Files
@ 09bcde0eee6d
Branch filter:
Location: kallithea/kallithea/controllers/admin/defaults.py
09bcde0eee6d
4.5 KiB
text/x-python
auth: remove HasPermissionAll and variants
First, find all calls to HasPermissionAll with only a single permission
given, and convert to equivalent calls to HasPermissionAny.
Next, observe that it's hard to envision situations requiring multiple
permissions (of the same scope: global/repo/repo group) to be satisfied.
Sufficiently hard that there are actually no such examples in the code.
Finally, considering that (should it ever be needed) HasPermissionAll
can be trivially built as a conjunction of HasPermissionAny calls (the
decorators, too) with only a small performance impact, simply remove
HasPermissionAll and related classes and functions.
First, find all calls to HasPermissionAll with only a single permission
given, and convert to equivalent calls to HasPermissionAny.
Next, observe that it's hard to envision situations requiring multiple
permissions (of the same scope: global/repo/repo group) to be satisfied.
Sufficiently hard that there are actually no such examples in the code.
Finally, considering that (should it ever be needed) HasPermissionAll
can be trivially built as a conjunction of HasPermissionAny calls (the
decorators, too) with only a small performance impact, simply remove
HasPermissionAll and related classes and functions.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 | # -*- coding: utf-8 -*-
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
kallithea.controllers.admin.defaults
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
default settings controller for Kallithea
This file was forked by the Kallithea project in July 2014.
Original author and date, and relevant copyright and licensing information is below:
:created_on: Apr 27, 2010
:author: marcink
:copyright: (c) 2013 RhodeCode GmbH, and others.
:license: GPLv3, see LICENSE.md for more details.
"""
import logging
import traceback
import formencode
from formencode import htmlfill
from pylons import request, tmpl_context as c, url
from pylons.i18n.translation import _
from webob.exc import HTTPFound
from kallithea.lib import helpers as h
from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator
from kallithea.lib.base import BaseController, render
from kallithea.model.forms import DefaultsForm
from kallithea.model.meta import Session
from kallithea import BACKENDS
from kallithea.model.db import Setting
log = logging.getLogger(__name__)
class DefaultsController(BaseController):
"""REST Controller styled on the Atom Publishing Protocol"""
# To properly map this controller, ensure your config/routing.py
# file has a resource setup:
# map.resource('default', 'defaults')
@LoginRequired()
@HasPermissionAnyDecorator('hg.admin')
def __before__(self):
super(DefaultsController, self).__before__()
def index(self, format='html'):
"""GET /defaults: All items in the collection"""
# url('defaults')
c.backends = BACKENDS.keys()
defaults = Setting.get_default_repo_settings()
return htmlfill.render(
render('admin/defaults/defaults.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False
)
def create(self):
"""POST /defaults: Create a new item"""
# url('defaults')
def new(self, format='html'):
"""GET /defaults/new: Form to create a new item"""
# url('new_default')
def update(self, id):
"""PUT /defaults/id: Update an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="PUT" />
# Or using helpers:
# h.form(url('default', id=ID),
# method='put')
# url('default', id=ID)
_form = DefaultsForm()()
try:
form_result = _form.to_python(dict(request.POST))
for k, v in form_result.iteritems():
setting = Setting.create_or_update(k, v)
Session().add(setting)
Session().commit()
h.flash(_('Default settings updated successfully'),
category='success')
except formencode.Invalid as errors:
defaults = errors.value
return htmlfill.render(
render('admin/defaults/defaults.html'),
defaults=defaults,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8",
force_defaults=False)
except Exception:
log.error(traceback.format_exc())
h.flash(_('Error occurred during update of defaults'),
category='error')
raise HTTPFound(location=url('defaults'))
def delete(self, id):
"""DELETE /defaults/id: Delete an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="DELETE" />
# Or using helpers:
# h.form(url('default', id=ID),
# method='delete')
# url('default', id=ID)
def show(self, id, format='html'):
"""GET /defaults/id: Show a specific item"""
# url('default', id=ID)
def edit(self, id, format='html'):
"""GET /defaults/id/edit: Form to edit an existing item"""
# url('edit_default', id=ID)
|