kallithea: kallithea/controllers/admin/repo

comparison kallithea/controllers/admin/repo_groups.py @ 8991:2e1059de6751 stable

repo groups: make it possible to remove own explicit permissions, now when group owners always have admin permissions Until recently, group owners very given explicit admin permissions on repo group, and special care was taken to make sure they didn't remove themselves. Now we always give admin permissions to owners, and don't care about the explicit permissions. We no longer add them when creating groups or changing owner. There is no migration step to remove redundant permissions, but we should allow group admins to remove them. This change will thus remove the mechanism for preventing removal of own/owner permissions.

author	Mads Kiilerich <mads@kiilerich.com>
date	Tue, 09 May 2023 17:42:44 +0200
parents	abc29122c7f2
children

comparison

equal deleted inserted replaced

-:1aa109aea143
+:2e1059de6751
 for p in repo_group.users_group_to_perm:
 data.update({'g_perm_%s' % p.users_group.users_group_name:
 p.permission.permission_name})
 return data
-def _revoke_perms_on_yourself(self, form_result):
-_up = [u for u in form_result['perms_updates'] if request.authuser.username == u[0]]
-_new = [u for u in form_result['perms_new'] if request.authuser.username == u[0]]
-if _new and _new[0][1] != 'group.admin' or _up and _up[0][1] != 'group.admin':
-return True
-return False
 def index(self, format='html'):
 _list = db.RepoGroup.query(sorted=True).all()
 group_iter = RepoGroupList(_list, perm_level='admin')
 repo_groups_data = []
 """
 c.repo_group = db.RepoGroup.guess_instance(group_name)
 valid_recursive_choices = ['none', 'repos', 'groups', 'all']
 form_result = RepoGroupPermsForm(valid_recursive_choices)().to_python(request.POST)
-if not request.authuser.is_admin:
-if self._revoke_perms_on_yourself(form_result):
-msg = _('Cannot revoke permission for yourself as admin')
-webutils.flash(msg, category='warning')
-raise HTTPFound(location=url('edit_repo_group_perms', group_name=group_name))
 recursive = form_result['recursive']
 # iterate over all members(if in recursive mode) of this groups and
 # set the permissions !
 # this can be potentially heavy operation
 RepoGroupModel()._update_permissions(c.repo_group,
 if obj_type == 'user':
 obj_id = safe_int(request.POST.get('user_id'))
 elif obj_type == 'user_group':
 obj_id = safe_int(request.POST.get('user_group_id'))
-if not request.authuser.is_admin:
-if obj_type == 'user' and request.authuser.user_id == obj_id:
-msg = _('Cannot revoke permission for yourself as admin')
-webutils.flash(msg, category='warning')
-raise Exception('revoke admin permission on self')
 recursive = request.POST.get('recursive', 'none')
 if obj_type == 'user':
 RepoGroupModel().delete_permission(repo_group=group_name,
 obj=obj_id, obj_type='user',
 recursive=recursive)

Mercurial > kallithea

comparison kallithea/controllers/admin/repo_groups.py @ 8991:2e1059de6751 stable