Mercurial > kallithea

diff rhodecode/model/validators.py @ 3372:157231a4fcb7 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
move permission check of write access to repo groups inside a form. - it's runned via create/edit/fork forms - in case we have disabled repo creation, it will check root location write access for people that are not super admins, or have explicity create repo permission - in case there's a group value passed to form, it checks just admin or write access
author Marcin Kuzminski <marcin@python-works.com>
date Fri, 15 Feb 2013 01:27:18 +0100
parents 72a91632b731
children b8f929bff7e3
line wrap: on
line diff
--- a/rhodecode/model/validators.py	Fri Feb 15 00:53:47 2013 +0100
+++ b/rhodecode/model/validators.py	Fri Feb 15 01:27:18 2013 +0100
@@ -20,7 +20,7 @@
     ChangesetStatus
 from rhodecode.lib.exceptions import LdapImportError
 from rhodecode.config.routing import ADMIN_PREFIX
-from rhodecode.lib.auth import HasReposGroupPermissionAny
+from rhodecode.lib.auth import HasReposGroupPermissionAny, HasPermissionAny
 
 # silence warnings and pylint
 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \
@@ -472,10 +472,12 @@
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'permission_denied': _(u"You don't have permissions "
-                                   "to create repository in this group")
+                                   "to create repository in this group"),
+            'permission_denied_root': _(u"no permission to create repository "
+                                        "in root location")
         }
 
-        def to_python(self, value, state):
+        def _to_python(self, value, state):
             #root location
             if value in [-1, "-1"]:
                 return None
@@ -485,6 +487,7 @@
             gr = RepoGroup.get(value)
             gr_name = gr.group_name if gr else None  # None means ROOT location
             val = HasReposGroupPermissionAny('group.write', 'group.admin')
+            can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository')
             forbidden = not val(gr_name, 'can write into group validator')
             #parent group need to be existing
             if gr and forbidden:
@@ -492,6 +495,13 @@
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(repo_type=msg)
                 )
+            ## check if we can write to root location !
+            elif gr is None and can_create_repos() is False:
+                msg = M(self, 'permission_denied_root', state)
+                raise formencode.Invalid(msg, value, state,
+                    error_dict=dict(repo_type=msg)
+                )
+
     return _validator