kallithea Changeset - fcab58c43ea1

Changeset - fcab58c43ea1

Parent rev.

Child rev.

[Not reviewed]

default

0 3 0

Marcin Kuzminski - 15 years ago 2010-05-30 00:44:45
marcin@python-works.com

Fixed access to repos and users.

3 files changed with 38 insertions and 36 deletions:

pylons_app/controllers/admin.py

pylons_app/controllers/repos.py

pylons_app/controllers/users.py

0 comments (0 inline, 0 general)

pylons_app/controllers/admin.py

➞

Show inline comments

 import logging
 import os
 from pylons import request, response, session, tmpl_context as c, url, app_globals as g
 from pylons.controllers.util import abort, redirect
 from pylons_app.lib.base import BaseController, render
 from pylons_app.model import meta
 from pylons_app.model.db import UserLog
 from webhelpers.paginate import Page

pylons_app/controllers/repos.py

➞

Show inline comments

 from pylons import request, response, session, tmpl_context as c, url, \
     app_globals as g
 from pylons.controllers.util import abort, redirect
 from pylons_app.lib.auth import LoginRequired
 from pylons_app.lib.base import BaseController, render
 from pylons_app.lib.filters import clean_repo
 from pylons_app.lib.utils import check_repo, invalidate_cache
 import logging
 import os
 import shutil
 from pylons_app.lib.filters import clean_repo
 log = logging.getLogger(__name__)
 class ReposController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('repo', 'repos')
+    @LoginRequired()
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(ReposController, self).__before__()
     def index(self, format='html'):

pylons_app/controllers/users.py

➞

Show inline comments

 from formencode import htmlfill
 from pylons import request, response, session, tmpl_context as c, url, \
     app_globals as g
 from pylons.controllers.util import abort, redirect
 from pylons_app.lib.auth import LoginRequired
 from pylons_app.lib.base import BaseController, render
 from pylons_app.model.db import User, UserLog
 from pylons_app.model.forms import UserForm
 from pylons_app.model.user_model import UserModel
 import formencode
 import logging
 from pylons import request, response, session, tmpl_context as c, url, app_globals as g
 from pylons.controllers.util import abort, redirect
 from pylons_app.lib.base import BaseController, render
 from formencode import htmlfill
 from pylons_app.model.db import User, UserLog
 import crypt
 log = logging.getLogger(__name__)
 class UsersController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('user', 'users')
+    @LoginRequired()
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(UsersController, self).__before__()
     def index(self, format='html'):
@@ @@ -28,27 +32,26 @@ class UsersController(BaseController): @@
         c.users_list = self.sa.query(User).all()
         return render('admin/users/users.html')
     def create(self):
         """POST /users: Create a new item"""
         # url('users')
         params = dict(request.params)
         user_model = UserModel()
         login_form = UserForm()
         try:
             new_user = User()
             new_user.active = params.get('active', False)
             new_user.username = params.get('username')
             new_user.password = crypt.crypt(params.get('password'), '6a')
             new_user.admin = False
             self.sa.add(new_user)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
             form_result = login_form.to_python(dict(request.POST))
             user_model.create(form_result)
             return redirect(url('users'))
         return redirect(url('users'))
         except formencode.Invalid as errors:
             c.form_errors = errors.error_dict
             return htmlfill.render(
                  render('admin/users/user_add.html'),
                 defaults=errors.value,
                 encoding="UTF-8")
     def new(self, format='html'):
         """GET /users/new: Form to create a new item"""
         # url('new_user')
         return render('admin/users/user_add.html')
@@ @@ -57,27 +60,27 @@ class UsersController(BaseController): @@
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('user', id=ID),
         #           method='put')
         # url('user', id=ID)
         params = dict(request.params)
         user_model = UserModel()
         login_form = UserForm()
         try:
             new_user = self.sa.query(User).get(id)
             new_user.active = params.get('active', False)
             new_user.username = params.get('username')
             if params.get('new_password'):
                 new_user.password = crypt.crypt(params.get('new_password'), '6a')
             self.sa.add(new_user)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
             form_result = login_form.to_python(dict(request.POST))
             user_model.update(id, form_result)
             return redirect(url('users'))
         return redirect(url('users'))
         except formencode.Invalid as errors:
             errors.value
             c.user = user_model.get_user(id)
             c.form_errors = errors.error_dict
             return htmlfill.render(
                  render('admin/users/user_edit.html'),
                 defaults=errors.value,
                 encoding="UTF-8")
     def delete(self, id):
         """DELETE /users/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:

0 comments (0 inline, 0 general)