Mercurial > kallithea
diff rhodecode/model/validators.py @ 3372:157231a4fcb7 beta
move permission check of write access to repo groups inside a form.
- it's runned via create/edit/fork forms
- in case we have disabled repo creation, it will check root location write access for people that are not super admins, or have explicity create repo permission
- in case there's a group value passed to form, it checks just admin or write access
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Fri, 15 Feb 2013 01:27:18 +0100 |
parents | 72a91632b731 |
children | b8f929bff7e3 |
line wrap: on
line diff
--- a/rhodecode/model/validators.py Fri Feb 15 00:53:47 2013 +0100 +++ b/rhodecode/model/validators.py Fri Feb 15 01:27:18 2013 +0100 @@ -20,7 +20,7 @@ ChangesetStatus from rhodecode.lib.exceptions import LdapImportError from rhodecode.config.routing import ADMIN_PREFIX -from rhodecode.lib.auth import HasReposGroupPermissionAny +from rhodecode.lib.auth import HasReposGroupPermissionAny, HasPermissionAny # silence warnings and pylint UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \ @@ -472,10 +472,12 @@ class _validator(formencode.validators.FancyValidator): messages = { 'permission_denied': _(u"You don't have permissions " - "to create repository in this group") + "to create repository in this group"), + 'permission_denied_root': _(u"no permission to create repository " + "in root location") } - def to_python(self, value, state): + def _to_python(self, value, state): #root location if value in [-1, "-1"]: return None @@ -485,6 +487,7 @@ gr = RepoGroup.get(value) gr_name = gr.group_name if gr else None # None means ROOT location val = HasReposGroupPermissionAny('group.write', 'group.admin') + can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository') forbidden = not val(gr_name, 'can write into group validator') #parent group need to be existing if gr and forbidden: @@ -492,6 +495,13 @@ raise formencode.Invalid(msg, value, state, error_dict=dict(repo_type=msg) ) + ## check if we can write to root location ! + elif gr is None and can_create_repos() is False: + msg = M(self, 'permission_denied_root', state) + raise formencode.Invalid(msg, value, state, + error_dict=dict(repo_type=msg) + ) + return _validator