Mercurial > kallithea
changeset 8719:216ed3859869
lib: use auth functions directly - not through h
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Thu, 29 Oct 2020 14:48:03 +0100 |
parents | f8b092f9e6a3 |
children | 0c65a8f15e54 |
files | kallithea/controllers/admin/gists.py kallithea/controllers/changeset.py kallithea/controllers/pullrequests.py kallithea/model/pull_request.py |
diffstat | 4 files changed, 15 insertions(+), 13 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/admin/gists.py Thu Oct 29 14:22:49 2020 +0100 +++ b/kallithea/controllers/admin/gists.py Thu Oct 29 14:48:03 2020 +0100 @@ -35,6 +35,7 @@ from tg.i18n import ugettext as _ from webob.exc import HTTPForbidden, HTTPFound, HTTPNotFound +from kallithea.lib import auth from kallithea.lib import helpers as h from kallithea.lib.auth import LoginRequired from kallithea.lib.base import BaseController, jsonify, render @@ -156,7 +157,7 @@ def delete(self, gist_id): gist = GistModel().get_gist(gist_id) owner = gist.owner_id == request.authuser.user_id - if h.HasPermissionAny('hg.admin')() or owner: + if auth.HasPermissionAny('hg.admin')() or owner: GistModel().delete(gist) meta.Session().commit() h.flash(_('Deleted gist %s') % gist.gist_access_id, category='success')
--- a/kallithea/controllers/changeset.py Thu Oct 29 14:22:49 2020 +0100 +++ b/kallithea/controllers/changeset.py Thu Oct 29 14:48:03 2020 +0100 @@ -36,7 +36,7 @@ from webob.exc import HTTPBadRequest, HTTPForbidden, HTTPNotFound import kallithea.lib.helpers as h -from kallithea.lib import diffs, webutils +from kallithea.lib import auth, diffs, webutils from kallithea.lib.auth import HasRepoPermissionLevelDecorator, LoginRequired from kallithea.lib.base import BaseRepoController, jsonify, render from kallithea.lib.graphmod import graph_data @@ -91,9 +91,9 @@ if pull_request and delete == "delete": if (pull_request.owner_id == request.authuser.user_id or - h.HasPermissionAny('hg.admin')() or - h.HasRepoPermissionLevel('admin')(pull_request.org_repo.repo_name) or - h.HasRepoPermissionLevel('admin')(pull_request.other_repo.repo_name) + auth.HasPermissionAny('hg.admin')() or + auth.HasRepoPermissionLevel('admin')(pull_request.org_repo.repo_name) or + auth.HasRepoPermissionLevel('admin')(pull_request.other_repo.repo_name) ) and not pull_request.is_closed(): PullRequestModel().delete(pull_request) meta.Session().commit() @@ -163,8 +163,8 @@ raise HTTPForbidden() owner = co.author_id == request.authuser.user_id - repo_admin = h.HasRepoPermissionLevel('admin')(repo_name) - if h.HasPermissionAny('hg.admin')() or repo_admin or owner: + repo_admin = auth.HasRepoPermissionLevel('admin')(repo_name) + if auth.HasPermissionAny('hg.admin')() or repo_admin or owner: ChangesetCommentsModel().delete(comment=co) meta.Session().commit() return True
--- a/kallithea/controllers/pullrequests.py Thu Oct 29 14:22:49 2020 +0100 +++ b/kallithea/controllers/pullrequests.py Thu Oct 29 14:48:03 2020 +0100 @@ -36,7 +36,7 @@ from webob.exc import HTTPBadRequest, HTTPForbidden, HTTPFound, HTTPNotFound from kallithea.controllers.changeset import create_cs_pr_comment, delete_cs_pr_comment -from kallithea.lib import diffs +from kallithea.lib import auth, diffs from kallithea.lib import helpers as h from kallithea.lib.auth import HasRepoPermissionLevelDecorator, LoginRequired from kallithea.lib.base import BaseRepoController, jsonify, render @@ -382,8 +382,8 @@ assert pull_request.other_repo.repo_name == repo_name # only owner or admin can update it owner = pull_request.owner_id == request.authuser.user_id - repo_admin = h.HasRepoPermissionLevel('admin')(c.repo_name) - if not (h.HasPermissionAny('hg.admin')() or repo_admin or owner): + repo_admin = auth.HasRepoPermissionLevel('admin')(c.repo_name) + if not (auth.HasPermissionAny('hg.admin')() or repo_admin or owner): raise HTTPForbidden() _form = PullRequestPostForm()().to_python(request.POST)
--- a/kallithea/model/pull_request.py Thu Oct 29 14:22:49 2020 +0100 +++ b/kallithea/model/pull_request.py Thu Oct 29 14:48:03 2020 +0100 @@ -32,6 +32,7 @@ from tg import request from tg.i18n import ugettext as _ +from kallithea.lib import auth from kallithea.lib import helpers as h from kallithea.lib.hooks import log_create_pullrequest from kallithea.lib.utils import extract_mentioned_users @@ -183,8 +184,8 @@ information needed for such a check, rather than a full command object. """ - if (h.HasRepoPermissionLevel('read')(org_repo.repo_name) and - h.HasRepoPermissionLevel('read')(other_repo.repo_name) + if (auth.HasRepoPermissionLevel('read')(org_repo.repo_name) and + auth.HasRepoPermissionLevel('read')(other_repo.repo_name) ): return True @@ -305,7 +306,7 @@ information needed for such a check, rather than a full command object. """ - if h.HasPermissionAny('hg.admin')(): + if auth.HasPermissionAny('hg.admin')(): return True # Authorized to edit the old PR?