Mercurial > kallithea

comparison rhodecode/model/validators.py @ 3372:157231a4fcb7 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
move permission check of write access to repo groups inside a form. - it's runned via create/edit/fork forms - in case we have disabled repo creation, it will check root location write access for people that are not super admins, or have explicity create repo permission - in case there's a group value passed to form, it checks just admin or write access
author Marcin Kuzminski <marcin@python-works.com>
date Fri, 15 Feb 2013 01:27:18 +0100
parents 72a91632b731
children b8f929bff7e3
comparison
equal deleted inserted replaced
3371:199fd214b213 3372:157231a4fcb7
18 from rhodecode.lib.utils import repo_name_slug 18 from rhodecode.lib.utils import repo_name_slug
19 from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\ 19 from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\
20 ChangesetStatus 20 ChangesetStatus
21 from rhodecode.lib.exceptions import LdapImportError 21 from rhodecode.lib.exceptions import LdapImportError
22 from rhodecode.config.routing import ADMIN_PREFIX 22 from rhodecode.config.routing import ADMIN_PREFIX
23 from rhodecode.lib.auth import HasReposGroupPermissionAny 23 from rhodecode.lib.auth import HasReposGroupPermissionAny, HasPermissionAny
24 24
25 # silence warnings and pylint 25 # silence warnings and pylint
26 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \ 26 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \
27 NotEmpty, IPAddress, CIDR 27 NotEmpty, IPAddress, CIDR
28 28
470 470
471 def CanWriteGroup(): 471 def CanWriteGroup():
472 class _validator(formencode.validators.FancyValidator): 472 class _validator(formencode.validators.FancyValidator):
473 messages = { 473 messages = {
474 'permission_denied': _(u"You don't have permissions " 474 'permission_denied': _(u"You don't have permissions "
475 "to create repository in this group") 475 "to create repository in this group"),
476 } 476 'permission_denied_root': _(u"no permission to create repository "
477 477 "in root location")
478 def to_python(self, value, state): 478 }
479
480 def _to_python(self, value, state):
479 #root location 481 #root location
480 if value in [-1, "-1"]: 482 if value in [-1, "-1"]:
481 return None 483 return None
482 return value 484 return value
483 485
484 def validate_python(self, value, state): 486 def validate_python(self, value, state):
485 gr = RepoGroup.get(value) 487 gr = RepoGroup.get(value)
486 gr_name = gr.group_name if gr else None # None means ROOT location 488 gr_name = gr.group_name if gr else None # None means ROOT location
487 val = HasReposGroupPermissionAny('group.write', 'group.admin') 489 val = HasReposGroupPermissionAny('group.write', 'group.admin')
490 can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository')
488 forbidden = not val(gr_name, 'can write into group validator') 491 forbidden = not val(gr_name, 'can write into group validator')
489 #parent group need to be existing 492 #parent group need to be existing
490 if gr and forbidden: 493 if gr and forbidden:
491 msg = M(self, 'permission_denied', state) 494 msg = M(self, 'permission_denied', state)
492 raise formencode.Invalid(msg, value, state, 495 raise formencode.Invalid(msg, value, state,
493 error_dict=dict(repo_type=msg) 496 error_dict=dict(repo_type=msg)
494 ) 497 )
498 ## check if we can write to root location !
499 elif gr is None and can_create_repos() is False:
500 msg = M(self, 'permission_denied_root', state)
501 raise formencode.Invalid(msg, value, state,
502 error_dict=dict(repo_type=msg)
503 )
504
495 return _validator 505 return _validator
496 506
497 507
498 def CanCreateGroup(can_create_in_root=False): 508 def CanCreateGroup(can_create_in_root=False):
499 class _validator(formencode.validators.FancyValidator): 509 class _validator(formencode.validators.FancyValidator):