Show More
@@ -22,24 +22,22 b'' | |||
|
22 | 22 | authentication and permission libraries |
|
23 | 23 | """ |
|
24 | 24 | |
|
25 | import os | |
|
25 | 26 | import inspect |
|
26 | 27 | import collections |
|
27 | 28 | import fnmatch |
|
28 | 29 | import hashlib |
|
29 | 30 | import itertools |
|
30 | 31 | import logging |
|
31 | import os | |
|
32 | 32 | import random |
|
33 | import time | |
|
34 | 33 | import traceback |
|
35 | 34 | from functools import wraps |
|
36 | 35 | |
|
37 | 36 | import ipaddress |
|
38 | from pyramid.httpexceptions import HTTPForbidden | |
|
37 | from pyramid.httpexceptions import HTTPForbidden, HTTPFound | |
|
39 | 38 | from pylons import url, request |
|
40 | 39 | from pylons.controllers.util import abort, redirect |
|
41 | 40 | from pylons.i18n.translation import _ |
|
42 | from sqlalchemy import or_ | |
|
43 | 41 | from sqlalchemy.orm.exc import ObjectDeletedError |
|
44 | 42 | from sqlalchemy.orm import joinedload |
|
45 | 43 | from zope.cachedescriptors.property import Lazy as LazyProperty |
@@ -1256,7 +1254,6 b' class LoginRequired(object):' | |||
|
1256 | 1254 | auth_token_access_valid)) |
|
1257 | 1255 | # we preserve the get PARAM |
|
1258 | 1256 | came_from = request.path_qs |
|
1259 | ||
|
1260 | 1257 | log.debug('redirecting to login page with %s' % (came_from,)) |
|
1261 | 1258 | return redirect( |
|
1262 | 1259 | h.route_path('login', _query={'came_from': came_from})) |
@@ -1348,6 +1345,20 b' class PermsDecorator(object):' | |||
|
1348 | 1345 | def __call__(self, func): |
|
1349 | 1346 | return get_cython_compat_decorator(self.__wrapper, func) |
|
1350 | 1347 | |
|
1348 | def _get_request(self): | |
|
1349 | from pyramid.threadlocal import get_current_request | |
|
1350 | pyramid_request = get_current_request() | |
|
1351 | if not pyramid_request: | |
|
1352 | # return global request of pylons incase pyramid one isn't available | |
|
1353 | return request | |
|
1354 | return pyramid_request | |
|
1355 | ||
|
1356 | def _get_came_from(self): | |
|
1357 | _request = self._get_request() | |
|
1358 | ||
|
1359 | # both pylons/pyramid has this attribute | |
|
1360 | return _request.path_qs | |
|
1361 | ||
|
1351 | 1362 | def __wrapper(self, func, *fargs, **fkwargs): |
|
1352 | 1363 | cls = fargs[0] |
|
1353 | 1364 | _user = cls._rhodecode_user |
@@ -1364,17 +1375,16 b' class PermsDecorator(object):' | |||
|
1364 | 1375 | anonymous = _user.username == User.DEFAULT_USER |
|
1365 | 1376 | |
|
1366 | 1377 | if anonymous: |
|
1367 | came_from = request.path_qs | |
|
1368 | ||
|
1369 | 1378 | import rhodecode.lib.helpers as h |
|
1379 | came_from = self._get_came_from() | |
|
1370 | 1380 | h.flash(_('You need to be signed in to view this page'), |
|
1371 | 1381 | category='warning') |
|
1372 |
re |
|
|
1382 | raise HTTPFound( | |
|
1373 | 1383 | h.route_path('login', _query={'came_from': came_from})) |
|
1374 | 1384 | |
|
1375 | 1385 | else: |
|
1376 | 1386 | # redirect with forbidden ret code |
|
1377 |
re |
|
|
1387 | raise HTTPForbidden() | |
|
1378 | 1388 | |
|
1379 | 1389 | def check_permissions(self, user): |
|
1380 | 1390 | """Dummy function for overriding""" |
@@ -1413,10 +1423,13 b' class HasRepoPermissionAllDecorator(Perm' | |||
|
1413 | 1423 | Checks for access permission for all given predicates for specific |
|
1414 | 1424 | repository. All of them have to be meet in order to fulfill the request |
|
1415 | 1425 | """ |
|
1426 | def _get_repo_name(self): | |
|
1427 | _request = self._get_request() | |
|
1428 | return get_repo_slug(_request) | |
|
1416 | 1429 | |
|
1417 | 1430 | def check_permissions(self, user): |
|
1418 | 1431 | perms = user.permissions |
|
1419 |
repo_name = get_repo_ |
|
|
1432 | repo_name = self._get_repo_name() | |
|
1420 | 1433 | try: |
|
1421 | 1434 | user_perms = set([perms['repositories'][repo_name]]) |
|
1422 | 1435 | except KeyError: |
@@ -1431,10 +1444,13 b' class HasRepoPermissionAnyDecorator(Perm' | |||
|
1431 | 1444 | Checks for access permission for any of given predicates for specific |
|
1432 | 1445 | repository. In order to fulfill the request any of predicates must be meet |
|
1433 | 1446 | """ |
|
1447 | def _get_repo_name(self): | |
|
1448 | _request = self._get_request() | |
|
1449 | return get_repo_slug(_request) | |
|
1434 | 1450 | |
|
1435 | 1451 | def check_permissions(self, user): |
|
1436 | 1452 | perms = user.permissions |
|
1437 |
repo_name = get_repo_ |
|
|
1453 | repo_name = self._get_repo_name() | |
|
1438 | 1454 | try: |
|
1439 | 1455 | user_perms = set([perms['repositories'][repo_name]]) |
|
1440 | 1456 | except KeyError: |
@@ -1451,10 +1467,13 b' class HasRepoGroupPermissionAllDecorator' | |||
|
1451 | 1467 | repository group. All of them have to be meet in order to |
|
1452 | 1468 | fulfill the request |
|
1453 | 1469 | """ |
|
1470 | def _get_repo_group_name(self): | |
|
1471 | _request = self._get_request() | |
|
1472 | return get_repo_group_slug(_request) | |
|
1454 | 1473 | |
|
1455 | 1474 | def check_permissions(self, user): |
|
1456 | 1475 | perms = user.permissions |
|
1457 |
group_name = get_repo_group_ |
|
|
1476 | group_name = self._get_repo_group_name() | |
|
1458 | 1477 | try: |
|
1459 | 1478 | user_perms = set([perms['repositories_groups'][group_name]]) |
|
1460 | 1479 | except KeyError: |
@@ -1471,10 +1490,13 b' class HasRepoGroupPermissionAnyDecorator' | |||
|
1471 | 1490 | repository group. In order to fulfill the request any |
|
1472 | 1491 | of predicates must be met |
|
1473 | 1492 | """ |
|
1493 | def _get_repo_group_name(self): | |
|
1494 | _request = self._get_request() | |
|
1495 | return get_repo_group_slug(_request) | |
|
1474 | 1496 | |
|
1475 | 1497 | def check_permissions(self, user): |
|
1476 | 1498 | perms = user.permissions |
|
1477 |
group_name = get_repo_group_ |
|
|
1499 | group_name = self._get_repo_group_name() | |
|
1478 | 1500 | try: |
|
1479 | 1501 | user_perms = set([perms['repositories_groups'][group_name]]) |
|
1480 | 1502 | except KeyError: |
@@ -1490,10 +1512,13 b' class HasUserGroupPermissionAllDecorator' | |||
|
1490 | 1512 | Checks for access permission for all given predicates for specific |
|
1491 | 1513 | user group. All of them have to be meet in order to fulfill the request |
|
1492 | 1514 | """ |
|
1515 | def _get_user_group_name(self): | |
|
1516 | _request = self._get_request() | |
|
1517 | return get_user_group_slug(_request) | |
|
1493 | 1518 | |
|
1494 | 1519 | def check_permissions(self, user): |
|
1495 | 1520 | perms = user.permissions |
|
1496 |
group_name = get_user_group_ |
|
|
1521 | group_name = self._get_user_group_name() | |
|
1497 | 1522 | try: |
|
1498 | 1523 | user_perms = set([perms['user_groups'][group_name]]) |
|
1499 | 1524 | except KeyError: |
@@ -1509,10 +1534,13 b' class HasUserGroupPermissionAnyDecorator' | |||
|
1509 | 1534 | Checks for access permission for any of given predicates for specific |
|
1510 | 1535 | user group. In order to fulfill the request any of predicates must be meet |
|
1511 | 1536 | """ |
|
1537 | def _get_user_group_name(self): | |
|
1538 | _request = self._get_request() | |
|
1539 | return get_user_group_slug(_request) | |
|
1512 | 1540 | |
|
1513 | 1541 | def check_permissions(self, user): |
|
1514 | 1542 | perms = user.permissions |
|
1515 |
group_name = get_user_group_ |
|
|
1543 | group_name = self._get_user_group_name() | |
|
1516 | 1544 | try: |
|
1517 | 1545 | user_perms = set([perms['user_groups'][group_name]]) |
|
1518 | 1546 | except KeyError: |
@@ -1575,6 +1603,14 b' class PermsFunction(object):' | |||
|
1575 | 1603 | check_scope, user, check_location) |
|
1576 | 1604 | return False |
|
1577 | 1605 | |
|
1606 | def _get_request(self): | |
|
1607 | from pyramid.threadlocal import get_current_request | |
|
1608 | pyramid_request = get_current_request() | |
|
1609 | if not pyramid_request: | |
|
1610 | # return global request of pylons incase pyramid one isn't available | |
|
1611 | return request | |
|
1612 | return pyramid_request | |
|
1613 | ||
|
1578 | 1614 | def _get_check_scope(self, cls_name): |
|
1579 | 1615 | return { |
|
1580 | 1616 | 'HasPermissionAll': 'GLOBAL', |
@@ -1613,10 +1649,14 b' class HasRepoPermissionAll(PermsFunction' | |||
|
1613 | 1649 | self.repo_name = repo_name |
|
1614 | 1650 | return super(HasRepoPermissionAll, self).__call__(check_location, user) |
|
1615 | 1651 | |
|
1616 | def check_permissions(self, user): | |
|
1652 | def _get_repo_name(self): | |
|
1617 | 1653 | if not self.repo_name: |
|
1618 | self.repo_name = get_repo_slug(request) | |
|
1654 | _request = self._get_request() | |
|
1655 | self.repo_name = get_repo_slug(_request) | |
|
1656 | return self.repo_name | |
|
1619 | 1657 | |
|
1658 | def check_permissions(self, user): | |
|
1659 | self.repo_name = self._get_repo_name() | |
|
1620 | 1660 | perms = user.permissions |
|
1621 | 1661 | try: |
|
1622 | 1662 | user_perms = set([perms['repositories'][self.repo_name]]) |
@@ -1632,10 +1672,13 b' class HasRepoPermissionAny(PermsFunction' | |||
|
1632 | 1672 | self.repo_name = repo_name |
|
1633 | 1673 | return super(HasRepoPermissionAny, self).__call__(check_location, user) |
|
1634 | 1674 | |
|
1635 | def check_permissions(self, user): | |
|
1675 | def _get_repo_name(self): | |
|
1636 | 1676 | if not self.repo_name: |
|
1637 | 1677 | self.repo_name = get_repo_slug(request) |
|
1678 | return self.repo_name | |
|
1638 | 1679 | |
|
1680 | def check_permissions(self, user): | |
|
1681 | self.repo_name = self._get_repo_name() | |
|
1639 | 1682 | perms = user.permissions |
|
1640 | 1683 | try: |
|
1641 | 1684 | user_perms = set([perms['repositories'][self.repo_name]]) |
@@ -42,6 +42,7 b' from paste.script.command import Command' | |||
|
42 | 42 | from webhelpers.text import collapse, remove_formatting, strip_tags |
|
43 | 43 | from mako import exceptions |
|
44 | 44 | from pyramid.threadlocal import get_current_registry |
|
45 | from pyramid.request import Request | |
|
45 | 46 | |
|
46 | 47 | from rhodecode.lib.fakemod import create_module |
|
47 | 48 | from rhodecode.lib.vcs.backends.base import Config |
@@ -95,21 +96,36 b' def repo_name_slug(value):' | |||
|
95 | 96 | # PERM DECORATOR HELPERS FOR EXTRACTING NAMES FOR PERM CHECKS |
|
96 | 97 | #============================================================================== |
|
97 | 98 | def get_repo_slug(request): |
|
99 | if isinstance(request, Request) and getattr(request, 'matchdict', None): | |
|
100 | # pyramid | |
|
101 | _repo = request.matchdict.get('repo_name') | |
|
102 | else: | |
|
98 | 103 | _repo = request.environ['pylons.routes_dict'].get('repo_name') |
|
104 | ||
|
99 | 105 | if _repo: |
|
100 | 106 | _repo = _repo.rstrip('/') |
|
101 | 107 | return _repo |
|
102 | 108 | |
|
103 | 109 | |
|
104 | 110 | def get_repo_group_slug(request): |
|
111 | if isinstance(request, Request) and getattr(request, 'matchdict', None): | |
|
112 | # pyramid | |
|
113 | _group = request.matchdict.get('group_name') | |
|
114 | else: | |
|
105 | 115 | _group = request.environ['pylons.routes_dict'].get('group_name') |
|
116 | ||
|
106 | 117 | if _group: |
|
107 | 118 | _group = _group.rstrip('/') |
|
108 | 119 | return _group |
|
109 | 120 | |
|
110 | 121 | |
|
111 | 122 | def get_user_group_slug(request): |
|
123 | if isinstance(request, Request) and getattr(request, 'matchdict', None): | |
|
124 | # pyramid | |
|
125 | _group = request.matchdict.get('user_group_id') | |
|
126 | else: | |
|
112 | 127 | _group = request.environ['pylons.routes_dict'].get('user_group_id') |
|
128 | ||
|
113 | 129 | try: |
|
114 | 130 | _group = UserGroup.get(_group) |
|
115 | 131 | if _group: |
@@ -418,9 +418,6 b' class TestAdminUsersController(TestContr' | |||
|
418 | 418 | msg = 'Deleted 1 user groups' |
|
419 | 419 | assert_session_flash(response, msg) |
|
420 | 420 | |
|
421 | def test_show(self): | |
|
422 | self.app.get(url('user', user_id=1)) | |
|
423 | ||
|
424 | 421 | def test_edit(self): |
|
425 | 422 | self.log_user() |
|
426 | 423 | user = User.get_by_username(TEST_USER_ADMIN_LOGIN) |
General Comments 0
You need to be logged in to leave comments.
Login now