Mercurial > kallithea

changeset 7690:6d0573ba0721

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: drop "multiple_counter" from computing permissions This seems to have been something about having some permissions override existing permissions. It is not clear to me why anybody should want that. test_user_group_permissions_on_repo_groups.py seems to have been testing for something we don't want. The new behaviour seems more reasonable. The test user is inhering access from the default user, and thus in this case getting read access (except when private).
author Mads Kiilerich <mads@kiilerich.com>
date Sat, 29 Dec 2018 19:16:56 +0100
parents 8eed16b2a99b
children 69421c730569
files kallithea/lib/auth.py kallithea/tests/models/test_permissions.py kallithea/tests/models/test_user_group_permissions_on_repo_groups.py
diffstat 3 files changed, 10 insertions(+), 19 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/lib/auth.py	Sat Dec 29 18:55:01 2018 +0100
+++ b/kallithea/lib/auth.py	Sat Dec 29 19:16:56 2018 +0100
@@ -285,14 +285,11 @@
         .filter(UserGroupMember.user_id == user_id) \
         .all()
 
-    multiple_counter = collections.defaultdict(int)
     for perm in user_repo_perms_from_users_groups:
         r_k = perm.UserGroupRepoToPerm.repository.repo_name
-        multiple_counter[r_k] += 1
+        cur_perm = permissions[RK][r_k]
         p = perm.Permission.permission_name
-        cur_perm = permissions[RK][r_k]
-        if multiple_counter[r_k] > 1:
-            p = _choose_perm(p, cur_perm)
+        p = _choose_perm(p, cur_perm)
         permissions[RK][r_k] = p
 
     # user permissions for repositories
@@ -325,14 +322,11 @@
      .filter(UserGroupMember.user_id == user_id) \
      .all()
 
-    multiple_counter = collections.defaultdict(int)
     for perm in user_repo_group_perms_from_users_groups:
         g_k = perm.UserGroupRepoGroupToPerm.group.group_name
-        multiple_counter[g_k] += 1
         p = perm.Permission.permission_name
         cur_perm = permissions[GK][g_k]
-        if multiple_counter[g_k] > 1:
-            p = _choose_perm(p, cur_perm)
+        p = _choose_perm(p, cur_perm)
         permissions[GK][g_k] = p
 
     # user explicit permissions for repository groups
@@ -362,14 +356,11 @@
      .filter(UserGroup.users_group_active == True) \
      .all()
 
-    multiple_counter = collections.defaultdict(int)
     for perm in user_group_user_groups_perms:
         g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name
-        multiple_counter[g_k] += 1
         p = perm.Permission.permission_name
         cur_perm = permissions[UK][g_k]
-        if multiple_counter[g_k] > 1:
-            p = _choose_perm(p, cur_perm)
+        p = _choose_perm(p, cur_perm)
         permissions[UK][g_k] = p
 
     # user explicit permission for user groups
--- a/kallithea/tests/models/test_permissions.py	Sat Dec 29 18:55:01 2018 +0100
+++ b/kallithea/tests/models/test_permissions.py	Sat Dec 29 19:16:56 2018 +0100
@@ -599,7 +599,7 @@
 
         Session().commit()
         u1_auth = AuthUser(user_id=self.u1.user_id)
-        assert u1_auth.permissions['repositories']['myownrepo'] == 'repository.none' # temporarily, because multiple_counter
+        assert u1_auth.permissions['repositories']['myownrepo'] == 'repository.admin'
 
     def test_owner_permissions_doesnot_get_overwritten_by_others(self):
         # create repo as USER,
--- a/kallithea/tests/models/test_user_group_permissions_on_repo_groups.py	Sat Dec 29 18:55:01 2018 +0100
+++ b/kallithea/tests/models/test_user_group_permissions_on_repo_groups.py	Sat Dec 29 19:16:56 2018 +0100
@@ -129,14 +129,14 @@
     _check_expected_count(items, repo_items, expected_count(group, True))
 
     for name, perm in repo_items:
-        check_tree_perms(name, perm, group, 'repository.none')
+        check_tree_perms(name, perm, group, 'repository.none' if name.endswith('_private') else 'repository.read')
 
     for name, perm in items:
-        check_tree_perms(name, perm, group, 'group.none')
+        check_tree_perms(name, perm, group, 'group.read')
 
 
 def test_user_permissions_on_group_with_recursive_mode_deepest():
-    ## set permission to g0_3 group to none
+    ## set permission to g0/g0_1/g0_1_1 group to write
     recursive = 'all'
     group = u'g0/g0_1/g0_1_1'
     permissions_setup_func(group, 'group.write', recursive=recursive)
@@ -153,7 +153,7 @@
 
 
 def test_user_permissions_on_group_with_recursive_mode_only_with_repos():
-    ## set permission to g0_3 group to none
+    ## set permission to g0/g0_2 group to admin
     recursive = 'all'
     group = u'g0/g0_2'
     permissions_setup_func(group, 'group.admin', recursive=recursive)
@@ -208,4 +208,4 @@
         check_tree_perms(name, perm, group, 'repository.read')
 
     for name, perm in items:
-        check_tree_perms(name, perm, group, 'group.none')
+        check_tree_perms(name, perm, group, 'group.read')