Changeset - fc4027fe46bc
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Marcin Kuzminski - 15 years ago 2010-06-29 12:32:30
marcin@python-works.com
fixed bug when user is capable of creating _admin repository which is a link to admin interface
1 file changed with 3 insertions and 1 deletions:
pylons_app/model/forms.py
3
1
0 comments (0 inline, 0 general)
pylons_app/model/forms.py
Show inline comments
 
@@ -117,49 +117,51 @@ class ValidAuth(formencode.validators.Fa
 
            else:
 
                log.warning('user %s is disabled', username)
 
                raise formencode.Invalid(self.message('disabled_account',
 
                                         state=State_obj),
 
                                         value, state,
 
                                         error_dict=self.e_dict_disable)
 
 
 
class ValidRepoUser(formencode.validators.FancyValidator):
 
 
    def to_python(self, value, state):
 
        sa = meta.Session
 
        try:
 
            self.user_db = sa.query(User).filter(User.username == value).one()
 
        except Exception:
 
            raise formencode.Invalid(_('This username is not valid'),
 
                                     value, state)
 
        return self.user_db.user_id
 

			




	
	
	
		
 
def ValidRepoName(edit=False):    

			




	
	
	
		
 
    class _ValidRepoName(formencode.validators.FancyValidator):

			




	
	
	
		
 
            

			




	
	
	
		
 
        def to_python(self, value, state):

			




	
	
	
		
 
            slug = h.repo_name_slug(value)

			




	
	
	
		
 
            

			




	
	
	
		
 
            if slug in ['_admin']:

			




	
	
	
		
 
                raise formencode.Invalid(_('This repository name is disallowed'),

			




	
	
	
		
 
                                         value, state)

			




	
	
	
		
 
            sa = meta.Session

			




	
	
	
		
 
            if sa.query(Repository).get(slug) and not edit:

			




	
	
	
		
 
                raise formencode.Invalid(_('This repository already exists'),

			




	
	
	
		
 
                                         value, state)

			




	
	
	
		
 
                        

			




	
	
	
		
 
            return slug 

			




	
	
	
		
 
    return _ValidRepoName

			




	
	
	
		
 

			




	
	
	
		
 
class ValidPerms(formencode.validators.FancyValidator):

			




	
	
	
		
 
    messages = {'perm_new_user_name':_('This username is not valid')}

			




	
	
	
		
 
    

			




	
	
	
		
 
    def to_python(self, value, state):

			




	
	
	
		
 
        perms_update = []

			




	
	
	
		
 
        perms_new = []

			




	
	
	
		
 
        #build a list of permission to update and new permission to create

			




	
	
	
		
 
        for k, v in value.items():

			




	
	
	
		
 
            if k.startswith('perm_'):

			




	
	
	
		
 
                if  k.startswith('perm_new_user'):

			




	
	
	
		
 
                    new_perm = value.get('perm_new_user', False)

			




	
	
	
		
 
                    new_user = value.get('perm_new_user_name', False)

			




	
	
	
		
 
                    if new_user and new_perm:

			




	
	
	
		
 
                        if (new_user, new_perm) not in perms_new:

			




	
	
	
		
 
                            perms_new.append((new_user, new_perm))

			




	
	
	
		
 
                else:

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.