Mercurial > kallithea

changeset 8719:216ed3859869

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
lib: use auth functions directly - not through h
author Mads Kiilerich <mads@kiilerich.com>
date Thu, 29 Oct 2020 14:48:03 +0100
parents f8b092f9e6a3
children 0c65a8f15e54
files kallithea/controllers/admin/gists.py kallithea/controllers/changeset.py kallithea/controllers/pullrequests.py kallithea/model/pull_request.py
diffstat 4 files changed, 15 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/controllers/admin/gists.py	Thu Oct 29 14:22:49 2020 +0100
+++ b/kallithea/controllers/admin/gists.py	Thu Oct 29 14:48:03 2020 +0100
@@ -35,6 +35,7 @@
 from tg.i18n import ugettext as _
 from webob.exc import HTTPForbidden, HTTPFound, HTTPNotFound
 
+from kallithea.lib import auth
 from kallithea.lib import helpers as h
 from kallithea.lib.auth import LoginRequired
 from kallithea.lib.base import BaseController, jsonify, render
@@ -156,7 +157,7 @@
     def delete(self, gist_id):
         gist = GistModel().get_gist(gist_id)
         owner = gist.owner_id == request.authuser.user_id
-        if h.HasPermissionAny('hg.admin')() or owner:
+        if auth.HasPermissionAny('hg.admin')() or owner:
             GistModel().delete(gist)
             meta.Session().commit()
             h.flash(_('Deleted gist %s') % gist.gist_access_id, category='success')
--- a/kallithea/controllers/changeset.py	Thu Oct 29 14:22:49 2020 +0100
+++ b/kallithea/controllers/changeset.py	Thu Oct 29 14:48:03 2020 +0100
@@ -36,7 +36,7 @@
 from webob.exc import HTTPBadRequest, HTTPForbidden, HTTPNotFound
 
 import kallithea.lib.helpers as h
-from kallithea.lib import diffs, webutils
+from kallithea.lib import auth, diffs, webutils
 from kallithea.lib.auth import HasRepoPermissionLevelDecorator, LoginRequired
 from kallithea.lib.base import BaseRepoController, jsonify, render
 from kallithea.lib.graphmod import graph_data
@@ -91,9 +91,9 @@
 
     if pull_request and delete == "delete":
         if (pull_request.owner_id == request.authuser.user_id or
-            h.HasPermissionAny('hg.admin')() or
-            h.HasRepoPermissionLevel('admin')(pull_request.org_repo.repo_name) or
-            h.HasRepoPermissionLevel('admin')(pull_request.other_repo.repo_name)
+            auth.HasPermissionAny('hg.admin')() or
+            auth.HasRepoPermissionLevel('admin')(pull_request.org_repo.repo_name) or
+            auth.HasRepoPermissionLevel('admin')(pull_request.other_repo.repo_name)
         ) and not pull_request.is_closed():
             PullRequestModel().delete(pull_request)
             meta.Session().commit()
@@ -163,8 +163,8 @@
         raise HTTPForbidden()
 
     owner = co.author_id == request.authuser.user_id
-    repo_admin = h.HasRepoPermissionLevel('admin')(repo_name)
-    if h.HasPermissionAny('hg.admin')() or repo_admin or owner:
+    repo_admin = auth.HasRepoPermissionLevel('admin')(repo_name)
+    if auth.HasPermissionAny('hg.admin')() or repo_admin or owner:
         ChangesetCommentsModel().delete(comment=co)
         meta.Session().commit()
         return True
--- a/kallithea/controllers/pullrequests.py	Thu Oct 29 14:22:49 2020 +0100
+++ b/kallithea/controllers/pullrequests.py	Thu Oct 29 14:48:03 2020 +0100
@@ -36,7 +36,7 @@
 from webob.exc import HTTPBadRequest, HTTPForbidden, HTTPFound, HTTPNotFound
 
 from kallithea.controllers.changeset import create_cs_pr_comment, delete_cs_pr_comment
-from kallithea.lib import diffs
+from kallithea.lib import auth, diffs
 from kallithea.lib import helpers as h
 from kallithea.lib.auth import HasRepoPermissionLevelDecorator, LoginRequired
 from kallithea.lib.base import BaseRepoController, jsonify, render
@@ -382,8 +382,8 @@
         assert pull_request.other_repo.repo_name == repo_name
         # only owner or admin can update it
         owner = pull_request.owner_id == request.authuser.user_id
-        repo_admin = h.HasRepoPermissionLevel('admin')(c.repo_name)
-        if not (h.HasPermissionAny('hg.admin')() or repo_admin or owner):
+        repo_admin = auth.HasRepoPermissionLevel('admin')(c.repo_name)
+        if not (auth.HasPermissionAny('hg.admin')() or repo_admin or owner):
             raise HTTPForbidden()
 
         _form = PullRequestPostForm()().to_python(request.POST)
--- a/kallithea/model/pull_request.py	Thu Oct 29 14:22:49 2020 +0100
+++ b/kallithea/model/pull_request.py	Thu Oct 29 14:48:03 2020 +0100
@@ -32,6 +32,7 @@
 from tg import request
 from tg.i18n import ugettext as _
 
+from kallithea.lib import auth
 from kallithea.lib import helpers as h
 from kallithea.lib.hooks import log_create_pullrequest
 from kallithea.lib.utils import extract_mentioned_users
@@ -183,8 +184,8 @@
         information needed for such a check, rather than a full command
         object.
         """
-        if (h.HasRepoPermissionLevel('read')(org_repo.repo_name) and
-            h.HasRepoPermissionLevel('read')(other_repo.repo_name)
+        if (auth.HasRepoPermissionLevel('read')(org_repo.repo_name) and
+            auth.HasRepoPermissionLevel('read')(other_repo.repo_name)
         ):
             return True
 
@@ -305,7 +306,7 @@
         information needed for such a check, rather than a full command
         object.
         """
-        if h.HasPermissionAny('hg.admin')():
+        if auth.HasPermissionAny('hg.admin')():
             return True
 
         # Authorized to edit the old PR?