Show More
| @@ -35,9 +35,9 b' from functools import wraps' | |||||
| 35 |
|
35 | |||
| 36 | import ipaddress |
|
36 | import ipaddress | |
| 37 | from pyramid.httpexceptions import HTTPForbidden, HTTPFound |
|
37 | from pyramid.httpexceptions import HTTPForbidden, HTTPFound | |
| 38 | from pylons import request |
|
|||
| 39 | from pylons.controllers.util import abort |
|
|||
| 40 | from pylons.i18n.translation import _ |
|
38 | from pylons.i18n.translation import _ | |
|
|
39 | # NOTE(marcink): this has to be removed only after pyramid migration, | |||
|
|
40 | # replace with _ = request.translate | |||
| 41 | from sqlalchemy.orm.exc import ObjectDeletedError |
|
41 | from sqlalchemy.orm.exc import ObjectDeletedError | |
| 42 | from sqlalchemy.orm import joinedload |
|
42 | from sqlalchemy.orm import joinedload | |
| 43 | from zope.cachedescriptors.property import Lazy as LazyProperty |
|
43 | from zope.cachedescriptors.property import Lazy as LazyProperty | |
| @@ -302,7 +302,8 b' def _cached_perms_data(user_id, scope, u' | |||||
| 302 | explicit, algo) |
|
302 | explicit, algo) | |
| 303 | return permissions.calculate() |
|
303 | return permissions.calculate() | |
| 304 |
|
304 | |||
| 305 | class PermOrigin: |
|
305 | ||
|
|
306 | class PermOrigin(object): | |||
| 306 | ADMIN = 'superadmin' |
|
307 | ADMIN = 'superadmin' | |
| 307 |
|
308 | |||
| 308 | REPO_USER = 'user:%s' |
|
309 | REPO_USER = 'user:%s' | |
| @@ -341,7 +342,6 b' class PermOriginDict(dict):' | |||||
| 341 | {'resource': [('read', 'default'), ('write', 'admin')]} |
|
342 | {'resource': [('read', 'default'), ('write', 'admin')]} | |
| 342 | """ |
|
343 | """ | |
| 343 |
|
344 | |||
| 344 |
|
||||
| 345 | def __init__(self, *args, **kw): |
|
345 | def __init__(self, *args, **kw): | |
| 346 | dict.__init__(self, *args, **kw) |
|
346 | dict.__init__(self, *args, **kw) | |
| 347 | self.perm_origin_stack = {} |
|
347 | self.perm_origin_stack = {} | |
| @@ -1114,6 +1114,17 b' def get_csrf_token(session=None, force_n' | |||||
| 1114 | return session.get(csrf_token_key) |
|
1114 | return session.get(csrf_token_key) | |
| 1115 |
|
1115 | |||
| 1116 |
|
1116 | |||
|
|
1117 | def get_request(perm_class): | |||
|
|
1118 | from pyramid.threadlocal import get_current_request | |||
|
|
1119 | pyramid_request = get_current_request() | |||
|
|
1120 | if not pyramid_request: | |||
|
|
1121 | # return global request of pylons in case pyramid isn't available | |||
|
|
1122 | # NOTE(marcink): this should be removed after migration to pyramid | |||
|
|
1123 | from pylons import request | |||
|
|
1124 | return request | |||
|
|
1125 | return pyramid_request | |||
|
|
1126 | ||||
|
|
1127 | ||||
| 1117 | # CHECK DECORATORS |
|
1128 | # CHECK DECORATORS | |
| 1118 | class CSRFRequired(object): |
|
1129 | class CSRFRequired(object): | |
| 1119 | """ |
|
1130 | """ | |
| @@ -1144,7 +1155,12 b' class CSRFRequired(object):' | |||||
| 1144 | supplied_token = self._get_csrf(_request) |
|
1155 | supplied_token = self._get_csrf(_request) | |
| 1145 | return supplied_token and supplied_token == cur_token |
|
1156 | return supplied_token and supplied_token == cur_token | |
| 1146 |
|
1157 | |||
|
|
1158 | def _get_request(self): | |||
|
|
1159 | return get_request(self) | |||
|
|
1160 | ||||
| 1147 | def __wrapper(self, func, *fargs, **fkwargs): |
|
1161 | def __wrapper(self, func, *fargs, **fkwargs): | |
|
|
1162 | request = self._get_request() | |||
|
|
1163 | ||||
| 1148 | if request.method in self.except_methods: |
|
1164 | if request.method in self.except_methods: | |
| 1149 | return func(*fargs, **fkwargs) |
|
1165 | return func(*fargs, **fkwargs) | |
| 1150 |
|
1166 | |||
| @@ -1157,8 +1173,8 b' class CSRFRequired(object):' | |||||
| 1157 | reason = 'token-missing' |
|
1173 | reason = 'token-missing' | |
| 1158 | supplied_token = self._get_csrf(request) |
|
1174 | supplied_token = self._get_csrf(request) | |
| 1159 | if supplied_token and cur_token != supplied_token: |
|
1175 | if supplied_token and cur_token != supplied_token: | |
| 1160 |
reason = 'token-mismatch [%s:%s]' % ( |
|
1176 | reason = 'token-mismatch [%s:%s]' % ( | |
| 1161 |
|
|
1177 | cur_token or ''[:6], supplied_token or ''[:6]) | |
| 1162 |
|
1178 | |||
| 1163 | csrf_message = \ |
|
1179 | csrf_message = \ | |
| 1164 | ("Cross-site request forgery detected, request denied. See " |
|
1180 | ("Cross-site request forgery detected, request denied. See " | |
| @@ -1186,12 +1202,7 b' class LoginRequired(object):' | |||||
| 1186 | return get_cython_compat_decorator(self.__wrapper, func) |
|
1202 | return get_cython_compat_decorator(self.__wrapper, func) | |
| 1187 |
|
1203 | |||
| 1188 | def _get_request(self): |
|
1204 | def _get_request(self): | |
| 1189 | from pyramid.threadlocal import get_current_request |
|
1205 | return get_request(self) | |
| 1190 | pyramid_request = get_current_request() |
|
|||
| 1191 | if not pyramid_request: |
|
|||
| 1192 | # return global request of pylons in case pyramid isn't available |
|
|||
| 1193 | return request |
|
|||
| 1194 | return pyramid_request |
|
|||
| 1195 |
|
1206 | |||
| 1196 | def __wrapper(self, func, *fargs, **fkwargs): |
|
1207 | def __wrapper(self, func, *fargs, **fkwargs): | |
| 1197 | from rhodecode.lib import helpers as h |
|
1208 | from rhodecode.lib import helpers as h | |
| @@ -1278,10 +1289,14 b' class NotAnonymous(object):' | |||||
| 1278 | def __call__(self, func): |
|
1289 | def __call__(self, func): | |
| 1279 | return get_cython_compat_decorator(self.__wrapper, func) |
|
1290 | return get_cython_compat_decorator(self.__wrapper, func) | |
| 1280 |
|
1291 | |||
|
|
1292 | def _get_request(self): | |||
|
|
1293 | return get_request(self) | |||
|
|
1294 | ||||
| 1281 | def __wrapper(self, func, *fargs, **fkwargs): |
|
1295 | def __wrapper(self, func, *fargs, **fkwargs): | |
| 1282 | import rhodecode.lib.helpers as h |
|
1296 | import rhodecode.lib.helpers as h | |
| 1283 | cls = fargs[0] |
|
1297 | cls = fargs[0] | |
| 1284 | self.user = cls._rhodecode_user |
|
1298 | self.user = cls._rhodecode_user | |
|
|
1299 | request = self._get_request() | |||
| 1285 |
|
1300 | |||
| 1286 | log.debug('Checking if user is not anonymous @%s' % cls) |
|
1301 | log.debug('Checking if user is not anonymous @%s' % cls) | |
| 1287 |
|
1302 | |||
| @@ -1304,9 +1319,16 b' class XHRRequired(object):' | |||||
| 1304 | def __call__(self, func): |
|
1319 | def __call__(self, func): | |
| 1305 | return get_cython_compat_decorator(self.__wrapper, func) |
|
1320 | return get_cython_compat_decorator(self.__wrapper, func) | |
| 1306 |
|
1321 | |||
|
|
1322 | def _get_request(self): | |||
|
|
1323 | return get_request(self) | |||
|
|
1324 | ||||
| 1307 | def __wrapper(self, func, *fargs, **fkwargs): |
|
1325 | def __wrapper(self, func, *fargs, **fkwargs): | |
|
|
1326 | from pylons.controllers.util import abort | |||
|
|
1327 | request = self._get_request() | |||
|
|
1328 | ||||
| 1308 | log.debug('Checking if request is XMLHttpRequest (XHR)') |
|
1329 | log.debug('Checking if request is XMLHttpRequest (XHR)') | |
| 1309 | xhr_message = 'This is not a valid XMLHttpRequest (XHR) request' |
|
1330 | xhr_message = 'This is not a valid XMLHttpRequest (XHR) request' | |
|
|
1331 | ||||
| 1310 | if not request.is_xhr: |
|
1332 | if not request.is_xhr: | |
| 1311 | abort(400, detail=xhr_message) |
|
1333 | abort(400, detail=xhr_message) | |
| 1312 |
|
1334 | |||
| @@ -1359,12 +1381,7 b' class PermsDecorator(object):' | |||||
| 1359 | return get_cython_compat_decorator(self.__wrapper, func) |
|
1381 | return get_cython_compat_decorator(self.__wrapper, func) | |
| 1360 |
|
1382 | |||
| 1361 | def _get_request(self): |
|
1383 | def _get_request(self): | |
| 1362 | from pyramid.threadlocal import get_current_request |
|
1384 | return get_request(self) | |
| 1363 | pyramid_request = get_current_request() |
|
|||
| 1364 | if not pyramid_request: |
|
|||
| 1365 | # return global request of pylons in case pyramid isn't available |
|
|||
| 1366 | return request |
|
|||
| 1367 | return pyramid_request |
|
|||
| 1368 |
|
1385 | |||
| 1369 | def _get_came_from(self): |
|
1386 | def _get_came_from(self): | |
| 1370 | _request = self._get_request() |
|
1387 | _request = self._get_request() | |
| @@ -1638,12 +1655,7 b' class PermsFunction(object):' | |||||
| 1638 | return False |
|
1655 | return False | |
| 1639 |
|
1656 | |||
| 1640 | def _get_request(self): |
|
1657 | def _get_request(self): | |
| 1641 | from pyramid.threadlocal import get_current_request |
|
1658 | return get_request(self) | |
| 1642 | pyramid_request = get_current_request() |
|
|||
| 1643 | if not pyramid_request: |
|
|||
| 1644 | # return global request of pylons incase pyramid one isn't available |
|
|||
| 1645 | return request |
|
|||
| 1646 | return pyramid_request |
|
|||
| 1647 |
|
1659 | |||
| 1648 | def _get_check_scope(self, cls_name): |
|
1660 | def _get_check_scope(self, cls_name): | |
| 1649 | return { |
|
1661 | return { | |
| @@ -1708,7 +1720,8 b' class HasRepoPermissionAny(PermsFunction' | |||||
| 1708 |
|
1720 | |||
| 1709 | def _get_repo_name(self): |
|
1721 | def _get_repo_name(self): | |
| 1710 | if not self.repo_name: |
|
1722 | if not self.repo_name: | |
| 1711 | self.repo_name = get_repo_slug(request) |
|
1723 | _request = self._get_request() | |
|
|
1724 | self.repo_name = get_repo_slug(_request) | |||
| 1712 | return self.repo_name |
|
1725 | return self.repo_name | |
| 1713 |
|
1726 | |||
| 1714 | def check_permissions(self, user): |
|
1727 | def check_permissions(self, user): | |
General Comments 0
You need to be logged in to leave comments.
Login now