# HG changeset patch # User Marcin Kuzminski # Date 1277837103 -7200 # Node ID fdf9f6ee5217506b9dbe4b6f4f07a3b4e989a0aa # Parent c961b78ff0a0418ba151c7aa3111534ed166081e Implemented permissions into hg app, secured admin controllers, templates and repository specific controllers diff -r c961b78ff0a0 -r fdf9f6ee5217 pylons_app/controllers/branches.py --- a/pylons_app/controllers/branches.py Tue Jun 29 20:43:01 2010 +0200 +++ b/pylons_app/controllers/branches.py Tue Jun 29 20:45:03 2010 +0200 @@ -22,17 +22,17 @@ branches controller for pylons @author: marcink """ -from pylons import tmpl_context as c -from pylons_app.lib.auth import LoginRequired +from pylons import tmpl_context as c, request +from pylons_app.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator from pylons_app.lib.base import BaseController, render from pylons_app.model.hg_model import HgModel import logging - log = logging.getLogger(__name__) class BranchesController(BaseController): @LoginRequired() + @HasRepoPermissionAnyDecorator('repository.read', 'repository.write', 'repository.admin') def __before__(self): super(BranchesController, self).__before__() @@ -40,7 +40,7 @@ hg_model = HgModel() c.repo_info = hg_model.get_repo(c.repo_name) c.repo_branches = {} - for name, hash in c.repo_info.branches.items(): - c.repo_branches[name] = c.repo_info.get_changeset(hash) + for name, hash_ in c.repo_info.branches.items(): + c.repo_branches[name] = c.repo_info.get_changeset(hash_) return render('branches/branches.html') diff -r c961b78ff0a0 -r fdf9f6ee5217 pylons_app/controllers/changelog.py --- a/pylons_app/controllers/changelog.py Tue Jun 29 20:43:01 2010 +0200 +++ b/pylons_app/controllers/changelog.py Tue Jun 29 20:45:03 2010 +0200 @@ -2,14 +2,6 @@ # encoding: utf-8 # changelog controller for pylons # Copyright (C) 2009-2010 Marcin Kuzminski -from json import dumps -from mercurial.graphmod import colored, CHANGESET, revisions as graph_rev -from pylons import request, session, tmpl_context as c -from pylons_app.lib.auth import LoginRequired -from pylons_app.lib.base import BaseController, render -from pylons_app.model.hg_model import HgModel -from webhelpers.paginate import Page -import logging # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -30,11 +22,21 @@ changelog controller for pylons @author: marcink """ -log = logging.getLogger(__name__) +from json import dumps +from mercurial.graphmod import colored, CHANGESET, revisions as graph_rev +from pylons import request, session, tmpl_context as c +from pylons_app.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator +from pylons_app.lib.base import BaseController, render +from pylons_app.model.hg_model import HgModel +from webhelpers.paginate import Page +import logging +log = logging.getLogger(__name__) class ChangelogController(BaseController): @LoginRequired() + @HasRepoPermissionAnyDecorator('repository.read', 'repository.write', + 'repository.admin') def __before__(self): super(ChangelogController, self).__before__() diff -r c961b78ff0a0 -r fdf9f6ee5217 pylons_app/controllers/changeset.py --- a/pylons_app/controllers/changeset.py Tue Jun 29 20:43:01 2010 +0200 +++ b/pylons_app/controllers/changeset.py Tue Jun 29 20:45:03 2010 +0200 @@ -2,16 +2,6 @@ # encoding: utf-8 # changeset controller for pylons # Copyright (C) 2009-2010 Marcin Kuzminski -from pylons import tmpl_context as c, url -from pylons.controllers.util import redirect -from pylons_app.lib.auth import LoginRequired -from pylons_app.lib.base import BaseController, render -from pylons_app.model.hg_model import HgModel -from vcs.exceptions import RepositoryError -from vcs.nodes import FileNode -from vcs.utils import diffs as differ -import logging -import traceback # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -32,13 +22,24 @@ changeset controller for pylons @author: marcink """ - +from pylons import tmpl_context as c, url, request +from pylons.controllers.util import redirect +from pylons_app.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator +from pylons_app.lib.base import BaseController, render +from pylons_app.model.hg_model import HgModel +from vcs.exceptions import RepositoryError +from vcs.nodes import FileNode +from vcs.utils import diffs as differ +import logging +import traceback log = logging.getLogger(__name__) class ChangesetController(BaseController): @LoginRequired() + @HasRepoPermissionAnyDecorator('repository.read', 'repository.write', + 'repository.admin') def __before__(self): super(ChangesetController, self).__before__() diff -r c961b78ff0a0 -r fdf9f6ee5217 pylons_app/controllers/files.py --- a/pylons_app/controllers/files.py Tue Jun 29 20:43:01 2010 +0200 +++ b/pylons_app/controllers/files.py Tue Jun 29 20:45:03 2010 +0200 @@ -2,20 +2,7 @@ # encoding: utf-8 # files controller for pylons # Copyright (C) 2009-2010 Marcin Kuzminski -from mercurial import archival -from pylons import request, response, session, tmpl_context as c, url -from pylons.controllers.util import redirect -from pylons_app.lib.auth import LoginRequired -from pylons_app.lib.base import BaseController, render -from pylons_app.lib.utils import EmptyChangeset -from pylons_app.model.hg_model import HgModel -from vcs.exceptions import RepositoryError, ChangesetError -from vcs.nodes import FileNode -from vcs.utils import diffs as differ -import logging -import pylons_app.lib.helpers as h -import tempfile - + # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; version 2 @@ -35,13 +22,27 @@ files controller for pylons @author: marcink """ - +from mercurial import archival +from pylons import request, response, session, tmpl_context as c, url +from pylons.controllers.util import redirect +from pylons_app.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator +from pylons_app.lib.base import BaseController, render +from pylons_app.lib.utils import EmptyChangeset, get_repo_slug +from pylons_app.model.hg_model import HgModel +from vcs.exceptions import RepositoryError, ChangesetError +from vcs.nodes import FileNode +from vcs.utils import diffs as differ +import logging +import pylons_app.lib.helpers as h +import tempfile log = logging.getLogger(__name__) class FilesController(BaseController): @LoginRequired() + @HasRepoPermissionAnyDecorator('repository.read', 'repository.write', + 'repository.admin') def __before__(self): super(FilesController, self).__before__() diff -r c961b78ff0a0 -r fdf9f6ee5217 pylons_app/controllers/permissions.py --- a/pylons_app/controllers/permissions.py Tue Jun 29 20:43:01 2010 +0200 +++ b/pylons_app/controllers/permissions.py Tue Jun 29 20:45:03 2010 +0200 @@ -44,7 +44,7 @@ # map.resource('permission', 'permissions') @LoginRequired() - @HasPermissionAllDecorator('hg.admin') + #@HasPermissionAllDecorator('hg.admin') def __before__(self): c.admin_user = session.get('admin_user') c.admin_username = session.get('admin_username') diff -r c961b78ff0a0 -r fdf9f6ee5217 pylons_app/controllers/repos.py --- a/pylons_app/controllers/repos.py Tue Jun 29 20:43:01 2010 +0200 +++ b/pylons_app/controllers/repos.py Tue Jun 29 20:45:03 2010 +0200 @@ -21,21 +21,19 @@ admin controller for pylons @author: marcink """ +from formencode import htmlfill from operator import itemgetter -from pylons import request, response, session, tmpl_context as c, url, \ - app_globals as g +from pylons import request, response, session, tmpl_context as c, url from pylons.controllers.util import abort, redirect from pylons.i18n.translation import _ from pylons_app.lib import helpers as h -from pylons_app.lib.auth import LoginRequired +from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator from pylons_app.lib.base import BaseController, render from pylons_app.lib.utils import invalidate_cache -from pylons_app.model.repo_model import RepoModel +from pylons_app.model.forms import RepoForm from pylons_app.model.hg_model import HgModel -from pylons_app.model.forms import RepoForm -from pylons_app.model.meta import Session +from pylons_app.model.repo_model import RepoModel import formencode -from formencode import htmlfill import logging log = logging.getLogger(__name__) @@ -44,7 +42,9 @@ # To properly map this controller, ensure your config/routing.py # file has a resource setup: # map.resource('repo', 'repos') + @LoginRequired() + @HasPermissionAllDecorator('hg.admin') def __before__(self): c.admin_user = session.get('admin_user') c.admin_username = session.get('admin_username') @@ -104,7 +104,8 @@ form_result = _form.to_python(dict(request.POST)) repo_model.update(repo_name, form_result) invalidate_cache('cached_repo_list') - h.flash(_('Repository %s updated succesfully' % repo_name), category='success') + h.flash(_('Repository %s updated succesfully' % repo_name), + category='success') except formencode.Invalid as errors: c.repo_info = repo_model.get(repo_name) @@ -135,7 +136,8 @@ h.flash(_('%s repository is not mapped to db perhaps' ' it was moved or renamed from the filesystem' ' please run the application again' - ' in order to rescan repositories') % repo_name, category='error') + ' in order to rescan repositories') % repo_name, + category='error') return redirect(url('repos')) try: @@ -175,7 +177,8 @@ h.flash(_('%s repository is not mapped to db perhaps' ' it was created or renamed from the filesystem' ' please run the application again' - ' in order to rescan repositories') % repo_name, category='error') + ' in order to rescan repositories') % repo_name, + category='error') return redirect(url('repos')) defaults = c.repo_info.__dict__ diff -r c961b78ff0a0 -r fdf9f6ee5217 pylons_app/controllers/shortlog.py --- a/pylons_app/controllers/shortlog.py Tue Jun 29 20:43:01 2010 +0200 +++ b/pylons_app/controllers/shortlog.py Tue Jun 29 20:45:03 2010 +0200 @@ -23,17 +23,18 @@ @author: marcink """ from pylons import tmpl_context as c, request -from pylons_app.lib.auth import LoginRequired +from pylons_app.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator from pylons_app.lib.base import BaseController, render from pylons_app.model.hg_model import HgModel from webhelpers.paginate import Page import logging - log = logging.getLogger(__name__) class ShortlogController(BaseController): @LoginRequired() + @HasRepoPermissionAnyDecorator('repository.read', 'repository.write', + 'repository.admin') def __before__(self): super(ShortlogController, self).__before__() diff -r c961b78ff0a0 -r fdf9f6ee5217 pylons_app/controllers/summary.py --- a/pylons_app/controllers/summary.py Tue Jun 29 20:43:01 2010 +0200 +++ b/pylons_app/controllers/summary.py Tue Jun 29 20:45:03 2010 +0200 @@ -23,20 +23,21 @@ @author: marcink """ from pylons import tmpl_context as c, request -from pylons_app.lib.auth import LoginRequired +from pylons_app.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator from pylons_app.lib.base import BaseController, render from pylons_app.model.hg_model import HgModel from webhelpers.paginate import Page import logging - log = logging.getLogger(__name__) class SummaryController(BaseController): @LoginRequired() + @HasRepoPermissionAnyDecorator('repository.read', 'repository.write', + 'repository.admin') def __before__(self): super(SummaryController, self).__before__() - + def index(self): hg_model = HgModel() c.repo_info = hg_model.get_repo(c.repo_name) diff -r c961b78ff0a0 -r fdf9f6ee5217 pylons_app/controllers/tags.py --- a/pylons_app/controllers/tags.py Tue Jun 29 20:43:01 2010 +0200 +++ b/pylons_app/controllers/tags.py Tue Jun 29 20:45:03 2010 +0200 @@ -22,17 +22,17 @@ tags controller for pylons @author: marcink """ -from pylons import tmpl_context as c -from pylons_app.lib.auth import LoginRequired +from pylons import tmpl_context as c, request +from pylons_app.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator from pylons_app.lib.base import BaseController, render from pylons_app.model.hg_model import HgModel import logging - log = logging.getLogger(__name__) class TagsController(BaseController): @LoginRequired() + @HasRepoPermissionAnyDecorator('repository.read', 'repository.write', 'repository.admin') def __before__(self): super(TagsController, self).__before__() diff -r c961b78ff0a0 -r fdf9f6ee5217 pylons_app/controllers/users.py --- a/pylons_app/controllers/users.py Tue Jun 29 20:43:01 2010 +0200 +++ b/pylons_app/controllers/users.py Tue Jun 29 20:45:03 2010 +0200 @@ -31,7 +31,7 @@ from pylons_app.lib.base import BaseController, render from pylons_app.model.db import User, UserLog from pylons_app.model.forms import UserForm -from pylons_app.model.user_model import UserModel +from pylons_app.model.user_model import UserModel, DefaultUserException import formencode import logging @@ -125,10 +125,11 @@ try: user_model.delete(id) h.flash(_('sucessfully deleted user'), category='success') + except DefaultUserException as e: + h.flash(str(e), category='warning') except Exception: h.flash(_('An error occured during deletion of user'), - category='error') - + category='error') return redirect(url('users')) def show(self, id, format='html'): @@ -140,6 +141,11 @@ """GET /users/id/edit: Form to edit an existing item""" # url('edit_user', id=ID) c.user = self.sa.query(User).get(id) + if c.user.username == 'default': + h.flash(_("You can't edit this user since it's" + " crucial for entire application"), category='warning') + return redirect(url('users')) + defaults = c.user.__dict__ return htmlfill.render( render('admin/users/user_edit.html'), diff -r c961b78ff0a0 -r fdf9f6ee5217 pylons_app/templates/base/base.html --- a/pylons_app/templates/base/base.html Tue Jun 29 20:43:01 2010 +0200 +++ b/pylons_app/templates/base/base.html Tue Jun 29 20:45:03 2010 +0200 @@ -106,13 +106,17 @@
  • ${h.link_to(_('branches'),h.url('branches_home',repo_name=c.repo_name))}
  • ${h.link_to(_('tags'),h.url('tags_home',repo_name=c.repo_name))}
  • ${h.link_to(_('files'),h.url('files_home',repo_name=c.repo_name))}
    • -
  • ${h.link_to(_('settings'),h.url('edit_repo',repo_name=c.repo_name))}
    • + %if h.HasRepoPermissionAll('repository.admin')(c.repo_name): +
  • ${h.link_to(_('settings'),h.url('edit_repo',repo_name=c.repo_name))}
    • + %endif %else: ##Root menu
    • ${h.link_to(_('Home'),h.url('/'))}
      • -
    • ${h.link_to(_('Admin'),h.url('admin_home'))}
      • + %if h.HasPermissionAll('hg.admin')('access admin main page'): +
    • ${h.link_to(_('Admin'),h.url('admin_home'))}
      • + %endif
    • ${h.link_to(u'Logout',h.url('logout_home'))}
    %endif @@ -129,7 +133,7 @@
    • ${h.link_to(u'repos',h.url('repos'),class_='repos')}
    • ${h.link_to(u'users',h.url('users'),class_='users')}
      • -
    • ${h.link_to(u'permissions',h.url('permissions'),class_='permissions')}
      • + ##comented for now
    • ${h.link_to(u'permissions',h.url('permissions'),class_='permissions')}
    %endif diff -r c961b78ff0a0 -r fdf9f6ee5217 pylons_app/templates/index.html --- a/pylons_app/templates/index.html Tue Jun 29 20:43:01 2010 +0200 +++ b/pylons_app/templates/index.html Tue Jun 29 20:45:03 2010 +0200 @@ -31,6 +31,7 @@ ${_('Atom')} %for cnt,repo in enumerate(c.repos_list): + %if h.HasRepoPermissionAny('repository.write','repository.read','repository.admin')(repo['name'],'main page check'): ${h.link_to(repo['name'], h.url('summary_home',repo_name=repo['name']))} @@ -48,6 +49,7 @@ + %endif %endfor