u/pc/rhodecode-enterprise-ce-fork-pc Files · rhodecode/lib/dbmigrate/migrate/versioning/util/keyedinstance.py

security: make sure the admin of repo can only delete comments which are from the same repo....

security: make sure the admin of repo can only delete comments which are from the same repo. - fixes IDOR issue - protects against other people comment deletion by repo admins.

marcink - - Load All Authors

File last commit:

r1:854a839a default


                r1818:1ced1b24

default

Download file

             keyedinstance.py
        
                    36 lines
            
             | 1.1 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / rhodecode / lib / dbmigrate / migrate / versioning / util / keyedinstance.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      #!/usr/bin/env python

      # -*- coding: utf-8 -*-

      class KeyedInstance(object):

          """A class whose instances have a unique identifier of some sort

          No two instances with the same unique ID should exist - if we try to create

          a second instance, the first should be returned.

          """

          _instances = {}

          def __new__(cls, *p, **k):

              instances = cls._instances

              clskey = str(cls)

              if clskey not in instances:

                  instances[clskey] = {}

              instances = instances[clskey]

              key = cls._key(*p, **k)

              if key not in instances:

                  instances[key] = super(KeyedInstance, cls).__new__(cls)

              return instances[key]

          @classmethod

          def _key(cls, *p, **k):

              """Given a unique identifier, return a dictionary key

              This should be overridden by child classes, to specify which parameters

              should determine an object's uniqueness

              """

              raise NotImplementedError()

          @classmethod

          def clear(cls):

              # Allow cls.clear() as well as uniqueInstance.clear(cls)

              if str(cls) in cls._instances:

                  del cls._instances[str(cls)]

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				#!/usr/bin/env python
				# -- coding: utf-8 --

				class KeyedInstance(object):
				"""A class whose instances have a unique identifier of some sort
				No two instances with the same unique ID should exist - if we try to create
				a second instance, the first should be returned.
				"""

				_instances = {}

				def __new__(cls, p, *k):
				instances = cls._instances
				clskey = str(cls)
				if clskey not in instances:
				instances[clskey] = {}
				instances = instances[clskey]

				key = cls._key(p, *k)
				if key not in instances:
				instances[key] = super(KeyedInstance, cls).__new__(cls)
				return instances[key]

				@classmethod
				def _key(cls, p, *k):
				"""Given a unique identifier, return a dictionary key
				This should be overridden by child classes, to specify which parameters
				should determine an object's uniqueness
				"""
				raise NotImplementedError()

				@classmethod
				def clear(cls):
				# Allow cls.clear() as well as uniqueInstance.clear(cls)
				if str(cls) in cls._instances:
				del cls._instances[str(cls)]