Mercurial > kallithea
changeset 6510:3505a6be2988
repogroups: fix private repo recursion check
The purpose of this check is to ensure that we don't recursively assign
"default" user perms for a repo with the "private" flag set (because in
that case, the "default" user perms should always be "no access").
(The check, and this fix, is of course only applicable to Kallithea
instances that have anonymous access enabled to begin with.)
However, the check was only functional if the user was specified as a
username. This is apparently always the case when Kallithea is running,
but was not e.g. the case in the test suite, which consistently passed
a user ID instead of a username.
This commit ensures that the user is always resolved before the check is
made. There's no significant overhead to this, as the code immediately
calls RepoModel().grant_user_permission, which resolved the user anyway.
This change just moves the database lookup a bit earlier.
Fixing this revealed the matching test case to be broken, so it has been
fixed as well.
Down the road, we should eliminate Kallithea's bizarre practice of
passing around usernames and user IDs, in favor of passing actual User
objects. That'll get rid of mistakes like these, as well as repeated
needless database lookups.
author | Søren Løvborg <sorenl@unity3d.com> |
---|---|
date | Thu, 23 Feb 2017 20:26:27 +0100 |
parents | 588c556aa00b |
children | a17c8e5f6712 |
files | kallithea/model/repo_group.py kallithea/tests/models/test_user_permissions_on_repo_groups.py |
diffstat | 2 files changed, 7 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/model/repo_group.py Thu Feb 23 16:24:24 2017 +0100 +++ b/kallithea/model/repo_group.py Thu Feb 23 20:26:27 2017 +0100 @@ -198,9 +198,11 @@ if isinstance(obj, RepoGroup): self.grant_user_permission(repo_group=obj, user=user, perm=perm) elif isinstance(obj, Repository): + user = User.guess_instance(user) + # private repos will not allow to change the default permissions # using recursive mode - if obj.private and user == User.DEFAULT_USER: + if obj.private and user.username == User.DEFAULT_USER: return # we set group permission but we have to switch to repo
--- a/kallithea/tests/models/test_user_permissions_on_repo_groups.py Thu Feb 23 16:24:24 2017 +0100 +++ b/kallithea/tests/models/test_user_permissions_on_repo_groups.py Thu Feb 23 20:26:27 2017 +0100 @@ -1,7 +1,7 @@ import functools from kallithea.model.repo_group import RepoGroupModel -from kallithea.model.db import RepoGroup, User +from kallithea.model.db import RepoGroup, Repository, User from kallithea.model.meta import Session from kallithea.tests.models.common import _create_project_tree, check_tree_perms, \ @@ -133,7 +133,9 @@ _check_expected_count(items, repo_items, expected_count(group, True)) for name, perm in repo_items: - check_tree_perms(name, perm, group, 'repository.write') + # default user permissions do not "recurse into" private repos + is_private = Repository.get_by_repo_name(name).private + check_tree_perms(name, perm, group, 'repository.none' if is_private else 'repository.write') for name, perm in items: check_tree_perms(name, perm, group, 'group.write')