Mercurial > kallithea
changeset 3525:0cef54d34605
Pass in old groups data to CanWriteToGroup validator for later skipping group checks.
This will be a part of refactoring done to do user permissions changes without messing with main
repo form data
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Mon, 11 Mar 2013 17:59:38 +0100 |
| parents | 3be4e290c42b |
| children | 3563bb7b4b82 |
| files | rhodecode/controllers/admin/repos.py rhodecode/controllers/settings.py rhodecode/model/forms.py rhodecode/model/validators.py |
| diffstat | 4 files changed, 62 insertions(+), 12 deletions(-) [+] |
line wrap: on
line diff
--- a/rhodecode/controllers/admin/repos.py Sun Mar 10 20:10:51 2013 +0100 +++ b/rhodecode/controllers/admin/repos.py Mon Mar 11 17:59:38 2013 +0100 @@ -231,8 +231,10 @@ #override the choices with extracted revisions ! choices, c.landing_revs = ScmModel().get_repo_landing_revs(repo_name) c.landing_revs_choices = choices - - _form = RepoForm(edit=True, old_data={'repo_name': repo_name}, + repo = Repository.get_by_repo_name(repo_name) + _form = RepoForm(edit=True, old_data={'repo_name': repo_name, + 'repo_group': repo.group.get_dict() \ + if repo.group else {}}, repo_groups=c.repo_groups_choices, landing_revs=c.landing_revs_choices)() try:
--- a/rhodecode/controllers/settings.py Sun Mar 10 20:10:51 2013 +0100 +++ b/rhodecode/controllers/settings.py Mon Mar 11 17:59:38 2013 +0100 @@ -107,9 +107,11 @@ #override the choices with extracted revisions ! choices, c.landing_revs = ScmModel().get_repo_landing_revs(repo_name) c.landing_revs_choices = choices - + repo = Repository.get_by_repo_name(repo_name) _form = RepoSettingsForm(edit=True, - old_data={'repo_name': repo_name}, + old_data={'repo_name': repo_name, + 'repo_group': repo.group.get_dict() \ + if repo.group else {}}, repo_groups=c.repo_groups_choices, landing_revs=c.landing_revs_choices)() try:
--- a/rhodecode/model/forms.py Sun Mar 10 20:10:51 2013 +0100 +++ b/rhodecode/model/forms.py Mon Mar 11 17:59:38 2013 +0100 @@ -176,7 +176,7 @@ filter_extra_fields = False repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True), v.SlugifyName()) - repo_group = All(v.CanWriteGroup(), + repo_group = All(v.CanWriteGroup(old_data), v.OneOf(repo_groups, hideList=True)) repo_type = v.OneOf(supported_backends) repo_description = v.UnicodeString(strip=True, min=1, not_empty=False) @@ -205,7 +205,7 @@ filter_extra_fields = False repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True), v.SlugifyName()) - repo_group = All(v.CanWriteGroup(), + repo_group = All(v.CanWriteGroup(old_data), v.OneOf(repo_groups, hideList=True)) repo_description = v.UnicodeString(strip=True, min=1, not_empty=False) repo_private = v.StringBoolean(if_missing=False)
--- a/rhodecode/model/validators.py Sun Mar 10 20:10:51 2013 +0100 +++ b/rhodecode/model/validators.py Mon Mar 11 17:59:38 2013 +0100 @@ -16,11 +16,12 @@ from rhodecode.lib.compat import OrderedSet from rhodecode.lib import ipaddr from rhodecode.lib.utils import repo_name_slug +from rhodecode.lib.utils2 import safe_int from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\ ChangesetStatus from rhodecode.lib.exceptions import LdapImportError from rhodecode.config.routing import ADMIN_PREFIX -from rhodecode.lib.auth import HasReposGroupPermissionAny +from rhodecode.lib.auth import HasReposGroupPermissionAny, HasPermissionAny # silence warnings and pylint UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \ @@ -472,7 +473,7 @@ return _validator -def CanWriteGroup(): +def CanWriteGroup(old_data=None): class _validator(formencode.validators.FancyValidator): messages = { 'permission_denied': _(u"You don't have permissions " @@ -481,13 +482,58 @@ def validate_python(self, value, state): gr = RepoGroup.get(value) - if not HasReposGroupPermissionAny( - 'group.write', 'group.admin' - )(gr.group_name, 'get group of repo form'): + gr_name = gr.group_name if gr else None # None means ROOT location + val = HasReposGroupPermissionAny('group.write', 'group.admin') + can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository') + forbidden = not val(gr_name, 'can write into group validator') + value_changed = old_data['repo_group'].get('group_id') != safe_int(value) + if value_changed: # do check if we changed the value + #parent group need to be existing + if gr and forbidden: + msg = M(self, 'permission_denied', state) + raise formencode.Invalid(msg, value, state, + error_dict=dict(repo_type=msg) + ) + ## check if we can write to root location ! + elif gr is None and can_create_repos() is False: + msg = M(self, 'permission_denied_root', state) + raise formencode.Invalid(msg, value, state, + error_dict=dict(repo_type=msg) + ) + + return _validator + + +def CanCreateGroup(can_create_in_root=False): + class _validator(formencode.validators.FancyValidator): + messages = { + 'permission_denied': _(u"You don't have permissions " + "to create a group in this location") + } + + def to_python(self, value, state): + #root location + if value in [-1, "-1"]: + return None + return value + + def validate_python(self, value, state): + gr = RepoGroup.get(value) + gr_name = gr.group_name if gr else None # None means ROOT location + + if can_create_in_root and gr is None: + #we can create in root, we're fine no validations required + return + + forbidden_in_root = gr is None and can_create_in_root is False + val = HasReposGroupPermissionAny('group.admin') + forbidden = not val(gr_name, 'can create group validator') + if forbidden_in_root or forbidden: msg = M(self, 'permission_denied', state) raise formencode.Invalid(msg, value, state, - error_dict=dict(repo_type=msg) + error_dict=dict(group_parent_id=msg) ) + return _validator