Mercurial > kallithea
diff rhodecode/controllers/api/api.py @ 3898:c9f5a397c0dc beta
Updated boolean checks in API permissions calls
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Thu, 23 May 2013 00:01:00 +0200 |
parents | 31f8c9d76a26 |
children | 1cb0a1f82fb4 |
line wrap: on
line diff
--- a/rhodecode/controllers/api/api.py Wed May 22 23:41:52 2013 +0200 +++ b/rhodecode/controllers/api/api.py Thu May 23 00:01:00 2013 +0200 @@ -116,7 +116,7 @@ """ Get repo by id or name or return JsonRPCError if not found - :param userid: + :param repoid: """ repo = RepoModel().get_repo(repoid) if repo is None: @@ -215,7 +215,7 @@ :param repoid: """ repo = get_repo_or_error(repoid) - if HasPermissionAnyApi('hg.admin')(user=apiuser) is False: + if not HasPermissionAnyApi('hg.admin')(user=apiuser): # check if we have admin permission for this repo ! if HasRepoPermissionAnyApi('repository.admin', 'repository.write')(user=apiuser, @@ -231,6 +231,7 @@ 'Error occurred during cache invalidation action' ) + # permission check inside def lock(self, apiuser, repoid, locked=Optional(None), userid=Optional(OAttr('apiuser'))): """ @@ -323,9 +324,8 @@ :param apiuser: :param userid: """ - if HasPermissionAnyApi('hg.admin')(user=apiuser): - pass - else: + + if not HasPermissionAnyApi('hg.admin')(user=apiuser): #make sure normal user does not pass someone else userid, #he is not allowed to do that if not isinstance(userid, Optional) and userid != apiuser.user_id: @@ -375,7 +375,7 @@ :param apiuser: :param userid: """ - if HasPermissionAnyApi('hg.admin')(user=apiuser) is False: + if not HasPermissionAnyApi('hg.admin')(user=apiuser): #make sure normal user does not pass someone else userid, #he is not allowed to do that if not isinstance(userid, Optional) and userid != apiuser.user_id: @@ -669,10 +669,10 @@ """ repo = get_repo_or_error(repoid) - if HasPermissionAnyApi('hg.admin')(user=apiuser) is False: + if not HasPermissionAnyApi('hg.admin')(user=apiuser): # check if we have admin permission for this repo ! - if HasRepoPermissionAnyApi('repository.admin')(user=apiuser, - repo_name=repo.repo_name) is False: + if not HasRepoPermissionAnyApi('repository.admin')(user=apiuser, + repo_name=repo.repo_name): raise JSONRPCError('repository `%s` does not exist' % (repoid)) members = [] @@ -701,6 +701,7 @@ data['followers'] = followers return data + # permission check inside def get_repos(self, apiuser): """" Get all repositories