user=member, perm=perm
+                    )
                 else:
                     RepoModel().grant_users_group_permission(
                         repo=cur_repo, group_name=member, perm=perm
+                    )
             if 'user' in kwargs:
                 cur_repo.user = User.get_by_username(kwargs['user'])
             if 'repo_group' in kwargs:
                 cur_repo.group = RepoGroup.get(kwargs['repo_group'])
             for strip, k in [(0, 'repo_type'), (1, 'repo_enable_downloads'),
                       (1, 'repo_description'), (1, 'repo_enable_locking'),
                       (1, 'repo_landing_rev'), (0, 'clone_uri'),
                       (1, 'repo_private'), (1, 'repo_enable_statistics')]:
                 if k in kwargs:
                     val = kwargs[k]

rhodecode/templates/admin/repos/repo_edit.html

➞

Show inline comments

@@ @@ -135,44 +135,60 @@ ${self.context_bar('options')} @@
                     <div class="label">
                         <label for="${field.field_key_prefixed}">${field.field_label} (${field.field_key}):</label>
                     </div>
                     <div class="input input-medium">
                         ${h.text(field.field_key_prefixed, field.field_value, class_='medium')}
                         %if field.field_desc:
                           <span class="help-block">${field.field_desc}</span>
                         %endif
                     </div>
                  </div>
               %endfor
             %endif
             <div class="field">
                 <div class="label">
                     <label for="input">${_('Permissions')}:</label>
                 </div>
                 <div class="input">
                     <%include file="repo_edit_perms.html"/>
                 </div>
             </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 <div class="box box-right">
     <div class="title">
         <h5>${_('Permissions')}</h5>
     </div>
     ${h.form(url('set_repo_perm_member', repo_name=c.repo_info.repo_name),method='post')}
     <div class="form">
        <div class="fields">
             <div class="field">
                 <div class="label">
                     <label for="input">${_('Permissions')}:</label>
                 </div>
                 <div class="input">
                     <%include file="repo_edit_perms.html"/>
                 </div>
             </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
        </div>
     </div>
     ${h.end_form()}
 </div>
 <div class="box box-right"  style="clear:right">
     <div class="title">
         <h5>${_('Advanced settings')}</h5>
     </div>
     <h3>${_('Statistics')}</h3>
     ${h.form(url('repo_stats', repo_name=c.repo_info.repo_name),method='delete')}
     <div class="form">
        <div class="fields">
            ${h.submit('reset_stats_%s' % c.repo_info.repo_name,_('Reset current statistics'),class_="ui-btn",onclick="return confirm('"+_('Confirm to remove current statistics')+"');")}
            <div class="field" style="border:none;color:#888">
            <ul>
                 <li>${_('Fetched to rev')}: ${c.stats_revision}/${c.repo_last_rev}</li>
                 <li>${_('Stats gathered')}: ${c.stats_percentage}%</li>

0 comments (0 inline, 0 general)