##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
fix(permissions): added a common way to update private flag via repo model...
super-admin -
r5551:5b9b5ed2 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -100,22 +100,16 b' class RepoSettingsPermissionsView(RepoAp'
100 100 self.load_default_context()
101 101
102 102 private_flag = str2bool(self.request.POST.get('private'))
103
103 changes = {
104 'repo_private': private_flag
105 }
104 106 try:
105 107 repo = RepoModel().get(self.db_repo.repo_id)
106 repo.private = private_flag
107 Session().add(repo)
108 RepoModel().grant_user_permission(
109 repo=self.db_repo, user=User.DEFAULT_USER, perm='repository.none'
110 )
111
108 RepoModel().update(repo, **changes)
112 109 Session().commit()
113 110
114 111 h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name),
115 112 category='success')
116 # NOTE(dan): we change repo private mode we need to notify all USERS
117 affected_user_ids = User.get_all_user_ids()
118 PermissionModel().trigger_permission_flush(affected_user_ids)
119 113
120 114 except Exception:
121 115 log.exception("Exception during update of repository")
Show file before | Show file after | Hide comments
@@ -452,15 +452,24 b' class RepoModel(BaseModel):'
452 452
453 453 setattr(cur_repo, k, val)
454 454
455 new_name = source_repo_name
456 if 'repo_name' in kwargs:
455 457 new_name = cur_repo.get_new_name(kwargs['repo_name'])
456 458 cur_repo.repo_name = new_name
457 459
458 # if private flag is set, reset default permission to NONE
459 if kwargs.get('repo_private'):
460 if 'repo_private' in kwargs:
461 # if private flag is set to True, reset default permission to NONE
462 set_private_to = kwargs.get('repo_private')
463 if set_private_to:
460 464 EMPTY_PERM = 'repository.none'
461 465 RepoModel().grant_user_permission(
462 466 repo=cur_repo, user=User.DEFAULT_USER, perm=EMPTY_PERM
463 467 )
468 if set_private_to != cur_repo.private:
469 # NOTE(dan): we change repo private mode we need to notify all USERS
470 # this is just by having this value set to a different value then it was before
471 affected_user_ids = User.get_all_user_ids()
472
464 473 if kwargs.get('repo_landing_rev'):
465 474 landing_rev_val = kwargs['repo_landing_rev']
466 475 RepoModel().set_landing_rev(cur_repo, landing_rev_val)
Show file before | Show file after | Hide comments
@@ -166,6 +166,74 b' class TestPermissions(object):'
166 166
167 167 test_user_group.user = org_owner
168 168
169 def test_propagated_permissions_from_repo_group_to_private_repo(self, repo_name):
170 # make group
171 self.g1 = fixture.create_repo_group('TOP_LEVEL', skip_if_exists=True)
172 # both perms should be read !
173 assert group_perms(self.anon) == {
174 'TOP_LEVEL': 'group.read'
175 }
176
177 # Create repo inside the TOP_LEVEL
178 repo_name_in_group = RepoGroup.url_sep().join([self.g1.group_name, 'test_perm_on_private_repo'])
179 self.test_repo = fixture.create_repo(name=repo_name_in_group,
180 repo_type='hg',
181 repo_group=self.g1,
182 cur_user=self.u1,)
183 assert repo_perms(self.anon) == {
184 repo_name_in_group: 'repository.read',
185 'vcs_test_git': 'repository.read',
186 'vcs_test_hg': 'repository.read',
187 'vcs_test_svn': 'repository.read',
188 }
189 # Now change default user permissions
190 new_perm = 'repository.write'
191 perm_updates = [
192 [self.anon.user_id, new_perm, 'user']
193 ]
194 RepoGroupModel().update_permissions(
195 repo_group=self.g1, perm_updates=perm_updates, recursive='all')
196
197 Session().commit()
198 assert repo_perms(self.anon) == {
199 repo_name_in_group: new_perm,
200 'vcs_test_git': 'repository.read',
201 'vcs_test_hg': 'repository.read',
202 'vcs_test_svn': 'repository.read',
203 }
204
205 # NOW MARK repo as private
206 changes = {
207 'repo_private': True
208 }
209 repo = RepoModel().get_by_repo_name(repo_name_in_group)
210 RepoModel().update(repo, **changes)
211 Session().commit()
212
213 # Private repo sets 'none' permission for default user
214 assert repo_perms(self.anon) == {
215 repo_name_in_group: 'repository.none',
216 'vcs_test_git': 'repository.read',
217 'vcs_test_hg': 'repository.read',
218 'vcs_test_svn': 'repository.read',
219 }
220
221 # apply same logic of "updated" recursive, but now the anon permissions should be not be impacted
222 new_perm = 'repository.write'
223 perm_updates = [
224 [self.anon.user_id, new_perm, 'user']
225 ]
226 RepoGroupModel().update_permissions(
227 repo_group=self.g1, perm_updates=perm_updates, recursive='all')
228
229 Session().commit()
230 assert repo_perms(self.anon) == {
231 repo_name_in_group: 'repository.none',
232 'vcs_test_git': 'repository.read',
233 'vcs_test_hg': 'repository.read',
234 'vcs_test_svn': 'repository.read',
235 }
236
169 237 def test_propagated_permission_from_users_group_by_explicit_perms_exist(
170 238 self, repo_name):
171 239 # make group
General Comments 0
You need to be logged in to leave comments. Login now