Mercurial > kallithea

changeset 7688:1ab83bed8115

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: drop the internal "explicit" flag - the new default is all we want; explicit permissions should never blindly overrule indirect permissions The "explicit" flag is already always false. Just hardcode it everywhere and remove dead code.
author Mads Kiilerich <mads@kiilerich.com>
date Sat, 29 Dec 2018 18:39:46 +0100
parents b2634df81a11
children 8eed16b2a99b
files kallithea/lib/auth.py
diffstat 1 files changed, 7 insertions(+), 16 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/lib/auth.py	Sat Dec 29 17:48:07 2018 +0100
+++ b/kallithea/lib/auth.py	Sat Dec 29 18:39:46 2018 +0100
@@ -132,8 +132,7 @@
                         % __platform__)
 
 
-def _cached_perms_data(user_id, user_is_admin,
-                       explicit):
+def _cached_perms_data(user_id, user_is_admin):
     RK = 'repositories'
     GK = 'repositories_groups'
     UK = 'user_groups'
@@ -304,8 +303,7 @@
                 p = _choose_perm(p, cur_perm)
         permissions[RK][r_k] = p
 
-    # user explicit permissions for repositories, overrides any specified
-    # by the group permission
+    # user permissions for repositories
     user_repo_perms = Permission.get_default_perms(user_id)
     for perm in user_repo_perms:
         r_k = perm.UserRepoToPerm.repository.repo_name
@@ -315,8 +313,7 @@
             p = 'repository.admin'
         else:
             p = perm.Permission.permission_name
-            if not explicit:
-                p = _choose_perm(p, cur_perm)
+            p = _choose_perm(p, cur_perm)
         permissions[RK][r_k] = p
 
     #======================================================================
@@ -356,8 +353,7 @@
         rg_k = perm.UserRepoGroupToPerm.group.group_name
         p = perm.Permission.permission_name
         cur_perm = permissions[GK][rg_k]
-        if not explicit:
-            p = _choose_perm(p, cur_perm)
+        p = _choose_perm(p, cur_perm)
         permissions[GK][rg_k] = p
 
     #======================================================================
@@ -394,8 +390,7 @@
         u_k = perm.UserUserGroupToPerm.user_group.users_group_name
         p = perm.Permission.permission_name
         cur_perm = permissions[UK][u_k]
-        if not explicit:
-            p = _choose_perm(p, cur_perm)
+        p = _choose_perm(p, cur_perm)
         permissions[UK][u_k] = p
 
     return permissions
@@ -559,17 +554,13 @@
     def api_keys(self):
         return self._get_api_keys()
 
-    def __get_perms(self, user, explicit=False, cache=False):
+    def __get_perms(self, user, cache=False):
         """
         Fills user permission attribute with permissions taken from database
         works for permissions given for repositories, and for permissions that
         are granted to groups
 
         :param user: `AuthUser` instance
-        :param explicit: In case there are permissions both for user and a group
-            that user is part of, explicit flag will define if user will
-            explicitly override permissions from group, if it's False it will
-            compute the decision
         """
         user_id = user.user_id
         user_is_admin = user.is_admin
@@ -577,7 +568,7 @@
         log.debug('Getting PERMISSION tree')
         compute = conditional_cache('short_term', 'cache_desc',
                                     condition=cache, func=_cached_perms_data)
-        return compute(user_id, user_is_admin, explicit)
+        return compute(user_id, user_is_admin)
 
     def _get_api_keys(self):
         api_keys = [self.api_key]