Show More
@@ -100,22 +100,16 b' class RepoSettingsPermissionsView(RepoAp' | |||||
100 | self.load_default_context() |
|
100 | self.load_default_context() | |
101 |
|
101 | |||
102 | private_flag = str2bool(self.request.POST.get('private')) |
|
102 | private_flag = str2bool(self.request.POST.get('private')) | |
103 |
|
103 | changes = { | ||
|
104 | 'repo_private': private_flag | |||
|
105 | } | |||
104 | try: |
|
106 | try: | |
105 | repo = RepoModel().get(self.db_repo.repo_id) |
|
107 | repo = RepoModel().get(self.db_repo.repo_id) | |
106 | repo.private = private_flag |
|
108 | RepoModel().update(repo, **changes) | |
107 | Session().add(repo) |
|
|||
108 | RepoModel().grant_user_permission( |
|
|||
109 | repo=self.db_repo, user=User.DEFAULT_USER, perm='repository.none' |
|
|||
110 | ) |
|
|||
111 |
|
||||
112 | Session().commit() |
|
109 | Session().commit() | |
113 |
|
110 | |||
114 | h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name), |
|
111 | h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name), | |
115 | category='success') |
|
112 | category='success') | |
116 | # NOTE(dan): we change repo private mode we need to notify all USERS |
|
|||
117 | affected_user_ids = User.get_all_user_ids() |
|
|||
118 | PermissionModel().trigger_permission_flush(affected_user_ids) |
|
|||
119 |
|
113 | |||
120 | except Exception: |
|
114 | except Exception: | |
121 | log.exception("Exception during update of repository") |
|
115 | log.exception("Exception during update of repository") |
@@ -452,15 +452,24 b' class RepoModel(BaseModel):' | |||||
452 |
|
452 | |||
453 | setattr(cur_repo, k, val) |
|
453 | setattr(cur_repo, k, val) | |
454 |
|
454 | |||
|
455 | new_name = source_repo_name | |||
|
456 | if 'repo_name' in kwargs: | |||
455 | new_name = cur_repo.get_new_name(kwargs['repo_name']) |
|
457 | new_name = cur_repo.get_new_name(kwargs['repo_name']) | |
456 | cur_repo.repo_name = new_name |
|
458 | cur_repo.repo_name = new_name | |
457 |
|
459 | |||
458 | # if private flag is set, reset default permission to NONE |
|
460 | if 'repo_private' in kwargs: | |
459 | if kwargs.get('repo_private'): |
|
461 | # if private flag is set to True, reset default permission to NONE | |
|
462 | set_private_to = kwargs.get('repo_private') | |||
|
463 | if set_private_to: | |||
460 | EMPTY_PERM = 'repository.none' |
|
464 | EMPTY_PERM = 'repository.none' | |
461 | RepoModel().grant_user_permission( |
|
465 | RepoModel().grant_user_permission( | |
462 | repo=cur_repo, user=User.DEFAULT_USER, perm=EMPTY_PERM |
|
466 | repo=cur_repo, user=User.DEFAULT_USER, perm=EMPTY_PERM | |
463 | ) |
|
467 | ) | |
|
468 | if set_private_to != cur_repo.private: | |||
|
469 | # NOTE(dan): we change repo private mode we need to notify all USERS | |||
|
470 | # this is just by having this value set to a different value then it was before | |||
|
471 | affected_user_ids = User.get_all_user_ids() | |||
|
472 | ||||
464 | if kwargs.get('repo_landing_rev'): |
|
473 | if kwargs.get('repo_landing_rev'): | |
465 | landing_rev_val = kwargs['repo_landing_rev'] |
|
474 | landing_rev_val = kwargs['repo_landing_rev'] | |
466 | RepoModel().set_landing_rev(cur_repo, landing_rev_val) |
|
475 | RepoModel().set_landing_rev(cur_repo, landing_rev_val) |
@@ -166,6 +166,74 b' class TestPermissions(object):' | |||||
166 |
|
166 | |||
167 | test_user_group.user = org_owner |
|
167 | test_user_group.user = org_owner | |
168 |
|
168 | |||
|
169 | def test_propagated_permissions_from_repo_group_to_private_repo(self, repo_name): | |||
|
170 | # make group | |||
|
171 | self.g1 = fixture.create_repo_group('TOP_LEVEL', skip_if_exists=True) | |||
|
172 | # both perms should be read ! | |||
|
173 | assert group_perms(self.anon) == { | |||
|
174 | 'TOP_LEVEL': 'group.read' | |||
|
175 | } | |||
|
176 | ||||
|
177 | # Create repo inside the TOP_LEVEL | |||
|
178 | repo_name_in_group = RepoGroup.url_sep().join([self.g1.group_name, 'test_perm_on_private_repo']) | |||
|
179 | self.test_repo = fixture.create_repo(name=repo_name_in_group, | |||
|
180 | repo_type='hg', | |||
|
181 | repo_group=self.g1, | |||
|
182 | cur_user=self.u1,) | |||
|
183 | assert repo_perms(self.anon) == { | |||
|
184 | repo_name_in_group: 'repository.read', | |||
|
185 | 'vcs_test_git': 'repository.read', | |||
|
186 | 'vcs_test_hg': 'repository.read', | |||
|
187 | 'vcs_test_svn': 'repository.read', | |||
|
188 | } | |||
|
189 | # Now change default user permissions | |||
|
190 | new_perm = 'repository.write' | |||
|
191 | perm_updates = [ | |||
|
192 | [self.anon.user_id, new_perm, 'user'] | |||
|
193 | ] | |||
|
194 | RepoGroupModel().update_permissions( | |||
|
195 | repo_group=self.g1, perm_updates=perm_updates, recursive='all') | |||
|
196 | ||||
|
197 | Session().commit() | |||
|
198 | assert repo_perms(self.anon) == { | |||
|
199 | repo_name_in_group: new_perm, | |||
|
200 | 'vcs_test_git': 'repository.read', | |||
|
201 | 'vcs_test_hg': 'repository.read', | |||
|
202 | 'vcs_test_svn': 'repository.read', | |||
|
203 | } | |||
|
204 | ||||
|
205 | # NOW MARK repo as private | |||
|
206 | changes = { | |||
|
207 | 'repo_private': True | |||
|
208 | } | |||
|
209 | repo = RepoModel().get_by_repo_name(repo_name_in_group) | |||
|
210 | RepoModel().update(repo, **changes) | |||
|
211 | Session().commit() | |||
|
212 | ||||
|
213 | # Private repo sets 'none' permission for default user | |||
|
214 | assert repo_perms(self.anon) == { | |||
|
215 | repo_name_in_group: 'repository.none', | |||
|
216 | 'vcs_test_git': 'repository.read', | |||
|
217 | 'vcs_test_hg': 'repository.read', | |||
|
218 | 'vcs_test_svn': 'repository.read', | |||
|
219 | } | |||
|
220 | ||||
|
221 | # apply same logic of "updated" recursive, but now the anon permissions should be not be impacted | |||
|
222 | new_perm = 'repository.write' | |||
|
223 | perm_updates = [ | |||
|
224 | [self.anon.user_id, new_perm, 'user'] | |||
|
225 | ] | |||
|
226 | RepoGroupModel().update_permissions( | |||
|
227 | repo_group=self.g1, perm_updates=perm_updates, recursive='all') | |||
|
228 | ||||
|
229 | Session().commit() | |||
|
230 | assert repo_perms(self.anon) == { | |||
|
231 | repo_name_in_group: 'repository.none', | |||
|
232 | 'vcs_test_git': 'repository.read', | |||
|
233 | 'vcs_test_hg': 'repository.read', | |||
|
234 | 'vcs_test_svn': 'repository.read', | |||
|
235 | } | |||
|
236 | ||||
169 | def test_propagated_permission_from_users_group_by_explicit_perms_exist( |
|
237 | def test_propagated_permission_from_users_group_by_explicit_perms_exist( | |
170 | self, repo_name): |
|
238 | self, repo_name): | |
171 | # make group |
|
239 | # make group |
General Comments 0
You need to be logged in to leave comments.
Login now