Mercurial > kallithea
changeset 8289:b10adac1ab7c
auth: make it explicit that _check_permission only use the less strict pull checking for actual pull actions
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Fri, 06 Mar 2020 16:58:47 +0100 |
| parents | 5b1f43027662 |
| children | 9ddb4bd52391 |
| files | kallithea/lib/base.py |
| diffstat | 1 files changed, 6 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/base.py Tue Mar 10 15:08:46 2020 +0100 +++ b/kallithea/lib/base.py Fri Mar 06 16:58:47 2020 +0100 @@ -278,11 +278,8 @@ def _check_permission(self, action, authuser, repo_name): """ - Checks permissions using action (push/pull) user and repository - name - - :param action: 'push' or 'pull' action - :param user: `User` instance + :param action: 'push' or 'pull' + :param user: `AuthUser` instance :param repo_name: repository name """ if action == 'push': @@ -291,7 +288,7 @@ repo_name): return False - else: + elif action == 'pull': #any other action need at least read permission if not HasPermissionAnyMiddleware('repository.read', 'repository.write', @@ -299,6 +296,9 @@ repo_name): return False + else: + assert False, action + return True def _get_ip_addr(self, environ):