Mercurial > kallithea
diff rhodecode/controllers/admin/settings.py @ 3333:069884383cc7 beta
Implemented #738 Giving a user WRITE+ permissions on folder should not allow repo creation in root folder.
user can create repos only if he got explicitly permission for creating repos globally, or have WRITE+ permission on a group.
Then he can create repositories inside this group
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Tue, 05 Feb 2013 03:04:46 +0100 |
parents | 72a91632b731 |
children | 1c4505e3be5b |
line wrap: on
line diff
--- a/rhodecode/controllers/admin/settings.py Tue Feb 05 01:57:37 2013 +0100 +++ b/rhodecode/controllers/admin/settings.py Tue Feb 05 03:04:46 2013 +0100 @@ -37,7 +37,8 @@ from rhodecode.lib import helpers as h from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \ - HasPermissionAnyDecorator, NotAnonymous + HasPermissionAnyDecorator, NotAnonymous, HasPermissionAny,\ + HasReposGroupPermissionAll, HasReposGroupPermissionAny from rhodecode.lib.base import BaseController, render from rhodecode.lib.celerylib import tasks, run_task from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \ @@ -54,6 +55,7 @@ from rhodecode.model.meta import Session from rhodecode.lib.utils2 import str2bool, safe_unicode from rhodecode.lib.compat import json +from webob.exc import HTTPForbidden log = logging.getLogger(__name__) @@ -484,9 +486,17 @@ return render('admin/users/user_edit_my_account_pullrequests.html') @NotAnonymous() - @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository') def create_repository(self): """GET /_admin/create_repository: Form to create a new item""" + new_repo = request.GET.get('repo', '') + parent_group = request.GET.get('parent_group') + if not HasPermissionAny('hg.admin', 'hg.create.repository')(): + #you're not super admin nor have global create permissions, + #but maybe you have at least write permission to a parent group ? + _gr = RepoGroup.get(parent_group) + gr_name = _gr.group_name if _gr else None + if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name): + raise HTTPForbidden acl_groups = GroupList(RepoGroup.query().all(), perm_set=['group.write', 'group.admin']) @@ -494,8 +504,6 @@ c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) choices, c.landing_revs = ScmModel().get_repo_landing_revs() - new_repo = request.GET.get('repo', '') - parent_group = request.GET.get('parent_group') c.new_repo = repo_name_slug(new_repo) ## apply the defaults from defaults page @@ -504,7 +512,7 @@ defaults.update({'repo_group': parent_group}) return htmlfill.render( - render('admin/repos/repo_add_create_repository.html'), + render('admin/repos/repo_add.html'), defaults=defaults, errors={}, prefix_error=False,