Mercurial > kallithea

--- a/kallithea/controllers/api/__init__.py	Tue Jul 14 13:59:59 2015 +0200
+++ b/kallithea/controllers/api/__init__.py	Tue Jul 14 13:59:59 2015 +0200
@@ -158,9 +158,8 @@
                 return jsonrpc_error(retid=self._req_id,
                                      message='Invalid API key')

-            #check if we are allowed to use this IP
             auth_u = AuthUser(u.user_id, self._req_api_key)
-            if not auth_u.is_ip_allowed(ip_addr):
+            if not AuthUser.check_ip_allowed(auth_u, ip_addr):
                 return jsonrpc_error(retid=self._req_id,
                         message='request from IP:%s not allowed' % (ip_addr,))
             else:
--- a/kallithea/controllers/login.py	Tue Jul 14 13:59:59 2015 +0200
+++ b/kallithea/controllers/login.py	Tue Jul 14 13:59:59 2015 +0200
@@ -109,7 +109,7 @@
             c.came_from = url('home')

         not_default = self.authuser.username != User.DEFAULT_USER
-        ip_allowed = self.authuser.is_ip_allowed(self.ip_addr)
+        ip_allowed = AuthUser.check_ip_allowed(self.authuser, self.ip_addr)

         # redirect if already logged in
         if self.authuser.is_authenticated and not_default and ip_allowed:
--- a/kallithea/lib/auth.py	Tue Jul 14 13:59:59 2015 +0200
+++ b/kallithea/lib/auth.py	Tue Jul 14 13:59:59 2015 +0200
@@ -608,19 +608,14 @@
         return [x[0] for x in self.permissions['user_groups'].iteritems()
                 if x[1] == 'usergroup.admin']

-    def is_ip_allowed(self, ip_addr):
-        """
-        Determine if `ip_addr` is on the list of allowed IP addresses
-        for this user.
+    @staticmethod
+    def check_ip_allowed(user, ip_addr):
         """
-        inherit = self.inherit_default_permissions
-        return AuthUser.check_ip_allowed(self.user_id, ip_addr,
-                                         inherit_from_default=inherit)
-
-    @classmethod
-    def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default):
-        allowed_ips = AuthUser.get_allowed_ips(user_id, cache=True,
-                        inherit_from_default=inherit_from_default)
+        Check if the given IP address (a `str`) is allowed for the given
+        user (an `AuthUser` or `db.User`).
+        """
+        allowed_ips = AuthUser.get_allowed_ips(user.user_id, cache=True,
+            inherit_from_default=user.inherit_default_permissions)
         if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):
             log.debug('IP:%s is in range of %s' % (ip_addr, allowed_ips))
             return True
@@ -742,8 +737,7 @@
         loc = "%s:%s" % (controller.__class__.__name__, func.__name__)
         log.debug('Checking access for user %s @ %s' % (user, loc))

-        # check if our IP is allowed
-        if not user.is_ip_allowed(controller.ip_addr):
+        if not AuthUser.check_ip_allowed(user, controller.ip_addr):
             return redirect_to_login(_('IP %s not allowed') % controller.ip_addr)

         # check if we used an API key and it's a valid one
--- a/kallithea/lib/base.py	Tue Jul 14 13:59:59 2015 +0200
+++ b/kallithea/lib/base.py	Tue Jul 14 13:59:59 2015 +0200
@@ -186,9 +186,7 @@
         :param repo_name: repository name
         """
         # check IP
-        inherit = user.inherit_default_permissions
-        ip_allowed = AuthUser.check_ip_allowed(user.user_id, ip_addr,
-                                               inherit_from_default=inherit)
+        ip_allowed = AuthUser.check_ip_allowed(user, ip_addr)
         if ip_allowed:
             log.info('Access for IP:%s allowed' % (ip_addr,))
         else: