Show More
@@ -27,7 +27,8 b' from rhodecode.apps._base import RepoApp' | |||||
27 | from rhodecode.lib import helpers as h |
|
27 | from rhodecode.lib import helpers as h | |
28 | from rhodecode.lib import audit_logger |
|
28 | from rhodecode.lib import audit_logger | |
29 | from rhodecode.lib.auth import ( |
|
29 | from rhodecode.lib.auth import ( | |
30 |
LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired |
|
30 | LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired, | |
|
31 | HasRepoPermissionAny) | |||
31 | from rhodecode.lib.exceptions import AttachedForksError |
|
32 | from rhodecode.lib.exceptions import AttachedForksError | |
32 | from rhodecode.lib.utils2 import safe_int |
|
33 | from rhodecode.lib.utils2 import safe_int | |
33 | from rhodecode.lib.vcs import RepositoryError |
|
34 | from rhodecode.lib.vcs import RepositoryError | |
@@ -169,23 +170,32 b' class RepoSettingsView(RepoAppView):' | |||||
169 | """ |
|
170 | """ | |
170 | _ = self.request.translate |
|
171 | _ = self.request.translate | |
171 |
|
172 | |||
172 | new_fork_id = self.request.POST.get('id_fork_of') |
|
173 | new_fork_id = safe_int(self.request.POST.get('id_fork_of')) | |
173 | try: |
|
174 | ||
|
175 | # valid repo, re-check permissions | |||
|
176 | if new_fork_id: | |||
|
177 | repo = Repository.get(new_fork_id) | |||
|
178 | # ensure we have at least read access to the repo we mark | |||
|
179 | perm_check = HasRepoPermissionAny( | |||
|
180 | 'repository.read', 'repository.write', 'repository.admin') | |||
174 |
|
181 | |||
175 | if new_fork_id and not new_fork_id.isdigit(): |
|
182 | if repo and perm_check(repo_name=repo.repo_name): | |
176 | log.error('Given fork id %s is not an INT', new_fork_id) |
|
183 | new_fork_id = repo.repo_id | |
|
184 | else: | |||
|
185 | new_fork_id = None | |||
177 |
|
186 | |||
178 | fork_id = safe_int(new_fork_id) |
|
187 | try: | |
179 | repo = ScmModel().mark_as_fork( |
|
188 | repo = ScmModel().mark_as_fork( | |
180 | self.db_repo_name, fork_id, self._rhodecode_user.user_id) |
|
189 | self.db_repo_name, new_fork_id, self._rhodecode_user.user_id) | |
181 | fork = repo.fork.repo_name if repo.fork else _('Nothing') |
|
190 | fork = repo.fork.repo_name if repo.fork else _('Nothing') | |
182 | Session().commit() |
|
191 | Session().commit() | |
183 | h.flash(_('Marked repo %s as fork of %s') % (self.db_repo_name, fork), |
|
192 | h.flash( | |
|
193 | _('Marked repo %s as fork of %s') % (self.db_repo_name, fork), | |||
184 |
|
|
194 | category='success') | |
185 | except RepositoryError as e: |
|
195 | except RepositoryError as e: | |
186 | log.exception("Repository Error occurred") |
|
196 | log.exception("Repository Error occurred") | |
187 | h.flash(str(e), category='error') |
|
197 | h.flash(str(e), category='error') | |
188 |
except Exception |
|
198 | except Exception: | |
189 | log.exception("Exception while editing fork") |
|
199 | log.exception("Exception while editing fork") | |
190 | h.flash(_('An error occurred during this operation'), |
|
200 | h.flash(_('An error occurred during this operation'), | |
191 | category='error') |
|
201 | category='error') |
@@ -218,6 +218,7 b' function registerRCRoutes() {' | |||||
218 | pyroutes.register('edit_repo_strip', '/%(repo_name)s/settings/strip', ['repo_name']); |
|
218 | pyroutes.register('edit_repo_strip', '/%(repo_name)s/settings/strip', ['repo_name']); | |
219 | pyroutes.register('strip_check', '/%(repo_name)s/settings/strip_check', ['repo_name']); |
|
219 | pyroutes.register('strip_check', '/%(repo_name)s/settings/strip_check', ['repo_name']); | |
220 | pyroutes.register('strip_execute', '/%(repo_name)s/settings/strip_execute', ['repo_name']); |
|
220 | pyroutes.register('strip_execute', '/%(repo_name)s/settings/strip_execute', ['repo_name']); | |
|
221 | pyroutes.register('edit_repo_audit_logs', '/%(repo_name)s/settings/audit_logs', ['repo_name']); | |||
221 | pyroutes.register('rss_feed_home', '/%(repo_name)s/feed/rss', ['repo_name']); |
|
222 | pyroutes.register('rss_feed_home', '/%(repo_name)s/feed/rss', ['repo_name']); | |
222 | pyroutes.register('atom_feed_home', '/%(repo_name)s/feed/atom', ['repo_name']); |
|
223 | pyroutes.register('atom_feed_home', '/%(repo_name)s/feed/atom', ['repo_name']); | |
223 | pyroutes.register('repo_summary', '/%(repo_name)s', ['repo_name']); |
|
224 | pyroutes.register('repo_summary', '/%(repo_name)s', ['repo_name']); |
General Comments 0
You need to be logged in to leave comments.
Login now