# HG changeset patch # User Marcin Kuzminski # Date 2011-03-09 18:47:52 # Node ID a8d759613d8ff3402ca9108c8390c6787bb70324 # Parent 143b37b7b4aa519ea64b9e982c5644edf93fe134 fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal and repositories feeds diff --git a/rhodecode/controllers/feed.py b/rhodecode/controllers/feed.py --- a/rhodecode/controllers/feed.py +++ b/rhodecode/controllers/feed.py @@ -39,7 +39,7 @@ log = logging.getLogger(__name__) class FeedController(BaseRepoController): - @LoginRequired() + @LoginRequired(api_access=True) @HasRepoPermissionAnyDecorator('repository.read', 'repository.write', 'repository.admin') def __before__(self): diff --git a/rhodecode/controllers/journal.py b/rhodecode/controllers/journal.py --- a/rhodecode/controllers/journal.py +++ b/rhodecode/controllers/journal.py @@ -46,7 +46,7 @@ log = logging.getLogger(__name__) class JournalController(BaseController): - @LoginRequired() + def __before__(self): super(JournalController, self).__before__() c.rhodecode_user = self.rhodecode_user @@ -55,6 +55,7 @@ class JournalController(BaseController): self.ttl = "5" self.feed_nr = 20 + @LoginRequired() @NotAnonymous() def index(self): # Return a rendered template @@ -117,6 +118,7 @@ class JournalController(BaseController): return journal + @LoginRequired() @NotAnonymous() def toggle_following(self): cur_token = request.POST.get('auth_token') @@ -147,7 +149,7 @@ class JournalController(BaseController): - + @LoginRequired() def public_journal(self): # Return a rendered template p = int(request.params.get('page', 1)) @@ -169,7 +171,7 @@ class JournalController(BaseController): return render('journal/public_journal.html') - + @LoginRequired(api_access=True) def public_journal_atom(self): """ Produce an atom-1.0 feed via feedgenerator module @@ -203,6 +205,7 @@ class JournalController(BaseController): response.content_type = feed.mime_type return feed.writeString('utf-8') + @LoginRequired(api_access=True) def public_journal_rss(self): """ Produce an rss2 feed via feedgenerator module diff --git a/rhodecode/lib/auth.py b/rhodecode/lib/auth.py --- a/rhodecode/lib/auth.py +++ b/rhodecode/lib/auth.py @@ -230,7 +230,7 @@ class AuthUser(object): def __init__(self, user_id=None, api_key=None): self.user_id = user_id - self.api_key = api_key + self.api_key = None self.username = 'None' self.name = '' @@ -239,19 +239,19 @@ class AuthUser(object): self.is_authenticated = False self.admin = False self.permissions = {} + self._api_key = api_key self.propagate_data() def propagate_data(self): user_model = UserModel() - if self.api_key: + self.anonymous_user = user_model.get_by_username('default', cache=True) + if self._api_key: #try go get user by api key - log.debug('Auth User lookup by API KEY %s', self.api_key) - user_model.fill_data(self, api_key=self.api_key) + log.debug('Auth User lookup by API KEY %s', self._api_key) + user_model.fill_data(self, api_key=self._api_key) else: log.debug('Auth User lookup by USER ID %s', self.user_id) - self.anonymous_user = user_model.get_by_username('default', cache=True) - if self.user_id is not None and self.user_id != self.anonymous_user.user_id: user_model.fill_data(self, user_id=self.user_id) else: diff --git a/rhodecode/model/user.py b/rhodecode/model/user.py --- a/rhodecode/model/user.py +++ b/rhodecode/model/user.py @@ -230,7 +230,7 @@ class UserModel(BaseModel): :param user_id: user id to fetch by :param api_key: api key to fetch by """ - if not user_id and not not api_key: + if user_id is None and api_key is None: raise Exception('You need to pass user_id or api_key') try: @@ -239,9 +239,10 @@ class UserModel(BaseModel): else: dbuser = self.get(user_id) - log.debug('filling %s data', dbuser) - for k, v in dbuser.get_dict().items(): - setattr(auth_user, k, v) + if dbuser is not None: + log.debug('filling %s data', dbuser) + for k, v in dbuser.get_dict().items(): + setattr(auth_user, k, v) except: log.error(traceback.format_exc())