Show More
@@ -0,0 +1,77 b'' | |||||
|
1 | # -*- coding: utf-8 -*- | |||
|
2 | ||||
|
3 | # Copyright (C) 2010-2018 RhodeCode GmbH | |||
|
4 | # | |||
|
5 | # This program is free software: you can redistribute it and/or modify | |||
|
6 | # it under the terms of the GNU Affero General Public License, version 3 | |||
|
7 | # (only), as published by the Free Software Foundation. | |||
|
8 | # | |||
|
9 | # This program is distributed in the hope that it will be useful, | |||
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
|
12 | # GNU General Public License for more details. | |||
|
13 | # | |||
|
14 | # You should have received a copy of the GNU Affero General Public License | |||
|
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
|
16 | # | |||
|
17 | # This program is dual-licensed. If you wish to learn more about the | |||
|
18 | # RhodeCode Enterprise Edition, including its added features, Support services, | |||
|
19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ | |||
|
20 | ||||
|
21 | import pytest | |||
|
22 | ||||
|
23 | from rhodecode.tests.utils import permission_update_data_generator | |||
|
24 | ||||
|
25 | ||||
|
26 | def route_path(name, params=None, **kwargs): | |||
|
27 | import urllib | |||
|
28 | ||||
|
29 | base_url = { | |||
|
30 | 'edit_repo_perms': '/{repo_name}/settings/permissions' | |||
|
31 | # update is the same url | |||
|
32 | }[name].format(**kwargs) | |||
|
33 | ||||
|
34 | if params: | |||
|
35 | base_url = '{}?{}'.format(base_url, urllib.urlencode(params)) | |||
|
36 | return base_url | |||
|
37 | ||||
|
38 | ||||
|
39 | @pytest.mark.usefixtures("app") | |||
|
40 | class TestRepoPermissionsView(object): | |||
|
41 | ||||
|
42 | def test_edit_perms_view(self, user_util, autologin_user): | |||
|
43 | repo = user_util.create_repo() | |||
|
44 | self.app.get( | |||
|
45 | route_path('edit_repo_perms', | |||
|
46 | repo_name=repo.repo_name), status=200) | |||
|
47 | ||||
|
48 | def test_update_permissions(self, csrf_token, user_util): | |||
|
49 | repo = user_util.create_repo() | |||
|
50 | repo_name = repo.repo_name | |||
|
51 | user = user_util.create_user() | |||
|
52 | user_id = user.user_id | |||
|
53 | username = user.username | |||
|
54 | ||||
|
55 | # grant new | |||
|
56 | form_data = permission_update_data_generator( | |||
|
57 | csrf_token, | |||
|
58 | default='repository.write', | |||
|
59 | grant=[(user_id, 'repository.write', username, 'user')]) | |||
|
60 | ||||
|
61 | response = self.app.post( | |||
|
62 | route_path('edit_repo_perms', | |||
|
63 | repo_name=repo_name), form_data).follow() | |||
|
64 | ||||
|
65 | assert 'Repository permissions updated' in response | |||
|
66 | ||||
|
67 | # revoke given | |||
|
68 | form_data = permission_update_data_generator( | |||
|
69 | csrf_token, | |||
|
70 | default='repository.read', | |||
|
71 | revoke=[(user_id, 'user')]) | |||
|
72 | ||||
|
73 | response = self.app.post( | |||
|
74 | route_path('edit_repo_perms', | |||
|
75 | repo_name=repo_name), form_data).follow() | |||
|
76 | ||||
|
77 | assert 'Repository permissions updated' in response |
@@ -0,0 +1,80 b'' | |||||
|
1 | # -*- coding: utf-8 -*- | |||
|
2 | ||||
|
3 | # Copyright (C) 2010-2018 RhodeCode GmbH | |||
|
4 | # | |||
|
5 | # This program is free software: you can redistribute it and/or modify | |||
|
6 | # it under the terms of the GNU Affero General Public License, version 3 | |||
|
7 | # (only), as published by the Free Software Foundation. | |||
|
8 | # | |||
|
9 | # This program is distributed in the hope that it will be useful, | |||
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
|
12 | # GNU General Public License for more details. | |||
|
13 | # | |||
|
14 | # You should have received a copy of the GNU Affero General Public License | |||
|
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
|
16 | # | |||
|
17 | # This program is dual-licensed. If you wish to learn more about the | |||
|
18 | # RhodeCode Enterprise Edition, including its added features, Support services, | |||
|
19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ | |||
|
20 | ||||
|
21 | import pytest | |||
|
22 | ||||
|
23 | from rhodecode.tests.utils import permission_update_data_generator | |||
|
24 | ||||
|
25 | ||||
|
26 | def route_path(name, params=None, **kwargs): | |||
|
27 | import urllib | |||
|
28 | from rhodecode.apps._base import ADMIN_PREFIX | |||
|
29 | ||||
|
30 | base_url = { | |||
|
31 | 'edit_user_group_perms': | |||
|
32 | ADMIN_PREFIX + '/user_groups/{user_group_id}/edit/permissions', | |||
|
33 | 'edit_user_group_perms_update': | |||
|
34 | ADMIN_PREFIX + '/user_groups/{user_group_id}/edit/permissions/update', | |||
|
35 | }[name].format(**kwargs) | |||
|
36 | ||||
|
37 | if params: | |||
|
38 | base_url = '{}?{}'.format(base_url, urllib.urlencode(params)) | |||
|
39 | return base_url | |||
|
40 | ||||
|
41 | ||||
|
42 | @pytest.mark.usefixtures("app") | |||
|
43 | class TestUserGroupPermissionsView(object): | |||
|
44 | ||||
|
45 | def test_edit_perms_view(self, user_util, autologin_user): | |||
|
46 | user_group = user_util.create_user_group() | |||
|
47 | self.app.get( | |||
|
48 | route_path('edit_user_group_perms', | |||
|
49 | user_group_id=user_group.users_group_id), status=200) | |||
|
50 | ||||
|
51 | def test_update_permissions(self, csrf_token, user_util): | |||
|
52 | user_group = user_util.create_user_group() | |||
|
53 | user_group_id = user_group.users_group_id | |||
|
54 | user = user_util.create_user() | |||
|
55 | user_id = user.user_id | |||
|
56 | username = user.username | |||
|
57 | ||||
|
58 | # grant new | |||
|
59 | form_data = permission_update_data_generator( | |||
|
60 | csrf_token, | |||
|
61 | default='usergroup.write', | |||
|
62 | grant=[(user_id, 'usergroup.write', username, 'user')]) | |||
|
63 | ||||
|
64 | response = self.app.post( | |||
|
65 | route_path('edit_user_group_perms_update', | |||
|
66 | user_group_id=user_group_id), form_data).follow() | |||
|
67 | ||||
|
68 | assert 'User Group permissions updated' in response | |||
|
69 | ||||
|
70 | # revoke given | |||
|
71 | form_data = permission_update_data_generator( | |||
|
72 | csrf_token, | |||
|
73 | default='usergroup.read', | |||
|
74 | revoke=[(user_id, 'user')]) | |||
|
75 | ||||
|
76 | response = self.app.post( | |||
|
77 | route_path('edit_user_group_perms_update', | |||
|
78 | user_group_id=user_group_id), form_data).follow() | |||
|
79 | ||||
|
80 | assert 'User Group permissions updated' in response |
@@ -20,6 +20,8 b'' | |||||
20 |
|
20 | |||
21 | import pytest |
|
21 | import pytest | |
22 |
|
22 | |||
|
23 | from rhodecode.tests.utils import permission_update_data_generator | |||
|
24 | ||||
23 |
|
25 | |||
24 | def route_path(name, params=None, **kwargs): |
|
26 | def route_path(name, params=None, **kwargs): | |
25 | import urllib |
|
27 | import urllib | |
@@ -37,13 +39,48 b' def route_path(name, params=None, **kwar' | |||||
37 |
|
39 | |||
38 |
|
40 | |||
39 | @pytest.mark.usefixtures("app") |
|
41 | @pytest.mark.usefixtures("app") | |
40 |
class TestRepoGroup |
|
42 | class TestRepoGroupPermissionsView(object): | |
41 |
|
43 | |||
42 |
def test_edit_ |
|
44 | def test_edit_perms_view(self, user_util, autologin_user): | |
43 | repo_group = user_util.create_repo_group() |
|
45 | repo_group = user_util.create_repo_group() | |
|
46 | ||||
44 | self.app.get( |
|
47 | self.app.get( | |
45 | route_path('edit_repo_group_perms', |
|
48 | route_path('edit_repo_group_perms', | |
46 | repo_group_name=repo_group.group_name), status=200) |
|
49 | repo_group_name=repo_group.group_name), status=200) | |
47 |
|
50 | |||
48 | def test_update_permissions(self): |
|
51 | def test_update_permissions(self, csrf_token, user_util): | |
49 | pass |
|
52 | repo_group = user_util.create_repo_group() | |
|
53 | repo_group_name = repo_group.group_name | |||
|
54 | user = user_util.create_user() | |||
|
55 | user_id = user.user_id | |||
|
56 | username = user.username | |||
|
57 | ||||
|
58 | # grant new | |||
|
59 | form_data = permission_update_data_generator( | |||
|
60 | csrf_token, | |||
|
61 | default='group.write', | |||
|
62 | grant=[(user_id, 'group.write', username, 'user')]) | |||
|
63 | ||||
|
64 | # recursive flag required for repo groups | |||
|
65 | form_data.extend([('recursive', u'none')]) | |||
|
66 | ||||
|
67 | response = self.app.post( | |||
|
68 | route_path('edit_repo_group_perms_update', | |||
|
69 | repo_group_name=repo_group_name), form_data).follow() | |||
|
70 | ||||
|
71 | assert 'Repository Group permissions updated' in response | |||
|
72 | ||||
|
73 | # revoke given | |||
|
74 | form_data = permission_update_data_generator( | |||
|
75 | csrf_token, | |||
|
76 | default='group.read', | |||
|
77 | revoke=[(user_id, 'user')]) | |||
|
78 | ||||
|
79 | # recursive flag required for repo groups | |||
|
80 | form_data.extend([('recursive', u'none')]) | |||
|
81 | ||||
|
82 | response = self.app.post( | |||
|
83 | route_path('edit_repo_group_perms_update', | |||
|
84 | repo_group_name=repo_group_name), form_data).follow() | |||
|
85 | ||||
|
86 | assert 'Repository Group permissions updated' in response |
@@ -547,14 +547,16 b' class RepoModel(BaseModel):' | |||||
547 | # this updates also current one if found |
|
547 | # this updates also current one if found | |
548 | self.grant_user_permission( |
|
548 | self.grant_user_permission( | |
549 | repo=repo, user=member_id, perm=perm) |
|
549 | repo=repo, user=member_id, perm=perm) | |
550 |
else: |
|
550 | elif member_type == 'user_group': | |
551 | # check if we have permissions to alter this usergroup |
|
551 | # check if we have permissions to alter this usergroup | |
552 | member_name = UserGroup.get(member_id).users_group_name |
|
552 | member_name = UserGroup.get(member_id).users_group_name | |
553 | if not check_perms or HasUserGroupPermissionAny( |
|
553 | if not check_perms or HasUserGroupPermissionAny( | |
554 | *req_perms)(member_name, user=cur_user): |
|
554 | *req_perms)(member_name, user=cur_user): | |
555 | self.grant_user_group_permission( |
|
555 | self.grant_user_group_permission( | |
556 | repo=repo, group_name=member_id, perm=perm) |
|
556 | repo=repo, group_name=member_id, perm=perm) | |
557 |
|
557 | else: | ||
|
558 | raise ValueError("member_type must be 'user' or 'user_group' " | |||
|
559 | "got {} instead".format(member_type)) | |||
558 | changes['updated'].append({'type': member_type, 'id': member_id, |
|
560 | changes['updated'].append({'type': member_type, 'id': member_id, | |
559 | 'name': member_name, 'new_perm': perm}) |
|
561 | 'name': member_name, 'new_perm': perm}) | |
560 |
|
562 | |||
@@ -565,13 +567,17 b' class RepoModel(BaseModel):' | |||||
565 | member_name = User.get(member_id).username |
|
567 | member_name = User.get(member_id).username | |
566 | self.grant_user_permission( |
|
568 | self.grant_user_permission( | |
567 | repo=repo, user=member_id, perm=perm) |
|
569 | repo=repo, user=member_id, perm=perm) | |
568 |
else: |
|
570 | elif member_type == 'user_group': | |
569 | # check if we have permissions to alter this usergroup |
|
571 | # check if we have permissions to alter this usergroup | |
570 | member_name = UserGroup.get(member_id).users_group_name |
|
572 | member_name = UserGroup.get(member_id).users_group_name | |
571 | if not check_perms or HasUserGroupPermissionAny( |
|
573 | if not check_perms or HasUserGroupPermissionAny( | |
572 | *req_perms)(member_name, user=cur_user): |
|
574 | *req_perms)(member_name, user=cur_user): | |
573 | self.grant_user_group_permission( |
|
575 | self.grant_user_group_permission( | |
574 | repo=repo, group_name=member_id, perm=perm) |
|
576 | repo=repo, group_name=member_id, perm=perm) | |
|
577 | else: | |||
|
578 | raise ValueError("member_type must be 'user' or 'user_group' " | |||
|
579 | "got {} instead".format(member_type)) | |||
|
580 | ||||
575 | changes['added'].append({'type': member_type, 'id': member_id, |
|
581 | changes['added'].append({'type': member_type, 'id': member_id, | |
576 | 'name': member_name, 'new_perm': perm}) |
|
582 | 'name': member_name, 'new_perm': perm}) | |
577 | # delete permissions |
|
583 | # delete permissions | |
@@ -580,13 +586,16 b' class RepoModel(BaseModel):' | |||||
580 | if member_type == 'user': |
|
586 | if member_type == 'user': | |
581 | member_name = User.get(member_id).username |
|
587 | member_name = User.get(member_id).username | |
582 | self.revoke_user_permission(repo=repo, user=member_id) |
|
588 | self.revoke_user_permission(repo=repo, user=member_id) | |
583 |
else: |
|
589 | elif member_type == 'user_group': | |
584 | # check if we have permissions to alter this usergroup |
|
590 | # check if we have permissions to alter this usergroup | |
585 | member_name = UserGroup.get(member_id).users_group_name |
|
591 | member_name = UserGroup.get(member_id).users_group_name | |
586 | if not check_perms or HasUserGroupPermissionAny( |
|
592 | if not check_perms or HasUserGroupPermissionAny( | |
587 | *req_perms)(member_name, user=cur_user): |
|
593 | *req_perms)(member_name, user=cur_user): | |
588 | self.revoke_user_group_permission( |
|
594 | self.revoke_user_group_permission( | |
589 | repo=repo, group_name=member_id) |
|
595 | repo=repo, group_name=member_id) | |
|
596 | else: | |||
|
597 | raise ValueError("member_type must be 'user' or 'user_group' " | |||
|
598 | "got {} instead".format(member_type)) | |||
590 |
|
599 | |||
591 | changes['deleted'].append({'type': member_type, 'id': member_id, |
|
600 | changes['deleted'].append({'type': member_type, 'id': member_id, | |
592 | 'name': member_name, 'new_perm': perm}) |
|
601 | 'name': member_name, 'new_perm': perm}) |
@@ -425,11 +425,14 b' class RepoGroupModel(BaseModel):' | |||||
425 | member_name = User.get(member_id).username |
|
425 | member_name = User.get(member_id).username | |
426 | # this updates also current one if found |
|
426 | # this updates also current one if found | |
427 | _set_perm_user(obj, user=member_id, perm=perm) |
|
427 | _set_perm_user(obj, user=member_id, perm=perm) | |
428 |
else: |
|
428 | elif member_type == 'user_group': | |
429 | member_name = UserGroup.get(member_id).users_group_name |
|
429 | member_name = UserGroup.get(member_id).users_group_name | |
430 | if not check_perms or has_group_perm(member_name, |
|
430 | if not check_perms or has_group_perm(member_name, | |
431 | user=cur_user): |
|
431 | user=cur_user): | |
432 | _set_perm_group(obj, users_group=member_id, perm=perm) |
|
432 | _set_perm_group(obj, users_group=member_id, perm=perm) | |
|
433 | else: | |||
|
434 | raise ValueError("member_type must be 'user' or 'user_group' " | |||
|
435 | "got {} instead".format(member_type)) | |||
433 |
|
436 | |||
434 | changes['updated'].append( |
|
437 | changes['updated'].append( | |
435 | {'change_obj': change_obj, 'type': member_type, |
|
438 | {'change_obj': change_obj, 'type': member_type, | |
@@ -441,12 +444,15 b' class RepoGroupModel(BaseModel):' | |||||
441 | if member_type == 'user': |
|
444 | if member_type == 'user': | |
442 | member_name = User.get(member_id).username |
|
445 | member_name = User.get(member_id).username | |
443 | _set_perm_user(obj, user=member_id, perm=perm) |
|
446 | _set_perm_user(obj, user=member_id, perm=perm) | |
444 |
else: |
|
447 | elif member_type == 'user_group': | |
445 | # check if we have permissions to alter this usergroup |
|
448 | # check if we have permissions to alter this usergroup | |
446 | member_name = UserGroup.get(member_id).users_group_name |
|
449 | member_name = UserGroup.get(member_id).users_group_name | |
447 | if not check_perms or has_group_perm(member_name, |
|
450 | if not check_perms or has_group_perm(member_name, | |
448 | user=cur_user): |
|
451 | user=cur_user): | |
449 | _set_perm_group(obj, users_group=member_id, perm=perm) |
|
452 | _set_perm_group(obj, users_group=member_id, perm=perm) | |
|
453 | else: | |||
|
454 | raise ValueError("member_type must be 'user' or 'user_group' " | |||
|
455 | "got {} instead".format(member_type)) | |||
450 |
|
456 | |||
451 | changes['added'].append( |
|
457 | changes['added'].append( | |
452 | {'change_obj': change_obj, 'type': member_type, |
|
458 | {'change_obj': change_obj, 'type': member_type, | |
@@ -458,12 +464,15 b' class RepoGroupModel(BaseModel):' | |||||
458 | if member_type == 'user': |
|
464 | if member_type == 'user': | |
459 | member_name = User.get(member_id).username |
|
465 | member_name = User.get(member_id).username | |
460 | _revoke_perm_user(obj, user=member_id) |
|
466 | _revoke_perm_user(obj, user=member_id) | |
461 |
else: |
|
467 | elif member_type == 'user_group': | |
462 | # check if we have permissions to alter this usergroup |
|
468 | # check if we have permissions to alter this usergroup | |
463 | member_name = UserGroup.get(member_id).users_group_name |
|
469 | member_name = UserGroup.get(member_id).users_group_name | |
464 | if not check_perms or has_group_perm(member_name, |
|
470 | if not check_perms or has_group_perm(member_name, | |
465 | user=cur_user): |
|
471 | user=cur_user): | |
466 | _revoke_perm_group(obj, user_group=member_id) |
|
472 | _revoke_perm_group(obj, user_group=member_id) | |
|
473 | else: | |||
|
474 | raise ValueError("member_type must be 'user' or 'user_group' " | |||
|
475 | "got {} instead".format(member_type)) | |||
467 |
|
476 | |||
468 | changes['deleted'].append( |
|
477 | changes['deleted'].append( | |
469 | {'change_obj': change_obj, 'type': member_type, |
|
478 | {'change_obj': change_obj, 'type': member_type, |
@@ -90,13 +90,16 b' class UserGroupModel(BaseModel):' | |||||
90 | self.grant_user_permission( |
|
90 | self.grant_user_permission( | |
91 | user_group=user_group, user=member_id, perm=perm |
|
91 | user_group=user_group, user=member_id, perm=perm | |
92 | ) |
|
92 | ) | |
93 | else: |
|
93 | elif member_type == 'user_group': | |
94 | # check if we have permissions to alter this usergroup |
|
94 | # check if we have permissions to alter this usergroup | |
95 | member_name = UserGroup.get(member_id).users_group_name |
|
95 | member_name = UserGroup.get(member_id).users_group_name | |
96 | if not check_perms or HasUserGroupPermissionAny( |
|
96 | if not check_perms or HasUserGroupPermissionAny( | |
97 | *req_perms)(member_name, user=cur_user): |
|
97 | *req_perms)(member_name, user=cur_user): | |
98 | self.grant_user_group_permission( |
|
98 | self.grant_user_group_permission( | |
99 | target_user_group=user_group, user_group=member_id, perm=perm) |
|
99 | target_user_group=user_group, user_group=member_id, perm=perm) | |
|
100 | else: | |||
|
101 | raise ValueError("member_type must be 'user' or 'user_group' " | |||
|
102 | "got {} instead".format(member_type)) | |||
100 |
|
103 | |||
101 | changes['updated'].append({ |
|
104 | changes['updated'].append({ | |
102 | 'change_obj': change_obj, |
|
105 | 'change_obj': change_obj, | |
@@ -110,13 +113,16 b' class UserGroupModel(BaseModel):' | |||||
110 | member_name = User.get(member_id).username |
|
113 | member_name = User.get(member_id).username | |
111 | self.grant_user_permission( |
|
114 | self.grant_user_permission( | |
112 | user_group=user_group, user=member_id, perm=perm) |
|
115 | user_group=user_group, user=member_id, perm=perm) | |
113 | else: |
|
116 | elif member_type == 'user_group': | |
114 | # check if we have permissions to alter this usergroup |
|
117 | # check if we have permissions to alter this usergroup | |
115 | member_name = UserGroup.get(member_id).users_group_name |
|
118 | member_name = UserGroup.get(member_id).users_group_name | |
116 | if not check_perms or HasUserGroupPermissionAny( |
|
119 | if not check_perms or HasUserGroupPermissionAny( | |
117 | *req_perms)(member_name, user=cur_user): |
|
120 | *req_perms)(member_name, user=cur_user): | |
118 | self.grant_user_group_permission( |
|
121 | self.grant_user_group_permission( | |
119 | target_user_group=user_group, user_group=member_id, perm=perm) |
|
122 | target_user_group=user_group, user_group=member_id, perm=perm) | |
|
123 | else: | |||
|
124 | raise ValueError("member_type must be 'user' or 'user_group' " | |||
|
125 | "got {} instead".format(member_type)) | |||
120 |
|
126 | |||
121 | changes['added'].append({ |
|
127 | changes['added'].append({ | |
122 | 'change_obj': change_obj, |
|
128 | 'change_obj': change_obj, | |
@@ -129,13 +135,16 b' class UserGroupModel(BaseModel):' | |||||
129 | if member_type == 'user': |
|
135 | if member_type == 'user': | |
130 | member_name = User.get(member_id).username |
|
136 | member_name = User.get(member_id).username | |
131 | self.revoke_user_permission(user_group=user_group, user=member_id) |
|
137 | self.revoke_user_permission(user_group=user_group, user=member_id) | |
132 | else: |
|
138 | elif member_type == 'user_group': | |
133 | # check if we have permissions to alter this usergroup |
|
139 | # check if we have permissions to alter this usergroup | |
134 | member_name = UserGroup.get(member_id).users_group_name |
|
140 | member_name = UserGroup.get(member_id).users_group_name | |
135 | if not check_perms or HasUserGroupPermissionAny( |
|
141 | if not check_perms or HasUserGroupPermissionAny( | |
136 | *req_perms)(member_name, user=cur_user): |
|
142 | *req_perms)(member_name, user=cur_user): | |
137 | self.revoke_user_group_permission( |
|
143 | self.revoke_user_group_permission( | |
138 | target_user_group=user_group, user_group=member_id) |
|
144 | target_user_group=user_group, user_group=member_id) | |
|
145 | else: | |||
|
146 | raise ValueError("member_type must be 'user' or 'user_group' " | |||
|
147 | "got {} instead".format(member_type)) | |||
139 |
|
148 | |||
140 | changes['deleted'].append({ |
|
149 | changes['deleted'].append({ | |
141 | 'change_obj': change_obj, |
|
150 | 'change_obj': change_obj, |
@@ -797,7 +797,7 b" def ValidPerms(localizer, type_='repo'):" | |||||
797 | obj_type = k[0] |
|
797 | obj_type = k[0] | |
798 | obj_id = k[7:] |
|
798 | obj_id = k[7:] | |
799 | update_type = {'u': 'user', |
|
799 | update_type = {'u': 'user', | |
800 |
'g': 'user |
|
800 | 'g': 'user_group'}[obj_type] | |
801 |
|
801 | |||
802 | if obj_type == 'u' and safe_int(obj_id) == default_user_id: |
|
802 | if obj_type == 'u' and safe_int(obj_id) == default_user_id: | |
803 | if str2bool(value.get('repo_private')): |
|
803 | if str2bool(value.get('repo_private')): | |
@@ -827,7 +827,7 b" def ValidPerms(localizer, type_='repo'):" | |||||
827 | User.query()\ |
|
827 | User.query()\ | |
828 | .filter(User.active == true())\ |
|
828 | .filter(User.active == true())\ | |
829 | .filter(User.user_id == member_id).one() |
|
829 | .filter(User.user_id == member_id).one() | |
830 |
if member_type == 'user |
|
830 | if member_type == 'user_group': | |
831 | UserGroup.query()\ |
|
831 | UserGroup.query()\ | |
832 | .filter(UserGroup.users_group_active == true())\ |
|
832 | .filter(UserGroup.users_group_active == true())\ | |
833 | .filter(UserGroup.users_group_id == member_id)\ |
|
833 | .filter(UserGroup.users_group_id == member_id)\ |
@@ -48,7 +48,7 b' def permissions_setup_func_orig(' | |||||
48 | repo_group = RepoGroup.get_by_group_name(group_name=group_name) |
|
48 | repo_group = RepoGroup.get_by_group_name(group_name=group_name) | |
49 | if not repo_group: |
|
49 | if not repo_group: | |
50 | raise Exception('Cannot get group %s' % group_name) |
|
50 | raise Exception('Cannot get group %s' % group_name) | |
51 |
perm_updates = [[test_u2_gr_id, perm, 'user |
|
51 | perm_updates = [[test_u2_gr_id, perm, 'user_group']] | |
52 | RepoGroupModel().update_permissions(repo_group, |
|
52 | RepoGroupModel().update_permissions(repo_group, | |
53 | perm_updates=perm_updates, |
|
53 | perm_updates=perm_updates, | |
54 | recursive=recursive, check_perms=False) |
|
54 | recursive=recursive, check_perms=False) |
@@ -427,3 +427,32 b' def commit_change(' | |||||
427 | f_path=filename |
|
427 | f_path=filename | |
428 | ) |
|
428 | ) | |
429 | return commit |
|
429 | return commit | |
|
430 | ||||
|
431 | ||||
|
432 | def permission_update_data_generator(csrf_token, default=None, grant=None, revoke=None): | |||
|
433 | if not default: | |||
|
434 | raise ValueError('Permission for default user must be given') | |||
|
435 | form_data = [( | |||
|
436 | 'csrf_token', csrf_token | |||
|
437 | )] | |||
|
438 | # add default | |||
|
439 | form_data.extend([ | |||
|
440 | ('u_perm_1', default) | |||
|
441 | ]) | |||
|
442 | ||||
|
443 | if grant: | |||
|
444 | for cnt, (obj_id, perm, obj_name, obj_type) in enumerate(grant, 1): | |||
|
445 | form_data.extend([ | |||
|
446 | ('perm_new_member_perm_new{}'.format(cnt), perm), | |||
|
447 | ('perm_new_member_id_new{}'.format(cnt), obj_id), | |||
|
448 | ('perm_new_member_name_new{}'.format(cnt), obj_name), | |||
|
449 | ('perm_new_member_type_new{}'.format(cnt), obj_type), | |||
|
450 | ||||
|
451 | ]) | |||
|
452 | if revoke: | |||
|
453 | for obj_id, obj_type in revoke: | |||
|
454 | form_data.extend([ | |||
|
455 | ('perm_del_member_id_{}'.format(obj_id), obj_id), | |||
|
456 | ('perm_del_member_type_{}'.format(obj_id), obj_type), | |||
|
457 | ]) | |||
|
458 | return form_data |
General Comments 0
You need to be logged in to leave comments.
Login now