##// END OF EJS Templates
u » ewong » rhodecode-enterprise-ce-fork
RSS

Fork of rhodecode-enterprise-ce

files: added branch permissions checks into web edit operations.
marcink -
r2978:7cabaaed default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -98,6 +98,20 b' class RepoFilesView(RepoAppView):'
98 repo_name=self.db_repo_name, commit_id='tip')
98 repo_name=self.db_repo_name, commit_id='tip')
99 raise HTTPFound(files_url)
99 raise HTTPFound(files_url)
100
100
101 def check_branch_permission(self, branch_name):
102 _ = self.request.translate
103
104 rule, branch_perm = self._rhodecode_user.get_rule_and_branch_permission(
105 self.db_repo_name, branch_name)
106 if branch_perm and branch_perm not in ['branch.push', 'branch.push_force']:
107 h.flash(
108 _('Branch `{}` changes forbidden by rule {}.').format(branch_name, rule),
109 'warning')
110 files_url = h.route_path(
111 'repo_files:default_path',
112 repo_name=self.db_repo_name, commit_id='tip')
113 raise HTTPFound(files_url)
114
101 def _get_commit_and_path(self):
115 def _get_commit_and_path(self):
102 default_commit_id = self.db_repo.landing_rev[1]
116 default_commit_id = self.db_repo.landing_rev[1]
103 default_f_path = '/'
117 default_f_path = '/'
@@ -176,17 +190,37 b' class RepoFilesView(RepoAppView):'
176 return file_node
190 return file_node
177
191
178 def _is_valid_head(self, commit_id, repo):
192 def _is_valid_head(self, commit_id, repo):
179 # check if commit is a branch identifier- basically we cannot
193 branch_name = sha_commit_id = ''
180 # create multiple heads via file editing
194 is_head = False
181 valid_heads = repo.branches.keys() + repo.branches.values()
182
195
183 if h.is_svn(repo) and not repo.is_empty():
196 if h.is_svn(repo) and not repo.is_empty():
184 # Note: Subversion only has one head, we add it here in case there
197 # Note: Subversion only has one head.
185 # is no branch matched.
198 if commit_id == repo.get_commit(commit_idx=-1).raw_id:
186 valid_heads.append(repo.get_commit(commit_idx=-1).raw_id)
199 is_head = True
200 return branch_name, sha_commit_id, is_head
187
201
188 # check if commit is a branch name or branch hash
202 for _branch_name, branch_commit_id in repo.branches.items():
189 return commit_id in valid_heads
203 # simple case we pass in branch name, it's a HEAD
204 if commit_id == _branch_name:
205 is_head = True
206 branch_name = _branch_name
207 sha_commit_id = branch_commit_id
208 break
209 # case when we pass in full sha commit_id, which is a head
210 elif commit_id == branch_commit_id:
211 is_head = True
212 branch_name = _branch_name
213 sha_commit_id = branch_commit_id
214 break
215
216 # checked branches, means we only need to try to get the branch/commit_sha
217 if not repo.is_empty:
218 commit = repo.get_commit(commit_id=commit_id)
219 if commit:
220 branch_name = commit.branch
221 sha_commit_id = commit.raw_id
222
223 return branch_name, sha_commit_id, is_head
190
224
191 def _get_tree_at_commit(
225 def _get_tree_at_commit(
192 self, c, commit_id, f_path, full_load=False):
226 self, c, commit_id, f_path, full_load=False):
@@ -281,6 +315,7 b' class RepoFilesView(RepoAppView):'
281 use_cached_archive = False
315 use_cached_archive = False
282 archive_cache_enabled = CONFIG.get(
316 archive_cache_enabled = CONFIG.get(
283 'archive_cache_dir') and not self.request.GET.get('no_cache')
317 'archive_cache_dir') and not self.request.GET.get('no_cache')
318 cached_archive_path = None
284
319
285 if archive_cache_enabled:
320 if archive_cache_enabled:
286 # check if we it's ok to write
321 # check if we it's ok to write
@@ -322,16 +357,16 b' class RepoFilesView(RepoAppView):'
322 commit=True
357 commit=True
323 )
358 )
324
359
325 def get_chunked_archive(archive):
360 def get_chunked_archive(archive_path):
326 with open(archive, 'rb') as stream:
361 with open(archive_path, 'rb') as stream:
327 while True:
362 while True:
328 data = stream.read(16 * 1024)
363 data = stream.read(16 * 1024)
329 if not data:
364 if not data:
330 if fd: # fd means we used temporary file
365 if fd: # fd means we used temporary file
331 os.close(fd)
366 os.close(fd)
332 if not archive_cache_enabled:
367 if not archive_cache_enabled:
333 log.debug('Destroying temp archive %s', archive)
368 log.debug('Destroying temp archive %s', archive_path)
334 os.remove(archive)
369 os.remove(archive_path)
335 break
370 break
336 yield data
371 yield data
337
372
@@ -572,8 +607,9 b' class RepoFilesView(RepoAppView):'
572 if not c.renderer:
607 if not c.renderer:
573 c.lines = filenode_as_lines_tokens(c.file)
608 c.lines = filenode_as_lines_tokens(c.file)
574
609
575 c.on_branch_head = self._is_valid_head(
610 _branch_name, _sha_commit_id, is_head = self._is_valid_head(
576 commit_id, self.rhodecode_vcs_repo)
611 commit_id, self.rhodecode_vcs_repo)
612 c.on_branch_head = is_head
577
613
578 branch = c.commit.branch if (
614 branch = c.commit.branch if (
579 c.commit.branch and '/' not in c.commit.branch) else None
615 c.commit.branch and '/' not in c.commit.branch) else None
@@ -987,15 +1023,18 b' class RepoFilesView(RepoAppView):'
987 commit_id, f_path = self._get_commit_and_path()
1023 commit_id, f_path = self._get_commit_and_path()
988
1024
989 self._ensure_not_locked()
1025 self._ensure_not_locked()
1026 _branch_name, _sha_commit_id, is_head = \
1027 self._is_valid_head(commit_id, self.rhodecode_vcs_repo)
990
1028
991 if not self._is_valid_head(commit_id, self.rhodecode_vcs_repo):
1029 if not is_head:
992 h.flash(_('You can only delete files with commit '
1030 h.flash(_('You can only delete files with commit '
993 'being a valid branch '), category='warning')
1031 'being a valid branch head.'), category='warning')
994 raise HTTPFound(
1032 raise HTTPFound(
995 h.route_path('repo_files',
1033 h.route_path('repo_files',
996 repo_name=self.db_repo_name, commit_id='tip',
1034 repo_name=self.db_repo_name, commit_id='tip',
997 f_path=f_path))
1035 f_path=f_path))
998
1036
1037 self.check_branch_permission(_branch_name)
999 c.commit = self._get_commit_or_redirect(commit_id)
1038 c.commit = self._get_commit_or_redirect(commit_id)
1000 c.file = self._get_filenode_or_redirect(c.commit, f_path)
1039 c.file = self._get_filenode_or_redirect(c.commit, f_path)
1001
1040
@@ -1018,14 +1057,17 b' class RepoFilesView(RepoAppView):'
1018 commit_id, f_path = self._get_commit_and_path()
1057 commit_id, f_path = self._get_commit_and_path()
1019
1058
1020 self._ensure_not_locked()
1059 self._ensure_not_locked()
1060 _branch_name, _sha_commit_id, is_head = \
1061 self._is_valid_head(commit_id, self.rhodecode_vcs_repo)
1021
1062
1022 if not self._is_valid_head(commit_id, self.rhodecode_vcs_repo):
1063 if not is_head:
1023 h.flash(_('You can only delete files with commit '
1064 h.flash(_('You can only delete files with commit '
1024 'being a valid branch '), category='warning')
1065 'being a valid branch head.'), category='warning')
1025 raise HTTPFound(
1066 raise HTTPFound(
1026 h.route_path('repo_files',
1067 h.route_path('repo_files',
1027 repo_name=self.db_repo_name, commit_id='tip',
1068 repo_name=self.db_repo_name, commit_id='tip',
1028 f_path=f_path))
1069 f_path=f_path))
1070 self.check_branch_permission(_branch_name)
1029
1071
1030 c.commit = self._get_commit_or_redirect(commit_id)
1072 c.commit = self._get_commit_or_redirect(commit_id)
1031 c.file = self._get_filenode_or_redirect(c.commit, f_path)
1073 c.file = self._get_filenode_or_redirect(c.commit, f_path)
@@ -1071,14 +1113,17 b' class RepoFilesView(RepoAppView):'
1071 commit_id, f_path = self._get_commit_and_path()
1113 commit_id, f_path = self._get_commit_and_path()
1072
1114
1073 self._ensure_not_locked()
1115 self._ensure_not_locked()
1116 _branch_name, _sha_commit_id, is_head = \
1117 self._is_valid_head(commit_id, self.rhodecode_vcs_repo)
1074
1118
1075 if not self._is_valid_head(commit_id, self.rhodecode_vcs_repo):
1119 if not is_head:
1076 h.flash(_('You can only edit files with commit '
1120 h.flash(_('You can only edit files with commit '
1077 'being a valid branch '), category='warning')
1121 'being a valid branch head.'), category='warning')
1078 raise HTTPFound(
1122 raise HTTPFound(
1079 h.route_path('repo_files',
1123 h.route_path('repo_files',
1080 repo_name=self.db_repo_name, commit_id='tip',
1124 repo_name=self.db_repo_name, commit_id='tip',
1081 f_path=f_path))
1125 f_path=f_path))
1126 self.check_branch_permission(_branch_name)
1082
1127
1083 c.commit = self._get_commit_or_redirect(commit_id)
1128 c.commit = self._get_commit_or_redirect(commit_id)
1084 c.file = self._get_filenode_or_redirect(c.commit, f_path)
1129 c.file = self._get_filenode_or_redirect(c.commit, f_path)
@@ -1108,15 +1153,19 b' class RepoFilesView(RepoAppView):'
1108 commit_id, f_path = self._get_commit_and_path()
1153 commit_id, f_path = self._get_commit_and_path()
1109
1154
1110 self._ensure_not_locked()
1155 self._ensure_not_locked()
1156 _branch_name, _sha_commit_id, is_head = \
1157 self._is_valid_head(commit_id, self.rhodecode_vcs_repo)
1111
1158
1112 if not self._is_valid_head(commit_id, self.rhodecode_vcs_repo):
1159 if not is_head:
1113 h.flash(_('You can only edit files with commit '
1160 h.flash(_('You can only edit files with commit '
1114 'being a valid branch '), category='warning')
1161 'being a valid branch head.'), category='warning')
1115 raise HTTPFound(
1162 raise HTTPFound(
1116 h.route_path('repo_files',
1163 h.route_path('repo_files',
1117 repo_name=self.db_repo_name, commit_id='tip',
1164 repo_name=self.db_repo_name, commit_id='tip',
1118 f_path=f_path))
1165 f_path=f_path))
1119
1166
1167 self.check_branch_permission(_branch_name)
1168
1120 c.commit = self._get_commit_or_redirect(commit_id)
1169 c.commit = self._get_commit_or_redirect(commit_id)
1121 c.file = self._get_filenode_or_redirect(c.commit, f_path)
1170 c.file = self._get_filenode_or_redirect(c.commit, f_path)
1122
1171
@@ -1196,6 +1245,25 b' class RepoFilesView(RepoAppView):'
1196 c.default_message = (_('Added file via RhodeCode Enterprise'))
1245 c.default_message = (_('Added file via RhodeCode Enterprise'))
1197 c.f_path = f_path.lstrip('/') # ensure not relative path
1246 c.f_path = f_path.lstrip('/') # ensure not relative path
1198
1247
1248 if self.rhodecode_vcs_repo.is_empty:
1249 # for empty repository we cannot check for current branch, we rely on
1250 # c.commit.branch instead
1251 _branch_name = c.commit.branch
1252 is_head = True
1253 else:
1254 _branch_name, _sha_commit_id, is_head = \
1255 self._is_valid_head(commit_id, self.rhodecode_vcs_repo)
1256
1257 if not is_head:
1258 h.flash(_('You can only add files with commit '
1259 'being a valid branch head.'), category='warning')
1260 raise HTTPFound(
1261 h.route_path('repo_files',
1262 repo_name=self.db_repo_name, commit_id='tip',
1263 f_path=f_path))
1264
1265 self.check_branch_permission(_branch_name)
1266
1199 return self._get_template_context(c)
1267 return self._get_template_context(c)
1200
1268
1201 @LoginRequired()
1269 @LoginRequired()
@@ -1217,6 +1285,26 b' class RepoFilesView(RepoAppView):'
1217 commit_id, redirect_after=False)
1285 commit_id, redirect_after=False)
1218 if c.commit is None:
1286 if c.commit is None:
1219 c.commit = EmptyCommit(alias=self.rhodecode_vcs_repo.alias)
1287 c.commit = EmptyCommit(alias=self.rhodecode_vcs_repo.alias)
1288
1289 if self.rhodecode_vcs_repo.is_empty:
1290 # for empty repository we cannot check for current branch, we rely on
1291 # c.commit.branch instead
1292 _branch_name = c.commit.branch
1293 is_head = True
1294 else:
1295 _branch_name, _sha_commit_id, is_head = \
1296 self._is_valid_head(commit_id, self.rhodecode_vcs_repo)
1297
1298 if not is_head:
1299 h.flash(_('You can only add files with commit '
1300 'being a valid branch head.'), category='warning')
1301 raise HTTPFound(
1302 h.route_path('repo_files',
1303 repo_name=self.db_repo_name, commit_id='tip',
1304 f_path=f_path))
1305
1306 self.check_branch_permission(_branch_name)
1307
1220 c.default_message = (_('Added file via RhodeCode Enterprise'))
1308 c.default_message = (_('Added file via RhodeCode Enterprise'))
1221 c.f_path = f_path
1309 c.f_path = f_path
1222 unix_mode = 0
1310 unix_mode = 0
Show file before | Show file after | Hide comments
@@ -12,7 +12,7 b''
12 </%def>
12 </%def>
13
13
14 <%def name="breadcrumbs_links()">
14 <%def name="breadcrumbs_links()">
15 ${_('Add new file')} @ ${h.show_id(c.commit)}
15 ${_('Add new file')} @ ${h.show_id(c.commit)} ${_('Branch')}: ${c.commit.branch}
16 </%def>
16 </%def>
17
17
18 <%def name="menu_bar_subnav()">
18 <%def name="menu_bar_subnav()">
General Comments 0
You need to be logged in to leave comments. Login now