kallithea Changeset - c9f5a397c0dc

Changeset - c9f5a397c0dc

Parent rev.

Child rev.

[Not reviewed]

beta

0 1 0

Marcin Kuzminski - 12 years ago 2013-05-23 00:01:00
marcin@python-works.com

Updated boolean checks in API permissions calls

1 file changed with 10 insertions and 9 deletions:

rhodecode/controllers/api/api.py

0 comments (0 inline, 0 general)

rhodecode/controllers/api/api.py

➞

Show inline comments

@@ @@ -113,13 +113,13 @@ def get_user_or_error(userid): @@
 def get_repo_or_error(repoid):
     """
     Get repo by id or name or return JsonRPCError if not found
-    :param userid:
+    :param repoid:
     """
     repo = RepoModel().get_repo(repoid)
     if repo is None:
         raise JSONRPCError('repository `%s` does not exist' % (repoid))
     return repo
@@ @@ -212,13 +212,13 @@ class ApiController(JSONRPCController): @@
         Dispatch cache invalidation action on given repo
         :param apiuser:
         :param repoid:
         """
         repo = get_repo_or_error(repoid)
-        if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:
+        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
             # check if we have admin permission for this repo !
             if HasRepoPermissionAnyApi('repository.admin',
                                        'repository.write')(user=apiuser,
                                             repo_name=repo.repo_name) is False:
                 raise JSONRPCError('repository `%s` does not exist' % (repoid))
@@ @@ -228,12 +228,13 @@ class ApiController(JSONRPCController): @@
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'Error occurred during cache invalidation action'
+            )
     # permission check inside
     def lock(self, apiuser, repoid, locked=Optional(None),
              userid=Optional(OAttr('apiuser'))):
         """
         Set locking state on particular repository by given user, if
         this command is runned by non-admin account userid is set to user
         who is calling this method
@@ @@ -320,15 +321,14 @@ class ApiController(JSONRPCController): @@
         this command is runned by non-admin account userid is set to user
         who is calling this method, thus returning locks for himself
         :param apiuser:
         :param userid:
         """
         if HasPermissionAnyApi('hg.admin')(user=apiuser):
             pass
         else:
         if not HasPermissionAnyApi('hg.admin')(user=apiuser):
             #make sure normal user does not pass someone else userid,
             #he is not allowed to do that
             if not isinstance(userid, Optional) and userid != apiuser.user_id:
                 raise JSONRPCError(
                     'userid is not the same as your user'
+                )
@@ @@ -372,13 +372,13 @@ class ApiController(JSONRPCController): @@
         """"
         Get a user by username, or userid, if userid is given
         :param apiuser:
         :param userid:
         """
-        if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:
+        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
             #make sure normal user does not pass someone else userid,
             #he is not allowed to do that
             if not isinstance(userid, Optional) and userid != apiuser.user_id:
                 raise JSONRPCError(
                     'userid is not the same as your user'
+                )
@@ @@ -666,16 +666,16 @@ class ApiController(JSONRPCController): @@
         :param apiuser:
         :param repoid:
         """
         repo = get_repo_or_error(repoid)
-        if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:
+        if not HasPermissionAnyApi('hg.admin')(user=apiuser):
             # check if we have admin permission for this repo !
             if HasRepoPermissionAnyApi('repository.admin')(user=apiuser,
                                             repo_name=repo.repo_name) is False:
             if not HasRepoPermissionAnyApi('repository.admin')(user=apiuser,
                                             repo_name=repo.repo_name):
                 raise JSONRPCError('repository `%s` does not exist' % (repoid))
         members = []
         followers = []
         for user in repo.repo_to_perm:
             perm = user.permission.permission_name
@@ @@ -698,12 +698,13 @@ class ApiController(JSONRPCController): @@
         data = repo.get_api_data()
         data['members'] = members
         data['followers'] = followers
         return data
     # permission check inside
     def get_repos(self, apiuser):
         """"
         Get all repositories
         :param apiuser:
         """

0 comments (0 inline, 0 general)