Mercurial > kallithea

changeset 1054:32dbf759fa98 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fixed #113 to high permission was required to fork a repository
author Marcin Kuzminski <marcin@python-works.com>
date Tue, 15 Feb 2011 23:03:16 +0100
parents aa01004399a5
children 903aadbf9047
files rhodecode/controllers/settings.py rhodecode/templates/base/base.html
diffstat 2 files changed, 6 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/rhodecode/controllers/settings.py	Tue Feb 15 19:47:20 2011 +0100
+++ b/rhodecode/controllers/settings.py	Tue Feb 15 23:03:16 2011 +0100
@@ -47,10 +47,10 @@
 class SettingsController(BaseRepoController):
 
     @LoginRequired()
-    @HasRepoPermissionAllDecorator('repository.admin')
     def __before__(self):
         super(SettingsController, self).__before__()
 
+    @HasRepoPermissionAllDecorator('repository.admin')
     def index(self, repo_name):
         repo_model = RepoModel()
         c.repo_info = repo = repo_model.get_by_repo_name(repo_name)
@@ -93,6 +93,7 @@
             force_defaults=False
         )
 
+    @HasRepoPermissionAllDecorator('repository.admin')
     def update(self, repo_name):
         repo_model = RepoModel()
         changed_name = repo_name
@@ -124,7 +125,7 @@
         return redirect(url('repo_settings_home', repo_name=changed_name))
 
 
-
+    @HasRepoPermissionAllDecorator('repository.admin')
     def delete(self, repo_name):
         """DELETE /repos/repo_name: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
@@ -156,6 +157,7 @@
 
         return redirect(url('home'))
 
+    @HasRepoPermissionAllDecorator('repository.read')
     def fork(self, repo_name):
         repo_model = RepoModel()
         c.repo_info = repo = repo_model.get_by_repo_name(repo_name)
@@ -171,7 +173,7 @@
         return render('settings/repo_fork.html')
 
 
-
+    @HasRepoPermissionAllDecorator('repository.read')
     def fork_create(self, repo_name):
         repo_model = RepoModel()
         c.repo_info = repo_model.get_by_repo_name(repo_name)
--- a/rhodecode/templates/base/base.html	Tue Feb 15 19:47:20 2011 +0100
+++ b/rhodecode/templates/base/base.html	Tue Feb 15 23:03:16 2011 +0100
@@ -233,8 +233,8 @@
                      %else:
                          <li>${h.link_to(_('settings'),h.url('repo_settings_home',repo_name=c.repo_name),class_='settings')}</li>
                      %endif
+                   %endif
                    	<li>${h.link_to(_('fork'),h.url('repo_fork_home',repo_name=c.repo_name),class_='fork')}</li>
-                   %endif  
                    	<li>${h.link_to(_('search'),h.url('search_repo',search_repo=c.repo_name),class_='search')}</li>
                     
                     %if h.HasPermissionAll('hg.admin')('access admin main page'):