##// END OF EJS Templates
repo-api: allow repo admins to get/set settings. Previously it was only super-admins that could do that, and it's wrong.
marcink -
r4474:673400c0 default
parent child
Show More
@@ -170,8 +170,7 def validate_repo_permissions(apiuser, r
170 """
170 """
171 if not HasRepoPermissionAnyApi(*perms)(
171 if not HasRepoPermissionAnyApi(*perms)(
172 user=apiuser, repo_name=repo.repo_name):
172 user=apiuser, repo_name=repo.repo_name):
173 raise JSONRPCError(
173 raise JSONRPCError('repository `%s` does not exist' % repoid)
174 'repository `%s` does not exist' % repoid)
175
174
176 return True
175 return True
177
176
@@ -307,8 +307,7 def get_repo_changeset(request, apiuser,
307 """
307 """
308 repo = get_repo_or_error(repoid)
308 repo = get_repo_or_error(repoid)
309 if not has_superadmin_permission(apiuser):
309 if not has_superadmin_permission(apiuser):
310 _perms = (
310 _perms = ('repository.admin', 'repository.write', 'repository.read',)
311 'repository.admin', 'repository.write', 'repository.read',)
312 validate_repo_permissions(apiuser, repoid, repo, _perms)
311 validate_repo_permissions(apiuser, repoid, repo, _perms)
313
312
314 changes_details = Optional.extract(details)
313 changes_details = Optional.extract(details)
@@ -366,8 +365,7 def get_repo_changesets(request, apiuser
366 """
365 """
367 repo = get_repo_or_error(repoid)
366 repo = get_repo_or_error(repoid)
368 if not has_superadmin_permission(apiuser):
367 if not has_superadmin_permission(apiuser):
369 _perms = (
368 _perms = ('repository.admin', 'repository.write', 'repository.read',)
370 'repository.admin', 'repository.write', 'repository.read',)
371 validate_repo_permissions(apiuser, repoid, repo, _perms)
369 validate_repo_permissions(apiuser, repoid, repo, _perms)
372
370
373 changes_details = Optional.extract(details)
371 changes_details = Optional.extract(details)
@@ -1021,7 +1019,8 def update_repo(
1021
1019
1022 include_secrets = False
1020 include_secrets = False
1023 if not has_superadmin_permission(apiuser):
1021 if not has_superadmin_permission(apiuser):
1024 validate_repo_permissions(apiuser, repoid, repo, ('repository.admin',))
1022 _perms = ('repository.admin',)
1023 validate_repo_permissions(apiuser, repoid, repo, _perms)
1025 else:
1024 else:
1026 include_secrets = True
1025 include_secrets = True
1027
1026
@@ -1208,8 +1207,7 def fork_repo(request, apiuser, repoid,
1208 if not has_superadmin_permission(apiuser):
1207 if not has_superadmin_permission(apiuser):
1209 # check if we have at least read permission for
1208 # check if we have at least read permission for
1210 # this repo that we fork !
1209 # this repo that we fork !
1211 _perms = (
1210 _perms = ('repository.admin', 'repository.write', 'repository.read')
1212 'repository.admin', 'repository.write', 'repository.read')
1213 validate_repo_permissions(apiuser, repoid, repo, _perms)
1211 validate_repo_permissions(apiuser, repoid, repo, _perms)
1214
1212
1215 # check if the regular user has at least fork permissions as well
1213 # check if the regular user has at least fork permissions as well
@@ -2370,12 +2368,13 def get_repo_settings(request, apiuser,
2370 }
2368 }
2371 """
2369 """
2372
2370
2373 # Restrict access to this api method to admins only.
2371 # Restrict access to this api method to super-admins, and repo admins only.
2372 repo = get_repo_or_error(repoid)
2374 if not has_superadmin_permission(apiuser):
2373 if not has_superadmin_permission(apiuser):
2375 raise JSONRPCForbidden()
2374 _perms = ('repository.admin',)
2375 validate_repo_permissions(apiuser, repoid, repo, _perms)
2376
2376
2377 try:
2377 try:
2378 repo = get_repo_or_error(repoid)
2379 settings_model = VcsSettingsModel(repo=repo)
2378 settings_model = VcsSettingsModel(repo=repo)
2380 settings = settings_model.get_global_settings()
2379 settings = settings_model.get_global_settings()
2381 settings.update(settings_model.get_repo_settings())
2380 settings.update(settings_model.get_repo_settings())
@@ -2414,9 +2413,11 def set_repo_settings(request, apiuser,
2414 "result": true
2413 "result": true
2415 }
2414 }
2416 """
2415 """
2417 # Restrict access to this api method to admins only.
2416 # Restrict access to this api method to super-admins, and repo admins only.
2417 repo = get_repo_or_error(repoid)
2418 if not has_superadmin_permission(apiuser):
2418 if not has_superadmin_permission(apiuser):
2419 raise JSONRPCForbidden()
2419 _perms = ('repository.admin',)
2420 validate_repo_permissions(apiuser, repoid, repo, _perms)
2420
2421
2421 if type(settings) is not dict:
2422 if type(settings) is not dict:
2422 raise JSONRPCError('Settings have to be a JSON Object.')
2423 raise JSONRPCError('Settings have to be a JSON Object.')
General Comments 0
You need to be logged in to leave comments. Login now