rhodecode-enterprise-ce Commit - r4414:92157ec6

permissions: fixed a case when a duplicate permission was making archive operation still display settings.

marcink -

r4414:92157ec6 default

parent child

rhodecode/lib/auth.py

0 +14 -5

                      self.perm_origin_stack = collections.OrderedDict()
                  def __setitem__(self, key, (perm, origin, obj_id)):
-                     self.perm_origin_stack.setdefault(key, []).append(
-                         (perm, origin, obj_id))
+                     self.perm_origin_stack.setdefault(key, []).append((perm, origin, obj_id))
                      dict.__setitem__(self, key, perm)
                  def calculate(self):
                      if self.user_is_admin and not self.calculate_super_admin_as_user:
-                         return self._calculate_admin_permissions()
+                         return self._calculate_super_admin_permissions()
                      self._calculate_global_default_permissions()
                      self._calculate_global_permissions()
                      self._calculate_user_group_permissions()
                      return self._permission_structure()
-                 def _calculate_admin_permissions(self):
+                 def _calculate_super_admin_permissions(self):
                      """
-                     admin user have all default rights for repositories
+                     super-admin user have all default rights for repositories
                      and groups set to admin
                      """
                      self.permissions_global.add('hg.admin')
                      for perm in user_repo_perms:
                          r_k = perm.UserRepoToPerm.repository.repo_name
                          obj_id = perm.UserRepoToPerm.repository.repo_id
+                         archived = perm.UserRepoToPerm.repository.archived
                          p = perm.Permission.permission_name
                          o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
                              o = PermOrigin.SUPER_ADMIN
                              self.permissions_repositories[r_k] = p, o, obj_id
+                         # finally in case of archived repositories, we downgrade  higher
+                         # permissions to read
+                         if archived:
+                             current_perm = self.permissions_repositories[r_k]
+                             if current_perm in ['repository.write', 'repository.admin']:
+                                 p = 'repository.read'
+                                 o = PermOrigin.ARCHIVED
+                                 self.permissions_repositories[r_k] = p, o, obj_id
                  def _calculate_repository_branch_permissions(self):
                      # user group for repositories permissions
                      user_repo_branch_perms_from_user_group = Permission\

rhodecode/templates/admin/repos/repo_edit_advanced.mako

0 +5 0

                      <div style="margin: 0 0 20px 0" class="fake-space"></div>
                      <div class="field">
+                     % if c.rhodecode_db_repo.archived:
+                         This repository is already archived. Only super-admin users can un-archive this repository.
+                     % else:
                          <button class="btn btn-small btn-warning" type="submit"
                                  onclick="submitConfirm(event, this, _gettext('Confirm to archive this repository'), _gettext('Archive'), '${c.rhodecode_db_repo.repo_name}')"
                          >
                              ${_('Archive this repository')}
                          </button>
+                     % endif
                      </div>
                      <div class="field">
                          <span class="help-block">

rhodecode/templates/base/base.mako

0 +1 -1

                          </a>
                      </li>
-                     %if h.HasRepoPermissionAll('repository.admin')(c.repo_name):
+                     %if not c.rhodecode_db_repo.archived and h.HasRepoPermissionAll('repository.admin')(c.repo_name):
                          <li class="${h.is_active('settings', active)}"><a class="menulink" href="${h.route_path('edit_repo',repo_name=c.repo_name)}"><div class="menulabel">${_('Repository Settings')}</div></a></li>
                      %endif

rhodecode/tests/lib/test_auth.py

0 +1 -1

                  calculator = auth.PermissionCalculator(
                      user.user_id, {}, False, False, True, 'higherwin')
-                 permissions = calculator._calculate_admin_permissions()
+                 permissions = calculator._calculate_super_admin_permissions()
                  assert permissions['repositories_groups'][repo_group.group_name] == \
                      'group.admin'

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages