Mercurial > kallithea
comparison rhodecode/model/validators.py @ 3525:0cef54d34605
Pass in old groups data to CanWriteToGroup validator for later skipping group checks.
This will be a part of refactoring done to do user permissions changes without messing with main
repo form data
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Mon, 11 Mar 2013 17:59:38 +0100 |
| parents | 994dfdd0c920 |
| children | 3563bb7b4b82 |
comparison
equal
deleted
inserted
replaced
| 3509:3be4e290c42b | 3525:0cef54d34605 |
|---|---|
| 14 NotEmpty, IPAddress, CIDR | 14 NotEmpty, IPAddress, CIDR |
| 15 ) | 15 ) |
| 16 from rhodecode.lib.compat import OrderedSet | 16 from rhodecode.lib.compat import OrderedSet |
| 17 from rhodecode.lib import ipaddr | 17 from rhodecode.lib import ipaddr |
| 18 from rhodecode.lib.utils import repo_name_slug | 18 from rhodecode.lib.utils import repo_name_slug |
| 19 from rhodecode.lib.utils2 import safe_int | |
| 19 from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\ | 20 from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\ |
| 20 ChangesetStatus | 21 ChangesetStatus |
| 21 from rhodecode.lib.exceptions import LdapImportError | 22 from rhodecode.lib.exceptions import LdapImportError |
| 22 from rhodecode.config.routing import ADMIN_PREFIX | 23 from rhodecode.config.routing import ADMIN_PREFIX |
| 23 from rhodecode.lib.auth import HasReposGroupPermissionAny | 24 from rhodecode.lib.auth import HasReposGroupPermissionAny, HasPermissionAny |
| 24 | 25 |
| 25 # silence warnings and pylint | 26 # silence warnings and pylint |
| 26 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \ | 27 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \ |
| 27 NotEmpty, IPAddress, CIDR | 28 NotEmpty, IPAddress, CIDR |
| 28 | 29 |
| 470 error_dict=dict(repo_type=msg) | 471 error_dict=dict(repo_type=msg) |
| 471 ) | 472 ) |
| 472 return _validator | 473 return _validator |
| 473 | 474 |
| 474 | 475 |
| 475 def CanWriteGroup(): | 476 def CanWriteGroup(old_data=None): |
| 476 class _validator(formencode.validators.FancyValidator): | 477 class _validator(formencode.validators.FancyValidator): |
| 477 messages = { | 478 messages = { |
| 478 'permission_denied': _(u"You don't have permissions " | 479 'permission_denied': _(u"You don't have permissions " |
| 479 "to create repository in this group") | 480 "to create repository in this group") |
| 480 } | 481 } |
| 481 | 482 |
| 482 def validate_python(self, value, state): | 483 def validate_python(self, value, state): |
| 483 gr = RepoGroup.get(value) | 484 gr = RepoGroup.get(value) |
| 484 if not HasReposGroupPermissionAny( | 485 gr_name = gr.group_name if gr else None # None means ROOT location |
| 485 'group.write', 'group.admin' | 486 val = HasReposGroupPermissionAny('group.write', 'group.admin') |
| 486 )(gr.group_name, 'get group of repo form'): | 487 can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository') |
| 488 forbidden = not val(gr_name, 'can write into group validator') | |
| 489 value_changed = old_data['repo_group'].get('group_id') != safe_int(value) | |
| 490 if value_changed: # do check if we changed the value | |
| 491 #parent group need to be existing | |
| 492 if gr and forbidden: | |
| 493 msg = M(self, 'permission_denied', state) | |
| 494 raise formencode.Invalid(msg, value, state, | |
| 495 error_dict=dict(repo_type=msg) | |
| 496 ) | |
| 497 ## check if we can write to root location ! | |
| 498 elif gr is None and can_create_repos() is False: | |
| 499 msg = M(self, 'permission_denied_root', state) | |
| 500 raise formencode.Invalid(msg, value, state, | |
| 501 error_dict=dict(repo_type=msg) | |
| 502 ) | |
| 503 | |
| 504 return _validator | |
| 505 | |
| 506 | |
| 507 def CanCreateGroup(can_create_in_root=False): | |
| 508 class _validator(formencode.validators.FancyValidator): | |
| 509 messages = { | |
| 510 'permission_denied': _(u"You don't have permissions " | |
| 511 "to create a group in this location") | |
| 512 } | |
| 513 | |
| 514 def to_python(self, value, state): | |
| 515 #root location | |
| 516 if value in [-1, "-1"]: | |
| 517 return None | |
| 518 return value | |
| 519 | |
| 520 def validate_python(self, value, state): | |
| 521 gr = RepoGroup.get(value) | |
| 522 gr_name = gr.group_name if gr else None # None means ROOT location | |
| 523 | |
| 524 if can_create_in_root and gr is None: | |
| 525 #we can create in root, we're fine no validations required | |
| 526 return | |
| 527 | |
| 528 forbidden_in_root = gr is None and can_create_in_root is False | |
| 529 val = HasReposGroupPermissionAny('group.admin') | |
| 530 forbidden = not val(gr_name, 'can create group validator') | |
| 531 if forbidden_in_root or forbidden: | |
| 487 msg = M(self, 'permission_denied', state) | 532 msg = M(self, 'permission_denied', state) |
| 488 raise formencode.Invalid(msg, value, state, | 533 raise formencode.Invalid(msg, value, state, |
| 489 error_dict=dict(repo_type=msg) | 534 error_dict=dict(group_parent_id=msg) |
| 490 ) | 535 ) |
| 536 | |
| 491 return _validator | 537 return _validator |
| 492 | 538 |
| 493 | 539 |
| 494 def ValidPerms(type_='repo'): | 540 def ValidPerms(type_='repo'): |
| 495 if type_ == 'group': | 541 if type_ == 'group': |