kallithea Changeset - ca54622e39a1

Changeset - ca54622e39a1

Parent rev.

Child rev.

[Not reviewed]

default

0 7 1

Marcin Kuzminski - 15 years ago 2010-08-01 17:08:58
marcin@python-works.com

Added separate create repository views for non administrative users.
Fixed permission issue with private repos

8 files changed with 97 insertions and 14 deletions:

pylons_app/__init__.py

pylons_app/config/routing.py

pylons_app/controllers/admin/repos.py

pylons_app/controllers/admin/settings.py

pylons_app/lib/auth.py

pylons_app/templates/admin/repos/repo_add_create_repository.html

pylons_app/templates/base/base.html

pylons_app/templates/index.html

0 comments (0 inline, 0 general)

pylons_app/__init__.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # Hg app, a web based mercurial repository managment based on pylons
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
@@ @@ -14,13 +14,12 @@ @@
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 9, 2010
 Hg app, a web based mercurial repository managment based on pylons
 @author: marcink
 """

pylons_app/config/routing.py

➞

Show inline comments

@@ @@ -97,12 +97,14 @@ def make_map(config): @@
         m.connect("admin_formatted_setting", "/settings/{setting_id}.{format}",
              action="show", conditions=dict(method=["GET"]))
         m.connect("admin_settings_my_account", "/my_account",
              action="my_account", conditions=dict(method=["GET"]))
         m.connect("admin_settings_my_account_update", "/my_account_update",
              action="my_account_update", conditions=dict(method=["PUT"]))
         m.connect("admin_settings_create_repository", "/create_repository",
              action="create_repository", conditions=dict(method=["GET"]))
     #ADMIN
     with map.submapper(path_prefix='/_admin', controller='admin/admin') as m:
         m.connect('admin_home', '', action='index')#main page
         m.connect('admin_add_repo', '/add_repo/{new_repo:[a-z0-9\. _-]*}',
                   action='add_repo')

pylons_app/controllers/admin/repos.py

➞

Show inline comments

@@ @@ -26,13 +26,14 @@ from formencode import htmlfill @@
 from operator import itemgetter
 from paste.httpexceptions import HTTPInternalServerError
 from pylons import request, response, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from pylons_app.lib import helpers as h
 from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator
 from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator
 from pylons_app.lib.base import BaseController, render
 from pylons_app.lib.utils import invalidate_cache
 from pylons_app.model.db import User
 from pylons_app.model.forms import RepoForm
 from pylons_app.model.hg_model import HgModel
 from pylons_app.model.repo_model import RepoModel
@@ @@ -46,25 +47,27 @@ class ReposController(BaseController): @@
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('repo', 'repos')
     @LoginRequired()
-    @HasPermissionAllDecorator('hg.admin')
+    @HasPermissionAnyDecorator('hg.admin', 'repository.create')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(ReposController, self).__before__()
     @HasPermissionAllDecorator('hg.admin')
     def index(self, format='html'):
         """GET /repos: All items in the collection"""
         # url('repos')
         cached_repo_list = HgModel().get_repos()
         c.repos_list = sorted(cached_repo_list, key=itemgetter('name_sort'))
         return render('admin/repos/repos.html')
     @HasPermissionAnyDecorator('hg.admin', 'repository.create')
     def create(self):
         """POST /repos: Create a new item"""
         # url('repos')
         repo_model = RepoModel()
         _form = RepoForm()()
         form_result = {}
@@ @@ -74,34 +77,43 @@ class ReposController(BaseController): @@
             invalidate_cache('cached_repo_list')
             h.flash(_('created repository %s') % form_result['repo_name'],
                     category='success')
         except formencode.Invalid as errors:
             c.new_repo = errors.value['repo_name']
             if request.POST.get('user_created'):
                 r = render('admin/repos/repo_add_create_repository.html')
             else:
                 r = render('admin/repos/repo_add.html')
             return htmlfill.render(
-                render('admin/repos/repo_add.html'),
+                r,
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             msg = _('error occured during creation of repository %s') \
                     % form_result.get('repo_name')
             h.flash(msg, category='error')
         if request.POST.get('user_created'):
             return redirect(url('hg_home'))
         return redirect(url('repos'))
         return redirect('repos')
     @HasPermissionAllDecorator('hg.admin')
     def new(self, format='html'):
         """GET /repos/new: Form to create a new item"""
         new_repo = request.GET.get('repo', '')
         c.new_repo = h.repo_name_slug(new_repo)
         return render('admin/repos/repo_add.html')
     @HasPermissionAllDecorator('hg.admin')
     def update(self, repo_name):
         """PUT /repos/repo_name: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('repo', repo_name=ID),
@@ @@ -133,12 +145,13 @@ class ReposController(BaseController): @@
             log.error(traceback.format_exc())
             h.flash(_('error occured during update of repository %s') \
                     % repo_name, category='error')
         return redirect(url('edit_repo', repo_name=changed_name))
     @HasPermissionAllDecorator('hg.admin')
     def delete(self, repo_name):
         """DELETE /repos/repo_name: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('repo', repo_name=ID),
@@ @@ -162,12 +175,13 @@ class ReposController(BaseController): @@
         except Exception:
             h.flash(_('An error occured during deletion of %s') % repo_name,
                     category='error')
         return redirect(url('repos'))
     @HasPermissionAllDecorator('hg.admin')
     def delete_perm_user(self, repo_name):
         """
         DELETE an existing repository permission user
         @param repo_name:
         """
@@ @@ -176,16 +190,18 @@ class ReposController(BaseController): @@
             repo_model.delete_perm_user(request.POST, repo_name)
         except Exception as e:
             h.flash(_('An error occured during deletion of repository user'),
                     category='error')
             raise HTTPInternalServerError()
     @HasPermissionAllDecorator('hg.admin')
     def show(self, repo_name, format='html'):
         """GET /repos/repo_name: Show a specific item"""
         # url('repo', repo_name=ID)
     @HasPermissionAllDecorator('hg.admin')
     def edit(self, repo_name, format='html'):
         """GET /repos/repo_name/edit: Form to edit an existing item"""
         # url('edit_repo', repo_name=ID)
         repo_model = RepoModel()
         c.repo_info = repo = repo_model.get(repo_name)
         if not repo:

pylons_app/controllers/admin/settings.py

➞

Show inline comments

@@ @@ -25,13 +25,14 @@ settings controller for pylons @@
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url, app_globals as g, \
     config
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from pylons_app.lib import helpers as h
 from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator
 from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator
 from pylons_app.lib.base import BaseController, render
 from pylons_app.lib.utils import repo2db_mapper, invalidate_cache, \
     set_hg_app_config
 from pylons_app.model.db import User, UserLog, HgAppSettings
 from pylons_app.model.forms import UserForm, ApplicationSettingsForm
 from pylons_app.model.hg_model import HgModel
@@ @@ -206,7 +207,14 @@ class SettingsController(BaseController) @@
             log.error(traceback.format_exc())
             h.flash(_('error occured during update of user %s') \
                     % form_result.get('username'), category='error')
         return redirect(url('my_account'))
     @HasPermissionAnyDecorator('repository.create', 'hg.admin')
     def create_repository(self):
         """GET /_admin/create_repository: Form to create a new item"""
         new_repo = request.GET.get('repo', '')
         c.new_repo = h.repo_name_slug(new_repo)
         return render('admin/repos/repo_add_create_repository.html')

pylons_app/lib/auth.py

➞

Show inline comments

@@ @@ -137,21 +137,21 @@ def fill_perms(user): @@
         .join((Permission, Repo2Perm.permission_id == Permission.permission_id))\
         .filter(Repo2Perm.user_id == sa.query(User).filter(User.username ==
                                             'default').one().user_id).all()
     if user.is_admin:
         user.permissions['global'].add('hg.admin')
-        #admin have all rights full
+        #admin have all rights set to admin
         for perm in default_perms:
             p = 'repository.admin'
             user.permissions['repositories'][perm.Repo2Perm.repository.repo_name] = p
     else:
         user.permissions['global'].add('repository.create')
         for perm in default_perms:
             if perm.Repository.private:
+            if perm.Repository.private and not perm.Repository.user_id == user.user_id:
                 #disable defaults for private repos,
                 p = 'repository.none'
             elif perm.Repository.user_id == user.user_id:
                 #set admin if owner
                 p = 'repository.admin'
             else:
@@ @@ -183,12 +183,13 @@ def get_user(session): @@
     user = session.get('hg_app_user', AuthUser())
     if user.is_authenticated:
         user = fill_data(user)
         user = fill_perms(user)
     session['hg_app_user'] = user
     session.save()
     print user.permissions
     return user
 #===============================================================================
 # CHECK DECORATORS
 #===============================================================================
 class LoginRequired(object):

pylons_app/templates/admin/repos/repo_add_create_repository.html

➞

Show inline comments

@@ new file 100644 @@
 ## -*- coding: utf-8 -*-
 <%inherit file="/base/base.html"/>
 <%def name="title()">
     ${_('Repositories administration')}
 </%def>
 <%def name="breadcrumbs_links()">
 	${_('add new repository')}
 </%def>
 <%def name="page_nav()">
 	${self.menu('admin')}
 </%def>
 <%def name="main()">
 <div class="box">
     <!-- box / title -->
     <div class="title">
         ${self.breadcrumbs()}
     </div>
     ${h.form(url('repos'))}
     <div class="form">
         <!-- fields -->
         <div class="fields">
             <div class="field">
 	            <div class="label">
 	                <label for="repo_name">${_('Name')}:</label>
 	            </div>
 	            <div class="input">
 	                ${h.text('repo_name',c.new_repo)}
 	                ${h.hidden('user_created','True')}
 	            </div>
              </div>
             <div class="field">
                 <div class="label label-textarea">
                     <label for="description">${_('Description')}:</label>
                 </div>
                 <div class="textarea text-area editor">
                     ${h.textarea('description',cols=23,rows=5)}
                 </div>
              </div>
             <div class="field">
                 <div class="label label-checkbox">
                     <label for="private">${_('Private')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('private',value="True")}
                 </div>
              </div>
 	        <div class="buttons">
 	          ${h.submit('add','add',class_="ui-button ui-widget ui-state-default ui-corner-all")}
 	        </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 </%def>

pylons_app/templates/base/base.html

➞

Show inline comments

@@ @@ -201,13 +201,13 @@ @@
                    </span>
                    <span>${_('Admin')}</span>
                    </a>
 				    <ul>
 				        <li>${h.link_to(_('repositories'),h.url('repos'),class_='repos')}</li>
 				        <li>${h.link_to(_('users'),h.url('users'),class_='users')}</li>
-				        ##<li>${h.link_to(_('permissions'),h.url('permissions'),class_='permissions')}</li>
 				        <li>${h.link_to(_('permissions'),h.url('permissions'),class_='permissions')}</li>
 				        <li>${h.link_to(_('settings'),h.url('admin_settings'),class_='settings')}</li>
 				    </ul>
                 </li>
 				%endif
 			</ul>

pylons_app/templates/index.html

➞

Show inline comments

@@ @@ -24,19 +24,19 @@ @@
     <div class="box">
 	    <!-- box / title -->
 	    <div class="title">
 	        <h5>${_('Dashboard')}</h5>
-	        ##%if h.HasPermissionAll('repository.create')():
+	        %if h.HasPermissionAny('repository.create','hg.admin')():
 	        <ul class="links">
 	          <li>
-	            <span>${h.link_to(u'ADD NEW REPOSITORY',h.url('new_repo'),class_="add_icon")}</span>
+	            <span>${h.link_to(u'ADD NEW REPOSITORY',h.url('admin_settings_create_repository'),class_="add_icon")}</span>
 	          </li>
 	        </ul>
-	        ##%endif
 	        %endif
 	    </div>
 	    <!-- end box / title -->
         <div class="table">
                     <table>
             <thead>
 	            <tr>

0 comments (0 inline, 0 general)