##// END OF EJS Templates
permissions: allow users to update settings for repository groups they still own, or have admin perms, when they don't change their name....
dan -
r4421:73f70a03 default
parent child Browse files
Show More
@@ -233,8 +233,8 b' class TestCreateRepoGroup(object):'
233 233
234 234 expected = {
235 235 'repo_group':
236 'Parent repository group `{}` does not exist'.format(
237 repo_group_name)}
236 u"You do not have the permissions to store "
237 u"repository groups inside repository group `{}`".format(repo_group_name)}
238 238 try:
239 239 assert_error(id_, expected, given=response.body)
240 240 finally:
@@ -53,7 +53,8 b' def deferred_can_write_to_group_validato'
53 53 # permissions denied we expose as not existing, to prevent
54 54 # resource discovery
55 55 'permission_denied_parent_group':
56 _(u"Parent repository group `{}` does not exist"),
56 _(u"You do not have the permissions to store "
57 u"repository groups inside repository group `{}`"),
57 58 'permission_denied_root':
58 59 _(u"You do not have the permission to store "
59 60 u"repository groups in the root location.")
@@ -100,9 +101,15 b' def deferred_can_write_to_group_validato'
100 101 # we want to allow this...
101 102 forbidden = not (group_admin or (group_write and create_on_write and 0))
102 103
104 old_name = old_values.get('group_name')
105 if old_name and old_name == old_values.get('submitted_repo_group_name'):
106 # we're editing a repository group, we didn't change the name
107 # we skip the check for write into parent group now
108 # this allows changing settings for this repo group
109 return
110
103 111 if parent_group and forbidden:
104 msg = messages['permission_denied_parent_group'].format(
105 parent_group_name)
112 msg = messages['permission_denied_parent_group'].format(parent_group_name)
106 113 raise colander.Invalid(node, msg)
107 114
108 115 return can_write_group_validator
@@ -248,6 +255,9 b' class RepoGroupSchema(colander.Schema):'
248 255 validated_name = appstruct['repo_group_name']
249 256
250 257 # second pass to validate permissions to repo_group
258 if 'old_values' in self.bindings:
259 # save current repo name for name change checks
260 self.bindings['old_values']['submitted_repo_group_name'] = validated_name
251 261 second = RepoGroupAccessSchema().bind(**self.bindings)
252 262 appstruct_second = second.deserialize({'repo_group': validated_name})
253 263 # save result
@@ -286,6 +296,9 b' class RepoGroupSettingsSchema(RepoGroupS'
286 296 validated_name = separator.join([group.group_name, validated_name])
287 297
288 298 # second pass to validate permissions to repo_group
299 if 'old_values' in self.bindings:
300 # save current repo name for name change checks
301 self.bindings['old_values']['submitted_repo_group_name'] = validated_name
289 302 second = RepoGroupAccessSchema().bind(**self.bindings)
290 303 appstruct_second = second.deserialize({'repo_group': validated_name})
291 304 # save result
General Comments 0
You need to be logged in to leave comments. Login now