diff --git a/rhodecode/model/repo.py b/rhodecode/model/repo.py
--- a/rhodecode/model/repo.py
+++ b/rhodecode/model/repo.py
@@ -41,8 +41,9 @@ from rhodecode.model.db import Repositor
Statistics, UserGroup, UserGroupRepoToPerm, RhodeCodeUi, RepoGroup,\
RhodeCodeSetting, RepositoryField
from rhodecode.lib import helpers as h
-from rhodecode.lib.auth import HasRepoPermissionAny
+from rhodecode.lib.auth import HasRepoPermissionAny, HasUserGroupPermissionAny
from rhodecode.lib.exceptions import AttachedForksError
+from rhodecode.model.scm import UserGroupList
log = logging.getLogger(__name__)
@@ -140,7 +141,9 @@ class RepoModel(BaseModel):
def get_users_groups_js(self):
users_groups = self.sa.query(UserGroup)\
.filter(UserGroup.users_group_active == True).all()
-
+ users_groups = UserGroupList(users_groups, perm_set=['usergroup.read',
+ 'usergroup.write',
+ 'usergroup.admin'])
return json.dumps([
{
'id': gr.users_group_id,
@@ -472,9 +475,12 @@ class RepoModel(BaseModel):
repo=repo, user=member, perm=perm
)
else:
- self.grant_users_group_permission(
- repo=repo, group_name=member, perm=perm
- )
+ #check if we have permissions to alter this usergroup
+ if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
+ 'usergroup.admin')(member):
+ self.grant_users_group_permission(
+ repo=repo, group_name=member, perm=perm
+ )
# set new permissions
for member, perm, member_type in perms_new:
if member_type == 'user':
@@ -482,9 +488,12 @@ class RepoModel(BaseModel):
repo=repo, user=member, perm=perm
)
else:
- self.grant_users_group_permission(
- repo=repo, group_name=member, perm=perm
- )
+ #check if we have permissions to alter this usergroup
+ if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
+ 'usergroup.admin')(member):
+ self.grant_users_group_permission(
+ repo=repo, group_name=member, perm=perm
+ )
def create_fork(self, form_data, cur_user):
"""
diff --git a/rhodecode/model/repos_group.py b/rhodecode/model/repos_group.py
--- a/rhodecode/model/repos_group.py
+++ b/rhodecode/model/repos_group.py
@@ -169,6 +169,7 @@ class ReposGroupModel(BaseModel):
def _update_permissions(self, repos_group, perms_new=None,
perms_updates=None, recursive=False):
from rhodecode.model.repo import RepoModel
+ from rhodecode.lib.auth import HasUserGroupPermissionAny
if not perms_new:
perms_new = []
if not perms_updates:
@@ -220,13 +221,19 @@ class ReposGroupModel(BaseModel):
_set_perm_user(obj, user=member, perm=perm)
## set for user group
else:
- _set_perm_group(obj, users_group=member, perm=perm)
+ #check if we have permissions to alter this usergroup
+ if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
+ 'usergroup.admin')(member):
+ _set_perm_group(obj, users_group=member, perm=perm)
# set new permissions
for member, perm, member_type in perms_new:
if member_type == 'user':
_set_perm_user(obj, user=member, perm=perm)
else:
- _set_perm_group(obj, users_group=member, perm=perm)
+ #check if we have permissions to alter this usergroup
+ if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
+ 'usergroup.admin')(member):
+ _set_perm_group(obj, users_group=member, perm=perm)
updates.append(obj)
#if it's not recursive call
# break the loop and don't proceed with other changes
diff --git a/rhodecode/model/users_group.py b/rhodecode/model/users_group.py
--- a/rhodecode/model/users_group.py
+++ b/rhodecode/model/users_group.py
@@ -63,6 +63,7 @@ class UserGroupModel(BaseModel):
def _update_permissions(self, user_group, perms_new=None,
perms_updates=None):
+ from rhodecode.lib.auth import HasUserGroupPermissionAny
if not perms_new:
perms_new = []
if not perms_updates:
@@ -76,9 +77,12 @@ class UserGroupModel(BaseModel):
user_group=user_group, user=member, perm=perm
)
else:
- self.grant_users_group_permission(
- target_user_group=user_group, user_group=member, perm=perm
- )
+ #check if we have permissions to alter this usergroup
+ if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
+ 'usergroup.admin')(member):
+ self.grant_users_group_permission(
+ target_user_group=user_group, user_group=member, perm=perm
+ )
# set new permissions
for member, perm, member_type in perms_new:
if member_type == 'user':
@@ -86,9 +90,12 @@ class UserGroupModel(BaseModel):
user_group=user_group, user=member, perm=perm
)
else:
- self.grant_users_group_permission(
- target_user_group=user_group, user_group=member, perm=perm
- )
+ #check if we have permissions to alter this usergroup
+ if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
+ 'usergroup.admin')(member):
+ self.grant_users_group_permission(
+ target_user_group=user_group, user_group=member, perm=perm
+ )
def get(self, users_group_id, cache=False):
return UserGroup.get(users_group_id)