kallithea Changeset - c96e05599877

Changeset - c96e05599877

Parent rev.

Child rev.

[Not reviewed]

default

0 2 0

Mads Kiilerich - 9 years ago 2016-09-12 17:41:19
madski@unity3d.com

api: stop explicitly passing apiuser to auth methods - use the global user instead

2 files changed with 58 insertions and 72 deletions:

kallithea/controllers/api/api.py

kallithea/lib/auth.py

0 comments (0 inline, 0 general)

kallithea/controllers/api/api.py

➞

Show inline comments

@@ @@ -282,11 +282,11 @@ class ApiController(JSONRPCController): @@
         """
         repo = get_repo_or_error(repoid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # check if we have admin permission for this repo !
             if not HasRepoPermissionAnyApi('repository.admin',
                                            'repository.write')(
-                    user=apiuser, repo_name=repo.repo_name):
                     repo_name=repo.repo_name):
                 raise JSONRPCError('repository `%s` does not exist' % (repoid,))
         try:
@@ @@ -348,11 +348,10 @@ class ApiController(JSONRPCController): @@
         """
         repo = get_repo_or_error(repoid)
-        if HasPermissionAnyApi('hg.admin')(user=apiuser):
         if HasPermissionAnyApi('hg.admin')():
             pass
         elif HasRepoPermissionAnyApi('repository.admin',
                                      'repository.write')(user=apiuser,
                                                          repo_name=repo.repo_name):
                                      'repository.write')(repo_name=repo.repo_name):
             # make sure normal user does not pass someone else userid,
             # he is not allowed to do that
             if not isinstance(userid, Optional) and userid != apiuser.user_id:
@@ @@ -441,7 +440,7 @@ class ApiController(JSONRPCController): @@
           error :  null
         """
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # make sure normal user does not pass someone else userid,
             # he is not allowed to do that
             if not isinstance(userid, Optional) and userid != apiuser.user_id:
@@ @@ -575,7 +574,7 @@ class ApiController(JSONRPCController): @@
             error:  null
         """
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # make sure normal user does not pass someone else userid,
             # he is not allowed to do that
             if not isinstance(userid, Optional) and userid != apiuser.user_id:
@@ @@ -850,11 +849,11 @@ class ApiController(JSONRPCController): @@
         """
         user_group = get_user_group_or_error(usergroupid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # check if we have at least read permission for this user group !
             _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
             if not HasUserGroupPermissionAny(*_perms)(
-                    user=apiuser, user_group_name=user_group.users_group_name):
                     user_group_name=user_group.users_group_name):
                 raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))
         data = user_group.get_api_data()
@@ @@ -879,9 +878,8 @@ class ApiController(JSONRPCController): @@
         result = []
         _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
         extras = {'user': apiuser}
         for user_group in UserGroupList(UserGroup.get_all(),
-                                        perm_set=_perms, extra_kwargs=extras):
                                         perm_set=_perms):
             result.append(user_group.get_api_data())
         return result
@@ @@ -986,11 +984,11 @@ class ApiController(JSONRPCController): @@
         """
         user_group = get_user_group_or_error(usergroupid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # check if we have admin permission for this user group !
             _perms = ('usergroup.admin',)
             if not HasUserGroupPermissionAny(*_perms)(
-                    user=apiuser, user_group_name=user_group.users_group_name):
                     user_group_name=user_group.users_group_name):
                 raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))
         if not isinstance(owner, Optional):
@@ @@ -1045,11 +1043,11 @@ class ApiController(JSONRPCController): @@
         """
         user_group = get_user_group_or_error(usergroupid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # check if we have admin permission for this user group !
             _perms = ('usergroup.admin',)
             if not HasUserGroupPermissionAny(*_perms)(
-                    user=apiuser, user_group_name=user_group.users_group_name):
                     user_group_name=user_group.users_group_name):
                 raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))
         try:
@@ @@ -1106,11 +1104,11 @@ class ApiController(JSONRPCController): @@
         """
         user = get_user_or_error(userid)
         user_group = get_user_group_or_error(usergroupid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # check if we have admin permission for this user group !
             _perms = ('usergroup.admin',)
             if not HasUserGroupPermissionAny(*_perms)(
-                    user=apiuser, user_group_name=user_group.users_group_name):
                     user_group_name=user_group.users_group_name):
                 raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))
         try:
@@ @@ -1160,11 +1158,11 @@ class ApiController(JSONRPCController): @@
         """
         user = get_user_or_error(userid)
         user_group = get_user_group_or_error(usergroupid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # check if we have admin permission for this user group !
             _perms = ('usergroup.admin',)
             if not HasUserGroupPermissionAny(*_perms)(
-                    user=apiuser, user_group_name=user_group.users_group_name):
                     user_group_name=user_group.users_group_name):
                 raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))
         try:
@@ @@ -1245,10 +1243,10 @@ class ApiController(JSONRPCController): @@
         """
         repo = get_repo_or_error(repoid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # check if we have admin permission for this repo !
             perms = ('repository.admin', 'repository.write', 'repository.read')
-            if not HasRepoPermissionAnyApi(*perms)(user=apiuser, repo_name=repo.repo_name):
             if not HasRepoPermissionAnyApi(*perms)(repo_name=repo.repo_name):
                 raise JSONRPCError('repository `%s` does not exist' % (repoid,))
         members = []
@@ @@ -1315,7 +1313,7 @@ class ApiController(JSONRPCController): @@
             error:  null
         """
         result = []
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             repos = RepoModel().get_all_user_repos(user=apiuser)
         else:
             repos = Repository.get_all()
@@ @@ -1359,10 +1357,10 @@ class ApiController(JSONRPCController): @@
         """
         repo = get_repo_or_error(repoid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # check if we have admin permission for this repo !
             perms = ('repository.admin', 'repository.write', 'repository.read')
-            if not HasRepoPermissionAnyApi(*perms)(user=apiuser, repo_name=repo.repo_name):
             if not HasRepoPermissionAnyApi(*perms)(repo_name=repo.repo_name):
                 raise JSONRPCError('repository `%s` does not exist' % (repoid,))
         ret_type = Optional.extract(ret_type)
@@ @@ -1447,7 +1445,7 @@ class ApiController(JSONRPCController): @@
+          }
         """
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             if not isinstance(owner, Optional):
                 # forbid setting owner for non-admins
                 raise JSONRPCError(
@@ @@ -1541,14 +1539,13 @@ class ApiController(JSONRPCController): @@
         :param enable_downloads:
         """
         repo = get_repo_or_error(repoid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # check if we have admin permission for this repo !
             if not HasRepoPermissionAnyApi('repository.admin')(user=apiuser,
                                                                repo_name=repo.repo_name):
             if not HasRepoPermissionAnyApi('repository.admin')(repo_name=repo.repo_name):
                 raise JSONRPCError('repository `%s` does not exist' % (repoid,))
             if (name != repo.repo_name and
-                not HasPermissionAnyApi('hg.create.repository')(user=apiuser)
                 not HasPermissionAnyApi('hg.create.repository')()
                 ):
                 raise JSONRPCError('no permission to create (or move) repositories')
@@ @@ -1641,19 +1638,18 @@ class ApiController(JSONRPCController): @@
             type_ = 'fork' if _repo.fork else 'repo'
             raise JSONRPCError("%s `%s` already exist" % (type_, fork_name))
-        if HasPermissionAnyApi('hg.admin')(user=apiuser):
         if HasPermissionAnyApi('hg.admin')():
             pass
         elif HasRepoPermissionAnyApi('repository.admin',
                                      'repository.write',
                                      'repository.read')(user=apiuser,
                                                         repo_name=repo.repo_name):
                                      'repository.read')(repo_name=repo.repo_name):
             if not isinstance(owner, Optional):
                 # forbid setting owner for non-admins
                 raise JSONRPCError(
                     'Only Kallithea admin can specify `owner` param'
+                )
-            if not HasPermissionAnyApi('hg.create.repository')(user=apiuser):
             if not HasPermissionAnyApi('hg.create.repository')():
                 raise JSONRPCError('no permission to create repositories')
         else:
             raise JSONRPCError('repository `%s` does not exist' % (repoid,))
@@ @@ -1724,10 +1720,9 @@ class ApiController(JSONRPCController): @@
         """
         repo = get_repo_or_error(repoid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # check if we have admin permission for this repo !
             if not HasRepoPermissionAnyApi('repository.admin')(user=apiuser,
                                                                repo_name=repo.repo_name):
             if not HasRepoPermissionAnyApi('repository.admin')(repo_name=repo.repo_name):
                 raise JSONRPCError('repository `%s` does not exist' % (repoid,))
         try:
@@ @@ -1883,17 +1878,17 @@ class ApiController(JSONRPCController): @@
         repo = get_repo_or_error(repoid)
         perm = get_perm_or_error(perm)
         user_group = get_user_group_or_error(usergroupid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # check if we have admin permission for this repo !
             _perms = ('repository.admin',)
             if not HasRepoPermissionAnyApi(*_perms)(
-                    user=apiuser, repo_name=repo.repo_name):
                     repo_name=repo.repo_name):
                 raise JSONRPCError('repository `%s` does not exist' % (repoid,))
             # check if we have at least read permission for this user group !
             _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
             if not HasUserGroupPermissionAny(*_perms)(
-                    user=apiuser, user_group_name=user_group.users_group_name):
                     user_group_name=user_group.users_group_name):
                 raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))
         try:
@@ @@ -1941,17 +1936,17 @@ class ApiController(JSONRPCController): @@
         """
         repo = get_repo_or_error(repoid)
         user_group = get_user_group_or_error(usergroupid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # check if we have admin permission for this repo !
             _perms = ('repository.admin',)
             if not HasRepoPermissionAnyApi(*_perms)(
-                    user=apiuser, repo_name=repo.repo_name):
                     repo_name=repo.repo_name):
                 raise JSONRPCError('repository `%s` does not exist' % (repoid,))
             # check if we have at least read permission for this user group !
             _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
             if not HasUserGroupPermissionAny(*_perms)(
-                    user=apiuser, user_group_name=user_group.users_group_name):
                     user_group_name=user_group.users_group_name):
                 raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))
         try:
@@ @@ -2203,10 +2198,9 @@ class ApiController(JSONRPCController): @@
         repo_group = get_repo_group_or_error(repogroupid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # check if we have admin permission for this repo group !
             if not HasRepoGroupPermissionAnyApi('group.admin')(user=apiuser,
                                                                group_name=repo_group.group_name):
             if not HasRepoGroupPermissionAnyApi('group.admin')(group_name=repo_group.group_name):
                 raise JSONRPCError('repository group `%s` does not exist' % (repogroupid,))
         user = get_user_or_error(userid)
@@ @@ -2270,10 +2264,9 @@ class ApiController(JSONRPCController): @@
         repo_group = get_repo_group_or_error(repogroupid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # check if we have admin permission for this repo group !
             if not HasRepoGroupPermissionAnyApi('group.admin')(user=apiuser,
                                                                group_name=repo_group.group_name):
             if not HasRepoGroupPermissionAnyApi('group.admin')(group_name=repo_group.group_name):
                 raise JSONRPCError('repository group `%s` does not exist' % (repogroupid,))
         user = get_user_or_error(userid)
@@ @@ -2341,18 +2334,18 @@ class ApiController(JSONRPCController): @@
         repo_group = get_repo_group_or_error(repogroupid)
         perm = get_perm_or_error(perm, prefix='group.')
         user_group = get_user_group_or_error(usergroupid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # check if we have admin permission for this repo group !
             _perms = ('group.admin',)
             if not HasRepoGroupPermissionAnyApi(*_perms)(
-                    user=apiuser, group_name=repo_group.group_name):
                     group_name=repo_group.group_name):
                 raise JSONRPCError(
                     'repository group `%s` does not exist' % (repogroupid,))
             # check if we have at least read permission for this user group !
             _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
             if not HasUserGroupPermissionAny(*_perms)(
-                    user=apiuser, user_group_name=user_group.users_group_name):
                     user_group_name=user_group.users_group_name):
                 raise JSONRPCError(
                     'user group `%s` does not exist' % (usergroupid,))
@@ @@ -2419,18 +2412,18 @@ class ApiController(JSONRPCController): @@
         """
         repo_group = get_repo_group_or_error(repogroupid)
         user_group = get_user_group_or_error(usergroupid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # check if we have admin permission for this repo group !
             _perms = ('group.admin',)
             if not HasRepoGroupPermissionAnyApi(*_perms)(
-                    user=apiuser, group_name=repo_group.group_name):
                     group_name=repo_group.group_name):
                 raise JSONRPCError(
                     'repository group `%s` does not exist' % (repogroupid,))
             # check if we have at least read permission for this user group !
             _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
             if not HasUserGroupPermissionAny(*_perms)(
-                    user=apiuser, user_group_name=user_group.users_group_name):
                     user_group_name=user_group.users_group_name):
                 raise JSONRPCError(
                     'user group `%s` does not exist' % (usergroupid,))
@@ @@ -2466,7 +2459,7 @@ class ApiController(JSONRPCController): @@
         :type gistid: str
         """
         gist = get_gist_or_error(gistid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             if gist.gist_owner != apiuser.user_id:
                 raise JSONRPCError('gist `%s` does not exist' % (gistid,))
         return gist.get_api_data()
@@ @@ -2481,7 +2474,7 @@ class ApiController(JSONRPCController): @@
         :param userid: user to get gists for
         :type userid: Optional(str or int)
         """
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             # make sure normal user does not pass someone else userid,
             # he is not allowed to do that
             if not isinstance(userid, Optional) and userid != apiuser.user_id:
@@ @@ -2601,7 +2594,7 @@ class ApiController(JSONRPCController): @@
         """
         gist = get_gist_or_error(gistid)
-        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
         if not HasPermissionAnyApi('hg.admin')():
             if gist.gist_owner != apiuser.user_id:
                 raise JSONRPCError('gist `%s` does not exist' % (gistid,))

kallithea/lib/auth.py

➞

Show inline comments

@@ @@ -939,10 +939,7 @@ class PermsFunction(object): @@
         """
         raise AssertionError(self.__class__.__name__ + ' is not a bool and must be called!')
     def __call__(self, check_location='unspecified location', user=None):
         if user:
             assert user.user_id == request.user.user_id, (user, request.user)
     def __call__(self, check_location='unspecified location'):
         user = request.user
         assert user
         assert isinstance(user, AuthUser), user
@@ @@ -976,9 +973,9 @@ class HasPermissionAny(PermsFunction): @@
 class HasRepoPermissionAny(PermsFunction):
-    def __call__(self, repo_name=None, check_location='', user=None):
     def __call__(self, repo_name=None, check_location=''):
         self.repo_name = repo_name
-        return super(HasRepoPermissionAny, self).__call__(check_location, user)
         return super(HasRepoPermissionAny, self).__call__(check_location)
     def check_permissions(self):
         if not self.repo_name:
@@ @@ -999,9 +996,9 @@ class HasRepoPermissionAny(PermsFunction @@
 class HasRepoGroupPermissionAny(PermsFunction):
-    def __call__(self, group_name=None, check_location='', user=None):
     def __call__(self, group_name=None, check_location=''):
         self.group_name = group_name
-        return super(HasRepoGroupPermissionAny, self).__call__(check_location, user)
         return super(HasRepoGroupPermissionAny, self).__call__(check_location)
     def check_permissions(self):
         try:
@@ @@ -1019,9 +1016,9 @@ class HasRepoGroupPermissionAny(PermsFun @@
 class HasUserGroupPermissionAny(PermsFunction):
-    def __call__(self, user_group_name=None, check_location='', user=None):
     def __call__(self, user_group_name=None, check_location=''):
         self.user_group_name = user_group_name
-        return super(HasUserGroupPermissionAny, self).__call__(check_location, user)
         return super(HasUserGroupPermissionAny, self).__call__(check_location)
     def check_permissions(self):
         try:
@@ @@ -1075,11 +1072,7 @@ class _BaseApiPerm(object): @@
     def __init__(self, *perms):
         self.required_perms = set(perms)
     def __call__(self, check_location=None, user=None, repo_name=None,
                  group_name=None):
         assert user
         assert user.user_id == request.user.user_id, (user, request.user)
     def __call__(self, check_location=None, repo_name=None, group_name=None):
         user = request.user
         assert user
         assert isinstance(user, AuthUser), user

0 comments (0 inline, 0 general)