Mercurial > kallithea
comparison rhodecode/controllers/admin/settings.py @ 3333:069884383cc7 beta
Implemented #738 Giving a user WRITE+ permissions on folder should not allow repo creation in root folder.
user can create repos only if he got explicitly permission for creating repos globally, or have WRITE+ permission on a group.
Then he can create repositories inside this group
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Tue, 05 Feb 2013 03:04:46 +0100 |
parents | 72a91632b731 |
children | 1c4505e3be5b |
comparison
equal
deleted
inserted
replaced
3332:92dfc033ee6f | 3333:069884383cc7 |
---|---|
35 from pylons.controllers.util import abort, redirect | 35 from pylons.controllers.util import abort, redirect |
36 from pylons.i18n.translation import _ | 36 from pylons.i18n.translation import _ |
37 | 37 |
38 from rhodecode.lib import helpers as h | 38 from rhodecode.lib import helpers as h |
39 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \ | 39 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \ |
40 HasPermissionAnyDecorator, NotAnonymous | 40 HasPermissionAnyDecorator, NotAnonymous, HasPermissionAny,\ |
41 HasReposGroupPermissionAll, HasReposGroupPermissionAny | |
41 from rhodecode.lib.base import BaseController, render | 42 from rhodecode.lib.base import BaseController, render |
42 from rhodecode.lib.celerylib import tasks, run_task | 43 from rhodecode.lib.celerylib import tasks, run_task |
43 from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \ | 44 from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \ |
44 set_rhodecode_config, repo_name_slug, check_git_version | 45 set_rhodecode_config, repo_name_slug, check_git_version |
45 from rhodecode.model.db import RhodeCodeUi, Repository, RepoGroup, \ | 46 from rhodecode.model.db import RhodeCodeUi, Repository, RepoGroup, \ |
52 from rhodecode.model.db import User | 53 from rhodecode.model.db import User |
53 from rhodecode.model.notification import EmailNotificationModel | 54 from rhodecode.model.notification import EmailNotificationModel |
54 from rhodecode.model.meta import Session | 55 from rhodecode.model.meta import Session |
55 from rhodecode.lib.utils2 import str2bool, safe_unicode | 56 from rhodecode.lib.utils2 import str2bool, safe_unicode |
56 from rhodecode.lib.compat import json | 57 from rhodecode.lib.compat import json |
58 from webob.exc import HTTPForbidden | |
57 log = logging.getLogger(__name__) | 59 log = logging.getLogger(__name__) |
58 | 60 |
59 | 61 |
60 class SettingsController(BaseController): | 62 class SettingsController(BaseController): |
61 """REST Controller styled on the Atom Publishing Protocol""" | 63 """REST Controller styled on the Atom Publishing Protocol""" |
482 self.rhodecode_user.user_id)\ | 484 self.rhodecode_user.user_id)\ |
483 .all()] | 485 .all()] |
484 return render('admin/users/user_edit_my_account_pullrequests.html') | 486 return render('admin/users/user_edit_my_account_pullrequests.html') |
485 | 487 |
486 @NotAnonymous() | 488 @NotAnonymous() |
487 @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository') | |
488 def create_repository(self): | 489 def create_repository(self): |
489 """GET /_admin/create_repository: Form to create a new item""" | 490 """GET /_admin/create_repository: Form to create a new item""" |
491 new_repo = request.GET.get('repo', '') | |
492 parent_group = request.GET.get('parent_group') | |
493 if not HasPermissionAny('hg.admin', 'hg.create.repository')(): | |
494 #you're not super admin nor have global create permissions, | |
495 #but maybe you have at least write permission to a parent group ? | |
496 _gr = RepoGroup.get(parent_group) | |
497 gr_name = _gr.group_name if _gr else None | |
498 if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name): | |
499 raise HTTPForbidden | |
490 | 500 |
491 acl_groups = GroupList(RepoGroup.query().all(), | 501 acl_groups = GroupList(RepoGroup.query().all(), |
492 perm_set=['group.write', 'group.admin']) | 502 perm_set=['group.write', 'group.admin']) |
493 c.repo_groups = RepoGroup.groups_choices(groups=acl_groups) | 503 c.repo_groups = RepoGroup.groups_choices(groups=acl_groups) |
494 c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) | 504 c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) |
495 choices, c.landing_revs = ScmModel().get_repo_landing_revs() | 505 choices, c.landing_revs = ScmModel().get_repo_landing_revs() |
496 | 506 |
497 new_repo = request.GET.get('repo', '') | |
498 parent_group = request.GET.get('parent_group') | |
499 c.new_repo = repo_name_slug(new_repo) | 507 c.new_repo = repo_name_slug(new_repo) |
500 | 508 |
501 ## apply the defaults from defaults page | 509 ## apply the defaults from defaults page |
502 defaults = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True) | 510 defaults = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True) |
503 if parent_group: | 511 if parent_group: |
504 defaults.update({'repo_group': parent_group}) | 512 defaults.update({'repo_group': parent_group}) |
505 | 513 |
506 return htmlfill.render( | 514 return htmlfill.render( |
507 render('admin/repos/repo_add_create_repository.html'), | 515 render('admin/repos/repo_add.html'), |
508 defaults=defaults, | 516 defaults=defaults, |
509 errors={}, | 517 errors={}, |
510 prefix_error=False, | 518 prefix_error=False, |
511 encoding="UTF-8" | 519 encoding="UTF-8" |
512 ) | 520 ) |