Mercurial > kallithea

changeset 6064:9a35244c35b6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: clean up PermsFunction Now shows scope in HasUserGroupPermissionAny instead of '?'.
author Søren Løvborg <sorenl@unity3d.com>
date Thu, 07 Apr 2016 17:53:51 +0200
parents 09bcde0eee6d
children e0f31c7d0f5e
files kallithea/lib/auth.py
diffstat 1 files changed, 20 insertions(+), 17 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/lib/auth.py	Thu Jul 28 13:57:16 2016 +0200
+++ b/kallithea/lib/auth.py	Thu Apr 07 17:53:51 2016 +0200
@@ -944,7 +944,7 @@
         """
         raise AssertionError(self.__class__.__name__ + ' is not a bool and must be called!')
 
-    def __call__(self, check_location='', user=None):
+    def __call__(self, check_location='unspecified location', user=None):
         if not user:
             #TODO: remove this someday,put as user as attribute here
             user = request.user
@@ -954,34 +954,28 @@
             user = AuthUser(user.user_id)
 
         cls_name = self.__class__.__name__
-        check_scope = {
-            'HasPermissionAny': '',
-            'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
-            'HasRepoGroupPermissionAny': 'group:%s' % self.group_name,
-        }.get(cls_name, '?')
+        check_scope = self._scope()
         log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
                   self.required_perms, user, check_scope,
-                  check_location or 'unspecified location')
+                  check_location)
         if not user:
             log.debug('Empty request user')
             return False
         self.user_perms = user.permissions
-        if self.check_permissions():
-            log.debug('Permission to %s granted for user: %s @ %s',
-                      check_scope, user,
-                         check_location or 'unspecified location')
-            return True
 
-        else:
-            log.debug('Permission to %s denied for user: %s @ %s',
-                      check_scope, user,
-                         check_location or 'unspecified location')
-            return False
+        result = self.check_permissions()
+        result_text = 'granted' if result else 'denied'
+        log.debug('Permission to %s %s for user: %s @ %s',
+            check_scope, result_text, user, check_location)
+        return result
 
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')
 
+    def _scope(self):
+        return '(unknown scope)'
+
 
 class HasPermissionAny(PermsFunction):
     def check_permissions(self):
@@ -1009,6 +1003,9 @@
             return True
         return False
 
+    def _scope(self):
+        return 'repo:%s' % self.repo_name
+
 
 class HasRepoGroupPermissionAny(PermsFunction):
     def __call__(self, group_name=None, check_location='', user=None):
@@ -1026,6 +1023,9 @@
             return True
         return False
 
+    def _scope(self):
+        return 'repogroup:%s' % self.group_name
+
 
 class HasUserGroupPermissionAny(PermsFunction):
     def __call__(self, user_group_name=None, check_location='', user=None):
@@ -1043,6 +1043,9 @@
             return True
         return False
 
+    def _scope(self):
+        return 'usergroup:%s' % self.user_group_name
+
 
 #==============================================================================
 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH