##// END OF EJS Templates
repo_groups: fix bad route on check if revoke permissions on yourself.
marcink -
r2248:c8e71b47 stable
parent child Browse files
Show More
@@ -1,100 +1,100 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2011-2017 RhodeCode GmbH
3 # Copyright (C) 2011-2017 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import logging
21 import logging
22
22
23 from pyramid.view import view_config
23 from pyramid.view import view_config
24 from pyramid.httpexceptions import HTTPFound
24 from pyramid.httpexceptions import HTTPFound
25
25
26 from rhodecode.apps._base import RepoGroupAppView
26 from rhodecode.apps._base import RepoGroupAppView
27 from rhodecode.lib import helpers as h
27 from rhodecode.lib import helpers as h
28 from rhodecode.lib import audit_logger
28 from rhodecode.lib import audit_logger
29 from rhodecode.lib.auth import (
29 from rhodecode.lib.auth import (
30 LoginRequired, HasRepoGroupPermissionAnyDecorator, CSRFRequired)
30 LoginRequired, HasRepoGroupPermissionAnyDecorator, CSRFRequired)
31 from rhodecode.model.repo_group import RepoGroupModel
31 from rhodecode.model.repo_group import RepoGroupModel
32 from rhodecode.model.forms import RepoGroupPermsForm
32 from rhodecode.model.forms import RepoGroupPermsForm
33 from rhodecode.model.meta import Session
33 from rhodecode.model.meta import Session
34
34
35 log = logging.getLogger(__name__)
35 log = logging.getLogger(__name__)
36
36
37
37
38 class RepoGroupPermissionsView(RepoGroupAppView):
38 class RepoGroupPermissionsView(RepoGroupAppView):
39 def load_default_context(self):
39 def load_default_context(self):
40 c = self._get_local_tmpl_context()
40 c = self._get_local_tmpl_context()
41 self._register_global_c(c)
41 self._register_global_c(c)
42 return c
42 return c
43
43
44 @LoginRequired()
44 @LoginRequired()
45 @HasRepoGroupPermissionAnyDecorator('group.admin')
45 @HasRepoGroupPermissionAnyDecorator('group.admin')
46 @view_config(
46 @view_config(
47 route_name='edit_repo_group_perms', request_method='GET',
47 route_name='edit_repo_group_perms', request_method='GET',
48 renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
48 renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
49 def edit_repo_group_permissions(self):
49 def edit_repo_group_permissions(self):
50 c = self.load_default_context()
50 c = self.load_default_context()
51 c.active = 'permissions'
51 c.active = 'permissions'
52 c.repo_group = self.db_repo_group
52 c.repo_group = self.db_repo_group
53 return self._get_template_context(c)
53 return self._get_template_context(c)
54
54
55 @LoginRequired()
55 @LoginRequired()
56 @HasRepoGroupPermissionAnyDecorator('group.admin')
56 @HasRepoGroupPermissionAnyDecorator('group.admin')
57 @CSRFRequired()
57 @CSRFRequired()
58 @view_config(
58 @view_config(
59 route_name='edit_repo_group_perms_update', request_method='POST',
59 route_name='edit_repo_group_perms_update', request_method='POST',
60 renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
60 renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
61 def edit_repo_groups_permissions_update(self):
61 def edit_repo_groups_permissions_update(self):
62 _ = self.request.translate
62 _ = self.request.translate
63 c = self.load_default_context()
63 c = self.load_default_context()
64 c.active = 'perms'
64 c.active = 'perms'
65 c.repo_group = self.db_repo_group
65 c.repo_group = self.db_repo_group
66
66
67 valid_recursive_choices = ['none', 'repos', 'groups', 'all']
67 valid_recursive_choices = ['none', 'repos', 'groups', 'all']
68 form = RepoGroupPermsForm(valid_recursive_choices)()\
68 form = RepoGroupPermsForm(valid_recursive_choices)()\
69 .to_python(self.request.POST)
69 .to_python(self.request.POST)
70
70
71 if not c.rhodecode_user.is_admin:
71 if not c.rhodecode_user.is_admin:
72 if self._revoke_perms_on_yourself(form):
72 if self._revoke_perms_on_yourself(form):
73 msg = _('Cannot change permission for yourself as admin')
73 msg = _('Cannot change permission for yourself as admin')
74 h.flash(msg, category='warning')
74 h.flash(msg, category='warning')
75 raise HTTPFound(
75 raise HTTPFound(
76 h.route_path('edit_repo_group_perms',
76 h.route_path('edit_repo_group_perms',
77 group_name=self.db_repo_group_name))
77 repo_group_name=self.db_repo_group_name))
78
78
79 # iterate over all members(if in recursive mode) of this groups and
79 # iterate over all members(if in recursive mode) of this groups and
80 # set the permissions !
80 # set the permissions !
81 # this can be potentially heavy operation
81 # this can be potentially heavy operation
82 changes = RepoGroupModel().update_permissions(
82 changes = RepoGroupModel().update_permissions(
83 c.repo_group,
83 c.repo_group,
84 form['perm_additions'], form['perm_updates'], form['perm_deletions'],
84 form['perm_additions'], form['perm_updates'], form['perm_deletions'],
85 form['recursive'])
85 form['recursive'])
86
86
87 action_data = {
87 action_data = {
88 'added': changes['added'],
88 'added': changes['added'],
89 'updated': changes['updated'],
89 'updated': changes['updated'],
90 'deleted': changes['deleted'],
90 'deleted': changes['deleted'],
91 }
91 }
92 audit_logger.store_web(
92 audit_logger.store_web(
93 'repo_group.edit.permissions', action_data=action_data,
93 'repo_group.edit.permissions', action_data=action_data,
94 user=c.rhodecode_user)
94 user=c.rhodecode_user)
95
95
96 Session().commit()
96 Session().commit()
97 h.flash(_('Repository Group permissions updated'), category='success')
97 h.flash(_('Repository Group permissions updated'), category='success')
98 raise HTTPFound(
98 raise HTTPFound(
99 h.route_path('edit_repo_group_perms',
99 h.route_path('edit_repo_group_perms',
100 repo_group_name=self.db_repo_group_name))
100 repo_group_name=self.db_repo_group_name))
General Comments 0
You need to be logged in to leave comments. Login now