Mercurial > kallithea
changeset 2835:faffec4abbda beta
Implemented permissions for writing to repo
groups. Now only write access to group allows to create a repostiory
within that group
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Thu, 13 Sep 2012 19:36:56 +0200 |
| parents | 925c77b9d3f1 |
| children | 819eb7f8a555 |
| files | rhodecode/controllers/admin/repos.py rhodecode/controllers/admin/settings.py rhodecode/controllers/forks.py rhodecode/controllers/settings.py rhodecode/model/db.py rhodecode/model/forms.py rhodecode/model/validators.py |
| diffstat | 7 files changed, 36 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/rhodecode/controllers/admin/repos.py Wed Sep 12 22:20:56 2012 +0200 +++ b/rhodecode/controllers/admin/repos.py Thu Sep 13 19:36:56 2012 +0200 @@ -66,7 +66,7 @@ super(ReposController, self).__before__() def __load_defaults(self): - c.repo_groups = RepoGroup.groups_choices() + c.repo_groups = RepoGroup.groups_choices(check_perms=True) c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) repo_model = RepoModel()
--- a/rhodecode/controllers/admin/settings.py Wed Sep 12 22:20:56 2012 +0200 +++ b/rhodecode/controllers/admin/settings.py Thu Sep 13 19:36:56 2012 +0200 @@ -451,7 +451,7 @@ def create_repository(self): """GET /_admin/create_repository: Form to create a new item""" - c.repo_groups = RepoGroup.groups_choices() + c.repo_groups = RepoGroup.groups_choices(check_perms=True) c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) choices, c.landing_revs = ScmModel().get_repo_landing_revs()
--- a/rhodecode/controllers/forks.py Wed Sep 12 22:20:56 2012 +0200 +++ b/rhodecode/controllers/forks.py Thu Sep 13 19:36:56 2012 +0200 @@ -53,7 +53,7 @@ super(ForksController, self).__before__() def __load_defaults(self): - c.repo_groups = RepoGroup.groups_choices() + c.repo_groups = RepoGroup.groups_choices(check_perms=True) c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) choices, c.landing_revs = ScmModel().get_repo_landing_revs() c.landing_revs_choices = choices
--- a/rhodecode/controllers/settings.py Wed Sep 12 22:20:56 2012 +0200 +++ b/rhodecode/controllers/settings.py Thu Sep 13 19:36:56 2012 +0200 @@ -56,7 +56,7 @@ super(SettingsController, self).__before__() def __load_defaults(self): - c.repo_groups = RepoGroup.groups_choices() + c.repo_groups = RepoGroup.groups_choices(check_perms=True) c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) repo_model = RepoModel()
--- a/rhodecode/model/db.py Wed Sep 12 22:20:56 2012 +0200 +++ b/rhodecode/model/db.py Thu Sep 13 19:36:56 2012 +0200 @@ -1027,14 +1027,20 @@ self.group_name) @classmethod - def groups_choices(cls): + def groups_choices(cls, check_perms=False): from webhelpers.html import literal as _literal + from rhodecode.model.scm import ScmModel + groups = cls.query().all() + if check_perms: + #filter group user have access to, it's done + #magically inside ScmModel based on current user + groups = ScmModel().get_repos_groups(groups) repo_groups = [('', '')] sep = ' » ' _name = lambda k: _literal(sep.join(k)) repo_groups.extend([(x.group_id, _name(x.full_path_splitted)) - for x in cls.query().all()]) + for x in groups]) repo_groups = sorted(repo_groups, key=lambda t: t[1].split(sep)[0]) return repo_groups
--- a/rhodecode/model/forms.py Wed Sep 12 22:20:56 2012 +0200 +++ b/rhodecode/model/forms.py Thu Sep 13 19:36:56 2012 +0200 @@ -177,7 +177,8 @@ repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True), v.SlugifyName()) clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False)) - repo_group = v.OneOf(repo_groups, hideList=True) + repo_group = All(v.CanWriteGroup(), + v.OneOf(repo_groups, hideList=True)) repo_type = v.OneOf(supported_backends) description = v.UnicodeString(strip=True, min=1, not_empty=False) private = v.StringBoolean(if_missing=False) @@ -203,7 +204,8 @@ filter_extra_fields = False repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True), v.SlugifyName()) - repo_group = v.OneOf(repo_groups, hideList=True) + repo_group = All(v.CanWriteGroup(), + v.OneOf(repo_groups, hideList=True)) repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends)) description = v.UnicodeString(strip=True, min=1, not_empty=True) private = v.StringBoolean(if_missing=False)
--- a/rhodecode/model/validators.py Wed Sep 12 22:20:56 2012 +0200 +++ b/rhodecode/model/validators.py Thu Sep 13 19:36:56 2012 +0200 @@ -19,6 +19,7 @@ ChangesetStatus from rhodecode.lib.exceptions import LdapImportError from rhodecode.config.routing import ADMIN_PREFIX +from rhodecode.lib.auth import HasReposGroupPermissionAny # silence warnings and pylint UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \ @@ -466,6 +467,25 @@ return _validator +def CanWriteGroup(): + class _validator(formencode.validators.FancyValidator): + messages = { + 'permission_denied': _(u"You don't have permissions " + "to create repository in this group") + } + + def validate_python(self, value, state): + gr = RepoGroup.get(value) + if not HasReposGroupPermissionAny( + 'group.write', 'group.admin' + )(gr.group_name, 'get group of repo form'): + msg = M(self, 'permission_denied', state) + raise formencode.Invalid(msg, value, state, + error_dict=dict(repo_type=msg) + ) + return _validator + + def ValidPerms(type_='repo'): if type_ == 'group': EMPTY_PERM = 'group.none'