##// END OF EJS Templates
permissions: fixed a case when a duplicate permission was making archive operation still display settings.
marcink -
r4414:92157ec6 default
parent child Browse files
Show More
@@ -367,8 +367,7 b' class PermOriginDict(dict):'
367 self.perm_origin_stack = collections.OrderedDict()
367 self.perm_origin_stack = collections.OrderedDict()
368
368
369 def __setitem__(self, key, (perm, origin, obj_id)):
369 def __setitem__(self, key, (perm, origin, obj_id)):
370 self.perm_origin_stack.setdefault(key, []).append(
370 self.perm_origin_stack.setdefault(key, []).append((perm, origin, obj_id))
371 (perm, origin, obj_id))
372 dict.__setitem__(self, key, perm)
371 dict.__setitem__(self, key, perm)
373
372
374
373
@@ -441,7 +440,7 b' class PermissionCalculator(object):'
441
440
442 def calculate(self):
441 def calculate(self):
443 if self.user_is_admin and not self.calculate_super_admin_as_user:
442 if self.user_is_admin and not self.calculate_super_admin_as_user:
444 return self._calculate_admin_permissions()
443 return self._calculate_super_admin_permissions()
445
444
446 self._calculate_global_default_permissions()
445 self._calculate_global_default_permissions()
447 self._calculate_global_permissions()
446 self._calculate_global_permissions()
@@ -452,9 +451,9 b' class PermissionCalculator(object):'
452 self._calculate_user_group_permissions()
451 self._calculate_user_group_permissions()
453 return self._permission_structure()
452 return self._permission_structure()
454
453
455 def _calculate_admin_permissions(self):
454 def _calculate_super_admin_permissions(self):
456 """
455 """
457 admin user have all default rights for repositories
456 super-admin user have all default rights for repositories
458 and groups set to admin
457 and groups set to admin
459 """
458 """
460 self.permissions_global.add('hg.admin')
459 self.permissions_global.add('hg.admin')
@@ -774,6 +773,7 b' class PermissionCalculator(object):'
774 for perm in user_repo_perms:
773 for perm in user_repo_perms:
775 r_k = perm.UserRepoToPerm.repository.repo_name
774 r_k = perm.UserRepoToPerm.repository.repo_name
776 obj_id = perm.UserRepoToPerm.repository.repo_id
775 obj_id = perm.UserRepoToPerm.repository.repo_id
776 archived = perm.UserRepoToPerm.repository.archived
777 p = perm.Permission.permission_name
777 p = perm.Permission.permission_name
778 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
778 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
779
779
@@ -795,6 +795,15 b' class PermissionCalculator(object):'
795 o = PermOrigin.SUPER_ADMIN
795 o = PermOrigin.SUPER_ADMIN
796 self.permissions_repositories[r_k] = p, o, obj_id
796 self.permissions_repositories[r_k] = p, o, obj_id
797
797
798 # finally in case of archived repositories, we downgrade higher
799 # permissions to read
800 if archived:
801 current_perm = self.permissions_repositories[r_k]
802 if current_perm in ['repository.write', 'repository.admin']:
803 p = 'repository.read'
804 o = PermOrigin.ARCHIVED
805 self.permissions_repositories[r_k] = p, o, obj_id
806
798 def _calculate_repository_branch_permissions(self):
807 def _calculate_repository_branch_permissions(self):
799 # user group for repositories permissions
808 # user group for repositories permissions
800 user_repo_branch_perms_from_user_group = Permission\
809 user_repo_branch_perms_from_user_group = Permission\
@@ -167,11 +167,16 b''
167 <div style="margin: 0 0 20px 0" class="fake-space"></div>
167 <div style="margin: 0 0 20px 0" class="fake-space"></div>
168
168
169 <div class="field">
169 <div class="field">
170 % if c.rhodecode_db_repo.archived:
171 This repository is already archived. Only super-admin users can un-archive this repository.
172 % else:
170 <button class="btn btn-small btn-warning" type="submit"
173 <button class="btn btn-small btn-warning" type="submit"
171 onclick="submitConfirm(event, this, _gettext('Confirm to archive this repository'), _gettext('Archive'), '${c.rhodecode_db_repo.repo_name}')"
174 onclick="submitConfirm(event, this, _gettext('Confirm to archive this repository'), _gettext('Archive'), '${c.rhodecode_db_repo.repo_name}')"
172 >
175 >
173 ${_('Archive this repository')}
176 ${_('Archive this repository')}
174 </button>
177 </button>
178 % endif
179
175 </div>
180 </div>
176 <div class="field">
181 <div class="field">
177 <span class="help-block">
182 <span class="help-block">
@@ -392,7 +392,7 b''
392 </a>
392 </a>
393 </li>
393 </li>
394
394
395 %if h.HasRepoPermissionAll('repository.admin')(c.repo_name):
395 %if not c.rhodecode_db_repo.archived and h.HasRepoPermissionAll('repository.admin')(c.repo_name):
396 <li class="${h.is_active('settings', active)}"><a class="menulink" href="${h.route_path('edit_repo',repo_name=c.repo_name)}"><div class="menulabel">${_('Repository Settings')}</div></a></li>
396 <li class="${h.is_active('settings', active)}"><a class="menulink" href="${h.route_path('edit_repo',repo_name=c.repo_name)}"><div class="menulabel">${_('Repository Settings')}</div></a></li>
397 %endif
397 %endif
398
398
@@ -433,7 +433,7 b' def test_permission_calculator_admin_per'
433
433
434 calculator = auth.PermissionCalculator(
434 calculator = auth.PermissionCalculator(
435 user.user_id, {}, False, False, True, 'higherwin')
435 user.user_id, {}, False, False, True, 'higherwin')
436 permissions = calculator._calculate_admin_permissions()
436 permissions = calculator._calculate_super_admin_permissions()
437
437
438 assert permissions['repositories_groups'][repo_group.group_name] == \
438 assert permissions['repositories_groups'][repo_group.group_name] == \
439 'group.admin'
439 'group.admin'
General Comments 0
You need to be logged in to leave comments. Login now