# HG changeset patch # User Søren Løvborg # Date 1436875199 -7200 # Node ID 815bf70a88ce0096d51604f4c47996614dac7991 # Parent a38e328db17258a9509297ad802cc764417cdba3 AuthUser: simplify check_ip_allowed and drop is_ip_allowed check_ip_allowed is always called with user_id and inherit_from_default arguments taken from the same User/AuthUser object, so just take that object instead. This simplifies the is_ip_allowed method to the point where it can be removed. diff -r a38e328db172 -r 815bf70a88ce kallithea/controllers/api/__init__.py --- a/kallithea/controllers/api/__init__.py Tue Jul 14 13:59:59 2015 +0200 +++ b/kallithea/controllers/api/__init__.py Tue Jul 14 13:59:59 2015 +0200 @@ -158,9 +158,8 @@ return jsonrpc_error(retid=self._req_id, message='Invalid API key') - #check if we are allowed to use this IP auth_u = AuthUser(u.user_id, self._req_api_key) - if not auth_u.is_ip_allowed(ip_addr): + if not AuthUser.check_ip_allowed(auth_u, ip_addr): return jsonrpc_error(retid=self._req_id, message='request from IP:%s not allowed' % (ip_addr,)) else: diff -r a38e328db172 -r 815bf70a88ce kallithea/controllers/login.py --- a/kallithea/controllers/login.py Tue Jul 14 13:59:59 2015 +0200 +++ b/kallithea/controllers/login.py Tue Jul 14 13:59:59 2015 +0200 @@ -109,7 +109,7 @@ c.came_from = url('home') not_default = self.authuser.username != User.DEFAULT_USER - ip_allowed = self.authuser.is_ip_allowed(self.ip_addr) + ip_allowed = AuthUser.check_ip_allowed(self.authuser, self.ip_addr) # redirect if already logged in if self.authuser.is_authenticated and not_default and ip_allowed: diff -r a38e328db172 -r 815bf70a88ce kallithea/lib/auth.py --- a/kallithea/lib/auth.py Tue Jul 14 13:59:59 2015 +0200 +++ b/kallithea/lib/auth.py Tue Jul 14 13:59:59 2015 +0200 @@ -608,19 +608,14 @@ return [x[0] for x in self.permissions['user_groups'].iteritems() if x[1] == 'usergroup.admin'] - def is_ip_allowed(self, ip_addr): - """ - Determine if `ip_addr` is on the list of allowed IP addresses - for this user. + @staticmethod + def check_ip_allowed(user, ip_addr): """ - inherit = self.inherit_default_permissions - return AuthUser.check_ip_allowed(self.user_id, ip_addr, - inherit_from_default=inherit) - - @classmethod - def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default): - allowed_ips = AuthUser.get_allowed_ips(user_id, cache=True, - inherit_from_default=inherit_from_default) + Check if the given IP address (a `str`) is allowed for the given + user (an `AuthUser` or `db.User`). + """ + allowed_ips = AuthUser.get_allowed_ips(user.user_id, cache=True, + inherit_from_default=user.inherit_default_permissions) if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips): log.debug('IP:%s is in range of %s' % (ip_addr, allowed_ips)) return True @@ -742,8 +737,7 @@ loc = "%s:%s" % (controller.__class__.__name__, func.__name__) log.debug('Checking access for user %s @ %s' % (user, loc)) - # check if our IP is allowed - if not user.is_ip_allowed(controller.ip_addr): + if not AuthUser.check_ip_allowed(user, controller.ip_addr): return redirect_to_login(_('IP %s not allowed') % controller.ip_addr) # check if we used an API key and it's a valid one diff -r a38e328db172 -r 815bf70a88ce kallithea/lib/base.py --- a/kallithea/lib/base.py Tue Jul 14 13:59:59 2015 +0200 +++ b/kallithea/lib/base.py Tue Jul 14 13:59:59 2015 +0200 @@ -186,9 +186,7 @@ :param repo_name: repository name """ # check IP - inherit = user.inherit_default_permissions - ip_allowed = AuthUser.check_ip_allowed(user.user_id, ip_addr, - inherit_from_default=inherit) + ip_allowed = AuthUser.check_ip_allowed(user, ip_addr) if ip_allowed: log.info('Access for IP:%s allowed' % (ip_addr,)) else: