# HG changeset patch # User Marcin Kuzminski # Date 2013-03-28 01:11:26 # Node ID c734686b3cf279ba32e50449050c55739dff8388 # Parent 32cb8d45f330741848ab19c072424d8386ed42ea moved permission management into separate entity. - this solves issues when whole form submision could influence permission management particular case is that when repo group permission is revoked and user is no longer able to update repository settings diff --git a/rhodecode/config/routing.py b/rhodecode/config/routing.py --- a/rhodecode/config/routing.py +++ b/rhodecode/config/routing.py @@ -127,6 +127,11 @@ def make_map(config): m.connect("formatted_repo", "/repos/{repo_name:.*?}.{format}", action="show", conditions=dict(method=["GET"], function=check_repo)) + #add repo perm member + m.connect('set_repo_perm_member', "/set_repo_perm_member/{repo_name:.*?}", + action="set_repo_perm_member", + conditions=dict(method=["POST"], function=check_repo)) + #ajax delete repo perm user m.connect('delete_repo_user', "/repos_delete_user/{repo_name:.*?}", action="delete_perm_user", diff --git a/rhodecode/controllers/admin/repos.py b/rhodecode/controllers/admin/repos.py --- a/rhodecode/controllers/admin/repos.py +++ b/rhodecode/controllers/admin/repos.py @@ -45,7 +45,7 @@ from rhodecode.lib.helpers import get_to from rhodecode.model.meta import Session from rhodecode.model.db import User, Repository, UserFollowing, RepoGroup,\ RhodeCodeSetting, RepositoryField -from rhodecode.model.forms import RepoForm, RepoFieldForm +from rhodecode.model.forms import RepoForm, RepoFieldForm, RepoPermsForm from rhodecode.model.scm import ScmModel, GroupList from rhodecode.model.repo import RepoModel from rhodecode.lib.compat import json @@ -330,6 +330,42 @@ class ReposController(BaseRepoController return redirect(url('repos')) @HasRepoPermissionAllDecorator('repository.admin') + def set_repo_perm_member(self, repo_name): + form = RepoPermsForm()().to_python(request.POST) + + perms_new = form['perms_new'] + perms_updates = form['perms_updates'] + cur_repo = repo_name + + # update permissions + for member, perm, member_type in perms_updates: + if member_type == 'user': + # this updates existing one + RepoModel().grant_user_permission( + repo=cur_repo, user=member, perm=perm + ) + else: + RepoModel().grant_users_group_permission( + repo=cur_repo, group_name=member, perm=perm + ) + # set new permissions + for member, perm, member_type in perms_new: + if member_type == 'user': + RepoModel().grant_user_permission( + repo=cur_repo, user=member, perm=perm + ) + else: + RepoModel().grant_users_group_permission( + repo=cur_repo, group_name=member, perm=perm + ) + #TODO: implement this + #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions', + # repo_name, self.ip_addr, self.sa) + Session().commit() + h.flash(_('updated repository permissions'), category='success') + return redirect(url('edit_repo', repo_name=repo_name)) + + @HasRepoPermissionAllDecorator('repository.admin') def delete_perm_user(self, repo_name): """ DELETE an existing repository permission user @@ -339,6 +375,9 @@ class ReposController(BaseRepoController try: RepoModel().revoke_user_permission(repo=repo_name, user=request.POST['user_id']) + #TODO: implement this + #action_logger(self.rhodecode_user, 'admin_revoked_repo_permissions', + # repo_name, self.ip_addr, self.sa) Session().commit() except Exception: log.error(traceback.format_exc()) diff --git a/rhodecode/model/forms.py b/rhodecode/model/forms.py --- a/rhodecode/model/forms.py +++ b/rhodecode/model/forms.py @@ -199,11 +199,18 @@ def RepoForm(edit=False, old_data={}, su user = All(v.UnicodeString(not_empty=True), v.ValidRepoUser()) chained_validators = [v.ValidCloneUri(), - v.ValidRepoName(edit, old_data), - v.ValidPerms()] + v.ValidRepoName(edit, old_data)] return _RepoForm +def RepoPermsForm(): + class _RepoPermsForm(formencode.Schema): + allow_extra_fields = True + filter_extra_fields = False + chained_validators = [v.ValidPerms()] + return _RepoPermsForm + + def RepoFieldForm(): class _RepoFieldForm(formencode.Schema): filter_extra_fields = True diff --git a/rhodecode/model/repo.py b/rhodecode/model/repo.py --- a/rhodecode/model/repo.py +++ b/rhodecode/model/repo.py @@ -279,28 +279,6 @@ class RepoModel(BaseModel): try: cur_repo = self.get_by_repo_name(org_repo_name, cache=False) - # update permissions - for member, perm, member_type in kwargs['perms_updates']: - if member_type == 'user': - # this updates existing one - RepoModel().grant_user_permission( - repo=cur_repo, user=member, perm=perm - ) - else: - RepoModel().grant_users_group_permission( - repo=cur_repo, group_name=member, perm=perm - ) - # set new permissions - for member, perm, member_type in kwargs['perms_new']: - if member_type == 'user': - RepoModel().grant_user_permission( - repo=cur_repo, user=member, perm=perm - ) - else: - RepoModel().grant_users_group_permission( - repo=cur_repo, group_name=member, perm=perm - ) - if 'user' in kwargs: cur_repo.user = User.get_by_username(kwargs['user']) diff --git a/rhodecode/templates/admin/repos/repo_edit.html b/rhodecode/templates/admin/repos/repo_edit.html --- a/rhodecode/templates/admin/repos/repo_edit.html +++ b/rhodecode/templates/admin/repos/repo_edit.html @@ -144,15 +144,6 @@ %endfor %endif -
-
- -
-
- <%include file="repo_edit_perms.html"/> -
-
-
${h.submit('save',_('Save'),class_="ui-btn large")} ${h.reset('reset',_('Reset'),class_="ui-btn large")} @@ -164,6 +155,31 @@
+
${_('Permissions')}
+
+ ${h.form(url('set_repo_perm_member', repo_name=c.repo_info.repo_name),method='post')} +
+
+
+
+ +
+
+ <%include file="repo_edit_perms.html"/> +
+
+
+ ${h.submit('save',_('Save'),class_="ui-btn large")} + ${h.reset('reset',_('Reset'),class_="ui-btn large")} +
+
+
+ ${h.end_form()} +
+ + +
+
${_('Advanced settings')}