Show More
@@ -28,7 +28,7 b' import traceback' | |||||
28 | import formencode |
|
28 | import formencode | |
29 | from formencode import htmlfill |
|
29 | from formencode import htmlfill | |
30 |
|
30 | |||
31 | from webob.exc import HTTPInternalServerError |
|
31 | from webob.exc import HTTPInternalServerError, HTTPForbidden | |
32 | from pylons import request, session, tmpl_context as c, url |
|
32 | from pylons import request, session, tmpl_context as c, url | |
33 | from pylons.controllers.util import redirect |
|
33 | from pylons.controllers.util import redirect | |
34 | from pylons.i18n.translation import _ |
|
34 | from pylons.i18n.translation import _ | |
@@ -37,7 +37,8 b' from sqlalchemy.exc import IntegrityErro' | |||||
37 | import rhodecode |
|
37 | import rhodecode | |
38 | from rhodecode.lib import helpers as h |
|
38 | from rhodecode.lib import helpers as h | |
39 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \ |
|
39 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \ | |
40 | HasPermissionAnyDecorator, HasRepoPermissionAllDecorator |
|
40 | HasPermissionAnyDecorator, HasRepoPermissionAllDecorator, NotAnonymous,\ | |
|
41 | HasPermissionAny, HasReposGroupPermissionAny | |||
41 | from rhodecode.lib.base import BaseRepoController, render |
|
42 | from rhodecode.lib.base import BaseRepoController, render | |
42 | from rhodecode.lib.utils import invalidate_cache, action_logger, repo_name_slug |
|
43 | from rhodecode.lib.utils import invalidate_cache, action_logger, repo_name_slug | |
43 | from rhodecode.lib.helpers import get_token |
|
44 | from rhodecode.lib.helpers import get_token | |
@@ -61,7 +62,6 b' class ReposController(BaseRepoController' | |||||
61 | # map.resource('repo', 'repos') |
|
62 | # map.resource('repo', 'repos') | |
62 |
|
63 | |||
63 | @LoginRequired() |
|
64 | @LoginRequired() | |
64 | @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository') |
|
|||
65 | def __before__(self): |
|
65 | def __before__(self): | |
66 | c.admin_user = session.get('admin_user') |
|
66 | c.admin_user = session.get('admin_user') | |
67 | c.admin_username = session.get('admin_username') |
|
67 | c.admin_username = session.get('admin_username') | |
@@ -148,7 +148,7 b' class ReposController(BaseRepoController' | |||||
148 |
|
148 | |||
149 | return render('admin/repos/repos.html') |
|
149 | return render('admin/repos/repos.html') | |
150 |
|
150 | |||
151 | @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository') |
|
151 | @NotAnonymous() | |
152 | def create(self): |
|
152 | def create(self): | |
153 | """ |
|
153 | """ | |
154 | POST /repos: Create a new item""" |
|
154 | POST /repos: Create a new item""" | |
@@ -160,6 +160,20 b' class ReposController(BaseRepoController' | |||||
160 | form_result = RepoForm(repo_groups=c.repo_groups_choices, |
|
160 | form_result = RepoForm(repo_groups=c.repo_groups_choices, | |
161 | landing_revs=c.landing_revs_choices)()\ |
|
161 | landing_revs=c.landing_revs_choices)()\ | |
162 | .to_python(dict(request.POST)) |
|
162 | .to_python(dict(request.POST)) | |
|
163 | #we check ACLs after form, since we want to display nicer errors | |||
|
164 | #if form forbids creation of repos inside a group we don't have | |||
|
165 | #perms for | |||
|
166 | if not HasPermissionAny('hg.admin', 'hg.create.repository')(): | |||
|
167 | #you're not super admin nor have global create permissions, | |||
|
168 | #but maybe you have at least write permission to a parent group ? | |||
|
169 | parent_group = request.POST.get('repo_group') | |||
|
170 | _gr = RepoGroup.get(parent_group) | |||
|
171 | gr_name = _gr.group_name if _gr else None | |||
|
172 | if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name): | |||
|
173 | msg = _('no permission to create repository in root location') | |||
|
174 | raise formencode.Invalid('', form_result, None, | |||
|
175 | error_dict={'repo_group': msg}) | |||
|
176 | ||||
163 | new_repo = RepoModel().create(form_result, |
|
177 | new_repo = RepoModel().create(form_result, | |
164 | self.rhodecode_user.user_id) |
|
178 | self.rhodecode_user.user_id) | |
165 | if form_result['clone_uri']: |
|
179 | if form_result['clone_uri']: | |
@@ -181,16 +195,8 b' class ReposController(BaseRepoController' | |||||
181 | self.sa) |
|
195 | self.sa) | |
182 | Session().commit() |
|
196 | Session().commit() | |
183 | except formencode.Invalid, errors: |
|
197 | except formencode.Invalid, errors: | |
184 |
|
||||
185 | c.new_repo = errors.value['repo_name'] |
|
|||
186 |
|
||||
187 | if request.POST.get('user_created'): |
|
|||
188 | r = render('admin/repos/repo_add_create_repository.html') |
|
|||
189 | else: |
|
|||
190 | r = render('admin/repos/repo_add.html') |
|
|||
191 |
|
||||
192 | return htmlfill.render( |
|
198 | return htmlfill.render( | |
193 | r, |
|
199 | render('admin/repos/repo_add.html'), | |
194 | defaults=errors.value, |
|
200 | defaults=errors.value, | |
195 | errors=errors.error_dict or {}, |
|
201 | errors=errors.error_dict or {}, | |
196 | prefix_error=False, |
|
202 | prefix_error=False, | |
@@ -201,7 +207,9 b' class ReposController(BaseRepoController' | |||||
201 | msg = _('error occurred during creation of repository %s') \ |
|
207 | msg = _('error occurred during creation of repository %s') \ | |
202 | % form_result.get('repo_name') |
|
208 | % form_result.get('repo_name') | |
203 | h.flash(msg, category='error') |
|
209 | h.flash(msg, category='error') | |
204 | return redirect(url('repos')) |
|
210 | if c.rhodecode_user.is_admin: | |
|
211 | return redirect(url('repos')) | |||
|
212 | return redirect(url('home')) | |||
205 | #redirect to our new repo ! |
|
213 | #redirect to our new repo ! | |
206 | return redirect(url('summary_home', repo_name=new_repo.repo_name)) |
|
214 | return redirect(url('summary_home', repo_name=new_repo.repo_name)) | |
207 |
|
215 | |||
@@ -213,10 +221,7 b' class ReposController(BaseRepoController' | |||||
213 | GET /repos/new: Form to create a new item |
|
221 | GET /repos/new: Form to create a new item | |
214 | """ |
|
222 | """ | |
215 |
|
223 | |||
216 | new_repo = request.GET.get('repo', '') |
|
|||
217 | parent_group = request.GET.get('parent_group') |
|
224 | parent_group = request.GET.get('parent_group') | |
218 |
|
||||
219 | c.new_repo = repo_name_slug(new_repo) |
|
|||
220 | self.__load_defaults() |
|
225 | self.__load_defaults() | |
221 | ## apply the defaults from defaults page |
|
226 | ## apply the defaults from defaults page | |
222 | defaults = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True) |
|
227 | defaults = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True) |
@@ -37,7 +37,8 b' from pylons.i18n.translation import _' | |||||
37 |
|
37 | |||
38 | from rhodecode.lib import helpers as h |
|
38 | from rhodecode.lib import helpers as h | |
39 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \ |
|
39 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \ | |
40 | HasPermissionAnyDecorator, NotAnonymous |
|
40 | HasPermissionAnyDecorator, NotAnonymous, HasPermissionAny,\ | |
|
41 | HasReposGroupPermissionAll, HasReposGroupPermissionAny | |||
41 | from rhodecode.lib.base import BaseController, render |
|
42 | from rhodecode.lib.base import BaseController, render | |
42 | from rhodecode.lib.celerylib import tasks, run_task |
|
43 | from rhodecode.lib.celerylib import tasks, run_task | |
43 | from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \ |
|
44 | from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \ | |
@@ -54,6 +55,7 b' from rhodecode.model.notification import' | |||||
54 | from rhodecode.model.meta import Session |
|
55 | from rhodecode.model.meta import Session | |
55 | from rhodecode.lib.utils2 import str2bool, safe_unicode |
|
56 | from rhodecode.lib.utils2 import str2bool, safe_unicode | |
56 | from rhodecode.lib.compat import json |
|
57 | from rhodecode.lib.compat import json | |
|
58 | from webob.exc import HTTPForbidden | |||
57 | log = logging.getLogger(__name__) |
|
59 | log = logging.getLogger(__name__) | |
58 |
|
60 | |||
59 |
|
61 | |||
@@ -484,9 +486,17 b' class SettingsController(BaseController)' | |||||
484 | return render('admin/users/user_edit_my_account_pullrequests.html') |
|
486 | return render('admin/users/user_edit_my_account_pullrequests.html') | |
485 |
|
487 | |||
486 | @NotAnonymous() |
|
488 | @NotAnonymous() | |
487 | @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository') |
|
|||
488 | def create_repository(self): |
|
489 | def create_repository(self): | |
489 | """GET /_admin/create_repository: Form to create a new item""" |
|
490 | """GET /_admin/create_repository: Form to create a new item""" | |
|
491 | new_repo = request.GET.get('repo', '') | |||
|
492 | parent_group = request.GET.get('parent_group') | |||
|
493 | if not HasPermissionAny('hg.admin', 'hg.create.repository')(): | |||
|
494 | #you're not super admin nor have global create permissions, | |||
|
495 | #but maybe you have at least write permission to a parent group ? | |||
|
496 | _gr = RepoGroup.get(parent_group) | |||
|
497 | gr_name = _gr.group_name if _gr else None | |||
|
498 | if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name): | |||
|
499 | raise HTTPForbidden | |||
490 |
|
500 | |||
491 | acl_groups = GroupList(RepoGroup.query().all(), |
|
501 | acl_groups = GroupList(RepoGroup.query().all(), | |
492 | perm_set=['group.write', 'group.admin']) |
|
502 | perm_set=['group.write', 'group.admin']) | |
@@ -494,8 +504,6 b' class SettingsController(BaseController)' | |||||
494 | c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) |
|
504 | c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) | |
495 | choices, c.landing_revs = ScmModel().get_repo_landing_revs() |
|
505 | choices, c.landing_revs = ScmModel().get_repo_landing_revs() | |
496 |
|
506 | |||
497 | new_repo = request.GET.get('repo', '') |
|
|||
498 | parent_group = request.GET.get('parent_group') |
|
|||
499 | c.new_repo = repo_name_slug(new_repo) |
|
507 | c.new_repo = repo_name_slug(new_repo) | |
500 |
|
508 | |||
501 | ## apply the defaults from defaults page |
|
509 | ## apply the defaults from defaults page | |
@@ -504,7 +512,7 b' class SettingsController(BaseController)' | |||||
504 | defaults.update({'repo_group': parent_group}) |
|
512 | defaults.update({'repo_group': parent_group}) | |
505 |
|
513 | |||
506 | return htmlfill.render( |
|
514 | return htmlfill.render( | |
507 |
render('admin/repos/repo_add |
|
515 | render('admin/repos/repo_add.html'), | |
508 | defaults=defaults, |
|
516 | defaults=defaults, | |
509 | errors={}, |
|
517 | errors={}, | |
510 | prefix_error=False, |
|
518 | prefix_error=False, |
@@ -6,9 +6,15 b'' | |||||
6 | </%def> |
|
6 | </%def> | |
7 |
|
7 | |||
8 | <%def name="breadcrumbs_links()"> |
|
8 | <%def name="breadcrumbs_links()"> | |
|
9 | %if c.rhodecode_user.is_admin: | |||
9 | ${h.link_to(_('Admin'),h.url('admin_home'))} |
|
10 | ${h.link_to(_('Admin'),h.url('admin_home'))} | |
10 | » |
|
11 | » | |
11 | ${h.link_to(_('Repositories'),h.url('repos'))} |
|
12 | ${h.link_to(_('Repositories'),h.url('repos'))} | |
|
13 | %else: | |||
|
14 | ${_('Admin')} | |||
|
15 | » | |||
|
16 | ${_('Repositories')} | |||
|
17 | %endif | |||
12 | » |
|
18 | » | |
13 | ${_('add new')} |
|
19 | ${_('add new')} | |
14 | </%def> |
|
20 | </%def> |
@@ -9,8 +9,8 b'' | |||||
9 | <label for="repo_name">${_('Name')}:</label> |
|
9 | <label for="repo_name">${_('Name')}:</label> | |
10 | </div> |
|
10 | </div> | |
11 | <div class="input"> |
|
11 | <div class="input"> | |
12 |
${h.text('repo_name',c |
|
12 | ${h.text('repo_name',class_="small")} | |
13 | %if not h.HasPermissionAll('hg.admin')('repo create form'): |
|
13 | %if not c.rhodecode_user.is_admin: | |
14 | ${h.hidden('user_created',True)} |
|
14 | ${h.hidden('user_created',True)} | |
15 | %endif |
|
15 | %endif | |
16 | </div> |
|
16 | </div> |
@@ -7,12 +7,10 b'' | |||||
7 | </h5> |
|
7 | </h5> | |
8 | %if c.rhodecode_user.username != 'default': |
|
8 | %if c.rhodecode_user.username != 'default': | |
9 | <ul class="links"> |
|
9 | <ul class="links"> | |
10 | %if h.HasPermissionAny('hg.admin','hg.create.repository')(): |
|
10 | %if h.HasPermissionAny('hg.admin','hg.create.repository')() or h.HasReposGroupPermissionAny('group.write', 'group.admin')(c.group.group_name if c.group else None): | |
11 | <li> |
|
11 | <li> | |
12 | %if c.group: |
|
12 | %if c.group: | |
13 | %if h.HasReposGroupPermissionAny('group.write', 'group.admin')(c.group.group_name): |
|
|||
14 | <span>${h.link_to(_('Add repository'),h.url('admin_settings_create_repository',parent_group=c.group.group_id))}</span> |
|
13 | <span>${h.link_to(_('Add repository'),h.url('admin_settings_create_repository',parent_group=c.group.group_id))}</span> | |
15 | %endif |
|
|||
16 | %else: |
|
14 | %else: | |
17 | <span>${h.link_to(_('Add repository'),h.url('admin_settings_create_repository'))}</span> |
|
15 | <span>${h.link_to(_('Add repository'),h.url('admin_settings_create_repository'))}</span> | |
18 | %endif |
|
16 | %endif |
1 | NO CONTENT: file was removed |
|
NO CONTENT: file was removed |
General Comments 0
You need to be logged in to leave comments.
Login now