Mercurial > kallithea
comparison rhodecode/controllers/api/api.py @ 3898:c9f5a397c0dc beta
Updated boolean checks in API permissions calls
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Thu, 23 May 2013 00:01:00 +0200 |
| parents | 31f8c9d76a26 |
| children | 1cb0a1f82fb4 |
comparison
equal
deleted
inserted
replaced
| 3897:aaac3954ad4a | 3898:c9f5a397c0dc |
|---|---|
| 114 | 114 |
| 115 def get_repo_or_error(repoid): | 115 def get_repo_or_error(repoid): |
| 116 """ | 116 """ |
| 117 Get repo by id or name or return JsonRPCError if not found | 117 Get repo by id or name or return JsonRPCError if not found |
| 118 | 118 |
| 119 :param userid: | 119 :param repoid: |
| 120 """ | 120 """ |
| 121 repo = RepoModel().get_repo(repoid) | 121 repo = RepoModel().get_repo(repoid) |
| 122 if repo is None: | 122 if repo is None: |
| 123 raise JSONRPCError('repository `%s` does not exist' % (repoid)) | 123 raise JSONRPCError('repository `%s` does not exist' % (repoid)) |
| 124 return repo | 124 return repo |
| 213 | 213 |
| 214 :param apiuser: | 214 :param apiuser: |
| 215 :param repoid: | 215 :param repoid: |
| 216 """ | 216 """ |
| 217 repo = get_repo_or_error(repoid) | 217 repo = get_repo_or_error(repoid) |
| 218 if HasPermissionAnyApi('hg.admin')(user=apiuser) is False: | 218 if not HasPermissionAnyApi('hg.admin')(user=apiuser): |
| 219 # check if we have admin permission for this repo ! | 219 # check if we have admin permission for this repo ! |
| 220 if HasRepoPermissionAnyApi('repository.admin', | 220 if HasRepoPermissionAnyApi('repository.admin', |
| 221 'repository.write')(user=apiuser, | 221 'repository.write')(user=apiuser, |
| 222 repo_name=repo.repo_name) is False: | 222 repo_name=repo.repo_name) is False: |
| 223 raise JSONRPCError('repository `%s` does not exist' % (repoid)) | 223 raise JSONRPCError('repository `%s` does not exist' % (repoid)) |
| 229 log.error(traceback.format_exc()) | 229 log.error(traceback.format_exc()) |
| 230 raise JSONRPCError( | 230 raise JSONRPCError( |
| 231 'Error occurred during cache invalidation action' | 231 'Error occurred during cache invalidation action' |
| 232 ) | 232 ) |
| 233 | 233 |
| 234 # permission check inside | |
| 234 def lock(self, apiuser, repoid, locked=Optional(None), | 235 def lock(self, apiuser, repoid, locked=Optional(None), |
| 235 userid=Optional(OAttr('apiuser'))): | 236 userid=Optional(OAttr('apiuser'))): |
| 236 """ | 237 """ |
| 237 Set locking state on particular repository by given user, if | 238 Set locking state on particular repository by given user, if |
| 238 this command is runned by non-admin account userid is set to user | 239 this command is runned by non-admin account userid is set to user |
| 321 who is calling this method, thus returning locks for himself | 322 who is calling this method, thus returning locks for himself |
| 322 | 323 |
| 323 :param apiuser: | 324 :param apiuser: |
| 324 :param userid: | 325 :param userid: |
| 325 """ | 326 """ |
| 326 if HasPermissionAnyApi('hg.admin')(user=apiuser): | 327 |
| 327 pass | 328 if not HasPermissionAnyApi('hg.admin')(user=apiuser): |
| 328 else: | |
| 329 #make sure normal user does not pass someone else userid, | 329 #make sure normal user does not pass someone else userid, |
| 330 #he is not allowed to do that | 330 #he is not allowed to do that |
| 331 if not isinstance(userid, Optional) and userid != apiuser.user_id: | 331 if not isinstance(userid, Optional) and userid != apiuser.user_id: |
| 332 raise JSONRPCError( | 332 raise JSONRPCError( |
| 333 'userid is not the same as your user' | 333 'userid is not the same as your user' |
| 373 Get a user by username, or userid, if userid is given | 373 Get a user by username, or userid, if userid is given |
| 374 | 374 |
| 375 :param apiuser: | 375 :param apiuser: |
| 376 :param userid: | 376 :param userid: |
| 377 """ | 377 """ |
| 378 if HasPermissionAnyApi('hg.admin')(user=apiuser) is False: | 378 if not HasPermissionAnyApi('hg.admin')(user=apiuser): |
| 379 #make sure normal user does not pass someone else userid, | 379 #make sure normal user does not pass someone else userid, |
| 380 #he is not allowed to do that | 380 #he is not allowed to do that |
| 381 if not isinstance(userid, Optional) and userid != apiuser.user_id: | 381 if not isinstance(userid, Optional) and userid != apiuser.user_id: |
| 382 raise JSONRPCError( | 382 raise JSONRPCError( |
| 383 'userid is not the same as your user' | 383 'userid is not the same as your user' |
| 667 :param apiuser: | 667 :param apiuser: |
| 668 :param repoid: | 668 :param repoid: |
| 669 """ | 669 """ |
| 670 repo = get_repo_or_error(repoid) | 670 repo = get_repo_or_error(repoid) |
| 671 | 671 |
| 672 if HasPermissionAnyApi('hg.admin')(user=apiuser) is False: | 672 if not HasPermissionAnyApi('hg.admin')(user=apiuser): |
| 673 # check if we have admin permission for this repo ! | 673 # check if we have admin permission for this repo ! |
| 674 if HasRepoPermissionAnyApi('repository.admin')(user=apiuser, | 674 if not HasRepoPermissionAnyApi('repository.admin')(user=apiuser, |
| 675 repo_name=repo.repo_name) is False: | 675 repo_name=repo.repo_name): |
| 676 raise JSONRPCError('repository `%s` does not exist' % (repoid)) | 676 raise JSONRPCError('repository `%s` does not exist' % (repoid)) |
| 677 | 677 |
| 678 members = [] | 678 members = [] |
| 679 followers = [] | 679 followers = [] |
| 680 for user in repo.repo_to_perm: | 680 for user in repo.repo_to_perm: |
| 699 data = repo.get_api_data() | 699 data = repo.get_api_data() |
| 700 data['members'] = members | 700 data['members'] = members |
| 701 data['followers'] = followers | 701 data['followers'] = followers |
| 702 return data | 702 return data |
| 703 | 703 |
| 704 # permission check inside | |
| 704 def get_repos(self, apiuser): | 705 def get_repos(self, apiuser): |
| 705 """" | 706 """" |
| 706 Get all repositories | 707 Get all repositories |
| 707 | 708 |
| 708 :param apiuser: | 709 :param apiuser: |