Mercurial > kallithea
diff rhodecode/model/validators.py @ 3525:0cef54d34605
Pass in old groups data to CanWriteToGroup validator for later skipping group checks.
This will be a part of refactoring done to do user permissions changes without messing with main
repo form data
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Mon, 11 Mar 2013 17:59:38 +0100 |
| parents | 994dfdd0c920 |
| children | 3563bb7b4b82 |
line wrap: on
line diff
--- a/rhodecode/model/validators.py Sun Mar 10 20:10:51 2013 +0100 +++ b/rhodecode/model/validators.py Mon Mar 11 17:59:38 2013 +0100 @@ -16,11 +16,12 @@ from rhodecode.lib.compat import OrderedSet from rhodecode.lib import ipaddr from rhodecode.lib.utils import repo_name_slug +from rhodecode.lib.utils2 import safe_int from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\ ChangesetStatus from rhodecode.lib.exceptions import LdapImportError from rhodecode.config.routing import ADMIN_PREFIX -from rhodecode.lib.auth import HasReposGroupPermissionAny +from rhodecode.lib.auth import HasReposGroupPermissionAny, HasPermissionAny # silence warnings and pylint UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \ @@ -472,7 +473,7 @@ return _validator -def CanWriteGroup(): +def CanWriteGroup(old_data=None): class _validator(formencode.validators.FancyValidator): messages = { 'permission_denied': _(u"You don't have permissions " @@ -481,13 +482,58 @@ def validate_python(self, value, state): gr = RepoGroup.get(value) - if not HasReposGroupPermissionAny( - 'group.write', 'group.admin' - )(gr.group_name, 'get group of repo form'): + gr_name = gr.group_name if gr else None # None means ROOT location + val = HasReposGroupPermissionAny('group.write', 'group.admin') + can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository') + forbidden = not val(gr_name, 'can write into group validator') + value_changed = old_data['repo_group'].get('group_id') != safe_int(value) + if value_changed: # do check if we changed the value + #parent group need to be existing + if gr and forbidden: + msg = M(self, 'permission_denied', state) + raise formencode.Invalid(msg, value, state, + error_dict=dict(repo_type=msg) + ) + ## check if we can write to root location ! + elif gr is None and can_create_repos() is False: + msg = M(self, 'permission_denied_root', state) + raise formencode.Invalid(msg, value, state, + error_dict=dict(repo_type=msg) + ) + + return _validator + + +def CanCreateGroup(can_create_in_root=False): + class _validator(formencode.validators.FancyValidator): + messages = { + 'permission_denied': _(u"You don't have permissions " + "to create a group in this location") + } + + def to_python(self, value, state): + #root location + if value in [-1, "-1"]: + return None + return value + + def validate_python(self, value, state): + gr = RepoGroup.get(value) + gr_name = gr.group_name if gr else None # None means ROOT location + + if can_create_in_root and gr is None: + #we can create in root, we're fine no validations required + return + + forbidden_in_root = gr is None and can_create_in_root is False + val = HasReposGroupPermissionAny('group.admin') + forbidden = not val(gr_name, 'can create group validator') + if forbidden_in_root or forbidden: msg = M(self, 'permission_denied', state) raise formencode.Invalid(msg, value, state, - error_dict=dict(repo_type=msg) + error_dict=dict(group_parent_id=msg) ) + return _validator