Mercurial > kallithea
comparison rhodecode/model/validators.py @ 3372:157231a4fcb7 beta
move permission check of write access to repo groups inside a form.
- it's runned via create/edit/fork forms
- in case we have disabled repo creation, it will check root location write access for people that are not super admins, or have explicity create repo permission
- in case there's a group value passed to form, it checks just admin or write access
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Fri, 15 Feb 2013 01:27:18 +0100 |
parents | 72a91632b731 |
children | b8f929bff7e3 |
comparison
equal
deleted
inserted
replaced
3371:199fd214b213 | 3372:157231a4fcb7 |
---|---|
18 from rhodecode.lib.utils import repo_name_slug | 18 from rhodecode.lib.utils import repo_name_slug |
19 from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\ | 19 from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\ |
20 ChangesetStatus | 20 ChangesetStatus |
21 from rhodecode.lib.exceptions import LdapImportError | 21 from rhodecode.lib.exceptions import LdapImportError |
22 from rhodecode.config.routing import ADMIN_PREFIX | 22 from rhodecode.config.routing import ADMIN_PREFIX |
23 from rhodecode.lib.auth import HasReposGroupPermissionAny | 23 from rhodecode.lib.auth import HasReposGroupPermissionAny, HasPermissionAny |
24 | 24 |
25 # silence warnings and pylint | 25 # silence warnings and pylint |
26 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \ | 26 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \ |
27 NotEmpty, IPAddress, CIDR | 27 NotEmpty, IPAddress, CIDR |
28 | 28 |
470 | 470 |
471 def CanWriteGroup(): | 471 def CanWriteGroup(): |
472 class _validator(formencode.validators.FancyValidator): | 472 class _validator(formencode.validators.FancyValidator): |
473 messages = { | 473 messages = { |
474 'permission_denied': _(u"You don't have permissions " | 474 'permission_denied': _(u"You don't have permissions " |
475 "to create repository in this group") | 475 "to create repository in this group"), |
476 } | 476 'permission_denied_root': _(u"no permission to create repository " |
477 | 477 "in root location") |
478 def to_python(self, value, state): | 478 } |
479 | |
480 def _to_python(self, value, state): | |
479 #root location | 481 #root location |
480 if value in [-1, "-1"]: | 482 if value in [-1, "-1"]: |
481 return None | 483 return None |
482 return value | 484 return value |
483 | 485 |
484 def validate_python(self, value, state): | 486 def validate_python(self, value, state): |
485 gr = RepoGroup.get(value) | 487 gr = RepoGroup.get(value) |
486 gr_name = gr.group_name if gr else None # None means ROOT location | 488 gr_name = gr.group_name if gr else None # None means ROOT location |
487 val = HasReposGroupPermissionAny('group.write', 'group.admin') | 489 val = HasReposGroupPermissionAny('group.write', 'group.admin') |
490 can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository') | |
488 forbidden = not val(gr_name, 'can write into group validator') | 491 forbidden = not val(gr_name, 'can write into group validator') |
489 #parent group need to be existing | 492 #parent group need to be existing |
490 if gr and forbidden: | 493 if gr and forbidden: |
491 msg = M(self, 'permission_denied', state) | 494 msg = M(self, 'permission_denied', state) |
492 raise formencode.Invalid(msg, value, state, | 495 raise formencode.Invalid(msg, value, state, |
493 error_dict=dict(repo_type=msg) | 496 error_dict=dict(repo_type=msg) |
494 ) | 497 ) |
498 ## check if we can write to root location ! | |
499 elif gr is None and can_create_repos() is False: | |
500 msg = M(self, 'permission_denied_root', state) | |
501 raise formencode.Invalid(msg, value, state, | |
502 error_dict=dict(repo_type=msg) | |
503 ) | |
504 | |
495 return _validator | 505 return _validator |
496 | 506 |
497 | 507 |
498 def CanCreateGroup(can_create_in_root=False): | 508 def CanCreateGroup(can_create_in_root=False): |
499 class _validator(formencode.validators.FancyValidator): | 509 class _validator(formencode.validators.FancyValidator): |