Show More
| @@ -120,11 +120,25 b' class SshWrapper(object):' | |||
|
|
120 | 120 | |
|
|
121 | 121 | return vcs_type, repo_name, mode |
|
|
122 | 122 | |
|
|
123 | def serve(self, vcs, repo, mode, user, permissions): | |
|
|
123 | def serve(self, vcs, repo, mode, user, permissions, branch_permissions): | |
|
|
124 | 124 | store = ScmModel().repos_path |
|
|
125 | 125 | |
|
|
126 | check_branch_perms = False | |
|
|
127 | detect_force_push = False | |
|
|
128 | ||
|
|
129 | if branch_permissions: | |
|
|
130 | check_branch_perms = True | |
|
|
131 | detect_force_push = True | |
|
|
132 | ||
|
|
126 | 133 | log.debug( |
|
|
127 |
'VCS detected:`%s` mode: `%s` repo_name: %s', |
|
|
|
134 | 'VCS detected:`%s` mode: `%s` repo_name: %s, branch_permission_checks:%s', | |
|
|
135 | vcs, mode, repo, check_branch_perms) | |
|
|
136 | ||
|
|
137 | # detect if we have to check branch permissions | |
|
|
138 | extras = { | |
|
|
139 | 'detect_force_push': detect_force_push, | |
|
|
140 | 'check_branch_perms': check_branch_perms, | |
|
|
141 | } | |
|
|
128 | 142 | |
|
|
129 | 143 | if vcs == 'hg': |
|
|
130 | 144 | server = MercurialServer( |
| @@ -132,7 +146,7 b' class SshWrapper(object):' | |||
|
|
132 | 146 | repo_name=repo, user=user, |
|
|
133 | 147 | user_permissions=permissions, config=self.config, env=self.env) |
|
|
134 | 148 | self.server_impl = server |
|
|
135 | return server.run() | |
|
|
149 | return server.run(tunnel_extras=extras) | |
|
|
136 | 150 | |
|
|
137 | 151 | elif vcs == 'git': |
|
|
138 | 152 | server = GitServer( |
| @@ -140,7 +154,7 b' class SshWrapper(object):' | |||
|
|
140 | 154 | repo_name=repo, repo_mode=mode, user=user, |
|
|
141 | 155 | user_permissions=permissions, config=self.config, env=self.env) |
|
|
142 | 156 | self.server_impl = server |
|
|
143 | return server.run() | |
|
|
157 | return server.run(tunnel_extras=extras) | |
|
|
144 | 158 | |
|
|
145 | 159 | elif vcs == 'svn': |
|
|
146 | 160 | server = SubversionServer( |
| @@ -148,7 +162,7 b' class SshWrapper(object):' | |||
|
|
148 | 162 | repo_name=None, user=user, |
|
|
149 | 163 | user_permissions=permissions, config=self.config, env=self.env) |
|
|
150 | 164 | self.server_impl = server |
|
|
151 | return server.run() | |
|
|
165 | return server.run(tunnel_extras=extras) | |
|
|
152 | 166 | |
|
|
153 | 167 | else: |
|
|
154 | 168 | raise Exception('Unrecognised VCS: {}'.format(vcs)) |
| @@ -188,10 +202,11 b' class SshWrapper(object):' | |||
|
|
188 | 202 | |
|
|
189 | 203 | auth_user = user.AuthUser() |
|
|
190 | 204 | permissions = auth_user.permissions['repositories'] |
|
|
191 | ||
|
|
205 | repo_branch_permissions = auth_user.get_branch_permissions(scm_repo) | |
|
|
192 | 206 | try: |
|
|
193 | 207 | exit_code, is_updated = self.serve( |
|
|
194 |
scm_detected, scm_repo, scm_mode, user, permissions |
|
|
|
208 | scm_detected, scm_repo, scm_mode, user, permissions, | |
|
|
209 | repo_branch_permissions) | |
|
|
195 | 210 | except Exception: |
|
|
196 | 211 | log.exception('Error occurred during execution of SshWrapper') |
|
|
197 | 212 | exit_code = -1 |
| @@ -106,11 +106,15 b' class VcsServer(object):' | |||
|
|
106 | 106 | 'make_lock': None, |
|
|
107 | 107 | 'locked_by': [None, None], |
|
|
108 | 108 | 'server_url': None, |
|
|
109 | 'is_shadow_repo': False, | |
|
|
110 | 'hooks_module': 'rhodecode.lib.hooks_daemon', | |
|
|
109 | 'user_agent': 'ssh-user-agent', | |
|
|
111 | 110 | 'hooks': ['push', 'pull'], |
|
|
111 | 'hooks_module': 'rhodecode.lib.hooks_daemon', | |
|
|
112 | 'is_shadow_repo': False, | |
|
|
113 | 'detect_force_push': False, | |
|
|
114 | 'check_branch_perms': False, | |
|
|
115 | ||
|
|
112 | 116 | 'SSH': True, |
|
|
113 | 'SSH_PERMISSIONS': self.user_permissions.get(self.repo_name) | |
|
|
117 | 'SSH_PERMISSIONS': self.user_permissions.get(self.repo_name), | |
|
|
114 | 118 | } |
|
|
115 | 119 | if extras: |
|
|
116 | 120 | scm_data.update(extras) |
| @@ -139,8 +143,10 b' class VcsServer(object):' | |||
|
|
139 | 143 | |
|
|
140 | 144 | return exit_code, action == "push" |
|
|
141 | 145 | |
|
|
142 | def run(self): | |
|
|
146 | def run(self, tunnel_extras=None): | |
|
|
147 | tunnel_extras = tunnel_extras or {} | |
|
|
143 | 148 | extras = {} |
|
|
149 | extras.update(tunnel_extras) | |
|
|
144 | 150 | |
|
|
145 | 151 | callback_daemon, extras = prepare_callback_daemon( |
|
|
146 | 152 | extras, protocol=vcs_settings.HOOKS_PROTOCOL, |
| @@ -139,6 +139,9 b' class TestGitServer(object):' | |||
|
|
139 | 139 | 'hooks': ['push', 'pull'], |
|
|
140 | 140 | 'is_shadow_repo': False, |
|
|
141 | 141 | 'hooks_module': 'rhodecode.lib.hooks_daemon', |
|
|
142 | 'check_branch_perms': False, | |
|
|
143 | 'detect_force_push': False, | |
|
|
144 | 'user_agent': u'ssh-user-agent', | |
|
|
142 | 145 | 'SSH': True, |
|
|
143 | 146 | 'SSH_PERMISSIONS': 'repository.admin', |
|
|
144 | 147 | } |
| @@ -27,7 +27,7 b' class TestSSHWrapper(object):' | |||
|
|
27 | 27 | with pytest.raises(Exception) as exc_info: |
|
|
28 | 28 | ssh_wrapper.serve( |
|
|
29 | 29 | vcs='microsoft-tfs', repo='test-repo', mode=None, user='test', |
|
|
30 | permissions={}) | |
|
|
30 | permissions={}, branch_permissions={}) | |
|
|
31 | 31 | assert exc_info.value.message == 'Unrecognised VCS: microsoft-tfs' |
|
|
32 | 32 | |
|
|
33 | 33 | def test_parse_config(self, ssh_wrapper): |
| @@ -1362,8 +1362,11 b' class AuthUser(object):' | |||
|
|
1362 | 1362 | |
|
|
1363 | 1363 | def get_branch_permissions(self, repo_name, perms=None): |
|
|
1364 | 1364 | perms = perms or self.permissions_with_scope({'repo_name': repo_name}) |
|
|
1365 | branch_perms = perms.get('repository_branches') | |
|
|
1366 |
|
|
|
|
1365 | branch_perms = perms.get('repository_branches', {}) | |
|
|
1366 | if not branch_perms: | |
|
|
1367 | return {} | |
|
|
1368 | repo_branch_perms = branch_perms.get(repo_name) | |
|
|
1369 | return repo_branch_perms or {} | |
|
|
1367 | 1370 | |
|
|
1368 | 1371 | def get_rule_and_branch_permission(self, repo_name, branch_name): |
|
|
1369 | 1372 | """ |
| @@ -1373,11 +1376,7 b' class AuthUser(object):' | |||
|
|
1373 | 1376 | |
|
|
1374 | 1377 | rule = default_perm = '' |
|
|
1375 | 1378 | |
|
|
1376 | branch_perms = self.get_branch_permissions(repo_name=repo_name) | |
|
|
1377 | if not branch_perms: | |
|
|
1378 | return rule, default_perm | |
|
|
1379 | ||
|
|
1380 | repo_branch_perms = branch_perms.get(repo_name) | |
|
|
1379 | repo_branch_perms = self.get_branch_permissions(repo_name=repo_name) | |
|
|
1381 | 1380 | if not repo_branch_perms: |
|
|
1382 | 1381 | return rule, default_perm |
|
|
1383 | 1382 | |
| @@ -179,7 +179,9 b' def vcs_operation_context(' | |||
|
|
179 | 179 | settings_model = VcsSettingsModel(repo=repo_name) |
|
|
180 | 180 | ui_settings = settings_model.get_ui_settings() |
|
|
181 | 181 | |
|
|
182 | extras = { | |
|
|
182 | # NOTE(marcink): This should be also in sync with | |
|
|
183 | # rhodecode/apps/ssh_support/lib/backends/base.py:update_enviroment scm_data | |
|
|
184 | scm_data = { | |
|
|
183 | 185 | 'ip': get_ip_addr(environ), |
|
|
184 | 186 | 'username': username, |
|
|
185 | 187 | 'user_id': user_id, |
| @@ -196,7 +198,7 b' def vcs_operation_context(' | |||
|
|
196 | 198 | 'detect_force_push': detect_force_push, |
|
|
197 | 199 | 'check_branch_perms': check_branch_perms, |
|
|
198 | 200 | } |
|
|
199 |
return |
|
|
|
201 | return scm_data | |
|
|
200 | 202 | |
|
|
201 | 203 | |
|
|
202 | 204 | class BasicAuth(AuthBasicAuthenticator): |
General Comments 0
You need to be logged in to leave comments.
Login now