Mercurial > kallithea
changeset 5252:815bf70a88ce
AuthUser: simplify check_ip_allowed and drop is_ip_allowed
check_ip_allowed is always called with user_id and inherit_from_default
arguments taken from the same User/AuthUser object, so just take that
object instead. This simplifies the is_ip_allowed method to the point
where it can be removed.
author | Søren Løvborg <kwi@kwi.dk> |
---|---|
date | Tue, 14 Jul 2015 13:59:59 +0200 |
parents | a38e328db172 |
children | ad89cd5a6e1a |
files | kallithea/controllers/api/__init__.py kallithea/controllers/login.py kallithea/lib/auth.py kallithea/lib/base.py |
diffstat | 4 files changed, 11 insertions(+), 20 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/api/__init__.py Tue Jul 14 13:59:59 2015 +0200 +++ b/kallithea/controllers/api/__init__.py Tue Jul 14 13:59:59 2015 +0200 @@ -158,9 +158,8 @@ return jsonrpc_error(retid=self._req_id, message='Invalid API key') - #check if we are allowed to use this IP auth_u = AuthUser(u.user_id, self._req_api_key) - if not auth_u.is_ip_allowed(ip_addr): + if not AuthUser.check_ip_allowed(auth_u, ip_addr): return jsonrpc_error(retid=self._req_id, message='request from IP:%s not allowed' % (ip_addr,)) else:
--- a/kallithea/controllers/login.py Tue Jul 14 13:59:59 2015 +0200 +++ b/kallithea/controllers/login.py Tue Jul 14 13:59:59 2015 +0200 @@ -109,7 +109,7 @@ c.came_from = url('home') not_default = self.authuser.username != User.DEFAULT_USER - ip_allowed = self.authuser.is_ip_allowed(self.ip_addr) + ip_allowed = AuthUser.check_ip_allowed(self.authuser, self.ip_addr) # redirect if already logged in if self.authuser.is_authenticated and not_default and ip_allowed:
--- a/kallithea/lib/auth.py Tue Jul 14 13:59:59 2015 +0200 +++ b/kallithea/lib/auth.py Tue Jul 14 13:59:59 2015 +0200 @@ -608,19 +608,14 @@ return [x[0] for x in self.permissions['user_groups'].iteritems() if x[1] == 'usergroup.admin'] - def is_ip_allowed(self, ip_addr): - """ - Determine if `ip_addr` is on the list of allowed IP addresses - for this user. + @staticmethod + def check_ip_allowed(user, ip_addr): """ - inherit = self.inherit_default_permissions - return AuthUser.check_ip_allowed(self.user_id, ip_addr, - inherit_from_default=inherit) - - @classmethod - def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default): - allowed_ips = AuthUser.get_allowed_ips(user_id, cache=True, - inherit_from_default=inherit_from_default) + Check if the given IP address (a `str`) is allowed for the given + user (an `AuthUser` or `db.User`). + """ + allowed_ips = AuthUser.get_allowed_ips(user.user_id, cache=True, + inherit_from_default=user.inherit_default_permissions) if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips): log.debug('IP:%s is in range of %s' % (ip_addr, allowed_ips)) return True @@ -742,8 +737,7 @@ loc = "%s:%s" % (controller.__class__.__name__, func.__name__) log.debug('Checking access for user %s @ %s' % (user, loc)) - # check if our IP is allowed - if not user.is_ip_allowed(controller.ip_addr): + if not AuthUser.check_ip_allowed(user, controller.ip_addr): return redirect_to_login(_('IP %s not allowed') % controller.ip_addr) # check if we used an API key and it's a valid one
--- a/kallithea/lib/base.py Tue Jul 14 13:59:59 2015 +0200 +++ b/kallithea/lib/base.py Tue Jul 14 13:59:59 2015 +0200 @@ -186,9 +186,7 @@ :param repo_name: repository name """ # check IP - inherit = user.inherit_default_permissions - ip_allowed = AuthUser.check_ip_allowed(user.user_id, ip_addr, - inherit_from_default=inherit) + ip_allowed = AuthUser.check_ip_allowed(user, ip_addr) if ip_allowed: log.info('Access for IP:%s allowed' % (ip_addr,)) else: