Files
@ 9f976d75b04c
Branch filter:
Location: kallithea/init.d/kallithea-daemon-redhat
9f976d75b04c
2.6 KiB
text/plain
auth: restore anonymous repository access
Dominik Ruf found that aa25ef34ebab introduced a regression in anonymous access
to repositories ... if that is enabled.
The refactoring was too strict when it missed that not all repo permission
checks require a logged in user. Read access can be granted to the default user
... but not write or admin.
Instead of the commands used in aa25ef34ebab, the following commands are used
to consistently also allow the default user in all decorators where we only need
repo read access:
# Introduce explicit allow_default_user=True - that was the default before aa25ef34ebab
sed -i 's/@LoginRequired()/@LoginRequired(allow_default_user=True)/g' `hg mani`
sed -i 's/@LoginRequired(\(..*\))/@LoginRequired(\1, allow_default_user=True)/g' `hg mani`
# The primary case: Replace @NotAnonymous with removal of allow_default_user=True
perl -0pi -e 's/\@LoginRequired\((?:(.*), )?allow_default_user=True\)\n\s*\@NotAnonymous\(\)/\@LoginRequired(\1)/g' `hg mani`
# If there is a global permission check, no anonymous is ever allowed
perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@HasPermission)/\@LoginRequired()\1/g' `hg mani`
# Repo access for write or admin also assume no default user
perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@HasRepoPermissionLevelDecorator\('"'(write|admin)'"'\))/\@LoginRequired()\1/g' `hg mani`
Dominik Ruf found that aa25ef34ebab introduced a regression in anonymous access
to repositories ... if that is enabled.
The refactoring was too strict when it missed that not all repo permission
checks require a logged in user. Read access can be granted to the default user
... but not write or admin.
Instead of the commands used in aa25ef34ebab, the following commands are used
to consistently also allow the default user in all decorators where we only need
repo read access:
# Introduce explicit allow_default_user=True - that was the default before aa25ef34ebab
sed -i 's/@LoginRequired()/@LoginRequired(allow_default_user=True)/g' `hg mani`
sed -i 's/@LoginRequired(\(..*\))/@LoginRequired(\1, allow_default_user=True)/g' `hg mani`
# The primary case: Replace @NotAnonymous with removal of allow_default_user=True
perl -0pi -e 's/\@LoginRequired\((?:(.*), )?allow_default_user=True\)\n\s*\@NotAnonymous\(\)/\@LoginRequired(\1)/g' `hg mani`
# If there is a global permission check, no anonymous is ever allowed
perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@HasPermission)/\@LoginRequired()\1/g' `hg mani`
# Repo access for write or admin also assume no default user
perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@HasRepoPermissionLevelDecorator\('"'(write|admin)'"'\))/\@LoginRequired()\1/g' `hg mani`
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 | #!/bin/sh
########################################
#### THIS IS A REDHAT INIT.D SCRIPT ####
########################################
##################################################
#
# Kallithea server startup script
# Recommended default-startup: 2 3 4 5
# Recommended default-stop: 0 1 6
#
##################################################
APP_NAME="kallithea"
# the location of your app
# since this is a web app, it should go in /var/www
APP_PATH="/var/www/$APP_NAME"
CONF_NAME="production.ini"
# write to wherever the PID should be stored, just ensure
# that the user you run gearbox as has the appropriate permissions
# same goes for the log file
PID_PATH="/var/run/kallithea/pid"
LOG_PATH="/var/log/kallithea/kallithea.log"
# replace this with the path to the virtual environment you
# made for Kallithea
PYTHON_PATH="/opt/python_virtualenvironments/kallithea-venv"
RUN_AS="kallithea"
DAEMON="$PYTHON_PATH/bin/gearbox"
DAEMON_OPTS="serve --daemon \
--user=$RUN_AS \
--group=$RUN_AS \
--pid-file=$PID_PATH \
--log-file=$LOG_PATH -c $APP_PATH/$CONF_NAME"
DESC="kallithea-server"
LOCK_FILE="/var/lock/subsys/$APP_NAME"
# source CentOS init functions
. /etc/init.d/functions
RETVAL=0
remove_pid () {
rm -f ${PID_PATH}
rmdir `dirname ${PID_PATH}`
}
ensure_pid_dir () {
PID_DIR=`dirname ${PID_PATH}`
if [ ! -d ${PID_DIR} ] ; then
mkdir -p ${PID_DIR}
chown -R ${RUN_AS}:${RUN_AS} ${PID_DIR}
chmod 755 ${PID_DIR}
fi
}
start_kallithea () {
ensure_pid_dir
PYTHON_EGG_CACHE="/tmp" daemon --pidfile $PID_PATH \
--user $RUN_AS "$DAEMON $DAEMON_OPTS"
RETVAL=$?
[ $RETVAL -eq 0 ] && touch $LOCK_FILE
return $RETVAL
}
stop_kallithea () {
if [ -e $LOCK_FILE ]; then
killproc -p $PID_PATH
RETVAL=$?
rm -f $LOCK_FILE
rm -f $PID_PATH
else
RETVAL=1
fi
return $RETVAL
}
status_kallithea() {
if [ -e $LOCK_FILE ]; then
# exit with non-zero to indicate failure
RETVAL=1
else
RETVAL=0
fi
return $RETVAL
}
restart_kallithea () {
stop_kallithea
start_kallithea
RETVAL=$?
}
case "$1" in
start)
echo -n $"Starting $DESC: "
start_kallithea
echo
;;
stop)
echo -n $"Stopping $DESC: "
stop_kallithea
echo
;;
status)
status_kallithea
RETVAL=$?
if [ ! $RETVAL -eq 0 ]; then
echo "Kallithea server is running..."
else
echo "Kallithea server is stopped."
fi
;;
restart)
echo -n $"Restarting $DESC: "
restart_kallithea
echo
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
RETVAL=1
;;
esac
exit $RETVAL
|