Mercurial > kallithea
changeset 6063:09bcde0eee6d
auth: remove HasPermissionAll and variants
First, find all calls to HasPermissionAll with only a single permission
given, and convert to equivalent calls to HasPermissionAny.
Next, observe that it's hard to envision situations requiring multiple
permissions (of the same scope: global/repo/repo group) to be satisfied.
Sufficiently hard that there are actually no such examples in the code.
Finally, considering that (should it ever be needed) HasPermissionAll
can be trivially built as a conjunction of HasPermissionAny calls (the
decorators, too) with only a small performance impact, simply remove
HasPermissionAll and related classes and functions.
| author | Søren Løvborg <sorenl@unity3d.com> |
|---|---|
| date | Thu, 28 Jul 2016 13:57:16 +0200 |
| parents | 1952682be9f8 |
| children | 9a35244c35b6 |
| files | kallithea/controllers/admin/admin.py kallithea/controllers/admin/auth_settings.py kallithea/controllers/admin/defaults.py kallithea/controllers/admin/permissions.py kallithea/controllers/admin/repo_groups.py kallithea/controllers/admin/repos.py kallithea/controllers/admin/settings.py kallithea/controllers/admin/users.py kallithea/controllers/api/api.py kallithea/lib/auth.py kallithea/lib/helpers.py kallithea/model/scm.py kallithea/templates/base/base.html kallithea/templates/summary/statistics.html kallithea/templates/summary/summary.html |
| diffstat | 15 files changed, 67 insertions(+), 227 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/admin/admin.py Thu Jul 28 13:46:04 2016 +0200 +++ b/kallithea/controllers/admin/admin.py Thu Jul 28 13:57:16 2016 +0200 @@ -36,7 +36,7 @@ from sqlalchemy.sql.expression import or_, and_, func from kallithea.model.db import UserLog -from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator +from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator from kallithea.lib.base import BaseController, render from kallithea.lib.utils2 import safe_int, remove_prefix, remove_suffix from kallithea.lib.indexers import JOURNAL_SCHEMA @@ -123,7 +123,7 @@ def __before__(self): super(AdminController, self).__before__() - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def index(self): users_log = UserLog.query() \ .options(joinedload(UserLog.user)) \
--- a/kallithea/controllers/admin/auth_settings.py Thu Jul 28 13:46:04 2016 +0200 +++ b/kallithea/controllers/admin/auth_settings.py Thu Jul 28 13:57:16 2016 +0200 @@ -34,7 +34,7 @@ from kallithea.lib import helpers as h from kallithea.lib.compat import formatted_json from kallithea.lib.base import BaseController, render -from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator +from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator from kallithea.lib import auth_modules from kallithea.model.forms import AuthSettingsForm from kallithea.model.db import Setting @@ -46,7 +46,7 @@ class AuthSettingsController(BaseController): @LoginRequired() - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def __before__(self): super(AuthSettingsController, self).__before__()
--- a/kallithea/controllers/admin/defaults.py Thu Jul 28 13:46:04 2016 +0200 +++ b/kallithea/controllers/admin/defaults.py Thu Jul 28 13:57:16 2016 +0200 @@ -35,7 +35,7 @@ from webob.exc import HTTPFound from kallithea.lib import helpers as h -from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator +from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator from kallithea.lib.base import BaseController, render from kallithea.model.forms import DefaultsForm from kallithea.model.meta import Session @@ -52,7 +52,7 @@ # map.resource('default', 'defaults') @LoginRequired() - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def __before__(self): super(DefaultsController, self).__before__()
--- a/kallithea/controllers/admin/permissions.py Thu Jul 28 13:46:04 2016 +0200 +++ b/kallithea/controllers/admin/permissions.py Thu Jul 28 13:57:16 2016 +0200 @@ -36,7 +36,7 @@ from webob.exc import HTTPFound from kallithea.lib import helpers as h -from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator +from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator from kallithea.lib.base import BaseController, render from kallithea.model.forms import DefaultPermissionsForm from kallithea.model.permission import PermissionModel @@ -53,7 +53,7 @@ # map.resource('permission', 'permissions') @LoginRequired() - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def __before__(self): super(PermissionsController, self).__before__()
--- a/kallithea/controllers/admin/repo_groups.py Thu Jul 28 13:46:04 2016 +0200 +++ b/kallithea/controllers/admin/repo_groups.py Thu Jul 28 13:57:16 2016 +0200 @@ -40,8 +40,8 @@ from kallithea.lib import helpers as h from kallithea.lib.compat import json from kallithea.lib.auth import LoginRequired, \ - HasRepoGroupPermissionAnyDecorator, HasRepoGroupPermissionAll, \ - HasPermissionAll + HasRepoGroupPermissionAnyDecorator, HasRepoGroupPermissionAny, \ + HasPermissionAny from kallithea.lib.base import BaseController, render from kallithea.model.db import RepoGroup, Repository from kallithea.model.scm import RepoGroupList, AvailableRepoGroupChoices @@ -196,7 +196,7 @@ def new(self): """GET /repo_groups/new: Form to create a new item""" # url('new_repos_group') - if HasPermissionAll('hg.admin')('group create'): + if HasPermissionAny('hg.admin')('group create'): #we're global admin, we're ok and we can create TOP level groups pass else: @@ -205,7 +205,7 @@ group_id = safe_int(request.GET.get('parent_group')) group = RepoGroup.get(group_id) if group_id else None group_name = group.group_name if group else None - if HasRepoGroupPermissionAll('group.admin')(group_name, 'group create'): + if HasRepoGroupPermissionAny('group.admin')(group_name, 'group create'): pass else: raise HTTPForbidden() @@ -228,7 +228,7 @@ exclude=[c.repo_group]) # TODO: kill allow_empty_group - it is only used for redundant form validation! - if HasPermissionAll('hg.admin')('group edit'): + if HasPermissionAny('hg.admin')('group edit'): #we're global admin, we're ok and we can create TOP level groups allow_empty_group = True elif not c.repo_group.parent_group:
--- a/kallithea/controllers/admin/repos.py Thu Jul 28 13:46:04 2016 +0200 +++ b/kallithea/controllers/admin/repos.py Thu Jul 28 13:57:16 2016 +0200 @@ -36,8 +36,7 @@ from kallithea.lib import helpers as h from kallithea.lib.auth import LoginRequired, \ - HasRepoPermissionAllDecorator, NotAnonymous, HasPermissionAny, \ - HasRepoPermissionAnyDecorator + HasRepoPermissionAnyDecorator, NotAnonymous, HasPermissionAny from kallithea.lib.base import BaseRepoController, render from kallithea.lib.utils import action_logger, jsonify from kallithea.lib.vcs import RepositoryError @@ -226,7 +225,7 @@ return {'result': True} return {'result': False} - @HasRepoPermissionAllDecorator('repository.admin') + @HasRepoPermissionAnyDecorator('repository.admin') def update(self, repo_name): """ PUT /repos/repo_name: Update an existing item""" @@ -283,7 +282,7 @@ % repo_name, category='error') raise HTTPFound(location=url('edit_repo', repo_name=changed_name)) - @HasRepoPermissionAllDecorator('repository.admin') + @HasRepoPermissionAnyDecorator('repository.admin') def delete(self, repo_name): """ DELETE /repos/repo_name: Delete an existing item""" @@ -329,7 +328,7 @@ raise HTTPFound(location=url('repos_group_home', group_name=repo.group.group_name)) raise HTTPFound(location=url('repos')) - @HasRepoPermissionAllDecorator('repository.admin') + @HasRepoPermissionAnyDecorator('repository.admin') def edit(self, repo_name): """GET /repo_name/settings: Form to edit an existing item""" # url('edit_repo', repo_name=ID) @@ -345,7 +344,7 @@ encoding="UTF-8", force_defaults=False) - @HasRepoPermissionAllDecorator('repository.admin') + @HasRepoPermissionAnyDecorator('repository.admin') def edit_permissions(self, repo_name): """GET /repo_name/settings: Form to edit an existing item""" # url('edit_repo', repo_name=ID) @@ -398,7 +397,7 @@ category='error') raise HTTPInternalServerError() - @HasRepoPermissionAllDecorator('repository.admin') + @HasRepoPermissionAnyDecorator('repository.admin') def edit_fields(self, repo_name): """GET /repo_name/settings: Form to edit an existing item""" # url('edit_repo', repo_name=ID) @@ -411,7 +410,7 @@ raise HTTPFound(location=url('repo_edit_fields')) return render('admin/repos/repo_edit.html') - @HasRepoPermissionAllDecorator('repository.admin') + @HasRepoPermissionAnyDecorator('repository.admin') def create_repo_field(self, repo_name): try: form_result = RepoFieldForm()().to_python(dict(request.POST)) @@ -432,7 +431,7 @@ h.flash(msg, category='error') raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name)) - @HasRepoPermissionAllDecorator('repository.admin') + @HasRepoPermissionAnyDecorator('repository.admin') def delete_repo_field(self, repo_name, field_id): field = RepositoryField.get_or_404(field_id) try: @@ -444,7 +443,7 @@ h.flash(msg, category='error') raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name)) - @HasRepoPermissionAllDecorator('repository.admin') + @HasRepoPermissionAnyDecorator('repository.admin') def edit_advanced(self, repo_name): """GET /repo_name/settings: Form to edit an existing item""" # url('edit_repo', repo_name=ID) @@ -474,7 +473,7 @@ encoding="UTF-8", force_defaults=False) - @HasRepoPermissionAllDecorator('repository.admin') + @HasRepoPermissionAnyDecorator('repository.admin') def edit_advanced_journal(self, repo_name): """ Sets this repository to be visible in public journal, @@ -497,7 +496,7 @@ raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name)) - @HasRepoPermissionAllDecorator('repository.admin') + @HasRepoPermissionAnyDecorator('repository.admin') def edit_advanced_fork(self, repo_name): """ Mark given repository as a fork of another @@ -522,7 +521,7 @@ raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name)) - @HasRepoPermissionAllDecorator('repository.admin') + @HasRepoPermissionAnyDecorator('repository.admin') def edit_advanced_locking(self, repo_name): """ Unlock repository when it is locked ! @@ -568,7 +567,7 @@ category='error') raise HTTPFound(location=url('summary_home', repo_name=repo_name)) - @HasRepoPermissionAllDecorator('repository.admin') + @HasRepoPermissionAnyDecorator('repository.admin') def edit_caches(self, repo_name): """GET /repo_name/settings: Form to edit an existing item""" # url('edit_repo', repo_name=ID) @@ -588,7 +587,7 @@ raise HTTPFound(location=url('edit_repo_caches', repo_name=c.repo_name)) return render('admin/repos/repo_edit.html') - @HasRepoPermissionAllDecorator('repository.admin') + @HasRepoPermissionAnyDecorator('repository.admin') def edit_remote(self, repo_name): """GET /repo_name/settings: Form to edit an existing item""" # url('edit_repo', repo_name=ID) @@ -605,7 +604,7 @@ raise HTTPFound(location=url('edit_repo_remote', repo_name=c.repo_name)) return render('admin/repos/repo_edit.html') - @HasRepoPermissionAllDecorator('repository.admin') + @HasRepoPermissionAnyDecorator('repository.admin') def edit_statistics(self, repo_name): """GET /repo_name/settings: Form to edit an existing item""" # url('edit_repo', repo_name=ID)
--- a/kallithea/controllers/admin/settings.py Thu Jul 28 13:46:04 2016 +0200 +++ b/kallithea/controllers/admin/settings.py Thu Jul 28 13:57:16 2016 +0200 @@ -35,7 +35,7 @@ from webob.exc import HTTPFound from kallithea.lib import helpers as h -from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator +from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator from kallithea.lib.base import BaseController, render from kallithea.lib.celerylib import tasks, run_task from kallithea.lib.exceptions import HgsubversionImportError @@ -82,7 +82,7 @@ settings[k] = v return settings - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def settings_vcs(self): """GET /admin/settings: All items in the collection""" # url('admin_settings') @@ -160,7 +160,7 @@ encoding="UTF-8", force_defaults=False) - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def settings_mapping(self): """GET /admin/settings/mapping: All items in the collection""" # url('admin_settings_mapping') @@ -200,7 +200,7 @@ encoding="UTF-8", force_defaults=False) - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def settings_global(self): """GET /admin/settings/global: All items in the collection""" # url('admin_settings_global') @@ -260,7 +260,7 @@ encoding="UTF-8", force_defaults=False) - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def settings_visual(self): """GET /admin/settings/visual: All items in the collection""" # url('admin_settings_visual') @@ -318,7 +318,7 @@ encoding="UTF-8", force_defaults=False) - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def settings_email(self): """GET /admin/settings/email: All items in the collection""" # url('admin_settings_email') @@ -359,7 +359,7 @@ encoding="UTF-8", force_defaults=False) - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def settings_hooks(self): """GET /admin/settings/hooks: All items in the collection""" # url('admin_settings_hooks') @@ -410,7 +410,7 @@ encoding="UTF-8", force_defaults=False) - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def settings_search(self): """GET /admin/settings/search: All items in the collection""" # url('admin_settings_search') @@ -431,7 +431,7 @@ encoding="UTF-8", force_defaults=False) - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def settings_system(self): """GET /admin/settings/system: All items in the collection""" # url('admin_settings_system') @@ -453,7 +453,7 @@ encoding="UTF-8", force_defaults=False) - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def settings_system_update(self): """GET /admin/settings/system/updates: All items in the collection""" # url('admin_settings_system_update')
--- a/kallithea/controllers/admin/users.py Thu Jul 28 13:46:04 2016 +0200 +++ b/kallithea/controllers/admin/users.py Thu Jul 28 13:57:16 2016 +0200 @@ -39,7 +39,7 @@ from kallithea.lib.exceptions import DefaultUserException, \ UserOwnsReposException, UserCreationError from kallithea.lib import helpers as h -from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator, \ +from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator, \ AuthUser from kallithea.lib import auth_modules from kallithea.lib.auth_modules import auth_internal @@ -61,7 +61,7 @@ """REST Controller styled on the Atom Publishing Protocol""" @LoginRequired() - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def __before__(self): super(UsersController, self).__before__() c.available_permissions = config['available_permissions']
--- a/kallithea/controllers/api/api.py Thu Jul 28 13:46:04 2016 +0200 +++ b/kallithea/controllers/api/api.py Thu Jul 28 13:57:16 2016 +0200 @@ -33,7 +33,7 @@ from kallithea import EXTERN_TYPE_INTERNAL from kallithea.controllers.api import JSONRPCController, JSONRPCError from kallithea.lib.auth import ( - PasswordGenerator, AuthUser, HasPermissionAllDecorator, + PasswordGenerator, AuthUser, HasPermissionAnyDecorator, HasPermissionAnyDecorator, HasPermissionAnyApi, HasRepoPermissionAnyApi, HasRepoGroupPermissionAnyApi, HasUserGroupPermissionAny) from kallithea.lib.utils import map_groups, repo2db_mapper @@ -159,11 +159,11 @@ """ - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def test(self, apiuser, args): return args - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def pull(self, apiuser, repoid): """ Triggers a pull from remote location on given repo. Can be used to @@ -209,7 +209,7 @@ 'Unable to pull changes from `%s`' % repo.repo_name ) - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def rescan_repos(self, apiuser, remove_obsolete=Optional(False)): """ Triggers rescan repositories action. If remove_obsolete is set @@ -470,7 +470,7 @@ return ret - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def get_ip(self, apiuser, userid=Optional(OAttr('apiuser'))): """ Shows IP address as seen from Kallithea server, together with all @@ -511,7 +511,7 @@ # alias for old show_ip = get_ip - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def get_server_info(self, apiuser): """ return server info, including Kallithea version and installed packages @@ -592,7 +592,7 @@ data['permissions'] = AuthUser(user_id=user.user_id).permissions return data - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def get_users(self, apiuser): """ Lists all existing users. This command can be executed only using api_key @@ -616,7 +616,7 @@ result.append(user.get_api_data()) return result - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def create_user(self, apiuser, username, email, password=Optional(''), firstname=Optional(''), lastname=Optional(''), active=Optional(True), admin=Optional(False), @@ -702,7 +702,7 @@ log.error(traceback.format_exc()) raise JSONRPCError('failed to create user `%s`' % (username,)) - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def update_user(self, apiuser, userid, username=Optional(None), email=Optional(None), password=Optional(None), firstname=Optional(None), lastname=Optional(None), @@ -785,7 +785,7 @@ log.error(traceback.format_exc()) raise JSONRPCError('failed to update user `%s`' % (userid,)) - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def delete_user(self, apiuser, userid): """ deletes given user if such user exists. This command can @@ -1767,7 +1767,7 @@ 'failed to delete repository `%s`' % (repo.repo_name,) ) - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def grant_user_permission(self, apiuser, repoid, userid, perm): """ Grant permission for user on given repository, or update existing one @@ -1814,7 +1814,7 @@ ) ) - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def revoke_user_permission(self, apiuser, repoid, userid): """ Revoke permission for user on given repository. This command can be executed @@ -1985,7 +1985,7 @@ ) ) - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def get_repo_group(self, apiuser, repogroupid): """ Returns given repo group together with permissions, and repositories @@ -2023,7 +2023,7 @@ data["members"] = members return data - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def get_repo_groups(self, apiuser): """ Returns all repository groups @@ -2036,7 +2036,7 @@ result.append(repo_group.get_api_data()) return result - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def create_repo_group(self, apiuser, group_name, description=Optional(''), owner=Optional(OAttr('apiuser')), parent=Optional(None), @@ -2105,7 +2105,7 @@ log.error(traceback.format_exc()) raise JSONRPCError('failed to create repo group `%s`' % (group_name,)) - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def update_repo_group(self, apiuser, repogroupid, group_name=Optional(''), description=Optional(''), owner=Optional(OAttr('apiuser')), @@ -2131,7 +2131,7 @@ raise JSONRPCError('failed to update repository group `%s`' % (repogroupid,)) - @HasPermissionAllDecorator('hg.admin') + @HasPermissionAnyDecorator('hg.admin') def delete_repo_group(self, apiuser, repogroupid): """
--- a/kallithea/lib/auth.py Thu Jul 28 13:46:04 2016 +0200 +++ b/kallithea/lib/auth.py Thu Jul 28 13:57:16 2016 +0200 @@ -859,18 +859,6 @@ raise Exception('You have to write this function in child class') -class HasPermissionAllDecorator(PermsDecorator): - """ - Checks for access permission for all given predicates. All of them - have to be meet in order to fulfill the request - """ - - def check_permissions(self): - if self.required_perms.issubset(self.user_perms.get('global')): - return True - return False - - class HasPermissionAnyDecorator(PermsDecorator): """ Checks for access permission for any of given predicates. In order to @@ -883,23 +871,6 @@ return False -class HasRepoPermissionAllDecorator(PermsDecorator): - """ - Checks for access permission for all given predicates for specific - repository. All of them have to be meet in order to fulfill the request - """ - - def check_permissions(self): - repo_name = get_repo_slug(request) - try: - user_perms = set([self.user_perms['repositories'][repo_name]]) - except KeyError: - return False - if self.required_perms.issubset(user_perms): - return True - return False - - class HasRepoPermissionAnyDecorator(PermsDecorator): """ Checks for access permission for any of given predicates for specific @@ -918,24 +889,6 @@ return False -class HasRepoGroupPermissionAllDecorator(PermsDecorator): - """ - Checks for access permission for all given predicates for specific - repository group. All of them have to be meet in order to fulfill the request - """ - - def check_permissions(self): - group_name = get_repo_group_slug(request) - try: - user_perms = set([self.user_perms['repositories_groups'][group_name]]) - except KeyError: - return False - - if self.required_perms.issubset(user_perms): - return True - return False - - class HasRepoGroupPermissionAnyDecorator(PermsDecorator): """ Checks for access permission for any of given predicates for specific @@ -954,24 +907,6 @@ return False -class HasUserGroupPermissionAllDecorator(PermsDecorator): - """ - Checks for access permission for all given predicates for specific - user group. All of them have to be meet in order to fulfill the request - """ - - def check_permissions(self): - group_name = get_user_group_slug(request) - try: - user_perms = set([self.user_perms['user_groups'][group_name]]) - except KeyError: - return False - - if self.required_perms.issubset(user_perms): - return True - return False - - class HasUserGroupPermissionAnyDecorator(PermsDecorator): """ Checks for access permission for any of given predicates for specific @@ -1020,11 +955,8 @@ cls_name = self.__class__.__name__ check_scope = { - 'HasPermissionAll': '', 'HasPermissionAny': '', - 'HasRepoPermissionAll': 'repo:%s' % self.repo_name, 'HasRepoPermissionAny': 'repo:%s' % self.repo_name, - 'HasRepoGroupPermissionAll': 'group:%s' % self.group_name, 'HasRepoGroupPermissionAny': 'group:%s' % self.group_name, }.get(cls_name, '?') log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name, @@ -1051,13 +983,6 @@ raise Exception('You have to write this function in child class') -class HasPermissionAll(PermsFunction): - def check_permissions(self): - if self.required_perms.issubset(self.user_perms.get('global')): - return True - return False - - class HasPermissionAny(PermsFunction): def check_permissions(self): if self.required_perms.intersection(self.user_perms.get('global')): @@ -1065,26 +990,6 @@ return False -class HasRepoPermissionAll(PermsFunction): - def __call__(self, repo_name=None, check_location='', user=None): - self.repo_name = repo_name - return super(HasRepoPermissionAll, self).__call__(check_location, user) - - def check_permissions(self): - if not self.repo_name: - self.repo_name = get_repo_slug(request) - - try: - self._user_perms = set( - [self.user_perms['repositories'][self.repo_name]] - ) - except KeyError: - return False - if self.required_perms.issubset(self._user_perms): - return True - return False - - class HasRepoPermissionAny(PermsFunction): def __call__(self, repo_name=None, check_location='', user=None): self.repo_name = repo_name @@ -1122,23 +1027,6 @@ return False -class HasRepoGroupPermissionAll(PermsFunction): - def __call__(self, group_name=None, check_location='', user=None): - self.group_name = group_name - return super(HasRepoGroupPermissionAll, self).__call__(check_location, user) - - def check_permissions(self): - try: - self._user_perms = set( - [self.user_perms['repositories_groups'][self.group_name]] - ) - except KeyError: - return False - if self.required_perms.issubset(self._user_perms): - return True - return False - - class HasUserGroupPermissionAny(PermsFunction): def __call__(self, user_group_name=None, check_location='', user=None): self.user_group_name = user_group_name @@ -1156,23 +1044,6 @@ return False -class HasUserGroupPermissionAll(PermsFunction): - def __call__(self, user_group_name=None, check_location='', user=None): - self.user_group_name = user_group_name - return super(HasUserGroupPermissionAll, self).__call__(check_location, user) - - def check_permissions(self): - try: - self._user_perms = set( - [self.user_perms['user_groups'][self.user_group_name]] - ) - except KeyError: - return False - if self.required_perms.issubset(self._user_perms): - return True - return False - - #============================================================================== # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH #============================================================================== @@ -1252,13 +1123,6 @@ raise NotImplementedError() -class HasPermissionAllApi(_BaseApiPerm): - def check_permissions(self, perm_defs, repo_name=None, group_name=None): - if self.required_perms.issubset(perm_defs.get('global')): - return True - return False - - class HasPermissionAnyApi(_BaseApiPerm): def check_permissions(self, perm_defs, repo_name=None, group_name=None): if self.required_perms.intersection(perm_defs.get('global')): @@ -1266,18 +1130,6 @@ return False -class HasRepoPermissionAllApi(_BaseApiPerm): - def check_permissions(self, perm_defs, repo_name=None, group_name=None): - try: - _user_perms = set([perm_defs['repositories'][repo_name]]) - except KeyError: - log.warning(traceback.format_exc()) - return False - if self.required_perms.issubset(_user_perms): - return True - return False - - class HasRepoPermissionAnyApi(_BaseApiPerm): def check_permissions(self, perm_defs, repo_name=None, group_name=None): try: @@ -1301,16 +1153,6 @@ return True return False -class HasRepoGroupPermissionAllApi(_BaseApiPerm): - def check_permissions(self, perm_defs, repo_name=None, group_name=None): - try: - _user_perms = set([perm_defs['repositories_groups'][group_name]]) - except KeyError: - log.warning(traceback.format_exc()) - return False - if self.required_perms.issubset(_user_perms): - return True - return False def check_ip_access(source_ip, allowed_ips=None): """
--- a/kallithea/lib/helpers.py Thu Jul 28 13:46:04 2016 +0200 +++ b/kallithea/lib/helpers.py Thu Jul 28 13:57:16 2016 +0200 @@ -835,9 +835,8 @@ #============================================================================== # PERMS #============================================================================== -from kallithea.lib.auth import HasPermissionAny, HasPermissionAll, \ -HasRepoPermissionAny, HasRepoPermissionAll, HasRepoGroupPermissionAll, \ -HasRepoGroupPermissionAny +from kallithea.lib.auth import HasPermissionAny, \ + HasRepoPermissionAny, HasRepoGroupPermissionAny #==============================================================================
--- a/kallithea/model/scm.py Thu Jul 28 13:46:04 2016 +0200 +++ b/kallithea/model/scm.py Thu Jul 28 13:57:16 2016 +0200 @@ -50,7 +50,7 @@ from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \ _set_extras from kallithea.lib.auth import HasRepoPermissionAny, HasRepoGroupPermissionAny, \ - HasUserGroupPermissionAny, HasPermissionAny, HasPermissionAll + HasUserGroupPermissionAny, HasPermissionAny, HasPermissionAny from kallithea.lib.utils import get_filesystem_repos, make_ui, \ action_logger from kallithea.model import BaseModel @@ -794,7 +794,7 @@ Top level is -1. """ groups = RepoGroup.query().all() - if HasPermissionAll('hg.admin')('available repo groups'): + if HasPermissionAny('hg.admin')('available repo groups'): groups.append(None) else: groups = list(RepoGroupList(groups, perm_set=repo_group_perms))
--- a/kallithea/templates/base/base.html Thu Jul 28 13:46:04 2016 +0200 +++ b/kallithea/templates/base/base.html Thu Jul 28 13:57:16 2016 +0200 @@ -138,13 +138,13 @@ <input id="branch_switcher" name="branch_switcher" type="hidden"> </li> <li ${is_current('options')} data-context="options"> - %if h.HasRepoPermissionAll('repository.admin')(c.repo_name): + %if h.HasRepoPermissionAny('repository.admin')(c.repo_name): <a href="${h.url('edit_repo',repo_name=c.repo_name)}" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a> %else: <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a> %endif <ul class="dropdown-menu" role="menu"> - %if h.HasRepoPermissionAll('repository.admin')(c.repo_name): + %if h.HasRepoPermissionAny('repository.admin')(c.repo_name): <li><a href="${h.url('edit_repo',repo_name=c.repo_name)}"><i class="icon-gear"></i> ${_('Settings')}</a></li> %endif %if c.db_repo.fork: @@ -331,7 +331,7 @@ <i class="icon-search"></i> ${_('Search')} </a> </li> - % if h.HasPermissionAll('hg.admin')('access admin main page'): + % if h.HasPermissionAny('hg.admin')('access admin main page'): <li ${is_current('admin')} class="dropdown"> <a class="menu_link dropdown-toggle" data-toggle="dropdown" role="button" title="${_('Admin')}" href="${h.url('admin_home')}"> <i class="icon-gear"></i> ${_('Admin')} <span class="caret"></span>
--- a/kallithea/templates/summary/statistics.html Thu Jul 28 13:46:04 2016 +0200 +++ b/kallithea/templates/summary/statistics.html Thu Jul 28 13:57:16 2016 +0200 @@ -32,7 +32,7 @@ <div style="padding:0 10px 10px 17px;"> %if c.no_data: ${c.no_data_msg} - %if h.HasPermissionAll('hg.admin')('enable stats on from summary'): + %if h.HasPermissionAny('hg.admin')('enable stats on from summary'): ${h.link_to(_('Enable'),h.url('edit_repo',repo_name=c.repo_name),class_="btn btn-mini")} %endif %else:
--- a/kallithea/templates/summary/summary.html Thu Jul 28 13:46:04 2016 +0200 +++ b/kallithea/templates/summary/summary.html Thu Jul 28 13:57:16 2016 +0200 @@ -96,7 +96,7 @@ <div id="lang_stats"></div> %else: ${_('Statistics are disabled for this repository')} - %if h.HasPermissionAll('hg.admin')('enable stats on from summary'): + %if h.HasPermissionAny('hg.admin')('enable stats on from summary'): ${h.link_to(_('Enable'),h.url('edit_repo',repo_name=c.repo_name, anchor='repo_enable_statistics'),class_="btn btn-mini")} %endif %endif @@ -112,7 +112,7 @@ ${_('There are no downloads yet')} %elif not c.enable_downloads: ${_('Downloads are disabled for this repository')} - %if h.HasPermissionAll('hg.admin')('enable downloads on from summary'): + %if h.HasPermissionAny('hg.admin')('enable downloads on from summary'): ${h.link_to(_('Enable'),h.url('edit_repo',repo_name=c.repo_name, anchor='repo_enable_downloads'),class_="btn btn-mini")} %endif %else: