Mercurial > kallithea
diff rhodecode/model/users_group.py @ 3789:32f66c839c54 beta
managing users groups enforce permissions checks.
User needs at least a read permissions on usergroup to be able
to assign it somewhere.
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Tue, 23 Apr 2013 02:55:50 +0200 |
| parents | d9b89874edf9 |
| children |
line wrap: on
line diff
--- a/rhodecode/model/users_group.py Tue Apr 23 02:18:31 2013 +0200 +++ b/rhodecode/model/users_group.py Tue Apr 23 02:55:50 2013 +0200 @@ -63,6 +63,7 @@ def _update_permissions(self, user_group, perms_new=None, perms_updates=None): + from rhodecode.lib.auth import HasUserGroupPermissionAny if not perms_new: perms_new = [] if not perms_updates: @@ -76,9 +77,12 @@ user_group=user_group, user=member, perm=perm ) else: - self.grant_users_group_permission( - target_user_group=user_group, user_group=member, perm=perm - ) + #check if we have permissions to alter this usergroup + if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write', + 'usergroup.admin')(member): + self.grant_users_group_permission( + target_user_group=user_group, user_group=member, perm=perm + ) # set new permissions for member, perm, member_type in perms_new: if member_type == 'user': @@ -86,9 +90,12 @@ user_group=user_group, user=member, perm=perm ) else: - self.grant_users_group_permission( - target_user_group=user_group, user_group=member, perm=perm - ) + #check if we have permissions to alter this usergroup + if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write', + 'usergroup.admin')(member): + self.grant_users_group_permission( + target_user_group=user_group, user_group=member, perm=perm + ) def get(self, users_group_id, cache=False): return UserGroup.get(users_group_id)