Mercurial > kallithea
changeset 6210:c96e05599877
api: stop explicitly passing apiuser to auth methods - use the global user instead
author | Mads Kiilerich <madski@unity3d.com> |
---|---|
date | Mon, 12 Sep 2016 17:41:19 +0200 |
parents | 41e70d120a5e |
children | 2990b0587e3f |
files | kallithea/controllers/api/api.py kallithea/lib/auth.py |
diffstat | 2 files changed, 58 insertions(+), 72 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/api/api.py Mon Sep 12 17:41:19 2016 +0200 +++ b/kallithea/controllers/api/api.py Mon Sep 12 17:41:19 2016 +0200 @@ -282,11 +282,11 @@ """ repo = get_repo_or_error(repoid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo ! if not HasRepoPermissionAnyApi('repository.admin', 'repository.write')( - user=apiuser, repo_name=repo.repo_name): + repo_name=repo.repo_name): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) try: @@ -348,11 +348,10 @@ """ repo = get_repo_or_error(repoid) - if HasPermissionAnyApi('hg.admin')(user=apiuser): + if HasPermissionAnyApi('hg.admin')(): pass elif HasRepoPermissionAnyApi('repository.admin', - 'repository.write')(user=apiuser, - repo_name=repo.repo_name): + 'repository.write')(repo_name=repo.repo_name): # make sure normal user does not pass someone else userid, # he is not allowed to do that if not isinstance(userid, Optional) and userid != apiuser.user_id: @@ -441,7 +440,7 @@ error : null """ - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # make sure normal user does not pass someone else userid, # he is not allowed to do that if not isinstance(userid, Optional) and userid != apiuser.user_id: @@ -575,7 +574,7 @@ error: null """ - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # make sure normal user does not pass someone else userid, # he is not allowed to do that if not isinstance(userid, Optional) and userid != apiuser.user_id: @@ -850,11 +849,11 @@ """ user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have at least read permission for this user group ! _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) data = user_group.get_api_data() @@ -879,9 +878,8 @@ result = [] _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) - extras = {'user': apiuser} for user_group in UserGroupList(UserGroup.get_all(), - perm_set=_perms, extra_kwargs=extras): + perm_set=_perms): result.append(user_group.get_api_data()) return result @@ -986,11 +984,11 @@ """ user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this user group ! _perms = ('usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) if not isinstance(owner, Optional): @@ -1045,11 +1043,11 @@ """ user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this user group ! _perms = ('usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) try: @@ -1106,11 +1104,11 @@ """ user = get_user_or_error(userid) user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this user group ! _perms = ('usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) try: @@ -1160,11 +1158,11 @@ """ user = get_user_or_error(userid) user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this user group ! _perms = ('usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) try: @@ -1245,10 +1243,10 @@ """ repo = get_repo_or_error(repoid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo ! perms = ('repository.admin', 'repository.write', 'repository.read') - if not HasRepoPermissionAnyApi(*perms)(user=apiuser, repo_name=repo.repo_name): + if not HasRepoPermissionAnyApi(*perms)(repo_name=repo.repo_name): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) members = [] @@ -1315,7 +1313,7 @@ error: null """ result = [] - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): repos = RepoModel().get_all_user_repos(user=apiuser) else: repos = Repository.get_all() @@ -1359,10 +1357,10 @@ """ repo = get_repo_or_error(repoid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo ! perms = ('repository.admin', 'repository.write', 'repository.read') - if not HasRepoPermissionAnyApi(*perms)(user=apiuser, repo_name=repo.repo_name): + if not HasRepoPermissionAnyApi(*perms)(repo_name=repo.repo_name): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) ret_type = Optional.extract(ret_type) @@ -1447,7 +1445,7 @@ } """ - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): if not isinstance(owner, Optional): # forbid setting owner for non-admins raise JSONRPCError( @@ -1541,14 +1539,13 @@ :param enable_downloads: """ repo = get_repo_or_error(repoid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo ! - if not HasRepoPermissionAnyApi('repository.admin')(user=apiuser, - repo_name=repo.repo_name): + if not HasRepoPermissionAnyApi('repository.admin')(repo_name=repo.repo_name): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) if (name != repo.repo_name and - not HasPermissionAnyApi('hg.create.repository')(user=apiuser) + not HasPermissionAnyApi('hg.create.repository')() ): raise JSONRPCError('no permission to create (or move) repositories') @@ -1641,19 +1638,18 @@ type_ = 'fork' if _repo.fork else 'repo' raise JSONRPCError("%s `%s` already exist" % (type_, fork_name)) - if HasPermissionAnyApi('hg.admin')(user=apiuser): + if HasPermissionAnyApi('hg.admin')(): pass elif HasRepoPermissionAnyApi('repository.admin', 'repository.write', - 'repository.read')(user=apiuser, - repo_name=repo.repo_name): + 'repository.read')(repo_name=repo.repo_name): if not isinstance(owner, Optional): # forbid setting owner for non-admins raise JSONRPCError( 'Only Kallithea admin can specify `owner` param' ) - if not HasPermissionAnyApi('hg.create.repository')(user=apiuser): + if not HasPermissionAnyApi('hg.create.repository')(): raise JSONRPCError('no permission to create repositories') else: raise JSONRPCError('repository `%s` does not exist' % (repoid,)) @@ -1724,10 +1720,9 @@ """ repo = get_repo_or_error(repoid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo ! - if not HasRepoPermissionAnyApi('repository.admin')(user=apiuser, - repo_name=repo.repo_name): + if not HasRepoPermissionAnyApi('repository.admin')(repo_name=repo.repo_name): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) try: @@ -1883,17 +1878,17 @@ repo = get_repo_or_error(repoid) perm = get_perm_or_error(perm) user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo ! _perms = ('repository.admin',) if not HasRepoPermissionAnyApi(*_perms)( - user=apiuser, repo_name=repo.repo_name): + repo_name=repo.repo_name): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) # check if we have at least read permission for this user group ! _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) try: @@ -1941,17 +1936,17 @@ """ repo = get_repo_or_error(repoid) user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo ! _perms = ('repository.admin',) if not HasRepoPermissionAnyApi(*_perms)( - user=apiuser, repo_name=repo.repo_name): + repo_name=repo.repo_name): raise JSONRPCError('repository `%s` does not exist' % (repoid,)) # check if we have at least read permission for this user group ! _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) try: @@ -2203,10 +2198,9 @@ repo_group = get_repo_group_or_error(repogroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo group ! - if not HasRepoGroupPermissionAnyApi('group.admin')(user=apiuser, - group_name=repo_group.group_name): + if not HasRepoGroupPermissionAnyApi('group.admin')(group_name=repo_group.group_name): raise JSONRPCError('repository group `%s` does not exist' % (repogroupid,)) user = get_user_or_error(userid) @@ -2270,10 +2264,9 @@ repo_group = get_repo_group_or_error(repogroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo group ! - if not HasRepoGroupPermissionAnyApi('group.admin')(user=apiuser, - group_name=repo_group.group_name): + if not HasRepoGroupPermissionAnyApi('group.admin')(group_name=repo_group.group_name): raise JSONRPCError('repository group `%s` does not exist' % (repogroupid,)) user = get_user_or_error(userid) @@ -2341,18 +2334,18 @@ repo_group = get_repo_group_or_error(repogroupid) perm = get_perm_or_error(perm, prefix='group.') user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo group ! _perms = ('group.admin',) if not HasRepoGroupPermissionAnyApi(*_perms)( - user=apiuser, group_name=repo_group.group_name): + group_name=repo_group.group_name): raise JSONRPCError( 'repository group `%s` does not exist' % (repogroupid,)) # check if we have at least read permission for this user group ! _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError( 'user group `%s` does not exist' % (usergroupid,)) @@ -2419,18 +2412,18 @@ """ repo_group = get_repo_group_or_error(repogroupid) user_group = get_user_group_or_error(usergroupid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # check if we have admin permission for this repo group ! _perms = ('group.admin',) if not HasRepoGroupPermissionAnyApi(*_perms)( - user=apiuser, group_name=repo_group.group_name): + group_name=repo_group.group_name): raise JSONRPCError( 'repository group `%s` does not exist' % (repogroupid,)) # check if we have at least read permission for this user group ! _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) if not HasUserGroupPermissionAny(*_perms)( - user=apiuser, user_group_name=user_group.users_group_name): + user_group_name=user_group.users_group_name): raise JSONRPCError( 'user group `%s` does not exist' % (usergroupid,)) @@ -2466,7 +2459,7 @@ :type gistid: str """ gist = get_gist_or_error(gistid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): if gist.gist_owner != apiuser.user_id: raise JSONRPCError('gist `%s` does not exist' % (gistid,)) return gist.get_api_data() @@ -2481,7 +2474,7 @@ :param userid: user to get gists for :type userid: Optional(str or int) """ - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): # make sure normal user does not pass someone else userid, # he is not allowed to do that if not isinstance(userid, Optional) and userid != apiuser.user_id: @@ -2601,7 +2594,7 @@ """ gist = get_gist_or_error(gistid) - if not HasPermissionAnyApi('hg.admin')(user=apiuser): + if not HasPermissionAnyApi('hg.admin')(): if gist.gist_owner != apiuser.user_id: raise JSONRPCError('gist `%s` does not exist' % (gistid,))
--- a/kallithea/lib/auth.py Mon Sep 12 17:41:19 2016 +0200 +++ b/kallithea/lib/auth.py Mon Sep 12 17:41:19 2016 +0200 @@ -939,10 +939,7 @@ """ raise AssertionError(self.__class__.__name__ + ' is not a bool and must be called!') - def __call__(self, check_location='unspecified location', user=None): - if user: - assert user.user_id == request.user.user_id, (user, request.user) - + def __call__(self, check_location='unspecified location'): user = request.user assert user assert isinstance(user, AuthUser), user @@ -976,9 +973,9 @@ class HasRepoPermissionAny(PermsFunction): - def __call__(self, repo_name=None, check_location='', user=None): + def __call__(self, repo_name=None, check_location=''): self.repo_name = repo_name - return super(HasRepoPermissionAny, self).__call__(check_location, user) + return super(HasRepoPermissionAny, self).__call__(check_location) def check_permissions(self): if not self.repo_name: @@ -999,9 +996,9 @@ class HasRepoGroupPermissionAny(PermsFunction): - def __call__(self, group_name=None, check_location='', user=None): + def __call__(self, group_name=None, check_location=''): self.group_name = group_name - return super(HasRepoGroupPermissionAny, self).__call__(check_location, user) + return super(HasRepoGroupPermissionAny, self).__call__(check_location) def check_permissions(self): try: @@ -1019,9 +1016,9 @@ class HasUserGroupPermissionAny(PermsFunction): - def __call__(self, user_group_name=None, check_location='', user=None): + def __call__(self, user_group_name=None, check_location=''): self.user_group_name = user_group_name - return super(HasUserGroupPermissionAny, self).__call__(check_location, user) + return super(HasUserGroupPermissionAny, self).__call__(check_location) def check_permissions(self): try: @@ -1075,11 +1072,7 @@ def __init__(self, *perms): self.required_perms = set(perms) - def __call__(self, check_location=None, user=None, repo_name=None, - group_name=None): - assert user - assert user.user_id == request.user.user_id, (user, request.user) - + def __call__(self, check_location=None, repo_name=None, group_name=None): user = request.user assert user assert isinstance(user, AuthUser), user