##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
files: added branch permissions checks into web edit operations.
marcink -
r2978:7cabaaed default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -98,6 +98,20 b' class RepoFilesView(RepoAppView):'
98 98 repo_name=self.db_repo_name, commit_id='tip')
99 99 raise HTTPFound(files_url)
100 100
101 def check_branch_permission(self, branch_name):
102 _ = self.request.translate
103
104 rule, branch_perm = self._rhodecode_user.get_rule_and_branch_permission(
105 self.db_repo_name, branch_name)
106 if branch_perm and branch_perm not in ['branch.push', 'branch.push_force']:
107 h.flash(
108 _('Branch `{}` changes forbidden by rule {}.').format(branch_name, rule),
109 'warning')
110 files_url = h.route_path(
111 'repo_files:default_path',
112 repo_name=self.db_repo_name, commit_id='tip')
113 raise HTTPFound(files_url)
114
101 115 def _get_commit_and_path(self):
102 116 default_commit_id = self.db_repo.landing_rev[1]
103 117 default_f_path = '/'
@@ -176,17 +190,37 b' class RepoFilesView(RepoAppView):'
176 190 return file_node
177 191
178 192 def _is_valid_head(self, commit_id, repo):
179 # check if commit is a branch identifier- basically we cannot
180 # create multiple heads via file editing
181 valid_heads = repo.branches.keys() + repo.branches.values()
193 branch_name = sha_commit_id = ''
194 is_head = False
182 195
183 196 if h.is_svn(repo) and not repo.is_empty():
184 # Note: Subversion only has one head, we add it here in case there
185 # is no branch matched.
186 valid_heads.append(repo.get_commit(commit_idx=-1).raw_id)
197 # Note: Subversion only has one head.
198 if commit_id == repo.get_commit(commit_idx=-1).raw_id:
199 is_head = True
200 return branch_name, sha_commit_id, is_head
187 201
188 # check if commit is a branch name or branch hash
189 return commit_id in valid_heads
202 for _branch_name, branch_commit_id in repo.branches.items():
203 # simple case we pass in branch name, it's a HEAD
204 if commit_id == _branch_name:
205 is_head = True
206 branch_name = _branch_name
207 sha_commit_id = branch_commit_id
208 break
209 # case when we pass in full sha commit_id, which is a head
210 elif commit_id == branch_commit_id:
211 is_head = True
212 branch_name = _branch_name
213 sha_commit_id = branch_commit_id
214 break
215
216 # checked branches, means we only need to try to get the branch/commit_sha
217 if not repo.is_empty:
218 commit = repo.get_commit(commit_id=commit_id)
219 if commit:
220 branch_name = commit.branch
221 sha_commit_id = commit.raw_id
222
223 return branch_name, sha_commit_id, is_head
190 224
191 225 def _get_tree_at_commit(
192 226 self, c, commit_id, f_path, full_load=False):
@@ -281,6 +315,7 b' class RepoFilesView(RepoAppView):'
281 315 use_cached_archive = False
282 316 archive_cache_enabled = CONFIG.get(
283 317 'archive_cache_dir') and not self.request.GET.get('no_cache')
318 cached_archive_path = None
284 319
285 320 if archive_cache_enabled:
286 321 # check if we it's ok to write
@@ -322,16 +357,16 b' class RepoFilesView(RepoAppView):'
322 357 commit=True
323 358 )
324 359
325 def get_chunked_archive(archive):
326 with open(archive, 'rb') as stream:
360 def get_chunked_archive(archive_path):
361 with open(archive_path, 'rb') as stream:
327 362 while True:
328 363 data = stream.read(16 * 1024)
329 364 if not data:
330 365 if fd: # fd means we used temporary file
331 366 os.close(fd)
332 367 if not archive_cache_enabled:
333 log.debug('Destroying temp archive %s', archive)
334 os.remove(archive)
368 log.debug('Destroying temp archive %s', archive_path)
369 os.remove(archive_path)
335 370 break
336 371 yield data
337 372
@@ -572,8 +607,9 b' class RepoFilesView(RepoAppView):'
572 607 if not c.renderer:
573 608 c.lines = filenode_as_lines_tokens(c.file)
574 609
575 c.on_branch_head = self._is_valid_head(
610 _branch_name, _sha_commit_id, is_head = self._is_valid_head(
576 611 commit_id, self.rhodecode_vcs_repo)
612 c.on_branch_head = is_head
577 613
578 614 branch = c.commit.branch if (
579 615 c.commit.branch and '/' not in c.commit.branch) else None
@@ -987,15 +1023,18 b' class RepoFilesView(RepoAppView):'
987 1023 commit_id, f_path = self._get_commit_and_path()
988 1024
989 1025 self._ensure_not_locked()
1026 _branch_name, _sha_commit_id, is_head = \
1027 self._is_valid_head(commit_id, self.rhodecode_vcs_repo)
990 1028
991 if not self._is_valid_head(commit_id, self.rhodecode_vcs_repo):
1029 if not is_head:
992 1030 h.flash(_('You can only delete files with commit '
993 'being a valid branch '), category='warning')
1031 'being a valid branch head.'), category='warning')
994 1032 raise HTTPFound(
995 1033 h.route_path('repo_files',
996 1034 repo_name=self.db_repo_name, commit_id='tip',
997 1035 f_path=f_path))
998 1036
1037 self.check_branch_permission(_branch_name)
999 1038 c.commit = self._get_commit_or_redirect(commit_id)
1000 1039 c.file = self._get_filenode_or_redirect(c.commit, f_path)
1001 1040
@@ -1018,14 +1057,17 b' class RepoFilesView(RepoAppView):'
1018 1057 commit_id, f_path = self._get_commit_and_path()
1019 1058
1020 1059 self._ensure_not_locked()
1060 _branch_name, _sha_commit_id, is_head = \
1061 self._is_valid_head(commit_id, self.rhodecode_vcs_repo)
1021 1062
1022 if not self._is_valid_head(commit_id, self.rhodecode_vcs_repo):
1063 if not is_head:
1023 1064 h.flash(_('You can only delete files with commit '
1024 'being a valid branch '), category='warning')
1065 'being a valid branch head.'), category='warning')
1025 1066 raise HTTPFound(
1026 1067 h.route_path('repo_files',
1027 1068 repo_name=self.db_repo_name, commit_id='tip',
1028 1069 f_path=f_path))
1070 self.check_branch_permission(_branch_name)
1029 1071
1030 1072 c.commit = self._get_commit_or_redirect(commit_id)
1031 1073 c.file = self._get_filenode_or_redirect(c.commit, f_path)
@@ -1071,14 +1113,17 b' class RepoFilesView(RepoAppView):'
1071 1113 commit_id, f_path = self._get_commit_and_path()
1072 1114
1073 1115 self._ensure_not_locked()
1116 _branch_name, _sha_commit_id, is_head = \
1117 self._is_valid_head(commit_id, self.rhodecode_vcs_repo)
1074 1118
1075 if not self._is_valid_head(commit_id, self.rhodecode_vcs_repo):
1119 if not is_head:
1076 1120 h.flash(_('You can only edit files with commit '
1077 'being a valid branch '), category='warning')
1121 'being a valid branch head.'), category='warning')
1078 1122 raise HTTPFound(
1079 1123 h.route_path('repo_files',
1080 1124 repo_name=self.db_repo_name, commit_id='tip',
1081 1125 f_path=f_path))
1126 self.check_branch_permission(_branch_name)
1082 1127
1083 1128 c.commit = self._get_commit_or_redirect(commit_id)
1084 1129 c.file = self._get_filenode_or_redirect(c.commit, f_path)
@@ -1108,15 +1153,19 b' class RepoFilesView(RepoAppView):'
1108 1153 commit_id, f_path = self._get_commit_and_path()
1109 1154
1110 1155 self._ensure_not_locked()
1156 _branch_name, _sha_commit_id, is_head = \
1157 self._is_valid_head(commit_id, self.rhodecode_vcs_repo)
1111 1158
1112 if not self._is_valid_head(commit_id, self.rhodecode_vcs_repo):
1159 if not is_head:
1113 1160 h.flash(_('You can only edit files with commit '
1114 'being a valid branch '), category='warning')
1161 'being a valid branch head.'), category='warning')
1115 1162 raise HTTPFound(
1116 1163 h.route_path('repo_files',
1117 1164 repo_name=self.db_repo_name, commit_id='tip',
1118 1165 f_path=f_path))
1119 1166
1167 self.check_branch_permission(_branch_name)
1168
1120 1169 c.commit = self._get_commit_or_redirect(commit_id)
1121 1170 c.file = self._get_filenode_or_redirect(c.commit, f_path)
1122 1171
@@ -1196,6 +1245,25 b' class RepoFilesView(RepoAppView):'
1196 1245 c.default_message = (_('Added file via RhodeCode Enterprise'))
1197 1246 c.f_path = f_path.lstrip('/') # ensure not relative path
1198 1247
1248 if self.rhodecode_vcs_repo.is_empty:
1249 # for empty repository we cannot check for current branch, we rely on
1250 # c.commit.branch instead
1251 _branch_name = c.commit.branch
1252 is_head = True
1253 else:
1254 _branch_name, _sha_commit_id, is_head = \
1255 self._is_valid_head(commit_id, self.rhodecode_vcs_repo)
1256
1257 if not is_head:
1258 h.flash(_('You can only add files with commit '
1259 'being a valid branch head.'), category='warning')
1260 raise HTTPFound(
1261 h.route_path('repo_files',
1262 repo_name=self.db_repo_name, commit_id='tip',
1263 f_path=f_path))
1264
1265 self.check_branch_permission(_branch_name)
1266
1199 1267 return self._get_template_context(c)
1200 1268
1201 1269 @LoginRequired()
@@ -1217,6 +1285,26 b' class RepoFilesView(RepoAppView):'
1217 1285 commit_id, redirect_after=False)
1218 1286 if c.commit is None:
1219 1287 c.commit = EmptyCommit(alias=self.rhodecode_vcs_repo.alias)
1288
1289 if self.rhodecode_vcs_repo.is_empty:
1290 # for empty repository we cannot check for current branch, we rely on
1291 # c.commit.branch instead
1292 _branch_name = c.commit.branch
1293 is_head = True
1294 else:
1295 _branch_name, _sha_commit_id, is_head = \
1296 self._is_valid_head(commit_id, self.rhodecode_vcs_repo)
1297
1298 if not is_head:
1299 h.flash(_('You can only add files with commit '
1300 'being a valid branch head.'), category='warning')
1301 raise HTTPFound(
1302 h.route_path('repo_files',
1303 repo_name=self.db_repo_name, commit_id='tip',
1304 f_path=f_path))
1305
1306 self.check_branch_permission(_branch_name)
1307
1220 1308 c.default_message = (_('Added file via RhodeCode Enterprise'))
1221 1309 c.f_path = f_path
1222 1310 unix_mode = 0
Show file before | Show file after | Hide comments
@@ -12,7 +12,7 b''
12 12 </%def>
13 13
14 14 <%def name="breadcrumbs_links()">
15 ${_('Add new file')} @ ${h.show_id(c.commit)}
15 ${_('Add new file')} @ ${h.show_id(c.commit)} ${_('Branch')}: ${c.commit.branch}
16 16 </%def>
17 17
18 18 <%def name="menu_bar_subnav()">
General Comments 0
You need to be logged in to leave comments. Login now