##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
auth: make the perms decorators and function pyramid compatible.
marcink -
r1494:b18f6dcf default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -22,24 +22,22 b''
22 22 authentication and permission libraries
23 23 """
24 24
25 import os
25 26 import inspect
26 27 import collections
27 28 import fnmatch
28 29 import hashlib
29 30 import itertools
30 31 import logging
31 import os
32 32 import random
33 import time
34 33 import traceback
35 34 from functools import wraps
36 35
37 36 import ipaddress
38 from pyramid.httpexceptions import HTTPForbidden
37 from pyramid.httpexceptions import HTTPForbidden, HTTPFound
39 38 from pylons import url, request
40 39 from pylons.controllers.util import abort, redirect
41 40 from pylons.i18n.translation import _
42 from sqlalchemy import or_
43 41 from sqlalchemy.orm.exc import ObjectDeletedError
44 42 from sqlalchemy.orm import joinedload
45 43 from zope.cachedescriptors.property import Lazy as LazyProperty
@@ -1256,7 +1254,6 b' class LoginRequired(object):'
1256 1254 auth_token_access_valid))
1257 1255 # we preserve the get PARAM
1258 1256 came_from = request.path_qs
1259
1260 1257 log.debug('redirecting to login page with %s' % (came_from,))
1261 1258 return redirect(
1262 1259 h.route_path('login', _query={'came_from': came_from}))
@@ -1348,6 +1345,20 b' class PermsDecorator(object):'
1348 1345 def __call__(self, func):
1349 1346 return get_cython_compat_decorator(self.__wrapper, func)
1350 1347
1348 def _get_request(self):
1349 from pyramid.threadlocal import get_current_request
1350 pyramid_request = get_current_request()
1351 if not pyramid_request:
1352 # return global request of pylons incase pyramid one isn't available
1353 return request
1354 return pyramid_request
1355
1356 def _get_came_from(self):
1357 _request = self._get_request()
1358
1359 # both pylons/pyramid has this attribute
1360 return _request.path_qs
1361
1351 1362 def __wrapper(self, func, *fargs, **fkwargs):
1352 1363 cls = fargs[0]
1353 1364 _user = cls._rhodecode_user
@@ -1364,17 +1375,16 b' class PermsDecorator(object):'
1364 1375 anonymous = _user.username == User.DEFAULT_USER
1365 1376
1366 1377 if anonymous:
1367 came_from = request.path_qs
1368
1369 1378 import rhodecode.lib.helpers as h
1379 came_from = self._get_came_from()
1370 1380 h.flash(_('You need to be signed in to view this page'),
1371 1381 category='warning')
1372 return redirect(
1382 raise HTTPFound(
1373 1383 h.route_path('login', _query={'came_from': came_from}))
1374 1384
1375 1385 else:
1376 1386 # redirect with forbidden ret code
1377 return abort(403)
1387 raise HTTPForbidden()
1378 1388
1379 1389 def check_permissions(self, user):
1380 1390 """Dummy function for overriding"""
@@ -1413,10 +1423,13 b' class HasRepoPermissionAllDecorator(Perm'
1413 1423 Checks for access permission for all given predicates for specific
1414 1424 repository. All of them have to be meet in order to fulfill the request
1415 1425 """
1426 def _get_repo_name(self):
1427 _request = self._get_request()
1428 return get_repo_slug(_request)
1416 1429
1417 1430 def check_permissions(self, user):
1418 1431 perms = user.permissions
1419 repo_name = get_repo_slug(request)
1432 repo_name = self._get_repo_name()
1420 1433 try:
1421 1434 user_perms = set([perms['repositories'][repo_name]])
1422 1435 except KeyError:
@@ -1431,10 +1444,13 b' class HasRepoPermissionAnyDecorator(Perm'
1431 1444 Checks for access permission for any of given predicates for specific
1432 1445 repository. In order to fulfill the request any of predicates must be meet
1433 1446 """
1447 def _get_repo_name(self):
1448 _request = self._get_request()
1449 return get_repo_slug(_request)
1434 1450
1435 1451 def check_permissions(self, user):
1436 1452 perms = user.permissions
1437 repo_name = get_repo_slug(request)
1453 repo_name = self._get_repo_name()
1438 1454 try:
1439 1455 user_perms = set([perms['repositories'][repo_name]])
1440 1456 except KeyError:
@@ -1451,10 +1467,13 b' class HasRepoGroupPermissionAllDecorator'
1451 1467 repository group. All of them have to be meet in order to
1452 1468 fulfill the request
1453 1469 """
1470 def _get_repo_group_name(self):
1471 _request = self._get_request()
1472 return get_repo_group_slug(_request)
1454 1473
1455 1474 def check_permissions(self, user):
1456 1475 perms = user.permissions
1457 group_name = get_repo_group_slug(request)
1476 group_name = self._get_repo_group_name()
1458 1477 try:
1459 1478 user_perms = set([perms['repositories_groups'][group_name]])
1460 1479 except KeyError:
@@ -1471,10 +1490,13 b' class HasRepoGroupPermissionAnyDecorator'
1471 1490 repository group. In order to fulfill the request any
1472 1491 of predicates must be met
1473 1492 """
1493 def _get_repo_group_name(self):
1494 _request = self._get_request()
1495 return get_repo_group_slug(_request)
1474 1496
1475 1497 def check_permissions(self, user):
1476 1498 perms = user.permissions
1477 group_name = get_repo_group_slug(request)
1499 group_name = self._get_repo_group_name()
1478 1500 try:
1479 1501 user_perms = set([perms['repositories_groups'][group_name]])
1480 1502 except KeyError:
@@ -1490,10 +1512,13 b' class HasUserGroupPermissionAllDecorator'
1490 1512 Checks for access permission for all given predicates for specific
1491 1513 user group. All of them have to be meet in order to fulfill the request
1492 1514 """
1515 def _get_user_group_name(self):
1516 _request = self._get_request()
1517 return get_user_group_slug(_request)
1493 1518
1494 1519 def check_permissions(self, user):
1495 1520 perms = user.permissions
1496 group_name = get_user_group_slug(request)
1521 group_name = self._get_user_group_name()
1497 1522 try:
1498 1523 user_perms = set([perms['user_groups'][group_name]])
1499 1524 except KeyError:
@@ -1509,10 +1534,13 b' class HasUserGroupPermissionAnyDecorator'
1509 1534 Checks for access permission for any of given predicates for specific
1510 1535 user group. In order to fulfill the request any of predicates must be meet
1511 1536 """
1537 def _get_user_group_name(self):
1538 _request = self._get_request()
1539 return get_user_group_slug(_request)
1512 1540
1513 1541 def check_permissions(self, user):
1514 1542 perms = user.permissions
1515 group_name = get_user_group_slug(request)
1543 group_name = self._get_user_group_name()
1516 1544 try:
1517 1545 user_perms = set([perms['user_groups'][group_name]])
1518 1546 except KeyError:
@@ -1575,6 +1603,14 b' class PermsFunction(object):'
1575 1603 check_scope, user, check_location)
1576 1604 return False
1577 1605
1606 def _get_request(self):
1607 from pyramid.threadlocal import get_current_request
1608 pyramid_request = get_current_request()
1609 if not pyramid_request:
1610 # return global request of pylons incase pyramid one isn't available
1611 return request
1612 return pyramid_request
1613
1578 1614 def _get_check_scope(self, cls_name):
1579 1615 return {
1580 1616 'HasPermissionAll': 'GLOBAL',
@@ -1613,10 +1649,14 b' class HasRepoPermissionAll(PermsFunction'
1613 1649 self.repo_name = repo_name
1614 1650 return super(HasRepoPermissionAll, self).__call__(check_location, user)
1615 1651
1616 def check_permissions(self, user):
1652 def _get_repo_name(self):
1617 1653 if not self.repo_name:
1618 self.repo_name = get_repo_slug(request)
1654 _request = self._get_request()
1655 self.repo_name = get_repo_slug(_request)
1656 return self.repo_name
1619 1657
1658 def check_permissions(self, user):
1659 self.repo_name = self._get_repo_name()
1620 1660 perms = user.permissions
1621 1661 try:
1622 1662 user_perms = set([perms['repositories'][self.repo_name]])
@@ -1632,10 +1672,13 b' class HasRepoPermissionAny(PermsFunction'
1632 1672 self.repo_name = repo_name
1633 1673 return super(HasRepoPermissionAny, self).__call__(check_location, user)
1634 1674
1635 def check_permissions(self, user):
1675 def _get_repo_name(self):
1636 1676 if not self.repo_name:
1637 1677 self.repo_name = get_repo_slug(request)
1678 return self.repo_name
1638 1679
1680 def check_permissions(self, user):
1681 self.repo_name = self._get_repo_name()
1639 1682 perms = user.permissions
1640 1683 try:
1641 1684 user_perms = set([perms['repositories'][self.repo_name]])
Show file before | Show file after | Hide comments
@@ -42,6 +42,7 b' from paste.script.command import Command'
42 42 from webhelpers.text import collapse, remove_formatting, strip_tags
43 43 from mako import exceptions
44 44 from pyramid.threadlocal import get_current_registry
45 from pyramid.request import Request
45 46
46 47 from rhodecode.lib.fakemod import create_module
47 48 from rhodecode.lib.vcs.backends.base import Config
@@ -95,28 +96,43 b' def repo_name_slug(value):'
95 96 # PERM DECORATOR HELPERS FOR EXTRACTING NAMES FOR PERM CHECKS
96 97 #==============================================================================
97 98 def get_repo_slug(request):
98 _repo = request.environ['pylons.routes_dict'].get('repo_name')
99 if isinstance(request, Request) and getattr(request, 'matchdict', None):
100 # pyramid
101 _repo = request.matchdict.get('repo_name')
102 else:
103 _repo = request.environ['pylons.routes_dict'].get('repo_name')
104
99 105 if _repo:
100 106 _repo = _repo.rstrip('/')
101 107 return _repo
102 108
103 109
104 110 def get_repo_group_slug(request):
105 _group = request.environ['pylons.routes_dict'].get('group_name')
111 if isinstance(request, Request) and getattr(request, 'matchdict', None):
112 # pyramid
113 _group = request.matchdict.get('group_name')
114 else:
115 _group = request.environ['pylons.routes_dict'].get('group_name')
116
106 117 if _group:
107 118 _group = _group.rstrip('/')
108 119 return _group
109 120
110 121
111 122 def get_user_group_slug(request):
112 _group = request.environ['pylons.routes_dict'].get('user_group_id')
123 if isinstance(request, Request) and getattr(request, 'matchdict', None):
124 # pyramid
125 _group = request.matchdict.get('user_group_id')
126 else:
127 _group = request.environ['pylons.routes_dict'].get('user_group_id')
128
113 129 try:
114 130 _group = UserGroup.get(_group)
115 131 if _group:
116 132 _group = _group.users_group_name
117 133 except Exception:
118 134 log.debug(traceback.format_exc())
119 #catch all failures here
135 # catch all failures here
120 136 pass
121 137
122 138 return _group
Show file before | Show file after | Hide comments
@@ -418,9 +418,6 b' class TestAdminUsersController(TestContr'
418 418 msg = 'Deleted 1 user groups'
419 419 assert_session_flash(response, msg)
420 420
421 def test_show(self):
422 self.app.get(url('user', user_id=1))
423
424 421 def test_edit(self):
425 422 self.log_user()
426 423 user = User.get_by_username(TEST_USER_ADMIN_LOGIN)
General Comments 0
You need to be logged in to leave comments. Login now