# HG changeset patch # User Mads Kiilerich # Date 1437397688 -7200 # Node ID f43dc1913984c6cf11ca7f543b49c1c2f1d987d2 # Parent 3ba2a32292ec91414fd216a7b7ac4e6626d3d162 auth: various minor cleanup diff -r 3ba2a32292ec -r f43dc1913984 kallithea/controllers/admin/repo_groups.py --- a/kallithea/controllers/admin/repo_groups.py Mon Jul 20 15:08:08 2015 +0200 +++ b/kallithea/controllers/admin/repo_groups.py Mon Jul 20 15:08:08 2015 +0200 @@ -58,7 +58,6 @@ class RepoGroupsController(BaseController): - """REST Controller styled on the Atom Publishing Protocol""" @LoginRequired() def __before__(self): diff -r 3ba2a32292ec -r f43dc1913984 kallithea/controllers/admin/repos.py --- a/kallithea/controllers/admin/repos.py Mon Jul 20 15:08:08 2015 +0200 +++ b/kallithea/controllers/admin/repos.py Mon Jul 20 15:08:08 2015 +0200 @@ -37,7 +37,7 @@ from kallithea.lib import helpers as h from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator, \ - HasRepoPermissionAllDecorator, NotAnonymous,HasPermissionAny, \ + HasRepoPermissionAllDecorator, NotAnonymous, HasPermissionAny, \ HasRepoGroupPermissionAny, HasRepoPermissionAnyDecorator from kallithea.lib.base import BaseRepoController, render from kallithea.lib.utils import action_logger, repo_name_slug, jsonify @@ -137,7 +137,7 @@ form_result = {} task_id = None try: - # CanWriteToGroup validators checks permissions of this POST + # CanWriteGroup validators checks permissions of this POST form_result = RepoForm(repo_groups=c.repo_groups_choices, landing_revs=c.landing_revs_choices)()\ .to_python(dict(request.POST)) @@ -149,6 +149,7 @@ if isinstance(task, BaseAsyncResult): task_id = task.task_id except formencode.Invalid, errors: + log.info(errors) return htmlfill.render( render('admin/repos/repo_add.html'), defaults=errors.value, @@ -290,6 +291,7 @@ changed_name, self.ip_addr, self.sa) Session().commit() except formencode.Invalid, errors: + log.info(errors) defaults = self.__load_data(repo_name) defaults.update(errors.value) c.users_array = repo_model.get_users_js() diff -r 3ba2a32292ec -r f43dc1913984 kallithea/lib/auth.py --- a/kallithea/lib/auth.py Mon Jul 20 15:08:08 2015 +0200 +++ b/kallithea/lib/auth.py Mon Jul 20 15:08:08 2015 +0200 @@ -178,8 +178,8 @@ if user_is_admin: #================================================================== - # admin user have all default rights for repositories - # and groups set to admin + # admin users have all rights; + # based on default permissions, just set everything to admin #================================================================== permissions[GLOBAL].add('hg.admin') permissions[GLOBAL].add('hg.create.write_on_repogroup.true') @@ -206,7 +206,6 @@ #================================================================== # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS #================================================================== - uid = user_id # default global permissions taken from the default user default_global_perms = UserToPerm.query()\ @@ -219,10 +218,10 @@ # defaults for repositories, taken from default user for perm in default_repo_perms: r_k = perm.UserRepoToPerm.repository.repo_name - if perm.Repository.private and not (perm.Repository.user_id == uid): + if perm.Repository.private and not (perm.Repository.user_id == user_id): # disable defaults for private repos, p = 'repository.none' - elif perm.Repository.user_id == uid: + elif perm.Repository.user_id == user_id: # set admin if owner p = 'repository.admin' else: @@ -260,7 +259,7 @@ .options(joinedload(UserGroupToPerm.permission))\ .join((UserGroupMember, UserGroupToPerm.users_group_id == UserGroupMember.users_group_id))\ - .filter(UserGroupMember.user_id == uid)\ + .filter(UserGroupMember.user_id == user_id)\ .join((UserGroup, UserGroupMember.users_group_id == UserGroup.users_group_id))\ .filter(UserGroup.users_group_active == True)\ @@ -286,7 +285,7 @@ # user specific global permissions user_perms = Session().query(UserToPerm)\ .options(joinedload(UserToPerm.permission))\ - .filter(UserToPerm.user_id == uid).all() + .filter(UserToPerm.user_id == user_id).all() if not user_inherit_default_permissions: # NEED TO IGNORE all configurable permissions and @@ -319,7 +318,7 @@ .filter(UserGroup.users_group_active == True)\ .join((UserGroupMember, UserGroupRepoToPerm.users_group_id == UserGroupMember.users_group_id))\ - .filter(UserGroupMember.user_id == uid)\ + .filter(UserGroupMember.user_id == user_id)\ .all() multiple_counter = collections.defaultdict(int) @@ -329,7 +328,7 @@ p = perm.Permission.permission_name cur_perm = permissions[RK][r_k] - if perm.Repository.user_id == uid: + if perm.Repository.user_id == user_id: # set admin if owner p = 'repository.admin' else: @@ -339,12 +338,12 @@ # user explicit permissions for repositories, overrides any specified # by the group permission - user_repo_perms = Permission.get_default_perms(uid) + user_repo_perms = Permission.get_default_perms(user_id) for perm in user_repo_perms: r_k = perm.UserRepoToPerm.repository.repo_name cur_perm = permissions[RK][r_k] # set admin if owner - if perm.Repository.user_id == uid: + if perm.Repository.user_id == user_id: p = 'repository.admin' else: p = perm.Permission.permission_name @@ -371,7 +370,7 @@ .filter(UserGroup.users_group_active == True)\ .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id == UserGroupMember.users_group_id))\ - .filter(UserGroupMember.user_id == uid)\ + .filter(UserGroupMember.user_id == user_id)\ .all() multiple_counter = collections.defaultdict(int) @@ -385,7 +384,7 @@ permissions[GK][g_k] = p # user explicit permissions for repository groups - user_repo_groups_perms = Permission.get_default_group_perms(uid) + user_repo_groups_perms = Permission.get_default_group_perms(user_id) for perm in user_repo_groups_perms: rg_k = perm.UserRepoGroupToPerm.group.group_name p = perm.Permission.permission_name @@ -406,7 +405,7 @@ == Permission.permission_id))\ .join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id == UserGroupMember.users_group_id))\ - .filter(UserGroupMember.user_id == uid)\ + .filter(UserGroupMember.user_id == user_id)\ .join((UserGroup, UserGroupMember.users_group_id == UserGroup.users_group_id), aliased=True, from_joinpoint=True)\ .filter(UserGroup.users_group_active == True)\ @@ -423,7 +422,7 @@ permissions[UK][g_k] = p #user explicit permission for user groups - user_user_groups_perms = Permission.get_default_user_group_perms(uid) + user_user_groups_perms = Permission.get_default_user_group_perms(user_id) for perm in user_user_groups_perms: u_k = perm.UserUserGroupToPerm.user_group.users_group_name p = perm.Permission.permission_name @@ -480,9 +479,9 @@ is_external_auth=False): self.user_id = user_id - self._api_key = api_key + self._api_key = api_key # API key passed as parameter - self.api_key = None + self.api_key = None # API key set by user_model.fill_data self.username = username self.name = '' self.lastname = '' diff -r 3ba2a32292ec -r f43dc1913984 kallithea/model/db.py --- a/kallithea/model/db.py Mon Jul 20 15:08:08 2015 +0200 +++ b/kallithea/model/db.py Mon Jul 20 15:08:08 2015 +0200 @@ -1742,6 +1742,7 @@ 'usergroup.read': 1, 'usergroup.write': 3, 'usergroup.admin': 4, + 'hg.repogroup.create.false': 0, 'hg.repogroup.create.true': 1, @@ -1750,6 +1751,7 @@ 'hg.fork.none': 0, 'hg.fork.repository': 1, + 'hg.create.none': 0, 'hg.create.repository': 1 }