kallithea Changeset - c9f5a397c0dc

Changeset - c9f5a397c0dc

Parent rev.

Child rev.

[Not reviewed]

beta

0 1 0

Marcin Kuzminski - 12 years ago 2013-05-23 00:01:00
marcin@python-works.com

Updated boolean checks in API permissions calls

1 file changed with 10 insertions and 9 deletions:

rhodecode/controllers/api/api.py

0 comments (0 inline, 0 general)

rhodecode/controllers/api/api.py

➞

Show inline comments

@@ @@ -116,7 +116,7 @@ def get_repo_or_error(repoid): @@
     """
     Get repo by id or name or return JsonRPCError if not found
-    :param userid:
+    :param repoid:
     """
     repo = RepoModel().get_repo(repoid)
     if repo is None:
@@ @@ -215,7 +215,7 @@ class ApiController(JSONRPCController): @@
         :param repoid:
         """
         repo = get_repo_or_error(repoid)
-        if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:
+        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
             # check if we have admin permission for this repo !
             if HasRepoPermissionAnyApi('repository.admin',
                                        'repository.write')(user=apiuser,
@@ @@ -231,6 +231,7 @@ class ApiController(JSONRPCController): @@
                 'Error occurred during cache invalidation action'
+            )
     # permission check inside
     def lock(self, apiuser, repoid, locked=Optional(None),
              userid=Optional(OAttr('apiuser'))):
         """
@@ @@ -323,9 +324,8 @@ class ApiController(JSONRPCController): @@
         :param apiuser:
         :param userid:
         """
         if HasPermissionAnyApi('hg.admin')(user=apiuser):
             pass
         else:
         if not HasPermissionAnyApi('hg.admin')(user=apiuser):
             #make sure normal user does not pass someone else userid,
             #he is not allowed to do that
             if not isinstance(userid, Optional) and userid != apiuser.user_id:
@@ @@ -375,7 +375,7 @@ class ApiController(JSONRPCController): @@
         :param apiuser:
         :param userid:
         """
-        if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:
+        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
             #make sure normal user does not pass someone else userid,
             #he is not allowed to do that
             if not isinstance(userid, Optional) and userid != apiuser.user_id:
@@ @@ -669,10 +669,10 @@ class ApiController(JSONRPCController): @@
         """
         repo = get_repo_or_error(repoid)
-        if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:
+        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
             # check if we have admin permission for this repo !
             if HasRepoPermissionAnyApi('repository.admin')(user=apiuser,
                                             repo_name=repo.repo_name) is False:
             if not HasRepoPermissionAnyApi('repository.admin')(user=apiuser,
                                             repo_name=repo.repo_name):
                 raise JSONRPCError('repository `%s` does not exist' % (repoid))
         members = []
@@ @@ -701,6 +701,7 @@ class ApiController(JSONRPCController): @@
         data['followers'] = followers
         return data
     # permission check inside
     def get_repos(self, apiuser):
         """"
         Get all repositories

0 comments (0 inline, 0 general)