# HG changeset patch # User Marcin Kuzminski # Date 1360888038 -3600 # Node ID 157231a4fcb7fa06b042fb2655e0f08322d5346c # Parent 199fd214b2132bcede9c8a40d8d23dc35a0131b3 move permission check of write access to repo groups inside a form. - it's runned via create/edit/fork forms - in case we have disabled repo creation, it will check root location write access for people that are not super admins, or have explicity create repo permission - in case there's a group value passed to form, it checks just admin or write access diff -r 199fd214b213 -r 157231a4fcb7 rhodecode/controllers/admin/repos.py --- a/rhodecode/controllers/admin/repos.py Fri Feb 15 00:53:47 2013 +0100 +++ b/rhodecode/controllers/admin/repos.py Fri Feb 15 01:27:18 2013 +0100 @@ -160,19 +160,6 @@ form_result = RepoForm(repo_groups=c.repo_groups_choices, landing_revs=c.landing_revs_choices)()\ .to_python(dict(request.POST)) - #we check ACLs after form, since we want to display nicer errors - #if form forbids creation of repos inside a group we don't have - #perms for - if not HasPermissionAny('hg.admin', 'hg.create.repository')(): - #you're not super admin nor have global create permissions, - #but maybe you have at least write permission to a parent group ? - parent_group = request.POST.get('repo_group') - _gr = RepoGroup.get(parent_group) - gr_name = _gr.group_name if _gr else None - if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name): - msg = _('no permission to create repository in root location') - raise formencode.Invalid('', form_result, None, - error_dict={'repo_group': msg}) new_repo = RepoModel().create(form_result, self.rhodecode_user.user_id) diff -r 199fd214b213 -r 157231a4fcb7 rhodecode/model/validators.py --- a/rhodecode/model/validators.py Fri Feb 15 00:53:47 2013 +0100 +++ b/rhodecode/model/validators.py Fri Feb 15 01:27:18 2013 +0100 @@ -20,7 +20,7 @@ ChangesetStatus from rhodecode.lib.exceptions import LdapImportError from rhodecode.config.routing import ADMIN_PREFIX -from rhodecode.lib.auth import HasReposGroupPermissionAny +from rhodecode.lib.auth import HasReposGroupPermissionAny, HasPermissionAny # silence warnings and pylint UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \ @@ -472,10 +472,12 @@ class _validator(formencode.validators.FancyValidator): messages = { 'permission_denied': _(u"You don't have permissions " - "to create repository in this group") + "to create repository in this group"), + 'permission_denied_root': _(u"no permission to create repository " + "in root location") } - def to_python(self, value, state): + def _to_python(self, value, state): #root location if value in [-1, "-1"]: return None @@ -485,6 +487,7 @@ gr = RepoGroup.get(value) gr_name = gr.group_name if gr else None # None means ROOT location val = HasReposGroupPermissionAny('group.write', 'group.admin') + can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository') forbidden = not val(gr_name, 'can write into group validator') #parent group need to be existing if gr and forbidden: @@ -492,6 +495,13 @@ raise formencode.Invalid(msg, value, state, error_dict=dict(repo_type=msg) ) + ## check if we can write to root location ! + elif gr is None and can_create_repos() is False: + msg = M(self, 'permission_denied_root', state) + raise formencode.Invalid(msg, value, state, + error_dict=dict(repo_type=msg) + ) + return _validator