rhodecode-enterprise-ce Commit - r1148:6c251832

api-utils: added helper to validate repository-group access permissions.

marcink -

r1148:6c251832 default

parent child

rhodecode/api/utils.py

0 +32 -1

              import logging
              from rhodecode.api.exc import JSONRPCError
-             from rhodecode.lib.auth import HasPermissionAnyApi, HasRepoPermissionAnyApi
+             from rhodecode.lib.auth import HasPermissionAnyApi, HasRepoPermissionAnyApi, \
+                 HasRepoGroupPermissionAnyApi
              from rhodecode.lib.utils import safe_unicode
              from rhodecode.controllers.utils import get_commit_from_ref_name
              from rhodecode.lib.vcs.exceptions import RepositoryError
                  return True
+             def validate_repo_group_permissions(apiuser, repogroupid, repo_group, perms):
+                 """
+                 Raise JsonRPCError if apiuser is not authorized or return True
+                 :param apiuser:
+                 :param repogroupid: just the id of repository group
+                 :param repo_group: instance of repo_group
+                 :param perms:
+                 """
+                 if not HasRepoGroupPermissionAnyApi(*perms)(
+                         user=apiuser, group_name=repo_group.group_name):
+                     raise JSONRPCError(
+                         'repository group `%s` does not exist' % repogroupid)
+                 return True
+             def has_set_owner_permissions(apiuser, owner):
+                 if isinstance(owner, Optional):
+                     owner = get_user_or_error(apiuser.user_id)
+                 else:
+                     if has_superadmin_permission(apiuser):
+                         owner = get_user_or_error(owner)
+                     else:
+                         # forbid setting owner for non-admins
+                         raise JSONRPCError(
+                             'Only RhodeCode super-admin can specify `owner` param')
+                 return owner
              def get_user_or_error(userid):
                  """
                  Get user by id or name or return JsonRPCError if not found

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages