Mercurial > kallithea
changeset 7690:6d0573ba0721
auth: drop "multiple_counter" from computing permissions
This seems to have been something about having some permissions override
existing permissions. It is not clear to me why anybody should want that.
test_user_group_permissions_on_repo_groups.py seems to have been testing for
something we don't want. The new behaviour seems more reasonable. The test user
is inhering access from the default user, and thus in this case getting read
access (except when private).
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Sat, 29 Dec 2018 19:16:56 +0100 |
parents | 8eed16b2a99b |
children | 69421c730569 |
files | kallithea/lib/auth.py kallithea/tests/models/test_permissions.py kallithea/tests/models/test_user_group_permissions_on_repo_groups.py |
diffstat | 3 files changed, 10 insertions(+), 19 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/auth.py Sat Dec 29 18:55:01 2018 +0100 +++ b/kallithea/lib/auth.py Sat Dec 29 19:16:56 2018 +0100 @@ -285,14 +285,11 @@ .filter(UserGroupMember.user_id == user_id) \ .all() - multiple_counter = collections.defaultdict(int) for perm in user_repo_perms_from_users_groups: r_k = perm.UserGroupRepoToPerm.repository.repo_name - multiple_counter[r_k] += 1 + cur_perm = permissions[RK][r_k] p = perm.Permission.permission_name - cur_perm = permissions[RK][r_k] - if multiple_counter[r_k] > 1: - p = _choose_perm(p, cur_perm) + p = _choose_perm(p, cur_perm) permissions[RK][r_k] = p # user permissions for repositories @@ -325,14 +322,11 @@ .filter(UserGroupMember.user_id == user_id) \ .all() - multiple_counter = collections.defaultdict(int) for perm in user_repo_group_perms_from_users_groups: g_k = perm.UserGroupRepoGroupToPerm.group.group_name - multiple_counter[g_k] += 1 p = perm.Permission.permission_name cur_perm = permissions[GK][g_k] - if multiple_counter[g_k] > 1: - p = _choose_perm(p, cur_perm) + p = _choose_perm(p, cur_perm) permissions[GK][g_k] = p # user explicit permissions for repository groups @@ -362,14 +356,11 @@ .filter(UserGroup.users_group_active == True) \ .all() - multiple_counter = collections.defaultdict(int) for perm in user_group_user_groups_perms: g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name - multiple_counter[g_k] += 1 p = perm.Permission.permission_name cur_perm = permissions[UK][g_k] - if multiple_counter[g_k] > 1: - p = _choose_perm(p, cur_perm) + p = _choose_perm(p, cur_perm) permissions[UK][g_k] = p # user explicit permission for user groups
--- a/kallithea/tests/models/test_permissions.py Sat Dec 29 18:55:01 2018 +0100 +++ b/kallithea/tests/models/test_permissions.py Sat Dec 29 19:16:56 2018 +0100 @@ -599,7 +599,7 @@ Session().commit() u1_auth = AuthUser(user_id=self.u1.user_id) - assert u1_auth.permissions['repositories']['myownrepo'] == 'repository.none' # temporarily, because multiple_counter + assert u1_auth.permissions['repositories']['myownrepo'] == 'repository.admin' def test_owner_permissions_doesnot_get_overwritten_by_others(self): # create repo as USER,
--- a/kallithea/tests/models/test_user_group_permissions_on_repo_groups.py Sat Dec 29 18:55:01 2018 +0100 +++ b/kallithea/tests/models/test_user_group_permissions_on_repo_groups.py Sat Dec 29 19:16:56 2018 +0100 @@ -129,14 +129,14 @@ _check_expected_count(items, repo_items, expected_count(group, True)) for name, perm in repo_items: - check_tree_perms(name, perm, group, 'repository.none') + check_tree_perms(name, perm, group, 'repository.none' if name.endswith('_private') else 'repository.read') for name, perm in items: - check_tree_perms(name, perm, group, 'group.none') + check_tree_perms(name, perm, group, 'group.read') def test_user_permissions_on_group_with_recursive_mode_deepest(): - ## set permission to g0_3 group to none + ## set permission to g0/g0_1/g0_1_1 group to write recursive = 'all' group = u'g0/g0_1/g0_1_1' permissions_setup_func(group, 'group.write', recursive=recursive) @@ -153,7 +153,7 @@ def test_user_permissions_on_group_with_recursive_mode_only_with_repos(): - ## set permission to g0_3 group to none + ## set permission to g0/g0_2 group to admin recursive = 'all' group = u'g0/g0_2' permissions_setup_func(group, 'group.admin', recursive=recursive) @@ -208,4 +208,4 @@ check_tree_perms(name, perm, group, 'repository.read') for name, perm in items: - check_tree_perms(name, perm, group, 'group.none') + check_tree_perms(name, perm, group, 'group.read')