Show More
@@ -22,24 +22,22 b'' | |||||
22 | authentication and permission libraries |
|
22 | authentication and permission libraries | |
23 | """ |
|
23 | """ | |
24 |
|
24 | |||
|
25 | import os | |||
25 | import inspect |
|
26 | import inspect | |
26 | import collections |
|
27 | import collections | |
27 | import fnmatch |
|
28 | import fnmatch | |
28 | import hashlib |
|
29 | import hashlib | |
29 | import itertools |
|
30 | import itertools | |
30 | import logging |
|
31 | import logging | |
31 | import os |
|
|||
32 | import random |
|
32 | import random | |
33 | import time |
|
|||
34 | import traceback |
|
33 | import traceback | |
35 | from functools import wraps |
|
34 | from functools import wraps | |
36 |
|
35 | |||
37 | import ipaddress |
|
36 | import ipaddress | |
38 | from pyramid.httpexceptions import HTTPForbidden |
|
37 | from pyramid.httpexceptions import HTTPForbidden, HTTPFound | |
39 | from pylons import url, request |
|
38 | from pylons import url, request | |
40 | from pylons.controllers.util import abort, redirect |
|
39 | from pylons.controllers.util import abort, redirect | |
41 | from pylons.i18n.translation import _ |
|
40 | from pylons.i18n.translation import _ | |
42 | from sqlalchemy import or_ |
|
|||
43 | from sqlalchemy.orm.exc import ObjectDeletedError |
|
41 | from sqlalchemy.orm.exc import ObjectDeletedError | |
44 | from sqlalchemy.orm import joinedload |
|
42 | from sqlalchemy.orm import joinedload | |
45 | from zope.cachedescriptors.property import Lazy as LazyProperty |
|
43 | from zope.cachedescriptors.property import Lazy as LazyProperty | |
@@ -1256,7 +1254,6 b' class LoginRequired(object):' | |||||
1256 | auth_token_access_valid)) |
|
1254 | auth_token_access_valid)) | |
1257 | # we preserve the get PARAM |
|
1255 | # we preserve the get PARAM | |
1258 | came_from = request.path_qs |
|
1256 | came_from = request.path_qs | |
1259 |
|
||||
1260 | log.debug('redirecting to login page with %s' % (came_from,)) |
|
1257 | log.debug('redirecting to login page with %s' % (came_from,)) | |
1261 | return redirect( |
|
1258 | return redirect( | |
1262 | h.route_path('login', _query={'came_from': came_from})) |
|
1259 | h.route_path('login', _query={'came_from': came_from})) | |
@@ -1348,6 +1345,20 b' class PermsDecorator(object):' | |||||
1348 | def __call__(self, func): |
|
1345 | def __call__(self, func): | |
1349 | return get_cython_compat_decorator(self.__wrapper, func) |
|
1346 | return get_cython_compat_decorator(self.__wrapper, func) | |
1350 |
|
1347 | |||
|
1348 | def _get_request(self): | |||
|
1349 | from pyramid.threadlocal import get_current_request | |||
|
1350 | pyramid_request = get_current_request() | |||
|
1351 | if not pyramid_request: | |||
|
1352 | # return global request of pylons incase pyramid one isn't available | |||
|
1353 | return request | |||
|
1354 | return pyramid_request | |||
|
1355 | ||||
|
1356 | def _get_came_from(self): | |||
|
1357 | _request = self._get_request() | |||
|
1358 | ||||
|
1359 | # both pylons/pyramid has this attribute | |||
|
1360 | return _request.path_qs | |||
|
1361 | ||||
1351 | def __wrapper(self, func, *fargs, **fkwargs): |
|
1362 | def __wrapper(self, func, *fargs, **fkwargs): | |
1352 | cls = fargs[0] |
|
1363 | cls = fargs[0] | |
1353 | _user = cls._rhodecode_user |
|
1364 | _user = cls._rhodecode_user | |
@@ -1364,17 +1375,16 b' class PermsDecorator(object):' | |||||
1364 | anonymous = _user.username == User.DEFAULT_USER |
|
1375 | anonymous = _user.username == User.DEFAULT_USER | |
1365 |
|
1376 | |||
1366 | if anonymous: |
|
1377 | if anonymous: | |
1367 | came_from = request.path_qs |
|
|||
1368 |
|
||||
1369 | import rhodecode.lib.helpers as h |
|
1378 | import rhodecode.lib.helpers as h | |
|
1379 | came_from = self._get_came_from() | |||
1370 | h.flash(_('You need to be signed in to view this page'), |
|
1380 | h.flash(_('You need to be signed in to view this page'), | |
1371 | category='warning') |
|
1381 | category='warning') | |
1372 |
re |
|
1382 | raise HTTPFound( | |
1373 | h.route_path('login', _query={'came_from': came_from})) |
|
1383 | h.route_path('login', _query={'came_from': came_from})) | |
1374 |
|
1384 | |||
1375 | else: |
|
1385 | else: | |
1376 | # redirect with forbidden ret code |
|
1386 | # redirect with forbidden ret code | |
1377 |
re |
|
1387 | raise HTTPForbidden() | |
1378 |
|
1388 | |||
1379 | def check_permissions(self, user): |
|
1389 | def check_permissions(self, user): | |
1380 | """Dummy function for overriding""" |
|
1390 | """Dummy function for overriding""" | |
@@ -1413,10 +1423,13 b' class HasRepoPermissionAllDecorator(Perm' | |||||
1413 | Checks for access permission for all given predicates for specific |
|
1423 | Checks for access permission for all given predicates for specific | |
1414 | repository. All of them have to be meet in order to fulfill the request |
|
1424 | repository. All of them have to be meet in order to fulfill the request | |
1415 | """ |
|
1425 | """ | |
|
1426 | def _get_repo_name(self): | |||
|
1427 | _request = self._get_request() | |||
|
1428 | return get_repo_slug(_request) | |||
1416 |
|
1429 | |||
1417 | def check_permissions(self, user): |
|
1430 | def check_permissions(self, user): | |
1418 | perms = user.permissions |
|
1431 | perms = user.permissions | |
1419 |
repo_name = get_repo_ |
|
1432 | repo_name = self._get_repo_name() | |
1420 | try: |
|
1433 | try: | |
1421 | user_perms = set([perms['repositories'][repo_name]]) |
|
1434 | user_perms = set([perms['repositories'][repo_name]]) | |
1422 | except KeyError: |
|
1435 | except KeyError: | |
@@ -1431,10 +1444,13 b' class HasRepoPermissionAnyDecorator(Perm' | |||||
1431 | Checks for access permission for any of given predicates for specific |
|
1444 | Checks for access permission for any of given predicates for specific | |
1432 | repository. In order to fulfill the request any of predicates must be meet |
|
1445 | repository. In order to fulfill the request any of predicates must be meet | |
1433 | """ |
|
1446 | """ | |
|
1447 | def _get_repo_name(self): | |||
|
1448 | _request = self._get_request() | |||
|
1449 | return get_repo_slug(_request) | |||
1434 |
|
1450 | |||
1435 | def check_permissions(self, user): |
|
1451 | def check_permissions(self, user): | |
1436 | perms = user.permissions |
|
1452 | perms = user.permissions | |
1437 |
repo_name = get_repo_ |
|
1453 | repo_name = self._get_repo_name() | |
1438 | try: |
|
1454 | try: | |
1439 | user_perms = set([perms['repositories'][repo_name]]) |
|
1455 | user_perms = set([perms['repositories'][repo_name]]) | |
1440 | except KeyError: |
|
1456 | except KeyError: | |
@@ -1451,10 +1467,13 b' class HasRepoGroupPermissionAllDecorator' | |||||
1451 | repository group. All of them have to be meet in order to |
|
1467 | repository group. All of them have to be meet in order to | |
1452 | fulfill the request |
|
1468 | fulfill the request | |
1453 | """ |
|
1469 | """ | |
|
1470 | def _get_repo_group_name(self): | |||
|
1471 | _request = self._get_request() | |||
|
1472 | return get_repo_group_slug(_request) | |||
1454 |
|
1473 | |||
1455 | def check_permissions(self, user): |
|
1474 | def check_permissions(self, user): | |
1456 | perms = user.permissions |
|
1475 | perms = user.permissions | |
1457 |
group_name = get_repo_group_ |
|
1476 | group_name = self._get_repo_group_name() | |
1458 | try: |
|
1477 | try: | |
1459 | user_perms = set([perms['repositories_groups'][group_name]]) |
|
1478 | user_perms = set([perms['repositories_groups'][group_name]]) | |
1460 | except KeyError: |
|
1479 | except KeyError: | |
@@ -1471,10 +1490,13 b' class HasRepoGroupPermissionAnyDecorator' | |||||
1471 | repository group. In order to fulfill the request any |
|
1490 | repository group. In order to fulfill the request any | |
1472 | of predicates must be met |
|
1491 | of predicates must be met | |
1473 | """ |
|
1492 | """ | |
|
1493 | def _get_repo_group_name(self): | |||
|
1494 | _request = self._get_request() | |||
|
1495 | return get_repo_group_slug(_request) | |||
1474 |
|
1496 | |||
1475 | def check_permissions(self, user): |
|
1497 | def check_permissions(self, user): | |
1476 | perms = user.permissions |
|
1498 | perms = user.permissions | |
1477 |
group_name = get_repo_group_ |
|
1499 | group_name = self._get_repo_group_name() | |
1478 | try: |
|
1500 | try: | |
1479 | user_perms = set([perms['repositories_groups'][group_name]]) |
|
1501 | user_perms = set([perms['repositories_groups'][group_name]]) | |
1480 | except KeyError: |
|
1502 | except KeyError: | |
@@ -1490,10 +1512,13 b' class HasUserGroupPermissionAllDecorator' | |||||
1490 | Checks for access permission for all given predicates for specific |
|
1512 | Checks for access permission for all given predicates for specific | |
1491 | user group. All of them have to be meet in order to fulfill the request |
|
1513 | user group. All of them have to be meet in order to fulfill the request | |
1492 | """ |
|
1514 | """ | |
|
1515 | def _get_user_group_name(self): | |||
|
1516 | _request = self._get_request() | |||
|
1517 | return get_user_group_slug(_request) | |||
1493 |
|
1518 | |||
1494 | def check_permissions(self, user): |
|
1519 | def check_permissions(self, user): | |
1495 | perms = user.permissions |
|
1520 | perms = user.permissions | |
1496 |
group_name = get_user_group_ |
|
1521 | group_name = self._get_user_group_name() | |
1497 | try: |
|
1522 | try: | |
1498 | user_perms = set([perms['user_groups'][group_name]]) |
|
1523 | user_perms = set([perms['user_groups'][group_name]]) | |
1499 | except KeyError: |
|
1524 | except KeyError: | |
@@ -1509,10 +1534,13 b' class HasUserGroupPermissionAnyDecorator' | |||||
1509 | Checks for access permission for any of given predicates for specific |
|
1534 | Checks for access permission for any of given predicates for specific | |
1510 | user group. In order to fulfill the request any of predicates must be meet |
|
1535 | user group. In order to fulfill the request any of predicates must be meet | |
1511 | """ |
|
1536 | """ | |
|
1537 | def _get_user_group_name(self): | |||
|
1538 | _request = self._get_request() | |||
|
1539 | return get_user_group_slug(_request) | |||
1512 |
|
1540 | |||
1513 | def check_permissions(self, user): |
|
1541 | def check_permissions(self, user): | |
1514 | perms = user.permissions |
|
1542 | perms = user.permissions | |
1515 |
group_name = get_user_group_ |
|
1543 | group_name = self._get_user_group_name() | |
1516 | try: |
|
1544 | try: | |
1517 | user_perms = set([perms['user_groups'][group_name]]) |
|
1545 | user_perms = set([perms['user_groups'][group_name]]) | |
1518 | except KeyError: |
|
1546 | except KeyError: | |
@@ -1575,6 +1603,14 b' class PermsFunction(object):' | |||||
1575 | check_scope, user, check_location) |
|
1603 | check_scope, user, check_location) | |
1576 | return False |
|
1604 | return False | |
1577 |
|
1605 | |||
|
1606 | def _get_request(self): | |||
|
1607 | from pyramid.threadlocal import get_current_request | |||
|
1608 | pyramid_request = get_current_request() | |||
|
1609 | if not pyramid_request: | |||
|
1610 | # return global request of pylons incase pyramid one isn't available | |||
|
1611 | return request | |||
|
1612 | return pyramid_request | |||
|
1613 | ||||
1578 | def _get_check_scope(self, cls_name): |
|
1614 | def _get_check_scope(self, cls_name): | |
1579 | return { |
|
1615 | return { | |
1580 | 'HasPermissionAll': 'GLOBAL', |
|
1616 | 'HasPermissionAll': 'GLOBAL', | |
@@ -1613,10 +1649,14 b' class HasRepoPermissionAll(PermsFunction' | |||||
1613 | self.repo_name = repo_name |
|
1649 | self.repo_name = repo_name | |
1614 | return super(HasRepoPermissionAll, self).__call__(check_location, user) |
|
1650 | return super(HasRepoPermissionAll, self).__call__(check_location, user) | |
1615 |
|
1651 | |||
1616 | def check_permissions(self, user): |
|
1652 | def _get_repo_name(self): | |
1617 | if not self.repo_name: |
|
1653 | if not self.repo_name: | |
1618 | self.repo_name = get_repo_slug(request) |
|
1654 | _request = self._get_request() | |
|
1655 | self.repo_name = get_repo_slug(_request) | |||
|
1656 | return self.repo_name | |||
1619 |
|
1657 | |||
|
1658 | def check_permissions(self, user): | |||
|
1659 | self.repo_name = self._get_repo_name() | |||
1620 | perms = user.permissions |
|
1660 | perms = user.permissions | |
1621 | try: |
|
1661 | try: | |
1622 | user_perms = set([perms['repositories'][self.repo_name]]) |
|
1662 | user_perms = set([perms['repositories'][self.repo_name]]) | |
@@ -1632,10 +1672,13 b' class HasRepoPermissionAny(PermsFunction' | |||||
1632 | self.repo_name = repo_name |
|
1672 | self.repo_name = repo_name | |
1633 | return super(HasRepoPermissionAny, self).__call__(check_location, user) |
|
1673 | return super(HasRepoPermissionAny, self).__call__(check_location, user) | |
1634 |
|
1674 | |||
1635 | def check_permissions(self, user): |
|
1675 | def _get_repo_name(self): | |
1636 | if not self.repo_name: |
|
1676 | if not self.repo_name: | |
1637 | self.repo_name = get_repo_slug(request) |
|
1677 | self.repo_name = get_repo_slug(request) | |
|
1678 | return self.repo_name | |||
1638 |
|
1679 | |||
|
1680 | def check_permissions(self, user): | |||
|
1681 | self.repo_name = self._get_repo_name() | |||
1639 | perms = user.permissions |
|
1682 | perms = user.permissions | |
1640 | try: |
|
1683 | try: | |
1641 | user_perms = set([perms['repositories'][self.repo_name]]) |
|
1684 | user_perms = set([perms['repositories'][self.repo_name]]) |
@@ -42,6 +42,7 b' from paste.script.command import Command' | |||||
42 | from webhelpers.text import collapse, remove_formatting, strip_tags |
|
42 | from webhelpers.text import collapse, remove_formatting, strip_tags | |
43 | from mako import exceptions |
|
43 | from mako import exceptions | |
44 | from pyramid.threadlocal import get_current_registry |
|
44 | from pyramid.threadlocal import get_current_registry | |
|
45 | from pyramid.request import Request | |||
45 |
|
46 | |||
46 | from rhodecode.lib.fakemod import create_module |
|
47 | from rhodecode.lib.fakemod import create_module | |
47 | from rhodecode.lib.vcs.backends.base import Config |
|
48 | from rhodecode.lib.vcs.backends.base import Config | |
@@ -95,21 +96,36 b' def repo_name_slug(value):' | |||||
95 | # PERM DECORATOR HELPERS FOR EXTRACTING NAMES FOR PERM CHECKS |
|
96 | # PERM DECORATOR HELPERS FOR EXTRACTING NAMES FOR PERM CHECKS | |
96 | #============================================================================== |
|
97 | #============================================================================== | |
97 | def get_repo_slug(request): |
|
98 | def get_repo_slug(request): | |
|
99 | if isinstance(request, Request) and getattr(request, 'matchdict', None): | |||
|
100 | # pyramid | |||
|
101 | _repo = request.matchdict.get('repo_name') | |||
|
102 | else: | |||
98 | _repo = request.environ['pylons.routes_dict'].get('repo_name') |
|
103 | _repo = request.environ['pylons.routes_dict'].get('repo_name') | |
|
104 | ||||
99 | if _repo: |
|
105 | if _repo: | |
100 | _repo = _repo.rstrip('/') |
|
106 | _repo = _repo.rstrip('/') | |
101 | return _repo |
|
107 | return _repo | |
102 |
|
108 | |||
103 |
|
109 | |||
104 | def get_repo_group_slug(request): |
|
110 | def get_repo_group_slug(request): | |
|
111 | if isinstance(request, Request) and getattr(request, 'matchdict', None): | |||
|
112 | # pyramid | |||
|
113 | _group = request.matchdict.get('group_name') | |||
|
114 | else: | |||
105 | _group = request.environ['pylons.routes_dict'].get('group_name') |
|
115 | _group = request.environ['pylons.routes_dict'].get('group_name') | |
|
116 | ||||
106 | if _group: |
|
117 | if _group: | |
107 | _group = _group.rstrip('/') |
|
118 | _group = _group.rstrip('/') | |
108 | return _group |
|
119 | return _group | |
109 |
|
120 | |||
110 |
|
121 | |||
111 | def get_user_group_slug(request): |
|
122 | def get_user_group_slug(request): | |
|
123 | if isinstance(request, Request) and getattr(request, 'matchdict', None): | |||
|
124 | # pyramid | |||
|
125 | _group = request.matchdict.get('user_group_id') | |||
|
126 | else: | |||
112 | _group = request.environ['pylons.routes_dict'].get('user_group_id') |
|
127 | _group = request.environ['pylons.routes_dict'].get('user_group_id') | |
|
128 | ||||
113 | try: |
|
129 | try: | |
114 | _group = UserGroup.get(_group) |
|
130 | _group = UserGroup.get(_group) | |
115 | if _group: |
|
131 | if _group: |
@@ -418,9 +418,6 b' class TestAdminUsersController(TestContr' | |||||
418 | msg = 'Deleted 1 user groups' |
|
418 | msg = 'Deleted 1 user groups' | |
419 | assert_session_flash(response, msg) |
|
419 | assert_session_flash(response, msg) | |
420 |
|
420 | |||
421 | def test_show(self): |
|
|||
422 | self.app.get(url('user', user_id=1)) |
|
|||
423 |
|
||||
424 | def test_edit(self): |
|
421 | def test_edit(self): | |
425 | self.log_user() |
|
422 | self.log_user() | |
426 | user = User.get_by_username(TEST_USER_ADMIN_LOGIN) |
|
423 | user = User.get_by_username(TEST_USER_ADMIN_LOGIN) |
General Comments 0
You need to be logged in to leave comments.
Login now