Mercurial > kallithea
comparison rhodecode/model/validators.py @ 3525:0cef54d34605
Pass in old groups data to CanWriteToGroup validator for later skipping group checks.
This will be a part of refactoring done to do user permissions changes without messing with main
repo form data
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Mon, 11 Mar 2013 17:59:38 +0100 |
parents | 994dfdd0c920 |
children | 3563bb7b4b82 |
comparison
equal
deleted
inserted
replaced
3509:3be4e290c42b | 3525:0cef54d34605 |
---|---|
14 NotEmpty, IPAddress, CIDR | 14 NotEmpty, IPAddress, CIDR |
15 ) | 15 ) |
16 from rhodecode.lib.compat import OrderedSet | 16 from rhodecode.lib.compat import OrderedSet |
17 from rhodecode.lib import ipaddr | 17 from rhodecode.lib import ipaddr |
18 from rhodecode.lib.utils import repo_name_slug | 18 from rhodecode.lib.utils import repo_name_slug |
19 from rhodecode.lib.utils2 import safe_int | |
19 from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\ | 20 from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\ |
20 ChangesetStatus | 21 ChangesetStatus |
21 from rhodecode.lib.exceptions import LdapImportError | 22 from rhodecode.lib.exceptions import LdapImportError |
22 from rhodecode.config.routing import ADMIN_PREFIX | 23 from rhodecode.config.routing import ADMIN_PREFIX |
23 from rhodecode.lib.auth import HasReposGroupPermissionAny | 24 from rhodecode.lib.auth import HasReposGroupPermissionAny, HasPermissionAny |
24 | 25 |
25 # silence warnings and pylint | 26 # silence warnings and pylint |
26 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \ | 27 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \ |
27 NotEmpty, IPAddress, CIDR | 28 NotEmpty, IPAddress, CIDR |
28 | 29 |
470 error_dict=dict(repo_type=msg) | 471 error_dict=dict(repo_type=msg) |
471 ) | 472 ) |
472 return _validator | 473 return _validator |
473 | 474 |
474 | 475 |
475 def CanWriteGroup(): | 476 def CanWriteGroup(old_data=None): |
476 class _validator(formencode.validators.FancyValidator): | 477 class _validator(formencode.validators.FancyValidator): |
477 messages = { | 478 messages = { |
478 'permission_denied': _(u"You don't have permissions " | 479 'permission_denied': _(u"You don't have permissions " |
479 "to create repository in this group") | 480 "to create repository in this group") |
480 } | 481 } |
481 | 482 |
482 def validate_python(self, value, state): | 483 def validate_python(self, value, state): |
483 gr = RepoGroup.get(value) | 484 gr = RepoGroup.get(value) |
484 if not HasReposGroupPermissionAny( | 485 gr_name = gr.group_name if gr else None # None means ROOT location |
485 'group.write', 'group.admin' | 486 val = HasReposGroupPermissionAny('group.write', 'group.admin') |
486 )(gr.group_name, 'get group of repo form'): | 487 can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository') |
488 forbidden = not val(gr_name, 'can write into group validator') | |
489 value_changed = old_data['repo_group'].get('group_id') != safe_int(value) | |
490 if value_changed: # do check if we changed the value | |
491 #parent group need to be existing | |
492 if gr and forbidden: | |
493 msg = M(self, 'permission_denied', state) | |
494 raise formencode.Invalid(msg, value, state, | |
495 error_dict=dict(repo_type=msg) | |
496 ) | |
497 ## check if we can write to root location ! | |
498 elif gr is None and can_create_repos() is False: | |
499 msg = M(self, 'permission_denied_root', state) | |
500 raise formencode.Invalid(msg, value, state, | |
501 error_dict=dict(repo_type=msg) | |
502 ) | |
503 | |
504 return _validator | |
505 | |
506 | |
507 def CanCreateGroup(can_create_in_root=False): | |
508 class _validator(formencode.validators.FancyValidator): | |
509 messages = { | |
510 'permission_denied': _(u"You don't have permissions " | |
511 "to create a group in this location") | |
512 } | |
513 | |
514 def to_python(self, value, state): | |
515 #root location | |
516 if value in [-1, "-1"]: | |
517 return None | |
518 return value | |
519 | |
520 def validate_python(self, value, state): | |
521 gr = RepoGroup.get(value) | |
522 gr_name = gr.group_name if gr else None # None means ROOT location | |
523 | |
524 if can_create_in_root and gr is None: | |
525 #we can create in root, we're fine no validations required | |
526 return | |
527 | |
528 forbidden_in_root = gr is None and can_create_in_root is False | |
529 val = HasReposGroupPermissionAny('group.admin') | |
530 forbidden = not val(gr_name, 'can create group validator') | |
531 if forbidden_in_root or forbidden: | |
487 msg = M(self, 'permission_denied', state) | 532 msg = M(self, 'permission_denied', state) |
488 raise formencode.Invalid(msg, value, state, | 533 raise formencode.Invalid(msg, value, state, |
489 error_dict=dict(repo_type=msg) | 534 error_dict=dict(group_parent_id=msg) |
490 ) | 535 ) |
536 | |
491 return _validator | 537 return _validator |
492 | 538 |
493 | 539 |
494 def ValidPerms(type_='repo'): | 540 def ValidPerms(type_='repo'): |
495 if type_ == 'group': | 541 if type_ == 'group': |