Show More
| @@ -1346,7 +1346,7 b' class AuthUser(object):' | |||||
| 1346 | def _cached_repo_acl(perm_def, _name_filter): |
|
1346 | def _cached_repo_acl(perm_def, _name_filter): | |
| 1347 | qry = Repository.query() |
|
1347 | qry = Repository.query() | |
| 1348 | if _name_filter: |
|
1348 | if _name_filter: | |
| 1349 |
ilike_expression = |
|
1349 | ilike_expression = '%{}%'.format(_name_filter) | |
| 1350 | qry = qry.filter( |
|
1350 | qry = qry.filter( | |
| 1351 | Repository.repo_name.ilike(ilike_expression)) |
|
1351 | Repository.repo_name.ilike(ilike_expression)) | |
| 1352 |
|
1352 | |||
| @@ -1397,7 +1397,7 b' class AuthUser(object):' | |||||
| 1397 | def _cached_repo_group_acl(perm_def, _name_filter): |
|
1397 | def _cached_repo_group_acl(perm_def, _name_filter): | |
| 1398 | qry = RepoGroup.query() |
|
1398 | qry = RepoGroup.query() | |
| 1399 | if _name_filter: |
|
1399 | if _name_filter: | |
| 1400 |
ilike_expression = |
|
1400 | ilike_expression = '%{}%'.format(_name_filter) | |
| 1401 | qry = qry.filter( |
|
1401 | qry = qry.filter( | |
| 1402 | RepoGroup.group_name.ilike(ilike_expression)) |
|
1402 | RepoGroup.group_name.ilike(ilike_expression)) | |
| 1403 |
|
1403 | |||
| @@ -1446,7 +1446,7 b' class AuthUser(object):' | |||||
| 1446 | def _cached_user_group_acl(perm_def, _name_filter): |
|
1446 | def _cached_user_group_acl(perm_def, _name_filter): | |
| 1447 | qry = UserGroup.query() |
|
1447 | qry = UserGroup.query() | |
| 1448 | if _name_filter: |
|
1448 | if _name_filter: | |
| 1449 |
ilike_expression = |
|
1449 | ilike_expression = '%{}%'.format(_name_filter) | |
| 1450 | qry = qry.filter( |
|
1450 | qry = qry.filter( | |
| 1451 | UserGroup.users_group_name.ilike(ilike_expression)) |
|
1451 | UserGroup.users_group_name.ilike(ilike_expression)) | |
| 1452 |
|
1452 | |||
| @@ -2323,9 +2323,11 b' class HasPermissionAnyMiddleware(object)' | |||||
| 2323 | self.required_perms = set(perms) |
|
2323 | self.required_perms = set(perms) | |
| 2324 |
|
2324 | |||
| 2325 | def __call__(self, auth_user, repo_name): |
|
2325 | def __call__(self, auth_user, repo_name): | |
| 2326 | # repo_name MUST be unicode, since we handle keys in permission |
|
2326 | # # repo_name MUST be unicode, since we handle keys in permission | |
| 2327 | # dict by unicode |
|
2327 | # # dict by unicode | |
| 2328 | repo_name = safe_unicode(repo_name) |
|
2328 | #TODO: verify | |
|
|
2329 | # repo_name = safe_unicode(repo_name) | |||
|
|
2330 | ||||
| 2329 | log.debug( |
|
2331 | log.debug( | |
| 2330 | 'Checking VCS protocol permissions %s for user:%s repo:`%s`', |
|
2332 | 'Checking VCS protocol permissions %s for user:%s repo:`%s`', | |
| 2331 | self.required_perms, auth_user, repo_name) |
|
2333 | self.required_perms, auth_user, repo_name) | |
| @@ -2495,10 +2497,11 b' def check_ip_access(source_ip, allowed_i' | |||||
| 2495 | :param allowed_ips: list of allowed ips together with mask |
|
2497 | :param allowed_ips: list of allowed ips together with mask | |
| 2496 | """ |
|
2498 | """ | |
| 2497 | log.debug('checking if ip:%s is subnet of %s', source_ip, allowed_ips) |
|
2499 | log.debug('checking if ip:%s is subnet of %s', source_ip, allowed_ips) | |
| 2498 |
source_ip_address = ipaddress.ip_address( |
|
2500 | source_ip_address = ipaddress.ip_address(source_ip) | |
| 2499 | if isinstance(allowed_ips, (tuple, list, set)): |
|
2501 | if isinstance(allowed_ips, (tuple, list, set)): | |
| 2500 | for ip in allowed_ips: |
|
2502 | for ip in allowed_ips: | |
| 2501 | ip = safe_unicode(ip) |
|
2503 | #TODO: verify | |
|
|
2504 | #ip = safe_unicode(ip) | |||
| 2502 | try: |
|
2505 | try: | |
| 2503 | network_address = ipaddress.ip_network(ip, strict=False) |
|
2506 | network_address = ipaddress.ip_network(ip, strict=False) | |
| 2504 | if source_ip_address in network_address: |
|
2507 | if source_ip_address in network_address: | |
| @@ -86,7 +86,7 b' def _filter_port(ip):' | |||||
| 86 | else: |
|
86 | else: | |
| 87 | # fallback to ipaddress |
|
87 | # fallback to ipaddress | |
| 88 | try: |
|
88 | try: | |
| 89 |
ipaddress.IPv6Address(safe_ |
|
89 | ipaddress.IPv6Address(safe_str(ip_addr)) | |
| 90 | except Exception: |
|
90 | except Exception: | |
| 91 | return False |
|
91 | return False | |
| 92 | return True |
|
92 | return True | |
| @@ -1086,7 +1086,7 b' def style_metatag(tag_type, value):' | |||||
| 1086 | pat, replace_html = tag_data |
|
1086 | pat, replace_html = tag_data | |
| 1087 | # convert to plain `unicode` instead of a markup tag to be used in |
|
1087 | # convert to plain `unicode` instead of a markup tag to be used in | |
| 1088 | # regex expressions. safe_unicode doesn't work here |
|
1088 | # regex expressions. safe_unicode doesn't work here | |
| 1089 |
html_value = pat.sub(replace_html, |
|
1089 | html_value = pat.sub(replace_html, value) | |
| 1090 |
|
1090 | |||
| 1091 | return html_value |
|
1091 | return html_value | |
| 1092 |
|
1092 | |||
| @@ -1223,10 +1223,10 b' class InitialsGravatar(object):' | |||||
| 1223 | def normalize_email(self, email_address): |
|
1223 | def normalize_email(self, email_address): | |
| 1224 | import unicodedata |
|
1224 | import unicodedata | |
| 1225 | # default host used to fill in the fake/missing email |
|
1225 | # default host used to fill in the fake/missing email | |
| 1226 |
default_host = |
|
1226 | default_host = 'localhost' | |
| 1227 |
|
1227 | |||
| 1228 | if not email_address: |
|
1228 | if not email_address: | |
| 1229 |
email_address = |
|
1229 | email_address = '%s@%s' % (User.DEFAULT_USER, default_host) | |
| 1230 |
|
1230 | |||
| 1231 | email_address = safe_unicode(email_address) |
|
1231 | email_address = safe_unicode(email_address) | |
| 1232 |
|
1232 | |||
| @@ -467,8 +467,9 b' class MercurialRepository(BaseRepository' | |||||
| 467 | else: |
|
467 | else: | |
| 468 | commit_id = "tip" |
|
468 | commit_id = "tip" | |
| 469 |
|
469 | |||
| 470 | if isinstance(commit_id, unicode): |
|
470 | #TODO: decide if we pass bytes or str into lookup ? | |
| 471 | commit_id = safe_str(commit_id) |
|
471 | # if isinstance(commit_id, unicode): | |
|
|
472 | # commit_id = safe_str(commit_id) | |||
| 472 |
|
473 | |||
| 473 | try: |
|
474 | try: | |
| 474 | raw_id, idx = self._remote.lookup(commit_id, both=True) |
|
475 | raw_id, idx = self._remote.lookup(commit_id, both=True) | |
| @@ -47,10 +47,10 b' class NodeKind:' | |||||
| 47 |
|
47 | |||
| 48 |
|
48 | |||
| 49 | class NodeState: |
|
49 | class NodeState: | |
| 50 |
ADDED = |
|
50 | ADDED = 'added' | |
| 51 |
CHANGED = |
|
51 | CHANGED = 'changed' | |
| 52 |
NOT_CHANGED = |
|
52 | NOT_CHANGED = 'not changed' | |
| 53 |
REMOVED = |
|
53 | REMOVED = 'removed' | |
| 54 |
|
54 | |||
| 55 |
|
55 | |||
| 56 | class NodeGeneratorBase(object): |
|
56 | class NodeGeneratorBase(object): | |
| @@ -115,7 +115,7 b' class Node(object):' | |||||
| 115 | only. Moreover, every single node is identified by the ``path`` attribute, |
|
115 | only. Moreover, every single node is identified by the ``path`` attribute, | |
| 116 | so it cannot end with slash, too. Otherwise, path could lead to mistakes. |
|
116 | so it cannot end with slash, too. Otherwise, path could lead to mistakes. | |
| 117 | """ |
|
117 | """ | |
| 118 |
RTLO_MARKER = |
|
118 | RTLO_MARKER = "\u202E" # RTLO marker allows swapping text, and certain | |
| 119 | # security attacks could be used with this |
|
119 | # security attacks could be used with this | |
| 120 | commit = None |
|
120 | commit = None | |
| 121 |
|
121 | |||
| @@ -173,7 +173,7 b' class Node(object):' | |||||
| 173 | _parts = self.path.rstrip('/').rsplit('/', 1) |
|
173 | _parts = self.path.rstrip('/').rsplit('/', 1) | |
| 174 | if len(_parts) == 2: |
|
174 | if len(_parts) == 2: | |
| 175 | return safe_unicode(_parts[0]) |
|
175 | return safe_unicode(_parts[0]) | |
| 176 |
return |
|
176 | return '' | |
| 177 |
|
177 | |||
| 178 | @LazyProperty |
|
178 | @LazyProperty | |
| 179 | def name(self): |
|
179 | def name(self): | |
| @@ -829,7 +829,7 b' class SubModuleNode(Node):' | |||||
| 829 | then only last part is returned. |
|
829 | then only last part is returned. | |
| 830 | """ |
|
830 | """ | |
| 831 | org = safe_unicode(self.path.rstrip('/').split('/')[-1]) |
|
831 | org = safe_unicode(self.path.rstrip('/').split('/')[-1]) | |
| 832 |
return |
|
832 | return '%s @ %s' % (org, self.commit.short_id) | |
| 833 |
|
833 | |||
| 834 |
|
834 | |||
| 835 | class LargeFileNode(FileNode): |
|
835 | class LargeFileNode(FileNode): | |
| @@ -346,7 +346,7 b' class RhodeCodeSetting(Base, BaseModel):' | |||||
| 346 |
|
346 | |||
| 347 | @validates('_app_settings_value') |
|
347 | @validates('_app_settings_value') | |
| 348 | def validate_settings_value(self, key, val): |
|
348 | def validate_settings_value(self, key, val): | |
| 349 |
assert type(val) == |
|
349 | assert type(val) == str | |
| 350 | return val |
|
350 | return val | |
| 351 |
|
351 | |||
| 352 | @hybrid_property |
|
352 | @hybrid_property | |
| @@ -487,7 +487,7 b' class RepoRhodeCodeSetting(Base, BaseMod' | |||||
| 487 |
|
487 | |||
| 488 | @validates('_app_settings_value') |
|
488 | @validates('_app_settings_value') | |
| 489 | def validate_settings_value(self, key, val): |
|
489 | def validate_settings_value(self, key, val): | |
| 490 |
assert type(val) == |
|
490 | assert type(val) == str | |
| 491 | return val |
|
491 | return val | |
| 492 |
|
492 | |||
| 493 | @hybrid_property |
|
493 | @hybrid_property | |
General Comments 0
You need to be logged in to leave comments.
Login now