# HG changeset patch # User Marcin Kuzminski # Date 2020-08-13 09:11:24 # Node ID 673400c03dcb097c487873438d2b664579fc2406 # Parent fbaf80e4b5b792ef993c8f2f85dd5f74768c55a7 repo-api: allow repo admins to get/set settings. Previously it was only super-admins that could do that, and it's wrong. diff --git a/rhodecode/api/utils.py b/rhodecode/api/utils.py --- a/rhodecode/api/utils.py +++ b/rhodecode/api/utils.py @@ -170,8 +170,7 @@ def validate_repo_permissions(apiuser, r """ if not HasRepoPermissionAnyApi(*perms)( user=apiuser, repo_name=repo.repo_name): - raise JSONRPCError( - 'repository `%s` does not exist' % repoid) + raise JSONRPCError('repository `%s` does not exist' % repoid) return True diff --git a/rhodecode/api/views/repo_api.py b/rhodecode/api/views/repo_api.py --- a/rhodecode/api/views/repo_api.py +++ b/rhodecode/api/views/repo_api.py @@ -307,8 +307,7 @@ def get_repo_changeset(request, apiuser, """ repo = get_repo_or_error(repoid) if not has_superadmin_permission(apiuser): - _perms = ( - 'repository.admin', 'repository.write', 'repository.read',) + _perms = ('repository.admin', 'repository.write', 'repository.read',) validate_repo_permissions(apiuser, repoid, repo, _perms) changes_details = Optional.extract(details) @@ -366,8 +365,7 @@ def get_repo_changesets(request, apiuser """ repo = get_repo_or_error(repoid) if not has_superadmin_permission(apiuser): - _perms = ( - 'repository.admin', 'repository.write', 'repository.read',) + _perms = ('repository.admin', 'repository.write', 'repository.read',) validate_repo_permissions(apiuser, repoid, repo, _perms) changes_details = Optional.extract(details) @@ -1021,7 +1019,8 @@ def update_repo( include_secrets = False if not has_superadmin_permission(apiuser): - validate_repo_permissions(apiuser, repoid, repo, ('repository.admin',)) + _perms = ('repository.admin',) + validate_repo_permissions(apiuser, repoid, repo, _perms) else: include_secrets = True @@ -1208,8 +1207,7 @@ def fork_repo(request, apiuser, repoid, if not has_superadmin_permission(apiuser): # check if we have at least read permission for # this repo that we fork ! - _perms = ( - 'repository.admin', 'repository.write', 'repository.read') + _perms = ('repository.admin', 'repository.write', 'repository.read') validate_repo_permissions(apiuser, repoid, repo, _perms) # check if the regular user has at least fork permissions as well @@ -2370,12 +2368,13 @@ def get_repo_settings(request, apiuser, } """ - # Restrict access to this api method to admins only. + # Restrict access to this api method to super-admins, and repo admins only. + repo = get_repo_or_error(repoid) if not has_superadmin_permission(apiuser): - raise JSONRPCForbidden() + _perms = ('repository.admin',) + validate_repo_permissions(apiuser, repoid, repo, _perms) try: - repo = get_repo_or_error(repoid) settings_model = VcsSettingsModel(repo=repo) settings = settings_model.get_global_settings() settings.update(settings_model.get_repo_settings()) @@ -2414,9 +2413,11 @@ def set_repo_settings(request, apiuser, "result": true } """ - # Restrict access to this api method to admins only. + # Restrict access to this api method to super-admins, and repo admins only. + repo = get_repo_or_error(repoid) if not has_superadmin_permission(apiuser): - raise JSONRPCForbidden() + _perms = ('repository.admin',) + validate_repo_permissions(apiuser, repoid, repo, _perms) if type(settings) is not dict: raise JSONRPCError('Settings have to be a JSON Object.')