Mercurial > kallithea
comparison rhodecode/controllers/admin/settings.py @ 3333:069884383cc7 beta
Implemented #738 Giving a user WRITE+ permissions on folder should not allow repo creation in root folder.
user can create repos only if he got explicitly permission for creating repos globally, or have WRITE+ permission on a group.
Then he can create repositories inside this group
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Tue, 05 Feb 2013 03:04:46 +0100 |
| parents | 72a91632b731 |
| children | 1c4505e3be5b |
comparison
equal
deleted
inserted
replaced
| 3332:92dfc033ee6f | 3333:069884383cc7 |
|---|---|
| 35 from pylons.controllers.util import abort, redirect | 35 from pylons.controllers.util import abort, redirect |
| 36 from pylons.i18n.translation import _ | 36 from pylons.i18n.translation import _ |
| 37 | 37 |
| 38 from rhodecode.lib import helpers as h | 38 from rhodecode.lib import helpers as h |
| 39 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \ | 39 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \ |
| 40 HasPermissionAnyDecorator, NotAnonymous | 40 HasPermissionAnyDecorator, NotAnonymous, HasPermissionAny,\ |
| 41 HasReposGroupPermissionAll, HasReposGroupPermissionAny | |
| 41 from rhodecode.lib.base import BaseController, render | 42 from rhodecode.lib.base import BaseController, render |
| 42 from rhodecode.lib.celerylib import tasks, run_task | 43 from rhodecode.lib.celerylib import tasks, run_task |
| 43 from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \ | 44 from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \ |
| 44 set_rhodecode_config, repo_name_slug, check_git_version | 45 set_rhodecode_config, repo_name_slug, check_git_version |
| 45 from rhodecode.model.db import RhodeCodeUi, Repository, RepoGroup, \ | 46 from rhodecode.model.db import RhodeCodeUi, Repository, RepoGroup, \ |
| 52 from rhodecode.model.db import User | 53 from rhodecode.model.db import User |
| 53 from rhodecode.model.notification import EmailNotificationModel | 54 from rhodecode.model.notification import EmailNotificationModel |
| 54 from rhodecode.model.meta import Session | 55 from rhodecode.model.meta import Session |
| 55 from rhodecode.lib.utils2 import str2bool, safe_unicode | 56 from rhodecode.lib.utils2 import str2bool, safe_unicode |
| 56 from rhodecode.lib.compat import json | 57 from rhodecode.lib.compat import json |
| 58 from webob.exc import HTTPForbidden | |
| 57 log = logging.getLogger(__name__) | 59 log = logging.getLogger(__name__) |
| 58 | 60 |
| 59 | 61 |
| 60 class SettingsController(BaseController): | 62 class SettingsController(BaseController): |
| 61 """REST Controller styled on the Atom Publishing Protocol""" | 63 """REST Controller styled on the Atom Publishing Protocol""" |
| 482 self.rhodecode_user.user_id)\ | 484 self.rhodecode_user.user_id)\ |
| 483 .all()] | 485 .all()] |
| 484 return render('admin/users/user_edit_my_account_pullrequests.html') | 486 return render('admin/users/user_edit_my_account_pullrequests.html') |
| 485 | 487 |
| 486 @NotAnonymous() | 488 @NotAnonymous() |
| 487 @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository') | |
| 488 def create_repository(self): | 489 def create_repository(self): |
| 489 """GET /_admin/create_repository: Form to create a new item""" | 490 """GET /_admin/create_repository: Form to create a new item""" |
| 491 new_repo = request.GET.get('repo', '') | |
| 492 parent_group = request.GET.get('parent_group') | |
| 493 if not HasPermissionAny('hg.admin', 'hg.create.repository')(): | |
| 494 #you're not super admin nor have global create permissions, | |
| 495 #but maybe you have at least write permission to a parent group ? | |
| 496 _gr = RepoGroup.get(parent_group) | |
| 497 gr_name = _gr.group_name if _gr else None | |
| 498 if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name): | |
| 499 raise HTTPForbidden | |
| 490 | 500 |
| 491 acl_groups = GroupList(RepoGroup.query().all(), | 501 acl_groups = GroupList(RepoGroup.query().all(), |
| 492 perm_set=['group.write', 'group.admin']) | 502 perm_set=['group.write', 'group.admin']) |
| 493 c.repo_groups = RepoGroup.groups_choices(groups=acl_groups) | 503 c.repo_groups = RepoGroup.groups_choices(groups=acl_groups) |
| 494 c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) | 504 c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) |
| 495 choices, c.landing_revs = ScmModel().get_repo_landing_revs() | 505 choices, c.landing_revs = ScmModel().get_repo_landing_revs() |
| 496 | 506 |
| 497 new_repo = request.GET.get('repo', '') | |
| 498 parent_group = request.GET.get('parent_group') | |
| 499 c.new_repo = repo_name_slug(new_repo) | 507 c.new_repo = repo_name_slug(new_repo) |
| 500 | 508 |
| 501 ## apply the defaults from defaults page | 509 ## apply the defaults from defaults page |
| 502 defaults = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True) | 510 defaults = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True) |
| 503 if parent_group: | 511 if parent_group: |
| 504 defaults.update({'repo_group': parent_group}) | 512 defaults.update({'repo_group': parent_group}) |
| 505 | 513 |
| 506 return htmlfill.render( | 514 return htmlfill.render( |
| 507 render('admin/repos/repo_add_create_repository.html'), | 515 render('admin/repos/repo_add.html'), |
| 508 defaults=defaults, | 516 defaults=defaults, |
| 509 errors={}, | 517 errors={}, |
| 510 prefix_error=False, | 518 prefix_error=False, |
| 511 encoding="UTF-8" | 519 encoding="UTF-8" |
| 512 ) | 520 ) |