rhodecode-enterprise-ce Commit - r4474:673400c0

repo-api: allow repo admins to get/set settings. Previously it was only super-admins that could do that, and it's wrong.

marcink -

r4474:673400c0 default

parent child

Collapse all files

rhodecode/api/utils.py

0 +1 -2

                 """
                 if not HasRepoPermissionAnyApi(*perms)(
                         user=apiuser, repo_name=repo.repo_name):
-                    raise JSONRPCError(
+                    raise JSONRPCError('repository `%s` does not exist' % repoid)
-                        'repository `%s` does not exist' % repoid)
                 return True

rhodecode/api/views/repo_api.py

0 +13 -12

                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
-                    _perms = (
+                    _perms = ('repository.admin', 'repository.write', 'repository.read',)
-                        'repository.admin', 'repository.write', 'repository.read',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 changes_details = Optional.extract(details)
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
-                    _perms = (
+                    _perms = ('repository.admin', 'repository.write', 'repository.read',)
-                        'repository.admin', 'repository.write', 'repository.read',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 changes_details = Optional.extract(details)
                 include_secrets = False
                 if not has_superadmin_permission(apiuser):
-                    validate_repo_permissions(apiuser, repoid, repo, ('repository.admin',))
+                    _perms = ('repository.admin',)
+                    validate_repo_permissions(apiuser, repoid, repo, _perms)
                 else:
                     include_secrets = True
                 if not has_superadmin_permission(apiuser):
                     # check if we have at least read permission for
                     # this repo that we fork !
-                    _perms = (
+                    _perms = ('repository.admin', 'repository.write', 'repository.read')
-                        'repository.admin', 'repository.write', 'repository.read')
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                     # check if the regular user has at least fork permissions as well
                     }
                 """
-                # Restrict access to this api method to admins only.
+                # Restrict access to this api method to super-admins, and repo admins only.
+                repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
-                    raise JSONRPCForbidden()
+                    _perms = ('repository.admin',)
+                    validate_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
-                    repo = get_repo_or_error(repoid)
                     settings_model = VcsSettingsModel(repo=repo)
                     settings = settings_model.get_global_settings()
                     settings.update(settings_model.get_repo_settings())
                         "result": true
                     }
                 """
-                # Restrict access to this api method to admins only.
+                # Restrict access to this api method to super-admins, and repo admins only.
+                repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
-                    raise JSONRPCForbidden()
+                    _perms = ('repository.admin',)
+                    validate_repo_permissions(apiuser, repoid, repo, _perms)
                 if type(settings) is not dict:
                     raise JSONRPCError('Settings have to be a JSON Object.')

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages