Mercurial > kallithea

changeset 779:389d02a5df52 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added isanonymous decorator for checking permissions for anonymous access
author Marcin Kuzminski <marcin@python-works.com>
date Sat, 27 Nov 2010 15:50:25 +0100
parents c3fab5b06af3
children 92fa9c3414d0
files rhodecode/controllers/admin/settings.py rhodecode/lib/auth.py
diffstat 2 files changed, 45 insertions(+), 16 deletions(-) [+]
line wrap: on
line diff
--- a/rhodecode/controllers/admin/settings.py	Sat Nov 27 14:42:32 2010 +0100
+++ b/rhodecode/controllers/admin/settings.py	Sat Nov 27 15:50:25 2010 +0100
@@ -1,8 +1,14 @@
-#!/usr/bin/env python
-# encoding: utf-8
-# settings controller for pylons
-# Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
-#
+# -*- coding: utf-8 -*-
+"""
+    package.rhodecode.controllers.admin.settings
+    ~~~~~~~~~~~~~~
+    settings controller for rhodecode admin
+        
+    :created_on: Jul 14, 2010
+    :author: marcink
+    :copyright: (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>    
+    :license: GPLv3, see COPYING for more details.
+"""
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
@@ -17,11 +23,7 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
-"""
-Created on July 14, 2010
-settings controller for pylons
-@author: marcink
-"""
+
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url, app_globals as g, \
     config
@@ -29,7 +31,7 @@
 from pylons.i18n.translation import _
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
-    HasPermissionAnyDecorator
+    HasPermissionAnyDecorator, NotAnonymous
 from rhodecode.lib.base import BaseController, render
 from rhodecode.lib.celerylib import tasks, run_task
 from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \
@@ -236,13 +238,13 @@
         """GET /admin/settings/setting_id/edit: Form to edit an existing item"""
         # url('admin_edit_setting', setting_id=ID)
 
-
+    @NotAnonymous()
     def my_account(self):
         """
         GET /_admin/my_account Displays info about my account 
         """
+        # url('admin_settings_my_account')
 
-        # url('admin_settings_my_account')
         c.user = UserModel().get(c.rhodecode_user.user_id, cache=False)
         all_repos = self.sa.query(Repository)\
             .filter(Repository.user_id == c.user.user_id)\
@@ -280,7 +282,7 @@
         try:
             form_result = _form.to_python(dict(request.POST))
             user_model.update_my_account(uid, form_result)
-            h.flash(_('Your account was updated succesfully'),
+            h.flash(_('Your account was updated successfully'),
                     category='success')
 
         except formencode.Invalid, errors:
@@ -300,11 +302,12 @@
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
-            h.flash(_('error occured during update of user %s') \
+            h.flash(_('error occurred during update of user %s') \
                     % form_result.get('username'), category='error')
 
         return redirect(url('my_account'))
 
+    @NotAnonymous()
     @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
     def create_repository(self):
         """GET /_admin/create_repository: Form to create a new item"""
--- a/rhodecode/lib/auth.py	Sat Nov 27 14:42:32 2010 +0100
+++ b/rhodecode/lib/auth.py	Sat Nov 27 15:50:25 2010 +0100
@@ -297,7 +297,8 @@
 # CHECK DECORATORS
 #===============================================================================
 class LoginRequired(object):
-    """Must be logged in to execute this function else redirect to login page"""
+    """Must be logged in to execute this function else 
+    redirect to login page"""
 
     def __call__(self, func):
         return decorator(self.__wrapper, func)
@@ -322,6 +323,31 @@
             log.debug('redirecting to login page with %s', p)
             return redirect(url('login_home', came_from=p))
 
+class NotAnonymous(object):
+    """Must be logged in to execute this function else 
+    redirect to login page"""
+
+    def __call__(self, func):
+        return decorator(self.__wrapper, func)
+
+    def __wrapper(self, func, *fargs, **fkwargs):
+        user = session.get('rhodecode_user', AuthUser())
+        log.debug('Checking if user is not anonymous')
+
+        anonymous = user.username == 'default'
+
+        if anonymous:
+            p = ''
+            if request.environ.get('SCRIPT_NAME') != '/':
+                p += request.environ.get('SCRIPT_NAME')
+
+            p += request.environ.get('PATH_INFO')
+            if request.environ.get('QUERY_STRING'):
+                p += '?' + request.environ.get('QUERY_STRING')
+            return redirect(url('login_home', came_from=p))
+        else:
+            return func(*fargs, **fkwargs)
+
 class PermsDecorator(object):
     """Base class for decorators"""