##// END OF EJS Templates
permissions: allow users to update settings for repository groups they still own, or have admin perms, when they don't change their name....
dan -
r4421:73f70a03 default
parent child Browse files
Show More
@@ -233,8 +233,8 b' class TestCreateRepoGroup(object):'
233
233
234 expected = {
234 expected = {
235 'repo_group':
235 'repo_group':
236 'Parent repository group `{}` does not exist'.format(
236 u"You do not have the permissions to store "
237 repo_group_name)}
237 u"repository groups inside repository group `{}`".format(repo_group_name)}
238 try:
238 try:
239 assert_error(id_, expected, given=response.body)
239 assert_error(id_, expected, given=response.body)
240 finally:
240 finally:
@@ -53,7 +53,8 b' def deferred_can_write_to_group_validato'
53 # permissions denied we expose as not existing, to prevent
53 # permissions denied we expose as not existing, to prevent
54 # resource discovery
54 # resource discovery
55 'permission_denied_parent_group':
55 'permission_denied_parent_group':
56 _(u"Parent repository group `{}` does not exist"),
56 _(u"You do not have the permissions to store "
57 u"repository groups inside repository group `{}`"),
57 'permission_denied_root':
58 'permission_denied_root':
58 _(u"You do not have the permission to store "
59 _(u"You do not have the permission to store "
59 u"repository groups in the root location.")
60 u"repository groups in the root location.")
@@ -100,9 +101,15 b' def deferred_can_write_to_group_validato'
100 # we want to allow this...
101 # we want to allow this...
101 forbidden = not (group_admin or (group_write and create_on_write and 0))
102 forbidden = not (group_admin or (group_write and create_on_write and 0))
102
103
104 old_name = old_values.get('group_name')
105 if old_name and old_name == old_values.get('submitted_repo_group_name'):
106 # we're editing a repository group, we didn't change the name
107 # we skip the check for write into parent group now
108 # this allows changing settings for this repo group
109 return
110
103 if parent_group and forbidden:
111 if parent_group and forbidden:
104 msg = messages['permission_denied_parent_group'].format(
112 msg = messages['permission_denied_parent_group'].format(parent_group_name)
105 parent_group_name)
106 raise colander.Invalid(node, msg)
113 raise colander.Invalid(node, msg)
107
114
108 return can_write_group_validator
115 return can_write_group_validator
@@ -248,6 +255,9 b' class RepoGroupSchema(colander.Schema):'
248 validated_name = appstruct['repo_group_name']
255 validated_name = appstruct['repo_group_name']
249
256
250 # second pass to validate permissions to repo_group
257 # second pass to validate permissions to repo_group
258 if 'old_values' in self.bindings:
259 # save current repo name for name change checks
260 self.bindings['old_values']['submitted_repo_group_name'] = validated_name
251 second = RepoGroupAccessSchema().bind(**self.bindings)
261 second = RepoGroupAccessSchema().bind(**self.bindings)
252 appstruct_second = second.deserialize({'repo_group': validated_name})
262 appstruct_second = second.deserialize({'repo_group': validated_name})
253 # save result
263 # save result
@@ -286,6 +296,9 b' class RepoGroupSettingsSchema(RepoGroupS'
286 validated_name = separator.join([group.group_name, validated_name])
296 validated_name = separator.join([group.group_name, validated_name])
287
297
288 # second pass to validate permissions to repo_group
298 # second pass to validate permissions to repo_group
299 if 'old_values' in self.bindings:
300 # save current repo name for name change checks
301 self.bindings['old_values']['submitted_repo_group_name'] = validated_name
289 second = RepoGroupAccessSchema().bind(**self.bindings)
302 second = RepoGroupAccessSchema().bind(**self.bindings)
290 appstruct_second = second.deserialize({'repo_group': validated_name})
303 appstruct_second = second.deserialize({'repo_group': validated_name})
291 # save result
304 # save result
General Comments 0
You need to be logged in to leave comments. Login now