rhodecode-enterprise-ce Files · rhodecode/apps/user_profile/views.py

security: fixed issues with exposing repository names using global PR redirection link...

security: fixed issues with exposing repository names using global PR redirection link logic. - Since redirect was created to repository which linked to the PR, users who didn't have permissions to those repos could still see the name in the url generated.

marcink - - Load All Authors

File last commit:

r3363:f08e98b1 default


                r4044:573a1043

default

Download file

             views.py
        
                    53 lines
            
             | 1.8 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / rhodecode / apps / user_profile / views.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        marcink
    
user-profile: migrated to pyramid views.

              r1502
            
      # -*- coding: utf-8 -*-

        marcink
    
docs: updated copyrights to 2019

              r3363
            
      # Copyright (C) 2016-2019 RhodeCode GmbH

        marcink
    
user-profile: migrated to pyramid views.

              r1502
            
      #

      # This program is free software: you can redistribute it and/or modify

      # it under the terms of the GNU Affero General Public License, version 3

      # (only), as published by the Free Software Foundation.

      #

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      #

      # You should have received a copy of the GNU Affero General Public License

      # along with this program.  If not, see <http://www.gnu.org/licenses/>.

      #

      # This program is dual-licensed. If you wish to learn more about the

      # RhodeCode Enterprise Edition, including its added features, Support services,

      # and proprietary license terms, please see https://rhodecode.com/licenses/

      import logging

      from pyramid.httpexceptions import HTTPNotFound

      from pyramid.view import view_config

      from rhodecode.apps._base import BaseAppView

      from rhodecode.lib.auth import LoginRequired, NotAnonymous

      from rhodecode.model.db import User

      from rhodecode.model.user import UserModel

      log = logging.getLogger(__name__)

      class UserProfileView(BaseAppView):

          @LoginRequired()

          @NotAnonymous()

          @view_config(

              route_name='user_profile', request_method='GET',

              renderer='rhodecode:templates/users/user.mako')

        marcink
    
views: fixed some view names for better usage in view whitelist access

              r1944
            
          def user_profile(self):

        marcink
    
user-profile: migrated to pyramid views.

              r1502
            
              # register local template context

              c = self._get_local_tmpl_context()

              c.active = 'user_profile'

              username = self.request.matchdict.get('username')

              c.user = UserModel().get_by_username(username)

              if not c.user or c.user.username == User.DEFAULT_USER:

                  raise HTTPNotFound()

              return self._get_template_context(c)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

marcink user-profile: migrated to pyramid views.	r1502	# -- coding: utf-8 --

marcink docs: updated copyrights to 2019	r3363	# Copyright (C) 2016-2019 RhodeCode GmbH
marcink user-profile: migrated to pyramid views.	r1502	#
		# This program is free software: you can redistribute it and/or modify
		# it under the terms of the GNU Affero General Public License, version 3
		# (only), as published by the Free Software Foundation.
		#
		# This program is distributed in the hope that it will be useful,
		# but WITHOUT ANY WARRANTY; without even the implied warranty of
		# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		# GNU General Public License for more details.
		#
		# You should have received a copy of the GNU Affero General Public License
		# along with this program. If not, see <http://www.gnu.org/licenses/>.
		#
		# This program is dual-licensed. If you wish to learn more about the
		# RhodeCode Enterprise Edition, including its added features, Support services,
		# and proprietary license terms, please see https://rhodecode.com/licenses/

		import logging

		from pyramid.httpexceptions import HTTPNotFound
		from pyramid.view import view_config

		from rhodecode.apps._base import BaseAppView
		from rhodecode.lib.auth import LoginRequired, NotAnonymous

		from rhodecode.model.db import User
		from rhodecode.model.user import UserModel

		log = logging.getLogger(__name__)


		class UserProfileView(BaseAppView):

		@LoginRequired()
		@NotAnonymous()
		@view_config(
		route_name='user_profile', request_method='GET',
		renderer='rhodecode:templates/users/user.mako')
marcink views: fixed some view names for better usage in view whitelist access	r1944	def user_profile(self):
marcink user-profile: migrated to pyramid views.	r1502	# register local template context
		c = self._get_local_tmpl_context()
		c.active = 'user_profile'

		username = self.request.matchdict.get('username')

		c.user = UserModel().get_by_username(username)
		if not c.user or c.user.username == User.DEFAULT_USER:
		raise HTTPNotFound()

		return self._get_template_context(c)