kallithea Changeset - faffec4abbda

Changeset - faffec4abbda

Parent rev.

Child rev.

[Not reviewed]

beta

0 7 0

Marcin Kuzminski - 13 years ago 2012-09-13 19:36:56
marcin@python-works.com

Implemented permissions for writing to repo
groups. Now only write access to group allows to create a repostiory
within that group

7 files changed with 36 insertions and 8 deletions:

rhodecode/controllers/admin/repos.py

rhodecode/controllers/admin/settings.py

rhodecode/controllers/forks.py

rhodecode/controllers/settings.py

rhodecode/model/db.py

rhodecode/model/forms.py

rhodecode/model/validators.py

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/repos.py

➞

Show inline comments

@@ @@ -57,25 +57,25 @@ class ReposController(BaseController): @@
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('repo', 'repos')
     @LoginRequired()
     @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(ReposController, self).__before__()
     def __load_defaults(self):
         c.repo_groups = RepoGroup.groups_choices()
+        c.repo_groups = RepoGroup.groups_choices(check_perms=True)
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         repo_model = RepoModel()
         c.users_array = repo_model.get_users_js()
         c.users_groups_array = repo_model.get_users_groups_js()
         choices, c.landing_revs = ScmModel().get_repo_landing_revs()
         c.landing_revs_choices = choices
     def __load_data(self, repo_name=None):
         """
         Load defaults settings for edit, and update

rhodecode/controllers/admin/settings.py

➞

Show inline comments

@@ @@ -442,25 +442,25 @@ class SettingsController(BaseController) @@
         c.participate_in_pull_requests = \
             [x.pull_request for x in PullRequestReviewers.query()\
                                     .filter(PullRequestReviewers.user_id==
                                             self.rhodecode_user.user_id)\
                                     .all()]
         return render('admin/users/user_edit_my_account_pullrequests.html')
     @NotAnonymous()
     @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
     def create_repository(self):
         """GET /_admin/create_repository: Form to create a new item"""
         c.repo_groups = RepoGroup.groups_choices()
+        c.repo_groups = RepoGroup.groups_choices(check_perms=True)
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         choices, c.landing_revs = ScmModel().get_repo_landing_revs()
         new_repo = request.GET.get('repo', '')
         c.new_repo = repo_name_slug(new_repo)
         return render('admin/repos/repo_add_create_repository.html')
     def _get_hg_ui_settings(self):
         ret = RhodeCodeUi.query().all()
         if not ret:

rhodecode/controllers/forks.py

➞

Show inline comments

@@ @@ -44,25 +44,25 @@ from rhodecode.model.forms import RepoFo @@
 from rhodecode.model.scm import ScmModel
 log = logging.getLogger(__name__)
 class ForksController(BaseRepoController):
     @LoginRequired()
     def __before__(self):
         super(ForksController, self).__before__()
     def __load_defaults(self):
         c.repo_groups = RepoGroup.groups_choices()
+        c.repo_groups = RepoGroup.groups_choices(check_perms=True)
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         choices, c.landing_revs = ScmModel().get_repo_landing_revs()
         c.landing_revs_choices = choices
     def __load_data(self, repo_name=None):
         """
         Load defaults settings for edit, and update
         :param repo_name:
         """
         self.__load_defaults()

rhodecode/controllers/settings.py

➞

Show inline comments

@@ @@ -47,25 +47,25 @@ from rhodecode.model.meta import Session @@
 from rhodecode.model.scm import ScmModel
 log = logging.getLogger(__name__)
 class SettingsController(BaseRepoController):
     @LoginRequired()
     def __before__(self):
         super(SettingsController, self).__before__()
     def __load_defaults(self):
         c.repo_groups = RepoGroup.groups_choices()
+        c.repo_groups = RepoGroup.groups_choices(check_perms=True)
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         repo_model = RepoModel()
         c.users_array = repo_model.get_users_js()
         c.users_groups_array = repo_model.get_users_groups_js()
         choices, c.landing_revs = ScmModel().get_repo_landing_revs()
         c.landing_revs_choices = choices
     @HasRepoPermissionAllDecorator('repository.admin')
     def index(self, repo_name):
         repo_model = RepoModel()
         c.repo_info = repo = repo_model.get_by_repo_name(repo_name)

rhodecode/model/db.py

➞

Show inline comments

@@ @@ -1018,32 +1018,38 @@ class RepoGroup(Base, BaseModel): @@
     parent_group = relationship('RepoGroup', remote_side=group_id)
     def __init__(self, group_name='', parent_group=None):
         self.group_name = group_name
         self.parent_group = parent_group
     def __unicode__(self):
         return u"<%s('%s:%s')>" % (self.__class__.__name__, self.group_id,
                                   self.group_name)
     @classmethod
     def groups_choices(cls):
+    def groups_choices(cls, check_perms=False):
         from webhelpers.html import literal as _literal
         from rhodecode.model.scm import ScmModel
         groups = cls.query().all()
         if check_perms:
             #filter group user have access to, it's done
             #magically inside ScmModel based on current user
             groups = ScmModel().get_repos_groups(groups)
         repo_groups = [('', '')]
         sep = ' &raquo; '
         _name = lambda k: _literal(sep.join(k))
         repo_groups.extend([(x.group_id, _name(x.full_path_splitted))
-                              for x in cls.query().all()])
+                              for x in groups])
         repo_groups = sorted(repo_groups, key=lambda t: t[1].split(sep)[0])
         return repo_groups
     @classmethod
     def url_sep(cls):
         return URL_SEP
     @classmethod
     def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
         if case_insensitive:
             gr = cls.query()\

rhodecode/model/forms.py

➞

Show inline comments

@@ @@ -168,25 +168,26 @@ def PasswordResetForm(): @@
         email = All(v.ValidSystemEmail(), v.Email(not_empty=True))
     return _PasswordResetForm
 def RepoForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
              repo_groups=[], landing_revs=[]):
     class _RepoForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.SlugifyName())
         clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))
         repo_group = v.OneOf(repo_groups, hideList=True)
         repo_group = All(v.CanWriteGroup(),
                          v.OneOf(repo_groups, hideList=True))
         repo_type = v.OneOf(supported_backends)
         description = v.UnicodeString(strip=True, min=1, not_empty=False)
         private = v.StringBoolean(if_missing=False)
         enable_statistics = v.StringBoolean(if_missing=False)
         enable_downloads = v.StringBoolean(if_missing=False)
         enable_locking = v.StringBoolean(if_missing=False)
         landing_rev = v.OneOf(landing_revs, hideList=True)
         if edit:
             #this is repo owner
             user = All(v.UnicodeString(not_empty=True), v.ValidRepoUser())
@@ @@ -194,25 +195,26 @@ def RepoForm(edit=False, old_data={}, su @@
                               v.ValidRepoName(edit, old_data),
                               v.ValidPerms()]
     return _RepoForm
 def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
                  repo_groups=[], landing_revs=[]):
     class _RepoForkForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.SlugifyName())
         repo_group = v.OneOf(repo_groups, hideList=True)
         repo_group = All(v.CanWriteGroup(),
                          v.OneOf(repo_groups, hideList=True))
         repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends))
         description = v.UnicodeString(strip=True, min=1, not_empty=True)
         private = v.StringBoolean(if_missing=False)
         copy_permissions = v.StringBoolean(if_missing=False)
         update_after_clone = v.StringBoolean(if_missing=False)
         fork_parent_id = v.UnicodeString()
         chained_validators = [v.ValidForkName(edit, old_data)]
         landing_rev = v.OneOf(landing_revs, hideList=True)
     return _RepoForkForm

rhodecode/model/validators.py

➞

Show inline comments

@@ @@ -10,24 +10,25 @@ from pylons.i18n.translation import _ @@
 from webhelpers.pylonslib.secure_form import authentication_token
 from formencode.validators import (
     UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set,
     NotEmpty
+)
 from rhodecode.lib.compat import OrderedSet
 from rhodecode.lib.utils import repo_name_slug
 from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\
     ChangesetStatus
 from rhodecode.lib.exceptions import LdapImportError
 from rhodecode.config.routing import ADMIN_PREFIX
 from rhodecode.lib.auth import HasReposGroupPermissionAny
 # silence warnings and pylint
 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \
     NotEmpty
 log = logging.getLogger(__name__)
 class UniqueList(formencode.FancyValidator):
     """
     Unique List !
     """
@@ @@ -457,24 +458,43 @@ def ValidForkType(old_data={}): @@
             'invalid_fork_type': _(u'Fork have to be the same type as parent')
+        }
         def validate_python(self, value, state):
             if old_data['repo_type'] != value:
                 msg = M(self, 'invalid_fork_type', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(repo_type=msg)
+                )
     return _validator
 def CanWriteGroup():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'permission_denied': _(u"You don't have permissions "
                                    "to create repository in this group")
+        }
         def validate_python(self, value, state):
             gr = RepoGroup.get(value)
             if not HasReposGroupPermissionAny(
                 'group.write', 'group.admin'
             )(gr.group_name, 'get group of repo form'):
                 msg = M(self, 'permission_denied', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(repo_type=msg)
+                )
     return _validator
 def ValidPerms(type_='repo'):
     if type_ == 'group':
         EMPTY_PERM = 'group.none'
     elif type_ == 'repo':
         EMPTY_PERM = 'repository.none'
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'perm_new_member_name':
                 _(u'This username or users group name is not valid')
+        }

0 comments (0 inline, 0 general)