upstream/kallithea Commit - r6026:09bcde0e

auth: remove HasPermissionAll and variants...

Søren Løvborg -

r6026:09bcde0e default

parent child

kallithea/controllers/admin/admin.py

0 +2 -2

             from sqlalchemy.sql.expression import or_, and_, func
             from kallithea.model.db import UserLog
-            from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator
+            from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator
             from kallithea.lib.base import BaseController, render
             from kallithea.lib.utils2 import safe_int, remove_prefix, remove_suffix
             from kallithea.lib.indexers import JOURNAL_SCHEMA
                 def __before__(self):
                     super(AdminController, self).__before__()
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def index(self):
                     users_log = UserLog.query() \
                             .options(joinedload(UserLog.user)) \

kallithea/controllers/admin/auth_settings.py

0 +2 -2

             from kallithea.lib import helpers as h
             from kallithea.lib.compat import formatted_json
             from kallithea.lib.base import BaseController, render
-            from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator
+            from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator
             from kallithea.lib import auth_modules
             from kallithea.model.forms import AuthSettingsForm
             from kallithea.model.db import Setting
             class AuthSettingsController(BaseController):
                 @LoginRequired()
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def __before__(self):
                     super(AuthSettingsController, self).__before__()

kallithea/controllers/admin/defaults.py

0 +2 -2

             from webob.exc import HTTPFound
             from kallithea.lib import helpers as h
-            from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator
+            from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator
             from kallithea.lib.base import BaseController, render
             from kallithea.model.forms import DefaultsForm
             from kallithea.model.meta import Session
                 #     map.resource('default', 'defaults')
                 @LoginRequired()
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def __before__(self):
                     super(DefaultsController, self).__before__()

kallithea/controllers/admin/permissions.py

0 +2 -2

             from webob.exc import HTTPFound
             from kallithea.lib import helpers as h
-            from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator
+            from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator
             from kallithea.lib.base import BaseController, render
             from kallithea.model.forms import DefaultPermissionsForm
             from kallithea.model.permission import PermissionModel
                 #     map.resource('permission', 'permissions')
                 @LoginRequired()
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def __before__(self):
                     super(PermissionsController, self).__before__()

kallithea/controllers/admin/repo_groups.py

0 +5 -5

             from kallithea.lib import helpers as h
             from kallithea.lib.compat import json
             from kallithea.lib.auth import LoginRequired, \
-                HasRepoGroupPermissionAnyDecorator, HasRepoGroupPermissionAll, \
+                HasRepoGroupPermissionAnyDecorator, HasRepoGroupPermissionAny, \
-                HasPermissionAll
+                HasPermissionAny
             from kallithea.lib.base import BaseController, render
             from kallithea.model.db import RepoGroup, Repository
             from kallithea.model.scm import RepoGroupList, AvailableRepoGroupChoices
                 def new(self):
                     """GET /repo_groups/new: Form to create a new item"""
                     # url('new_repos_group')
-                    if HasPermissionAll('hg.admin')('group create'):
+                    if HasPermissionAny('hg.admin')('group create'):
                         #we're global admin, we're ok and we can create TOP level groups
                         pass
                     else:
                         group_id = safe_int(request.GET.get('parent_group'))
                         group = RepoGroup.get(group_id) if group_id else None
                         group_name = group.group_name if group else None
-                        if HasRepoGroupPermissionAll('group.admin')(group_name, 'group create'):
+                        if HasRepoGroupPermissionAny('group.admin')(group_name, 'group create'):
                             pass
                         else:
                             raise HTTPForbidden()
                                          exclude=[c.repo_group])
                     # TODO: kill allow_empty_group - it is only used for redundant form validation!
-                    if HasPermissionAll('hg.admin')('group edit'):
+                    if HasPermissionAny('hg.admin')('group edit'):
                         #we're global admin, we're ok and we can create TOP level groups
                         allow_empty_group = True
                     elif not c.repo_group.parent_group:

kallithea/controllers/admin/repos.py

0 +15 -16

             from kallithea.lib import helpers as h
             from kallithea.lib.auth import LoginRequired, \
-                HasRepoPermissionAllDecorator, NotAnonymous, HasPermissionAny, \
+                HasRepoPermissionAnyDecorator, NotAnonymous, HasPermissionAny
-                HasRepoPermissionAnyDecorator
             from kallithea.lib.base import BaseRepoController, render
             from kallithea.lib.utils import action_logger, jsonify
             from kallithea.lib.vcs import RepositoryError
                         return {'result': True}
                     return {'result': False}
-                @HasRepoPermissionAllDecorator('repository.admin')
+                @HasRepoPermissionAnyDecorator('repository.admin')
                 def update(self, repo_name):
                     """
                     PUT /repos/repo_name: Update an existing item"""
                                 % repo_name, category='error')
                     raise HTTPFound(location=url('edit_repo', repo_name=changed_name))
-                @HasRepoPermissionAllDecorator('repository.admin')
+                @HasRepoPermissionAnyDecorator('repository.admin')
                 def delete(self, repo_name):
                     """
                     DELETE /repos/repo_name: Delete an existing item"""
                         raise HTTPFound(location=url('repos_group_home', group_name=repo.group.group_name))
                     raise HTTPFound(location=url('repos'))
-                @HasRepoPermissionAllDecorator('repository.admin')
+                @HasRepoPermissionAnyDecorator('repository.admin')
                 def edit(self, repo_name):
                     """GET /repo_name/settings: Form to edit an existing item"""
                     # url('edit_repo', repo_name=ID)
                         encoding="UTF-8",
                         force_defaults=False)
-                @HasRepoPermissionAllDecorator('repository.admin')
+                @HasRepoPermissionAnyDecorator('repository.admin')
                 def edit_permissions(self, repo_name):
                     """GET /repo_name/settings: Form to edit an existing item"""
                     # url('edit_repo', repo_name=ID)
                                 category='error')
                         raise HTTPInternalServerError()
-                @HasRepoPermissionAllDecorator('repository.admin')
+                @HasRepoPermissionAnyDecorator('repository.admin')
                 def edit_fields(self, repo_name):
                     """GET /repo_name/settings: Form to edit an existing item"""
                     # url('edit_repo', repo_name=ID)
                         raise HTTPFound(location=url('repo_edit_fields'))
                     return render('admin/repos/repo_edit.html')
-                @HasRepoPermissionAllDecorator('repository.admin')
+                @HasRepoPermissionAnyDecorator('repository.admin')
                 def create_repo_field(self, repo_name):
                     try:
                         form_result = RepoFieldForm()().to_python(dict(request.POST))
                         h.flash(msg, category='error')
                     raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name))
-                @HasRepoPermissionAllDecorator('repository.admin')
+                @HasRepoPermissionAnyDecorator('repository.admin')
                 def delete_repo_field(self, repo_name, field_id):
                     field = RepositoryField.get_or_404(field_id)
                     try:
                         h.flash(msg, category='error')
                     raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name))
-                @HasRepoPermissionAllDecorator('repository.admin')
+                @HasRepoPermissionAnyDecorator('repository.admin')
                 def edit_advanced(self, repo_name):
                     """GET /repo_name/settings: Form to edit an existing item"""
                     # url('edit_repo', repo_name=ID)
                         encoding="UTF-8",
                         force_defaults=False)
-                @HasRepoPermissionAllDecorator('repository.admin')
+                @HasRepoPermissionAnyDecorator('repository.admin')
                 def edit_advanced_journal(self, repo_name):
                     """
                     Sets this repository to be visible in public journal,
                     raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name))
-                @HasRepoPermissionAllDecorator('repository.admin')
+                @HasRepoPermissionAnyDecorator('repository.admin')
                 def edit_advanced_fork(self, repo_name):
                     """
                     Mark given repository as a fork of another
                     raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name))
-                @HasRepoPermissionAllDecorator('repository.admin')
+                @HasRepoPermissionAnyDecorator('repository.admin')
                 def edit_advanced_locking(self, repo_name):
                     """
                     Unlock repository when it is locked !
                                 category='error')
                     raise HTTPFound(location=url('summary_home', repo_name=repo_name))
-                @HasRepoPermissionAllDecorator('repository.admin')
+                @HasRepoPermissionAnyDecorator('repository.admin')
                 def edit_caches(self, repo_name):
                     """GET /repo_name/settings: Form to edit an existing item"""
                     # url('edit_repo', repo_name=ID)
                         raise HTTPFound(location=url('edit_repo_caches', repo_name=c.repo_name))
                     return render('admin/repos/repo_edit.html')
-                @HasRepoPermissionAllDecorator('repository.admin')
+                @HasRepoPermissionAnyDecorator('repository.admin')
                 def edit_remote(self, repo_name):
                     """GET /repo_name/settings: Form to edit an existing item"""
                     # url('edit_repo', repo_name=ID)
                         raise HTTPFound(location=url('edit_repo_remote', repo_name=c.repo_name))
                     return render('admin/repos/repo_edit.html')
-                @HasRepoPermissionAllDecorator('repository.admin')
+                @HasRepoPermissionAnyDecorator('repository.admin')
                 def edit_statistics(self, repo_name):
                     """GET /repo_name/settings: Form to edit an existing item"""
                     # url('edit_repo', repo_name=ID)

kallithea/controllers/admin/settings.py

0 +10 -10

             from webob.exc import HTTPFound
             from kallithea.lib import helpers as h
-            from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator
+            from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator
             from kallithea.lib.base import BaseController, render
             from kallithea.lib.celerylib import tasks, run_task
             from kallithea.lib.exceptions import HgsubversionImportError
                         settings[k] = v
                     return settings
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def settings_vcs(self):
                     """GET /admin/settings: All items in the collection"""
                     # url('admin_settings')
                         encoding="UTF-8",
                         force_defaults=False)
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def settings_mapping(self):
                     """GET /admin/settings/mapping: All items in the collection"""
                     # url('admin_settings_mapping')
                         encoding="UTF-8",
                         force_defaults=False)
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def settings_global(self):
                     """GET /admin/settings/global: All items in the collection"""
                     # url('admin_settings_global')
                         encoding="UTF-8",
                         force_defaults=False)
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def settings_visual(self):
                     """GET /admin/settings/visual: All items in the collection"""
                     # url('admin_settings_visual')
                         encoding="UTF-8",
                         force_defaults=False)
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def settings_email(self):
                     """GET /admin/settings/email: All items in the collection"""
                     # url('admin_settings_email')
                         encoding="UTF-8",
                         force_defaults=False)
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def settings_hooks(self):
                     """GET /admin/settings/hooks: All items in the collection"""
                     # url('admin_settings_hooks')
                         encoding="UTF-8",
                         force_defaults=False)
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def settings_search(self):
                     """GET /admin/settings/search: All items in the collection"""
                     # url('admin_settings_search')
                         encoding="UTF-8",
                         force_defaults=False)
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def settings_system(self):
                     """GET /admin/settings/system: All items in the collection"""
                     # url('admin_settings_system')
                         encoding="UTF-8",
                         force_defaults=False)
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def settings_system_update(self):
                     """GET /admin/settings/system/updates: All items in the collection"""
                     # url('admin_settings_system_update')

kallithea/controllers/admin/users.py

0 +2 -2

             from kallithea.lib.exceptions import DefaultUserException, \
                 UserOwnsReposException, UserCreationError
             from kallithea.lib import helpers as h
-            from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator, \
+            from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator, \
                 AuthUser
             from kallithea.lib import auth_modules
             from kallithea.lib.auth_modules import auth_internal
                 """REST Controller styled on the Atom Publishing Protocol"""
                 @LoginRequired()
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def __before__(self):
                     super(UsersController, self).__before__()
                     c.available_permissions = config['available_permissions']

kallithea/controllers/api/api.py

0 +17 -17

             from kallithea import EXTERN_TYPE_INTERNAL
             from kallithea.controllers.api import JSONRPCController, JSONRPCError
             from kallithea.lib.auth import (
-                PasswordGenerator, AuthUser, HasPermissionAllDecorator,
+                PasswordGenerator, AuthUser, HasPermissionAnyDecorator,
                 HasPermissionAnyDecorator, HasPermissionAnyApi, HasRepoPermissionAnyApi,
                 HasRepoGroupPermissionAnyApi, HasUserGroupPermissionAny)
             from kallithea.lib.utils import map_groups, repo2db_mapper
                 """
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def test(self, apiuser, args):
                     return args
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def pull(self, apiuser, repoid):
                     """
                     Triggers a pull from remote location on given repo. Can be used to
                             'Unable to pull changes from `%s`' % repo.repo_name
                         )
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def rescan_repos(self, apiuser, remove_obsolete=Optional(False)):
                     """
                     Triggers rescan repositories action. If remove_obsolete is set
                     return ret
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def get_ip(self, apiuser, userid=Optional(OAttr('apiuser'))):
                     """
                     Shows IP address as seen from Kallithea server, together with all
                 # alias for old
                 show_ip = get_ip
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def get_server_info(self, apiuser):
                     """
                     return server info, including Kallithea version and installed packages
                     data['permissions'] = AuthUser(user_id=user.user_id).permissions
                     return data
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def get_users(self, apiuser):
                     """
                     Lists all existing users. This command can be executed only using api_key
                         result.append(user.get_api_data())
                     return result
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def create_user(self, apiuser, username, email, password=Optional(''),
                                 firstname=Optional(''), lastname=Optional(''),
                                 active=Optional(True), admin=Optional(False),
                         log.error(traceback.format_exc())
                         raise JSONRPCError('failed to create user `%s`' % (username,))
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def update_user(self, apiuser, userid, username=Optional(None),
                                 email=Optional(None), password=Optional(None),
                                 firstname=Optional(None), lastname=Optional(None),
                         log.error(traceback.format_exc())
                         raise JSONRPCError('failed to update user `%s`' % (userid,))
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def delete_user(self, apiuser, userid):
                     """
                     deletes given user if such user exists. This command can
                             'failed to delete repository `%s`' % (repo.repo_name,)
                         )
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def grant_user_permission(self, apiuser, repoid, userid, perm):
                     """
                     Grant permission for user on given repository, or update existing one
                             )
                         )
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def revoke_user_permission(self, apiuser, repoid, userid):
                     """
                     Revoke permission for user on given repository. This command can be executed
                             )
                         )
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def get_repo_group(self, apiuser, repogroupid):
                     """
                     Returns given repo group together with permissions, and repositories
                     data["members"] = members
                     return data
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def get_repo_groups(self, apiuser):
                     """
                     Returns all repository groups
                         result.append(repo_group.get_api_data())
                     return result
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def create_repo_group(self, apiuser, group_name, description=Optional(''),
                                       owner=Optional(OAttr('apiuser')),
                                       parent=Optional(None),
                         log.error(traceback.format_exc())
                         raise JSONRPCError('failed to create repo group `%s`' % (group_name,))
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def update_repo_group(self, apiuser, repogroupid, group_name=Optional(''),
                                       description=Optional(''),
                                       owner=Optional(OAttr('apiuser')),
                         raise JSONRPCError('failed to update repository group `%s`'
                                            % (repogroupid,))
-                @HasPermissionAllDecorator('hg.admin')
+                @HasPermissionAnyDecorator('hg.admin')
                 def delete_repo_group(self, apiuser, repogroupid):
                     """

kallithea/lib/auth.py

0 0 -158

@@ -859,18 +859,6 b' class PermsDecorator(object):'
859	raise Exception('You have to write this function in child class')	859	raise Exception('You have to write this function in child class')
860		860
861		861
862	class HasPermissionAllDecorator(PermsDecorator):
863	"""
864	Checks for access permission for all given predicates. All of them
865	have to be meet in order to fulfill the request
866	"""
867
868	def check_permissions(self):
869	if self.required_perms.issubset(self.user_perms.get('global')):
870	return True
871	return False
872
873
874	class HasPermissionAnyDecorator(PermsDecorator):	862	class HasPermissionAnyDecorator(PermsDecorator):
875	"""	863	"""
876	Checks for access permission for any of given predicates. In order to	864	Checks for access permission for any of given predicates. In order to
@@ -883,23 +871,6 b' class HasPermissionAnyDecorator(PermsDec'
883	return False	871	return False
884		872
885		873
886	class HasRepoPermissionAllDecorator(PermsDecorator):
887	"""
888	Checks for access permission for all given predicates for specific
889	repository. All of them have to be meet in order to fulfill the request
890	"""
891
892	def check_permissions(self):
893	repo_name = get_repo_slug(request)
894	try:
895	user_perms = set([self.user_perms['repositories'][repo_name]])
896	except KeyError:
897	return False
898	if self.required_perms.issubset(user_perms):
899	return True
900	return False
901
902
903	class HasRepoPermissionAnyDecorator(PermsDecorator):	874	class HasRepoPermissionAnyDecorator(PermsDecorator):
904	"""	875	"""
905	Checks for access permission for any of given predicates for specific	876	Checks for access permission for any of given predicates for specific
@@ -918,24 +889,6 b' class HasRepoPermissionAnyDecorator(Perm'
918	return False	889	return False
919		890
920		891
921	class HasRepoGroupPermissionAllDecorator(PermsDecorator):
922	"""
923	Checks for access permission for all given predicates for specific
924	repository group. All of them have to be meet in order to fulfill the request
925	"""
926
927	def check_permissions(self):
928	group_name = get_repo_group_slug(request)
929	try:
930	user_perms = set([self.user_perms['repositories_groups'][group_name]])
931	except KeyError:
932	return False
933
934	if self.required_perms.issubset(user_perms):
935	return True
936	return False
937
938
939	class HasRepoGroupPermissionAnyDecorator(PermsDecorator):	892	class HasRepoGroupPermissionAnyDecorator(PermsDecorator):
940	"""	893	"""
941	Checks for access permission for any of given predicates for specific	894	Checks for access permission for any of given predicates for specific
@@ -954,24 +907,6 b' class HasRepoGroupPermissionAnyDecorator'
954	return False	907	return False
955		908
956		909
957	class HasUserGroupPermissionAllDecorator(PermsDecorator):
958	"""
959	Checks for access permission for all given predicates for specific
960	user group. All of them have to be meet in order to fulfill the request
961	"""
962
963	def check_permissions(self):
964	group_name = get_user_group_slug(request)
965	try:
966	user_perms = set([self.user_perms['user_groups'][group_name]])
967	except KeyError:
968	return False
969
970	if self.required_perms.issubset(user_perms):
971	return True
972	return False
973
974
975	class HasUserGroupPermissionAnyDecorator(PermsDecorator):	910	class HasUserGroupPermissionAnyDecorator(PermsDecorator):
976	"""	911	"""
977	Checks for access permission for any of given predicates for specific	912	Checks for access permission for any of given predicates for specific
@@ -1020,11 +955,8 b' class PermsFunction(object):'
1020		955
1021	cls_name = self.__class__.__name__	956	cls_name = self.__class__.__name__
1022	check_scope = {	957	check_scope = {
1023	'HasPermissionAll': '',
1024	'HasPermissionAny': '',	958	'HasPermissionAny': '',
1025	'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
1026	'HasRepoPermissionAny': 'repo:%s' % self.repo_name,	959	'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
1027	'HasRepoGroupPermissionAll': 'group:%s' % self.group_name,
1028	'HasRepoGroupPermissionAny': 'group:%s' % self.group_name,	960	'HasRepoGroupPermissionAny': 'group:%s' % self.group_name,
1029	}.get(cls_name, '?')	961	}.get(cls_name, '?')
1030	log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,	962	log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
@@ -1051,13 +983,6 b' class PermsFunction(object):'
1051	raise Exception('You have to write this function in child class')	983	raise Exception('You have to write this function in child class')
1052		984
1053		985
1054	class HasPermissionAll(PermsFunction):
1055	def check_permissions(self):
1056	if self.required_perms.issubset(self.user_perms.get('global')):
1057	return True
1058	return False
1059
1060
1061	class HasPermissionAny(PermsFunction):	986	class HasPermissionAny(PermsFunction):
1062	def check_permissions(self):	987	def check_permissions(self):
1063	if self.required_perms.intersection(self.user_perms.get('global')):	988	if self.required_perms.intersection(self.user_perms.get('global')):
@@ -1065,26 +990,6 b' class HasPermissionAny(PermsFunction):'
1065	return False	990	return False
1066		991
1067		992
1068	class HasRepoPermissionAll(PermsFunction):
1069	def __call__(self, repo_name=None, check_location='', user=None):
1070	self.repo_name = repo_name
1071	return super(HasRepoPermissionAll, self).__call__(check_location, user)
1072
1073	def check_permissions(self):
1074	if not self.repo_name:
1075	self.repo_name = get_repo_slug(request)
1076
1077	try:
1078	self._user_perms = set(
1079	[self.user_perms['repositories'][self.repo_name]]
1080	)
1081	except KeyError:
1082	return False
1083	if self.required_perms.issubset(self._user_perms):
1084	return True
1085	return False
1086
1087
1088	class HasRepoPermissionAny(PermsFunction):	993	class HasRepoPermissionAny(PermsFunction):
1089	def __call__(self, repo_name=None, check_location='', user=None):	994	def __call__(self, repo_name=None, check_location='', user=None):
1090	self.repo_name = repo_name	995	self.repo_name = repo_name
@@ -1122,23 +1027,6 b' class HasRepoGroupPermissionAny(PermsFun'
1122	return False	1027	return False
1123		1028
1124		1029
1125	class HasRepoGroupPermissionAll(PermsFunction):
1126	def __call__(self, group_name=None, check_location='', user=None):
1127	self.group_name = group_name
1128	return super(HasRepoGroupPermissionAll, self).__call__(check_location, user)
1129
1130	def check_permissions(self):
1131	try:
1132	self._user_perms = set(
1133	[self.user_perms['repositories_groups'][self.group_name]]
1134	)
1135	except KeyError:
1136	return False
1137	if self.required_perms.issubset(self._user_perms):
1138	return True
1139	return False
1140
1141
1142	class HasUserGroupPermissionAny(PermsFunction):	1030	class HasUserGroupPermissionAny(PermsFunction):
1143	def __call__(self, user_group_name=None, check_location='', user=None):	1031	def __call__(self, user_group_name=None, check_location='', user=None):
1144	self.user_group_name = user_group_name	1032	self.user_group_name = user_group_name
@@ -1156,23 +1044,6 b' class HasUserGroupPermissionAny(PermsFun'
1156	return False	1044	return False
1157		1045
1158		1046
1159	class HasUserGroupPermissionAll(PermsFunction):
1160	def __call__(self, user_group_name=None, check_location='', user=None):
1161	self.user_group_name = user_group_name
1162	return super(HasUserGroupPermissionAll, self).__call__(check_location, user)
1163
1164	def check_permissions(self):
1165	try:
1166	self._user_perms = set(
1167	[self.user_perms['user_groups'][self.user_group_name]]
1168	)
1169	except KeyError:
1170	return False
1171	if self.required_perms.issubset(self._user_perms):
1172	return True
1173	return False
1174
1175
1176	#==============================================================================	1047	#==============================================================================
1177	# SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH	1048	# SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
1178	#==============================================================================	1049	#==============================================================================
@@ -1252,13 +1123,6 b' class _BaseApiPerm(object):'
1252	raise NotImplementedError()	1123	raise NotImplementedError()
1253		1124
1254		1125
1255	class HasPermissionAllApi(_BaseApiPerm):
1256	def check_permissions(self, perm_defs, repo_name=None, group_name=None):
1257	if self.required_perms.issubset(perm_defs.get('global')):
1258	return True
1259	return False
1260
1261
1262	class HasPermissionAnyApi(_BaseApiPerm):	1126	class HasPermissionAnyApi(_BaseApiPerm):
1263	def check_permissions(self, perm_defs, repo_name=None, group_name=None):	1127	def check_permissions(self, perm_defs, repo_name=None, group_name=None):
1264	if self.required_perms.intersection(perm_defs.get('global')):	1128	if self.required_perms.intersection(perm_defs.get('global')):
@@ -1266,18 +1130,6 b' class HasPermissionAnyApi(_BaseApiPerm):'
1266	return False	1130	return False
1267		1131
1268		1132
1269	class HasRepoPermissionAllApi(_BaseApiPerm):
1270	def check_permissions(self, perm_defs, repo_name=None, group_name=None):
1271	try:
1272	_user_perms = set([perm_defs['repositories'][repo_name]])
1273	except KeyError:
1274	log.warning(traceback.format_exc())
1275	return False
1276	if self.required_perms.issubset(_user_perms):
1277	return True
1278	return False
1279
1280
1281	class HasRepoPermissionAnyApi(_BaseApiPerm):	1133	class HasRepoPermissionAnyApi(_BaseApiPerm):
1282	def check_permissions(self, perm_defs, repo_name=None, group_name=None):	1134	def check_permissions(self, perm_defs, repo_name=None, group_name=None):
1283	try:	1135	try:
@@ -1301,16 +1153,6 b' class HasRepoGroupPermissionAnyApi(_Base'
1301	return True	1153	return True
1302	return False	1154	return False
1303		1155
1304	class HasRepoGroupPermissionAllApi(_BaseApiPerm):
1305	def check_permissions(self, perm_defs, repo_name=None, group_name=None):
1306	try:
1307	_user_perms = set([perm_defs['repositories_groups'][group_name]])
1308	except KeyError:
1309	log.warning(traceback.format_exc())
1310	return False
1311	if self.required_perms.issubset(_user_perms):
1312	return True
1313	return False
1314		1156
1315	def check_ip_access(source_ip, allowed_ips=None):	1157	def check_ip_access(source_ip, allowed_ips=None):
1316	"""	1158	"""

kallithea/lib/helpers.py

0 +2 -3

             #==============================================================================
             # PERMS
             #==============================================================================
-            from kallithea.lib.auth import HasPermissionAny, HasPermissionAll, \
+            from kallithea.lib.auth import HasPermissionAny, \
-            HasRepoPermissionAny, HasRepoPermissionAll, HasRepoGroupPermissionAll, \
+                HasRepoPermissionAny, HasRepoGroupPermissionAny
-            HasRepoGroupPermissionAny
             #==============================================================================

kallithea/model/scm.py

0 +2 -2

             from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \
                 _set_extras
             from kallithea.lib.auth import HasRepoPermissionAny, HasRepoGroupPermissionAny, \
-                HasUserGroupPermissionAny, HasPermissionAny, HasPermissionAll
+                HasUserGroupPermissionAny, HasPermissionAny, HasPermissionAny
             from kallithea.lib.utils import get_filesystem_repos, make_ui, \
                 action_logger
             from kallithea.model import BaseModel
                 Top level is -1.
                 """
                 groups = RepoGroup.query().all()
-                if HasPermissionAll('hg.admin')('available repo groups'):
+                if HasPermissionAny('hg.admin')('available repo groups'):
                     groups.append(None)
                 else:
                     groups = list(RepoGroupList(groups, perm_set=repo_group_perms))

kallithea/templates/base/base.html

0 +3 -3

                       <input id="branch_switcher" name="branch_switcher" type="hidden">
                     </li>
                     <li ${is_current('options')} data-context="options">
-                         %if h.HasRepoPermissionAll('repository.admin')(c.repo_name):
+                         %if h.HasRepoPermissionAny('repository.admin')(c.repo_name):
                            <a href="${h.url('edit_repo',repo_name=c.repo_name)}" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a>
                          %else:
                            <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a>
                          %endif
                       <ul class="dropdown-menu" role="menu">
-                         %if h.HasRepoPermissionAll('repository.admin')(c.repo_name):
+                         %if h.HasRepoPermissionAny('repository.admin')(c.repo_name):
                                <li><a href="${h.url('edit_repo',repo_name=c.repo_name)}"><i class="icon-gear"></i> ${_('Settings')}</a></li>
                          %endif
                           %if c.db_repo.fork:
                       <i class="icon-search"></i> ${_('Search')}
                     </a>
                 </li>
-                % if h.HasPermissionAll('hg.admin')('access admin main page'):
+                % if h.HasPermissionAny('hg.admin')('access admin main page'):
                   <li ${is_current('admin')} class="dropdown">
                     <a class="menu_link dropdown-toggle" data-toggle="dropdown" role="button" title="${_('Admin')}" href="${h.url('admin_home')}">
                       <i class="icon-gear"></i> ${_('Admin')} <span class="caret"></span>

kallithea/templates/summary/statistics.html

0 +1 -1

                      <div style="padding:0 10px 10px 17px;">
                      %if c.no_data:
                        ${c.no_data_msg}
-                       %if h.HasPermissionAll('hg.admin')('enable stats on from summary'):
+                       %if h.HasPermissionAny('hg.admin')('enable stats on from summary'):
                             ${h.link_to(_('Enable'),h.url('edit_repo',repo_name=c.repo_name),class_="btn btn-mini")}
                        %endif
                     %else:

kallithea/templates/summary/summary.html

0 +2 -2

                             <div id="lang_stats"></div>
                             %else:
                                ${_('Statistics are disabled for this repository')}
-                               %if h.HasPermissionAll('hg.admin')('enable stats on from summary'):
+                               %if h.HasPermissionAny('hg.admin')('enable stats on from summary'):
                                     ${h.link_to(_('Enable'),h.url('edit_repo',repo_name=c.repo_name, anchor='repo_enable_statistics'),class_="btn btn-mini")}
                                %endif
                             %endif
                               ${_('There are no downloads yet')}
                             %elif not c.enable_downloads:
                               ${_('Downloads are disabled for this repository')}
-                                %if h.HasPermissionAll('hg.admin')('enable downloads on from summary'):
+                                %if h.HasPermissionAny('hg.admin')('enable downloads on from summary'):
                                     ${h.link_to(_('Enable'),h.url('edit_repo',repo_name=c.repo_name, anchor='repo_enable_downloads'),class_="btn btn-mini")}
                                 %endif
                             %else:

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages