Mercurial > kallithea
comparison rhodecode/controllers/api/api.py @ 3898:c9f5a397c0dc beta
Updated boolean checks in API permissions calls
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Thu, 23 May 2013 00:01:00 +0200 |
parents | 31f8c9d76a26 |
children | 1cb0a1f82fb4 |
comparison
equal
deleted
inserted
replaced
3897:aaac3954ad4a | 3898:c9f5a397c0dc |
---|---|
114 | 114 |
115 def get_repo_or_error(repoid): | 115 def get_repo_or_error(repoid): |
116 """ | 116 """ |
117 Get repo by id or name or return JsonRPCError if not found | 117 Get repo by id or name or return JsonRPCError if not found |
118 | 118 |
119 :param userid: | 119 :param repoid: |
120 """ | 120 """ |
121 repo = RepoModel().get_repo(repoid) | 121 repo = RepoModel().get_repo(repoid) |
122 if repo is None: | 122 if repo is None: |
123 raise JSONRPCError('repository `%s` does not exist' % (repoid)) | 123 raise JSONRPCError('repository `%s` does not exist' % (repoid)) |
124 return repo | 124 return repo |
213 | 213 |
214 :param apiuser: | 214 :param apiuser: |
215 :param repoid: | 215 :param repoid: |
216 """ | 216 """ |
217 repo = get_repo_or_error(repoid) | 217 repo = get_repo_or_error(repoid) |
218 if HasPermissionAnyApi('hg.admin')(user=apiuser) is False: | 218 if not HasPermissionAnyApi('hg.admin')(user=apiuser): |
219 # check if we have admin permission for this repo ! | 219 # check if we have admin permission for this repo ! |
220 if HasRepoPermissionAnyApi('repository.admin', | 220 if HasRepoPermissionAnyApi('repository.admin', |
221 'repository.write')(user=apiuser, | 221 'repository.write')(user=apiuser, |
222 repo_name=repo.repo_name) is False: | 222 repo_name=repo.repo_name) is False: |
223 raise JSONRPCError('repository `%s` does not exist' % (repoid)) | 223 raise JSONRPCError('repository `%s` does not exist' % (repoid)) |
229 log.error(traceback.format_exc()) | 229 log.error(traceback.format_exc()) |
230 raise JSONRPCError( | 230 raise JSONRPCError( |
231 'Error occurred during cache invalidation action' | 231 'Error occurred during cache invalidation action' |
232 ) | 232 ) |
233 | 233 |
234 # permission check inside | |
234 def lock(self, apiuser, repoid, locked=Optional(None), | 235 def lock(self, apiuser, repoid, locked=Optional(None), |
235 userid=Optional(OAttr('apiuser'))): | 236 userid=Optional(OAttr('apiuser'))): |
236 """ | 237 """ |
237 Set locking state on particular repository by given user, if | 238 Set locking state on particular repository by given user, if |
238 this command is runned by non-admin account userid is set to user | 239 this command is runned by non-admin account userid is set to user |
321 who is calling this method, thus returning locks for himself | 322 who is calling this method, thus returning locks for himself |
322 | 323 |
323 :param apiuser: | 324 :param apiuser: |
324 :param userid: | 325 :param userid: |
325 """ | 326 """ |
326 if HasPermissionAnyApi('hg.admin')(user=apiuser): | 327 |
327 pass | 328 if not HasPermissionAnyApi('hg.admin')(user=apiuser): |
328 else: | |
329 #make sure normal user does not pass someone else userid, | 329 #make sure normal user does not pass someone else userid, |
330 #he is not allowed to do that | 330 #he is not allowed to do that |
331 if not isinstance(userid, Optional) and userid != apiuser.user_id: | 331 if not isinstance(userid, Optional) and userid != apiuser.user_id: |
332 raise JSONRPCError( | 332 raise JSONRPCError( |
333 'userid is not the same as your user' | 333 'userid is not the same as your user' |
373 Get a user by username, or userid, if userid is given | 373 Get a user by username, or userid, if userid is given |
374 | 374 |
375 :param apiuser: | 375 :param apiuser: |
376 :param userid: | 376 :param userid: |
377 """ | 377 """ |
378 if HasPermissionAnyApi('hg.admin')(user=apiuser) is False: | 378 if not HasPermissionAnyApi('hg.admin')(user=apiuser): |
379 #make sure normal user does not pass someone else userid, | 379 #make sure normal user does not pass someone else userid, |
380 #he is not allowed to do that | 380 #he is not allowed to do that |
381 if not isinstance(userid, Optional) and userid != apiuser.user_id: | 381 if not isinstance(userid, Optional) and userid != apiuser.user_id: |
382 raise JSONRPCError( | 382 raise JSONRPCError( |
383 'userid is not the same as your user' | 383 'userid is not the same as your user' |
667 :param apiuser: | 667 :param apiuser: |
668 :param repoid: | 668 :param repoid: |
669 """ | 669 """ |
670 repo = get_repo_or_error(repoid) | 670 repo = get_repo_or_error(repoid) |
671 | 671 |
672 if HasPermissionAnyApi('hg.admin')(user=apiuser) is False: | 672 if not HasPermissionAnyApi('hg.admin')(user=apiuser): |
673 # check if we have admin permission for this repo ! | 673 # check if we have admin permission for this repo ! |
674 if HasRepoPermissionAnyApi('repository.admin')(user=apiuser, | 674 if not HasRepoPermissionAnyApi('repository.admin')(user=apiuser, |
675 repo_name=repo.repo_name) is False: | 675 repo_name=repo.repo_name): |
676 raise JSONRPCError('repository `%s` does not exist' % (repoid)) | 676 raise JSONRPCError('repository `%s` does not exist' % (repoid)) |
677 | 677 |
678 members = [] | 678 members = [] |
679 followers = [] | 679 followers = [] |
680 for user in repo.repo_to_perm: | 680 for user in repo.repo_to_perm: |
699 data = repo.get_api_data() | 699 data = repo.get_api_data() |
700 data['members'] = members | 700 data['members'] = members |
701 data['followers'] = followers | 701 data['followers'] = followers |
702 return data | 702 return data |
703 | 703 |
704 # permission check inside | |
704 def get_repos(self, apiuser): | 705 def get_repos(self, apiuser): |
705 """" | 706 """" |
706 Get all repositories | 707 Get all repositories |
707 | 708 |
708 :param apiuser: | 709 :param apiuser: |