Mercurial > kallithea
changeset 6064:9a35244c35b6
auth: clean up PermsFunction
Now shows scope in HasUserGroupPermissionAny instead of '?'.
author | Søren Løvborg <sorenl@unity3d.com> |
---|---|
date | Thu, 07 Apr 2016 17:53:51 +0200 |
parents | 09bcde0eee6d |
children | e0f31c7d0f5e |
files | kallithea/lib/auth.py |
diffstat | 1 files changed, 20 insertions(+), 17 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/auth.py Thu Jul 28 13:57:16 2016 +0200 +++ b/kallithea/lib/auth.py Thu Apr 07 17:53:51 2016 +0200 @@ -944,7 +944,7 @@ """ raise AssertionError(self.__class__.__name__ + ' is not a bool and must be called!') - def __call__(self, check_location='', user=None): + def __call__(self, check_location='unspecified location', user=None): if not user: #TODO: remove this someday,put as user as attribute here user = request.user @@ -954,34 +954,28 @@ user = AuthUser(user.user_id) cls_name = self.__class__.__name__ - check_scope = { - 'HasPermissionAny': '', - 'HasRepoPermissionAny': 'repo:%s' % self.repo_name, - 'HasRepoGroupPermissionAny': 'group:%s' % self.group_name, - }.get(cls_name, '?') + check_scope = self._scope() log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name, self.required_perms, user, check_scope, - check_location or 'unspecified location') + check_location) if not user: log.debug('Empty request user') return False self.user_perms = user.permissions - if self.check_permissions(): - log.debug('Permission to %s granted for user: %s @ %s', - check_scope, user, - check_location or 'unspecified location') - return True - else: - log.debug('Permission to %s denied for user: %s @ %s', - check_scope, user, - check_location or 'unspecified location') - return False + result = self.check_permissions() + result_text = 'granted' if result else 'denied' + log.debug('Permission to %s %s for user: %s @ %s', + check_scope, result_text, user, check_location) + return result def check_permissions(self): """Dummy function for overriding""" raise Exception('You have to write this function in child class') + def _scope(self): + return '(unknown scope)' + class HasPermissionAny(PermsFunction): def check_permissions(self): @@ -1009,6 +1003,9 @@ return True return False + def _scope(self): + return 'repo:%s' % self.repo_name + class HasRepoGroupPermissionAny(PermsFunction): def __call__(self, group_name=None, check_location='', user=None): @@ -1026,6 +1023,9 @@ return True return False + def _scope(self): + return 'repogroup:%s' % self.group_name + class HasUserGroupPermissionAny(PermsFunction): def __call__(self, user_group_name=None, check_location='', user=None): @@ -1043,6 +1043,9 @@ return True return False + def _scope(self): + return 'usergroup:%s' % self.user_group_name + #============================================================================== # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH