Mercurial > kallithea
comparison rhodecode/model/repos_group.py @ 3789:32f66c839c54 beta
managing users groups enforce permissions checks.
User needs at least a read permissions on usergroup to be able
to assign it somewhere.
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Tue, 23 Apr 2013 02:55:50 +0200 |
| parents | a8f520540ab0 |
| children | ff57547c9cf7 |
comparison
equal
deleted
inserted
replaced
| 3788:d9b89874edf9 | 3789:32f66c839c54 |
|---|---|
| 167 raise | 167 raise |
| 168 | 168 |
| 169 def _update_permissions(self, repos_group, perms_new=None, | 169 def _update_permissions(self, repos_group, perms_new=None, |
| 170 perms_updates=None, recursive=False): | 170 perms_updates=None, recursive=False): |
| 171 from rhodecode.model.repo import RepoModel | 171 from rhodecode.model.repo import RepoModel |
| 172 from rhodecode.lib.auth import HasUserGroupPermissionAny | |
| 172 if not perms_new: | 173 if not perms_new: |
| 173 perms_new = [] | 174 perms_new = [] |
| 174 if not perms_updates: | 175 if not perms_updates: |
| 175 perms_updates = [] | 176 perms_updates = [] |
| 176 | 177 |
| 218 if member_type == 'user': | 219 if member_type == 'user': |
| 219 # this updates also current one if found | 220 # this updates also current one if found |
| 220 _set_perm_user(obj, user=member, perm=perm) | 221 _set_perm_user(obj, user=member, perm=perm) |
| 221 ## set for user group | 222 ## set for user group |
| 222 else: | 223 else: |
| 223 _set_perm_group(obj, users_group=member, perm=perm) | 224 #check if we have permissions to alter this usergroup |
| 225 if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write', | |
| 226 'usergroup.admin')(member): | |
| 227 _set_perm_group(obj, users_group=member, perm=perm) | |
| 224 # set new permissions | 228 # set new permissions |
| 225 for member, perm, member_type in perms_new: | 229 for member, perm, member_type in perms_new: |
| 226 if member_type == 'user': | 230 if member_type == 'user': |
| 227 _set_perm_user(obj, user=member, perm=perm) | 231 _set_perm_user(obj, user=member, perm=perm) |
| 228 else: | 232 else: |
| 229 _set_perm_group(obj, users_group=member, perm=perm) | 233 #check if we have permissions to alter this usergroup |
| 234 if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write', | |
| 235 'usergroup.admin')(member): | |
| 236 _set_perm_group(obj, users_group=member, perm=perm) | |
| 230 updates.append(obj) | 237 updates.append(obj) |
| 231 #if it's not recursive call | 238 #if it's not recursive call |
| 232 # break the loop and don't proceed with other changes | 239 # break the loop and don't proceed with other changes |
| 233 if not recursive: | 240 if not recursive: |
| 234 break | 241 break |