##// END OF EJS Templates
security: make sure the admin of repo can only delete comments which are from the same repo....
security: make sure the admin of repo can only delete comments which are from the same repo. - fixes IDOR issue - protects against other people comment deletion by repo admins.

File last commit:

r1788:18fc0f0e default
r1818:1ced1b24 default
Show More
__init__.py
153 lines | 5.1 KiB | text/x-python | PythonLexer
repositories: enabled support for maintenance commands....
r1555 # -*- coding: utf-8 -*-
# Copyright (C) 2016-2017 RhodeCode GmbH
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
repo-summary: re-implemented summary view as pyramid....
r1785 from rhodecode.apps._base import add_route_with_slash
repositories: enabled support for maintenance commands....
r1555
def includeme(config):
repo-settings: moved advanced setion into pyramid views....
r1751 # Summary
repo-summary: re-implemented summary view as pyramid....
r1785 # NOTE(marcink): one additional route is defined in very bottom, catch
# all pattern
home: moved home and repo group views into pyramid....
r1774 config.add_route(
repo-settings: moved advanced setion into pyramid views....
r1751 name='repo_summary_explicit',
pattern='/{repo_name:.*?[^/]}/summary', repo_route=True)
repo-summary: re-implemented summary view as pyramid....
r1785 config.add_route(
name='repo_summary_commits',
pattern='/{repo_name:.*?[^/]}/summary-commits', repo_route=True)
events: expose permalink urls for different set of object....
r1788 # repo commits
config.add_route(
name='repo_commit',
pattern='/{repo_name:.*?[^/]}/changeset/{commit_id}', repo_route=True)
repo-summary: re-implemented summary view as pyramid....
r1785 # refs data
config.add_route(
name='repo_refs_data',
pattern='/{repo_name:.*?[^/]}/refs-data', repo_route=True)
config.add_route(
name='repo_refs_changelog_data',
pattern='/{repo_name:.*?[^/]}/refs-data-changelog', repo_route=True)
config.add_route(
name='repo_stats',
pattern='/{repo_name:.*?[^/]}/repo_stats/{commit_id}', repo_route=True)
repo-settings: moved advanced setion into pyramid views....
r1751
tags/branches/bookmarks: moved views into pyramid.
r1746 # Tags
config.add_route(
name='tags_home',
pattern='/{repo_name:.*?[^/]}/tags', repo_route=True)
# Branches
config.add_route(
name='branches_home',
pattern='/{repo_name:.*?[^/]}/branches', repo_route=True)
config.add_route(
name='bookmarks_home',
pattern='/{repo_name:.*?[^/]}/bookmarks', repo_route=True)
audit-logs: introduced new view to replace admin journal....
r1758 # Pull Requests
config.add_route(
name='pullrequest_show',
pattern='/{repo_name:.*?[^/]}/pull-request/{pull_request_id}',
repo_route=True)
pull-requests: moved the listing of pull requests for repo into pyramid....
r1766 config.add_route(
name='pullrequest_show_all',
pattern='/{repo_name:.*?[^/]}/pull-request',
repo_route=True, repo_accepted_types=['hg', 'git'])
config.add_route(
name='pullrequest_show_all_data',
pattern='/{repo_name:.*?[^/]}/pull-request-data',
repo_route=True, repo_accepted_types=['hg', 'git'])
repo-settings: converted repo settings to pyramid...
r1716 # Settings
config.add_route(
name='edit_repo',
pattern='/{repo_name:.*?[^/]}/settings', repo_route=True)
repo-settings: moved advanced setion into pyramid views....
r1751 # Settings advanced
config.add_route(
name='edit_repo_advanced',
pattern='/{repo_name:.*?[^/]}/settings/advanced', repo_route=True)
config.add_route(
name='edit_repo_advanced_delete',
pattern='/{repo_name:.*?[^/]}/settings/advanced/delete', repo_route=True)
config.add_route(
name='edit_repo_advanced_locking',
pattern='/{repo_name:.*?[^/]}/settings/advanced/locking', repo_route=True)
config.add_route(
name='edit_repo_advanced_journal',
pattern='/{repo_name:.*?[^/]}/settings/advanced/journal', repo_route=True)
config.add_route(
name='edit_repo_advanced_fork',
pattern='/{repo_name:.*?[^/]}/settings/advanced/fork', repo_route=True)
repo-caches: moved view into pyramid.
r1722 # Caches
config.add_route(
name='edit_repo_caches',
pattern='/{repo_name:.*?[^/]}/settings/caches', repo_route=True)
repo-permissions: moved permissions into pyramid....
r1734 # Permissions
config.add_route(
name='edit_repo_perms',
pattern='/{repo_name:.*?[^/]}/settings/permissions', repo_route=True)
repo-reviewers: expose a default placeholder on CE edition....
r1725 # Repo Review Rules
config.add_route(
name='repo_reviewers',
pattern='/{repo_name:.*?[^/]}/settings/review/rules', repo_route=True)
reviewers: moved the new v1 api of default reviewers into pyramid view....
r1767 config.add_route(
name='repo_default_reviewers_data',
pattern='/{repo_name:.*?[^/]}/settings/review/default-reviewers', repo_route=True)
repo-caches: moved view into pyramid.
r1722 # Maintenance
repositories: enabled support for maintenance commands....
r1555 config.add_route(
name='repo_maintenance',
repo-settings: unify the URL schemas and always use settings/ for repo based...
r1745 pattern='/{repo_name:.*?[^/]}/settings/maintenance', repo_route=True)
repositories: enabled support for maintenance commands....
r1555
config.add_route(
name='repo_maintenance_execute',
repo-settings: unify the URL schemas and always use settings/ for repo based...
r1745 pattern='/{repo_name:.*?[^/]}/settings/maintenance/execute', repo_route=True)
repositories: enabled support for maintenance commands....
r1555
Bartłomiej Wołyńczyk
strip: added functionality to stip choosen commits on repo settings
r1587 # Strip
config.add_route(
name='strip',
repo-settings: unify the URL schemas and always use settings/ for repo based...
r1745 pattern='/{repo_name:.*?[^/]}/settings/strip', repo_route=True)
Bartłomiej Wołyńczyk
strip: added functionality to stip choosen commits on repo settings
r1587
config.add_route(
name='strip_check',
repo-settings: unify the URL schemas and always use settings/ for repo based...
r1745 pattern='/{repo_name:.*?[^/]}/settings/strip_check', repo_route=True)
Bartłomiej Wołyńczyk
strip: added functionality to stip choosen commits on repo settings
r1587
config.add_route(
name='strip_execute',
repo-settings: unify the URL schemas and always use settings/ for repo based...
r1745 pattern='/{repo_name:.*?[^/]}/settings/strip_execute', repo_route=True)
repo-settings: moved advanced setion into pyramid views....
r1751
# NOTE(marcink): needs to be at the end for catch-all
repo-summary: re-implemented summary view as pyramid....
r1785 add_route_with_slash(
config,
name='repo_summary',
pattern='/{repo_name:.*?[^/]}', repo_route=True)
repo-settings: moved advanced setion into pyramid views....
r1751
repositories: enabled support for maintenance commands....
r1555 # Scan module for configuration decorators.
config.scan()