Mercurial > kallithea
diff rhodecode/model/repos_group.py @ 3789:32f66c839c54 beta
managing users groups enforce permissions checks.
User needs at least a read permissions on usergroup to be able
to assign it somewhere.
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Tue, 23 Apr 2013 02:55:50 +0200 |
| parents | a8f520540ab0 |
| children | ff57547c9cf7 |
line wrap: on
line diff
--- a/rhodecode/model/repos_group.py Tue Apr 23 02:18:31 2013 +0200 +++ b/rhodecode/model/repos_group.py Tue Apr 23 02:55:50 2013 +0200 @@ -169,6 +169,7 @@ def _update_permissions(self, repos_group, perms_new=None, perms_updates=None, recursive=False): from rhodecode.model.repo import RepoModel + from rhodecode.lib.auth import HasUserGroupPermissionAny if not perms_new: perms_new = [] if not perms_updates: @@ -220,13 +221,19 @@ _set_perm_user(obj, user=member, perm=perm) ## set for user group else: - _set_perm_group(obj, users_group=member, perm=perm) + #check if we have permissions to alter this usergroup + if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write', + 'usergroup.admin')(member): + _set_perm_group(obj, users_group=member, perm=perm) # set new permissions for member, perm, member_type in perms_new: if member_type == 'user': _set_perm_user(obj, user=member, perm=perm) else: - _set_perm_group(obj, users_group=member, perm=perm) + #check if we have permissions to alter this usergroup + if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write', + 'usergroup.admin')(member): + _set_perm_group(obj, users_group=member, perm=perm) updates.append(obj) #if it's not recursive call # break the loop and don't proceed with other changes