##// END OF EJS Templates
repo-api: allow repo admins to get/set settings. Previously it was only super-admins that could do that, and it's wrong.
marcink -
r4474:673400c0 default
parent child Browse files
Show More
@@ -170,8 +170,7 b' def validate_repo_permissions(apiuser, r'
170 170 """
171 171 if not HasRepoPermissionAnyApi(*perms)(
172 172 user=apiuser, repo_name=repo.repo_name):
173 raise JSONRPCError(
174 'repository `%s` does not exist' % repoid)
173 raise JSONRPCError('repository `%s` does not exist' % repoid)
175 174
176 175 return True
177 176
@@ -307,8 +307,7 b' def get_repo_changeset(request, apiuser,'
307 307 """
308 308 repo = get_repo_or_error(repoid)
309 309 if not has_superadmin_permission(apiuser):
310 _perms = (
311 'repository.admin', 'repository.write', 'repository.read',)
310 _perms = ('repository.admin', 'repository.write', 'repository.read',)
312 311 validate_repo_permissions(apiuser, repoid, repo, _perms)
313 312
314 313 changes_details = Optional.extract(details)
@@ -366,8 +365,7 b' def get_repo_changesets(request, apiuser'
366 365 """
367 366 repo = get_repo_or_error(repoid)
368 367 if not has_superadmin_permission(apiuser):
369 _perms = (
370 'repository.admin', 'repository.write', 'repository.read',)
368 _perms = ('repository.admin', 'repository.write', 'repository.read',)
371 369 validate_repo_permissions(apiuser, repoid, repo, _perms)
372 370
373 371 changes_details = Optional.extract(details)
@@ -1021,7 +1019,8 b' def update_repo('
1021 1019
1022 1020 include_secrets = False
1023 1021 if not has_superadmin_permission(apiuser):
1024 validate_repo_permissions(apiuser, repoid, repo, ('repository.admin',))
1022 _perms = ('repository.admin',)
1023 validate_repo_permissions(apiuser, repoid, repo, _perms)
1025 1024 else:
1026 1025 include_secrets = True
1027 1026
@@ -1208,8 +1207,7 b' def fork_repo(request, apiuser, repoid, '
1208 1207 if not has_superadmin_permission(apiuser):
1209 1208 # check if we have at least read permission for
1210 1209 # this repo that we fork !
1211 _perms = (
1212 'repository.admin', 'repository.write', 'repository.read')
1210 _perms = ('repository.admin', 'repository.write', 'repository.read')
1213 1211 validate_repo_permissions(apiuser, repoid, repo, _perms)
1214 1212
1215 1213 # check if the regular user has at least fork permissions as well
@@ -2370,12 +2368,13 b' def get_repo_settings(request, apiuser, '
2370 2368 }
2371 2369 """
2372 2370
2373 # Restrict access to this api method to admins only.
2371 # Restrict access to this api method to super-admins, and repo admins only.
2372 repo = get_repo_or_error(repoid)
2374 2373 if not has_superadmin_permission(apiuser):
2375 raise JSONRPCForbidden()
2374 _perms = ('repository.admin',)
2375 validate_repo_permissions(apiuser, repoid, repo, _perms)
2376 2376
2377 2377 try:
2378 repo = get_repo_or_error(repoid)
2379 2378 settings_model = VcsSettingsModel(repo=repo)
2380 2379 settings = settings_model.get_global_settings()
2381 2380 settings.update(settings_model.get_repo_settings())
@@ -2414,9 +2413,11 b' def set_repo_settings(request, apiuser, '
2414 2413 "result": true
2415 2414 }
2416 2415 """
2417 # Restrict access to this api method to admins only.
2416 # Restrict access to this api method to super-admins, and repo admins only.
2417 repo = get_repo_or_error(repoid)
2418 2418 if not has_superadmin_permission(apiuser):
2419 raise JSONRPCForbidden()
2419 _perms = ('repository.admin',)
2420 validate_repo_permissions(apiuser, repoid, repo, _perms)
2420 2421
2421 2422 if type(settings) is not dict:
2422 2423 raise JSONRPCError('Settings have to be a JSON Object.')
General Comments 0
You need to be logged in to leave comments. Login now