Mercurial > kallithea
changeset 3628:c734686b3cf2 beta
moved permission management into separate entity.
- this solves issues when whole form submision could influence permission management
particular case is that when repo group permission is revoked and user is no longer able to update repository settings
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Thu, 28 Mar 2013 02:11:26 +0100 |
parents | 32cb8d45f330 |
children | 802c94bdfc85 |
files | rhodecode/config/routing.py rhodecode/controllers/admin/repos.py rhodecode/model/forms.py rhodecode/model/repo.py rhodecode/templates/admin/repos/repo_edit.html |
diffstat | 5 files changed, 79 insertions(+), 34 deletions(-) [+] |
line wrap: on
line diff
--- a/rhodecode/config/routing.py Thu Mar 28 01:10:45 2013 +0100 +++ b/rhodecode/config/routing.py Thu Mar 28 02:11:26 2013 +0100 @@ -127,6 +127,11 @@ m.connect("formatted_repo", "/repos/{repo_name:.*?}.{format}", action="show", conditions=dict(method=["GET"], function=check_repo)) + #add repo perm member + m.connect('set_repo_perm_member', "/set_repo_perm_member/{repo_name:.*?}", + action="set_repo_perm_member", + conditions=dict(method=["POST"], function=check_repo)) + #ajax delete repo perm user m.connect('delete_repo_user', "/repos_delete_user/{repo_name:.*?}", action="delete_perm_user",
--- a/rhodecode/controllers/admin/repos.py Thu Mar 28 01:10:45 2013 +0100 +++ b/rhodecode/controllers/admin/repos.py Thu Mar 28 02:11:26 2013 +0100 @@ -45,7 +45,7 @@ from rhodecode.model.meta import Session from rhodecode.model.db import User, Repository, UserFollowing, RepoGroup,\ RhodeCodeSetting, RepositoryField -from rhodecode.model.forms import RepoForm, RepoFieldForm +from rhodecode.model.forms import RepoForm, RepoFieldForm, RepoPermsForm from rhodecode.model.scm import ScmModel, GroupList from rhodecode.model.repo import RepoModel from rhodecode.lib.compat import json @@ -330,6 +330,42 @@ return redirect(url('repos')) @HasRepoPermissionAllDecorator('repository.admin') + def set_repo_perm_member(self, repo_name): + form = RepoPermsForm()().to_python(request.POST) + + perms_new = form['perms_new'] + perms_updates = form['perms_updates'] + cur_repo = repo_name + + # update permissions + for member, perm, member_type in perms_updates: + if member_type == 'user': + # this updates existing one + RepoModel().grant_user_permission( + repo=cur_repo, user=member, perm=perm + ) + else: + RepoModel().grant_users_group_permission( + repo=cur_repo, group_name=member, perm=perm + ) + # set new permissions + for member, perm, member_type in perms_new: + if member_type == 'user': + RepoModel().grant_user_permission( + repo=cur_repo, user=member, perm=perm + ) + else: + RepoModel().grant_users_group_permission( + repo=cur_repo, group_name=member, perm=perm + ) + #TODO: implement this + #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions', + # repo_name, self.ip_addr, self.sa) + Session().commit() + h.flash(_('updated repository permissions'), category='success') + return redirect(url('edit_repo', repo_name=repo_name)) + + @HasRepoPermissionAllDecorator('repository.admin') def delete_perm_user(self, repo_name): """ DELETE an existing repository permission user @@ -339,6 +375,9 @@ try: RepoModel().revoke_user_permission(repo=repo_name, user=request.POST['user_id']) + #TODO: implement this + #action_logger(self.rhodecode_user, 'admin_revoked_repo_permissions', + # repo_name, self.ip_addr, self.sa) Session().commit() except Exception: log.error(traceback.format_exc())
--- a/rhodecode/model/forms.py Thu Mar 28 01:10:45 2013 +0100 +++ b/rhodecode/model/forms.py Thu Mar 28 02:11:26 2013 +0100 @@ -199,11 +199,18 @@ user = All(v.UnicodeString(not_empty=True), v.ValidRepoUser()) chained_validators = [v.ValidCloneUri(), - v.ValidRepoName(edit, old_data), - v.ValidPerms()] + v.ValidRepoName(edit, old_data)] return _RepoForm +def RepoPermsForm(): + class _RepoPermsForm(formencode.Schema): + allow_extra_fields = True + filter_extra_fields = False + chained_validators = [v.ValidPerms()] + return _RepoPermsForm + + def RepoFieldForm(): class _RepoFieldForm(formencode.Schema): filter_extra_fields = True
--- a/rhodecode/model/repo.py Thu Mar 28 01:10:45 2013 +0100 +++ b/rhodecode/model/repo.py Thu Mar 28 02:11:26 2013 +0100 @@ -279,28 +279,6 @@ try: cur_repo = self.get_by_repo_name(org_repo_name, cache=False) - # update permissions - for member, perm, member_type in kwargs['perms_updates']: - if member_type == 'user': - # this updates existing one - RepoModel().grant_user_permission( - repo=cur_repo, user=member, perm=perm - ) - else: - RepoModel().grant_users_group_permission( - repo=cur_repo, group_name=member, perm=perm - ) - # set new permissions - for member, perm, member_type in kwargs['perms_new']: - if member_type == 'user': - RepoModel().grant_user_permission( - repo=cur_repo, user=member, perm=perm - ) - else: - RepoModel().grant_users_group_permission( - repo=cur_repo, group_name=member, perm=perm - ) - if 'user' in kwargs: cur_repo.user = User.get_by_username(kwargs['user'])
--- a/rhodecode/templates/admin/repos/repo_edit.html Thu Mar 28 01:10:45 2013 +0100 +++ b/rhodecode/templates/admin/repos/repo_edit.html Thu Mar 28 02:11:26 2013 +0100 @@ -144,15 +144,6 @@ </div> %endfor %endif - <div class="field"> - <div class="label"> - <label for="input">${_('Permissions')}:</label> - </div> - <div class="input"> - <%include file="repo_edit_perms.html"/> - </div> - </div> - <div class="buttons"> ${h.submit('save',_('Save'),class_="ui-btn large")} ${h.reset('reset',_('Reset'),class_="ui-btn large")} @@ -164,6 +155,31 @@ <div class="box box-right"> <div class="title"> + <h5>${_('Permissions')}</h5> + </div> + ${h.form(url('set_repo_perm_member', repo_name=c.repo_info.repo_name),method='post')} + <div class="form"> + <div class="fields"> + <div class="field"> + <div class="label"> + <label for="input">${_('Permissions')}:</label> + </div> + <div class="input"> + <%include file="repo_edit_perms.html"/> + </div> + </div> + <div class="buttons"> + ${h.submit('save',_('Save'),class_="ui-btn large")} + ${h.reset('reset',_('Reset'),class_="ui-btn large")} + </div> + </div> + </div> + ${h.end_form()} +</div> + + +<div class="box box-right" style="clear:right"> + <div class="title"> <h5>${_('Advanced settings')}</h5> </div>