Show More
| @@ -233,8 +233,8 b' class TestCreateRepoGroup(object):' | |||||
| 233 |
|
233 | |||
| 234 | expected = { |
|
234 | expected = { | |
| 235 | 'repo_group': |
|
235 | 'repo_group': | |
| 236 | 'Parent repository group `{}` does not exist'.format( |
|
236 | u"You do not have the permissions to store " | |
| 237 | repo_group_name)} |
|
237 | u"repository groups inside repository group `{}`".format(repo_group_name)} | |
| 238 | try: |
|
238 | try: | |
| 239 | assert_error(id_, expected, given=response.body) |
|
239 | assert_error(id_, expected, given=response.body) | |
| 240 | finally: |
|
240 | finally: | |
| @@ -53,7 +53,8 b' def deferred_can_write_to_group_validato' | |||||
| 53 | # permissions denied we expose as not existing, to prevent |
|
53 | # permissions denied we expose as not existing, to prevent | |
| 54 | # resource discovery |
|
54 | # resource discovery | |
| 55 | 'permission_denied_parent_group': |
|
55 | 'permission_denied_parent_group': | |
| 56 | _(u"Parent repository group `{}` does not exist"), |
|
56 | _(u"You do not have the permissions to store " | |
|
|
57 | u"repository groups inside repository group `{}`"), | |||
| 57 | 'permission_denied_root': |
|
58 | 'permission_denied_root': | |
| 58 | _(u"You do not have the permission to store " |
|
59 | _(u"You do not have the permission to store " | |
| 59 | u"repository groups in the root location.") |
|
60 | u"repository groups in the root location.") | |
| @@ -100,9 +101,15 b' def deferred_can_write_to_group_validato' | |||||
| 100 | # we want to allow this... |
|
101 | # we want to allow this... | |
| 101 | forbidden = not (group_admin or (group_write and create_on_write and 0)) |
|
102 | forbidden = not (group_admin or (group_write and create_on_write and 0)) | |
| 102 |
|
103 | |||
|
|
104 | old_name = old_values.get('group_name') | |||
|
|
105 | if old_name and old_name == old_values.get('submitted_repo_group_name'): | |||
|
|
106 | # we're editing a repository group, we didn't change the name | |||
|
|
107 | # we skip the check for write into parent group now | |||
|
|
108 | # this allows changing settings for this repo group | |||
|
|
109 | return | |||
|
|
110 | ||||
| 103 | if parent_group and forbidden: |
|
111 | if parent_group and forbidden: | |
| 104 | msg = messages['permission_denied_parent_group'].format( |
|
112 | msg = messages['permission_denied_parent_group'].format(parent_group_name) | |
| 105 | parent_group_name) |
|
|||
| 106 | raise colander.Invalid(node, msg) |
|
113 | raise colander.Invalid(node, msg) | |
| 107 |
|
114 | |||
| 108 | return can_write_group_validator |
|
115 | return can_write_group_validator | |
| @@ -248,6 +255,9 b' class RepoGroupSchema(colander.Schema):' | |||||
| 248 | validated_name = appstruct['repo_group_name'] |
|
255 | validated_name = appstruct['repo_group_name'] | |
| 249 |
|
256 | |||
| 250 | # second pass to validate permissions to repo_group |
|
257 | # second pass to validate permissions to repo_group | |
|
|
258 | if 'old_values' in self.bindings: | |||
|
|
259 | # save current repo name for name change checks | |||
|
|
260 | self.bindings['old_values']['submitted_repo_group_name'] = validated_name | |||
| 251 | second = RepoGroupAccessSchema().bind(**self.bindings) |
|
261 | second = RepoGroupAccessSchema().bind(**self.bindings) | |
| 252 | appstruct_second = second.deserialize({'repo_group': validated_name}) |
|
262 | appstruct_second = second.deserialize({'repo_group': validated_name}) | |
| 253 | # save result |
|
263 | # save result | |
| @@ -286,6 +296,9 b' class RepoGroupSettingsSchema(RepoGroupS' | |||||
| 286 | validated_name = separator.join([group.group_name, validated_name]) |
|
296 | validated_name = separator.join([group.group_name, validated_name]) | |
| 287 |
|
297 | |||
| 288 | # second pass to validate permissions to repo_group |
|
298 | # second pass to validate permissions to repo_group | |
|
|
299 | if 'old_values' in self.bindings: | |||
|
|
300 | # save current repo name for name change checks | |||
|
|
301 | self.bindings['old_values']['submitted_repo_group_name'] = validated_name | |||
| 289 | second = RepoGroupAccessSchema().bind(**self.bindings) |
|
302 | second = RepoGroupAccessSchema().bind(**self.bindings) | |
| 290 | appstruct_second = second.deserialize({'repo_group': validated_name}) |
|
303 | appstruct_second = second.deserialize({'repo_group': validated_name}) | |
| 291 | # save result |
|
304 | # save result | |
General Comments 0
You need to be logged in to leave comments.
Login now