Mercurial > kallithea
comparison rhodecode/model/repos_group.py @ 3789:32f66c839c54 beta
managing users groups enforce permissions checks.
User needs at least a read permissions on usergroup to be able
to assign it somewhere.
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Tue, 23 Apr 2013 02:55:50 +0200 |
parents | a8f520540ab0 |
children | ff57547c9cf7 |
comparison
equal
deleted
inserted
replaced
3788:d9b89874edf9 | 3789:32f66c839c54 |
---|---|
167 raise | 167 raise |
168 | 168 |
169 def _update_permissions(self, repos_group, perms_new=None, | 169 def _update_permissions(self, repos_group, perms_new=None, |
170 perms_updates=None, recursive=False): | 170 perms_updates=None, recursive=False): |
171 from rhodecode.model.repo import RepoModel | 171 from rhodecode.model.repo import RepoModel |
172 from rhodecode.lib.auth import HasUserGroupPermissionAny | |
172 if not perms_new: | 173 if not perms_new: |
173 perms_new = [] | 174 perms_new = [] |
174 if not perms_updates: | 175 if not perms_updates: |
175 perms_updates = [] | 176 perms_updates = [] |
176 | 177 |
218 if member_type == 'user': | 219 if member_type == 'user': |
219 # this updates also current one if found | 220 # this updates also current one if found |
220 _set_perm_user(obj, user=member, perm=perm) | 221 _set_perm_user(obj, user=member, perm=perm) |
221 ## set for user group | 222 ## set for user group |
222 else: | 223 else: |
223 _set_perm_group(obj, users_group=member, perm=perm) | 224 #check if we have permissions to alter this usergroup |
225 if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write', | |
226 'usergroup.admin')(member): | |
227 _set_perm_group(obj, users_group=member, perm=perm) | |
224 # set new permissions | 228 # set new permissions |
225 for member, perm, member_type in perms_new: | 229 for member, perm, member_type in perms_new: |
226 if member_type == 'user': | 230 if member_type == 'user': |
227 _set_perm_user(obj, user=member, perm=perm) | 231 _set_perm_user(obj, user=member, perm=perm) |
228 else: | 232 else: |
229 _set_perm_group(obj, users_group=member, perm=perm) | 233 #check if we have permissions to alter this usergroup |
234 if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write', | |
235 'usergroup.admin')(member): | |
236 _set_perm_group(obj, users_group=member, perm=perm) | |
230 updates.append(obj) | 237 updates.append(obj) |
231 #if it's not recursive call | 238 #if it's not recursive call |
232 # break the loop and don't proceed with other changes | 239 # break the loop and don't proceed with other changes |
233 if not recursive: | 240 if not recursive: |
234 break | 241 break |