Mercurial > kallithea

--- a/rhodecode/controllers/admin/repos.py	Fri Feb 15 00:53:47 2013 +0100
+++ b/rhodecode/controllers/admin/repos.py	Fri Feb 15 01:27:18 2013 +0100
@@ -160,19 +160,6 @@
             form_result = RepoForm(repo_groups=c.repo_groups_choices,
                                    landing_revs=c.landing_revs_choices)()\
                             .to_python(dict(request.POST))
-            #we check ACLs after form, since we want to display nicer errors
-            #if form forbids creation of repos inside a group we don't have
-            #perms for
-            if not HasPermissionAny('hg.admin', 'hg.create.repository')():
-                #you're not super admin nor have global create permissions,
-                #but maybe you have at least write permission to a parent group ?
-                parent_group = request.POST.get('repo_group')
-                _gr = RepoGroup.get(parent_group)
-                gr_name = _gr.group_name if _gr else None
-                if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name):
-                    msg = _('no permission to create repository in root location')
-                    raise formencode.Invalid('', form_result, None,
-                                             error_dict={'repo_group': msg})

             new_repo = RepoModel().create(form_result,
                                           self.rhodecode_user.user_id)
--- a/rhodecode/model/validators.py	Fri Feb 15 00:53:47 2013 +0100
+++ b/rhodecode/model/validators.py	Fri Feb 15 01:27:18 2013 +0100
@@ -20,7 +20,7 @@
     ChangesetStatus
 from rhodecode.lib.exceptions import LdapImportError
 from rhodecode.config.routing import ADMIN_PREFIX
-from rhodecode.lib.auth import HasReposGroupPermissionAny
+from rhodecode.lib.auth import HasReposGroupPermissionAny, HasPermissionAny

 # silence warnings and pylint
 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \
@@ -472,10 +472,12 @@
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'permission_denied': _(u"You don't have permissions "
-                                   "to create repository in this group")
+                                   "to create repository in this group"),
+            'permission_denied_root': _(u"no permission to create repository "
+                                        "in root location")
         }

-        def to_python(self, value, state):
+        def _to_python(self, value, state):
             #root location
             if value in [-1, "-1"]:
                 return None
@@ -485,6 +487,7 @@
             gr = RepoGroup.get(value)
             gr_name = gr.group_name if gr else None  # None means ROOT location
             val = HasReposGroupPermissionAny('group.write', 'group.admin')
+            can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository')
             forbidden = not val(gr_name, 'can write into group validator')
             #parent group need to be existing
             if gr and forbidden:
@@ -492,6 +495,13 @@
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(repo_type=msg)
                 )
+            ## check if we can write to root location !
+            elif gr is None and can_create_repos() is False:
+                msg = M(self, 'permission_denied_root', state)
+                raise formencode.Invalid(msg, value, state,
+                    error_dict=dict(repo_type=msg)
+                )
+
     return _validator