Show More
@@ -36,7 +36,7 b' from whoosh import query' | |||||
36 | from sqlalchemy.sql.expression import or_, and_, func |
|
36 | from sqlalchemy.sql.expression import or_, and_, func | |
37 |
|
37 | |||
38 | from kallithea.model.db import UserLog |
|
38 | from kallithea.model.db import UserLog | |
39 |
from kallithea.lib.auth import LoginRequired, HasPermissionA |
|
39 | from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator | |
40 | from kallithea.lib.base import BaseController, render |
|
40 | from kallithea.lib.base import BaseController, render | |
41 | from kallithea.lib.utils2 import safe_int, remove_prefix, remove_suffix |
|
41 | from kallithea.lib.utils2 import safe_int, remove_prefix, remove_suffix | |
42 | from kallithea.lib.indexers import JOURNAL_SCHEMA |
|
42 | from kallithea.lib.indexers import JOURNAL_SCHEMA | |
@@ -123,7 +123,7 b' class AdminController(BaseController):' | |||||
123 | def __before__(self): |
|
123 | def __before__(self): | |
124 | super(AdminController, self).__before__() |
|
124 | super(AdminController, self).__before__() | |
125 |
|
125 | |||
126 |
@HasPermissionA |
|
126 | @HasPermissionAnyDecorator('hg.admin') | |
127 | def index(self): |
|
127 | def index(self): | |
128 | users_log = UserLog.query() \ |
|
128 | users_log = UserLog.query() \ | |
129 | .options(joinedload(UserLog.user)) \ |
|
129 | .options(joinedload(UserLog.user)) \ |
@@ -34,7 +34,7 b' from webob.exc import HTTPFound' | |||||
34 | from kallithea.lib import helpers as h |
|
34 | from kallithea.lib import helpers as h | |
35 | from kallithea.lib.compat import formatted_json |
|
35 | from kallithea.lib.compat import formatted_json | |
36 | from kallithea.lib.base import BaseController, render |
|
36 | from kallithea.lib.base import BaseController, render | |
37 |
from kallithea.lib.auth import LoginRequired, HasPermissionA |
|
37 | from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator | |
38 | from kallithea.lib import auth_modules |
|
38 | from kallithea.lib import auth_modules | |
39 | from kallithea.model.forms import AuthSettingsForm |
|
39 | from kallithea.model.forms import AuthSettingsForm | |
40 | from kallithea.model.db import Setting |
|
40 | from kallithea.model.db import Setting | |
@@ -46,7 +46,7 b' log = logging.getLogger(__name__)' | |||||
46 | class AuthSettingsController(BaseController): |
|
46 | class AuthSettingsController(BaseController): | |
47 |
|
47 | |||
48 | @LoginRequired() |
|
48 | @LoginRequired() | |
49 |
@HasPermissionA |
|
49 | @HasPermissionAnyDecorator('hg.admin') | |
50 | def __before__(self): |
|
50 | def __before__(self): | |
51 | super(AuthSettingsController, self).__before__() |
|
51 | super(AuthSettingsController, self).__before__() | |
52 |
|
52 |
@@ -35,7 +35,7 b' from pylons.i18n.translation import _' | |||||
35 | from webob.exc import HTTPFound |
|
35 | from webob.exc import HTTPFound | |
36 |
|
36 | |||
37 | from kallithea.lib import helpers as h |
|
37 | from kallithea.lib import helpers as h | |
38 |
from kallithea.lib.auth import LoginRequired, HasPermissionA |
|
38 | from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator | |
39 | from kallithea.lib.base import BaseController, render |
|
39 | from kallithea.lib.base import BaseController, render | |
40 | from kallithea.model.forms import DefaultsForm |
|
40 | from kallithea.model.forms import DefaultsForm | |
41 | from kallithea.model.meta import Session |
|
41 | from kallithea.model.meta import Session | |
@@ -52,7 +52,7 b' class DefaultsController(BaseController)' | |||||
52 | # map.resource('default', 'defaults') |
|
52 | # map.resource('default', 'defaults') | |
53 |
|
53 | |||
54 | @LoginRequired() |
|
54 | @LoginRequired() | |
55 |
@HasPermissionA |
|
55 | @HasPermissionAnyDecorator('hg.admin') | |
56 | def __before__(self): |
|
56 | def __before__(self): | |
57 | super(DefaultsController, self).__before__() |
|
57 | super(DefaultsController, self).__before__() | |
58 |
|
58 |
@@ -36,7 +36,7 b' from pylons.i18n.translation import _' | |||||
36 | from webob.exc import HTTPFound |
|
36 | from webob.exc import HTTPFound | |
37 |
|
37 | |||
38 | from kallithea.lib import helpers as h |
|
38 | from kallithea.lib import helpers as h | |
39 |
from kallithea.lib.auth import LoginRequired, HasPermissionA |
|
39 | from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator | |
40 | from kallithea.lib.base import BaseController, render |
|
40 | from kallithea.lib.base import BaseController, render | |
41 | from kallithea.model.forms import DefaultPermissionsForm |
|
41 | from kallithea.model.forms import DefaultPermissionsForm | |
42 | from kallithea.model.permission import PermissionModel |
|
42 | from kallithea.model.permission import PermissionModel | |
@@ -53,7 +53,7 b' class PermissionsController(BaseControll' | |||||
53 | # map.resource('permission', 'permissions') |
|
53 | # map.resource('permission', 'permissions') | |
54 |
|
54 | |||
55 | @LoginRequired() |
|
55 | @LoginRequired() | |
56 |
@HasPermissionA |
|
56 | @HasPermissionAnyDecorator('hg.admin') | |
57 | def __before__(self): |
|
57 | def __before__(self): | |
58 | super(PermissionsController, self).__before__() |
|
58 | super(PermissionsController, self).__before__() | |
59 |
|
59 |
@@ -40,8 +40,8 b' import kallithea' | |||||
40 | from kallithea.lib import helpers as h |
|
40 | from kallithea.lib import helpers as h | |
41 | from kallithea.lib.compat import json |
|
41 | from kallithea.lib.compat import json | |
42 | from kallithea.lib.auth import LoginRequired, \ |
|
42 | from kallithea.lib.auth import LoginRequired, \ | |
43 |
HasRepoGroupPermissionAnyDecorator, HasRepoGroupPermissionA |
|
43 | HasRepoGroupPermissionAnyDecorator, HasRepoGroupPermissionAny, \ | |
44 |
HasPermissionA |
|
44 | HasPermissionAny | |
45 | from kallithea.lib.base import BaseController, render |
|
45 | from kallithea.lib.base import BaseController, render | |
46 | from kallithea.model.db import RepoGroup, Repository |
|
46 | from kallithea.model.db import RepoGroup, Repository | |
47 | from kallithea.model.scm import RepoGroupList, AvailableRepoGroupChoices |
|
47 | from kallithea.model.scm import RepoGroupList, AvailableRepoGroupChoices | |
@@ -196,7 +196,7 b' class RepoGroupsController(BaseControlle' | |||||
196 | def new(self): |
|
196 | def new(self): | |
197 | """GET /repo_groups/new: Form to create a new item""" |
|
197 | """GET /repo_groups/new: Form to create a new item""" | |
198 | # url('new_repos_group') |
|
198 | # url('new_repos_group') | |
199 |
if HasPermissionA |
|
199 | if HasPermissionAny('hg.admin')('group create'): | |
200 | #we're global admin, we're ok and we can create TOP level groups |
|
200 | #we're global admin, we're ok and we can create TOP level groups | |
201 | pass |
|
201 | pass | |
202 | else: |
|
202 | else: | |
@@ -205,7 +205,7 b' class RepoGroupsController(BaseControlle' | |||||
205 | group_id = safe_int(request.GET.get('parent_group')) |
|
205 | group_id = safe_int(request.GET.get('parent_group')) | |
206 | group = RepoGroup.get(group_id) if group_id else None |
|
206 | group = RepoGroup.get(group_id) if group_id else None | |
207 | group_name = group.group_name if group else None |
|
207 | group_name = group.group_name if group else None | |
208 |
if HasRepoGroupPermissionA |
|
208 | if HasRepoGroupPermissionAny('group.admin')(group_name, 'group create'): | |
209 | pass |
|
209 | pass | |
210 | else: |
|
210 | else: | |
211 | raise HTTPForbidden() |
|
211 | raise HTTPForbidden() | |
@@ -228,7 +228,7 b' class RepoGroupsController(BaseControlle' | |||||
228 | exclude=[c.repo_group]) |
|
228 | exclude=[c.repo_group]) | |
229 |
|
229 | |||
230 | # TODO: kill allow_empty_group - it is only used for redundant form validation! |
|
230 | # TODO: kill allow_empty_group - it is only used for redundant form validation! | |
231 |
if HasPermissionA |
|
231 | if HasPermissionAny('hg.admin')('group edit'): | |
232 | #we're global admin, we're ok and we can create TOP level groups |
|
232 | #we're global admin, we're ok and we can create TOP level groups | |
233 | allow_empty_group = True |
|
233 | allow_empty_group = True | |
234 | elif not c.repo_group.parent_group: |
|
234 | elif not c.repo_group.parent_group: |
@@ -36,8 +36,7 b' from webob.exc import HTTPFound, HTTPInt' | |||||
36 |
|
36 | |||
37 | from kallithea.lib import helpers as h |
|
37 | from kallithea.lib import helpers as h | |
38 | from kallithea.lib.auth import LoginRequired, \ |
|
38 | from kallithea.lib.auth import LoginRequired, \ | |
39 |
HasRepoPermissionA |
|
39 | HasRepoPermissionAnyDecorator, NotAnonymous, HasPermissionAny | |
40 | HasRepoPermissionAnyDecorator |
|
|||
41 | from kallithea.lib.base import BaseRepoController, render |
|
40 | from kallithea.lib.base import BaseRepoController, render | |
42 | from kallithea.lib.utils import action_logger, jsonify |
|
41 | from kallithea.lib.utils import action_logger, jsonify | |
43 | from kallithea.lib.vcs import RepositoryError |
|
42 | from kallithea.lib.vcs import RepositoryError | |
@@ -226,7 +225,7 b' class ReposController(BaseRepoController' | |||||
226 | return {'result': True} |
|
225 | return {'result': True} | |
227 | return {'result': False} |
|
226 | return {'result': False} | |
228 |
|
227 | |||
229 |
@HasRepoPermissionA |
|
228 | @HasRepoPermissionAnyDecorator('repository.admin') | |
230 | def update(self, repo_name): |
|
229 | def update(self, repo_name): | |
231 | """ |
|
230 | """ | |
232 | PUT /repos/repo_name: Update an existing item""" |
|
231 | PUT /repos/repo_name: Update an existing item""" | |
@@ -283,7 +282,7 b' class ReposController(BaseRepoController' | |||||
283 | % repo_name, category='error') |
|
282 | % repo_name, category='error') | |
284 | raise HTTPFound(location=url('edit_repo', repo_name=changed_name)) |
|
283 | raise HTTPFound(location=url('edit_repo', repo_name=changed_name)) | |
285 |
|
284 | |||
286 |
@HasRepoPermissionA |
|
285 | @HasRepoPermissionAnyDecorator('repository.admin') | |
287 | def delete(self, repo_name): |
|
286 | def delete(self, repo_name): | |
288 | """ |
|
287 | """ | |
289 | DELETE /repos/repo_name: Delete an existing item""" |
|
288 | DELETE /repos/repo_name: Delete an existing item""" | |
@@ -329,7 +328,7 b' class ReposController(BaseRepoController' | |||||
329 | raise HTTPFound(location=url('repos_group_home', group_name=repo.group.group_name)) |
|
328 | raise HTTPFound(location=url('repos_group_home', group_name=repo.group.group_name)) | |
330 | raise HTTPFound(location=url('repos')) |
|
329 | raise HTTPFound(location=url('repos')) | |
331 |
|
330 | |||
332 |
@HasRepoPermissionA |
|
331 | @HasRepoPermissionAnyDecorator('repository.admin') | |
333 | def edit(self, repo_name): |
|
332 | def edit(self, repo_name): | |
334 | """GET /repo_name/settings: Form to edit an existing item""" |
|
333 | """GET /repo_name/settings: Form to edit an existing item""" | |
335 | # url('edit_repo', repo_name=ID) |
|
334 | # url('edit_repo', repo_name=ID) | |
@@ -345,7 +344,7 b' class ReposController(BaseRepoController' | |||||
345 | encoding="UTF-8", |
|
344 | encoding="UTF-8", | |
346 | force_defaults=False) |
|
345 | force_defaults=False) | |
347 |
|
346 | |||
348 |
@HasRepoPermissionA |
|
347 | @HasRepoPermissionAnyDecorator('repository.admin') | |
349 | def edit_permissions(self, repo_name): |
|
348 | def edit_permissions(self, repo_name): | |
350 | """GET /repo_name/settings: Form to edit an existing item""" |
|
349 | """GET /repo_name/settings: Form to edit an existing item""" | |
351 | # url('edit_repo', repo_name=ID) |
|
350 | # url('edit_repo', repo_name=ID) | |
@@ -398,7 +397,7 b' class ReposController(BaseRepoController' | |||||
398 | category='error') |
|
397 | category='error') | |
399 | raise HTTPInternalServerError() |
|
398 | raise HTTPInternalServerError() | |
400 |
|
399 | |||
401 |
@HasRepoPermissionA |
|
400 | @HasRepoPermissionAnyDecorator('repository.admin') | |
402 | def edit_fields(self, repo_name): |
|
401 | def edit_fields(self, repo_name): | |
403 | """GET /repo_name/settings: Form to edit an existing item""" |
|
402 | """GET /repo_name/settings: Form to edit an existing item""" | |
404 | # url('edit_repo', repo_name=ID) |
|
403 | # url('edit_repo', repo_name=ID) | |
@@ -411,7 +410,7 b' class ReposController(BaseRepoController' | |||||
411 | raise HTTPFound(location=url('repo_edit_fields')) |
|
410 | raise HTTPFound(location=url('repo_edit_fields')) | |
412 | return render('admin/repos/repo_edit.html') |
|
411 | return render('admin/repos/repo_edit.html') | |
413 |
|
412 | |||
414 |
@HasRepoPermissionA |
|
413 | @HasRepoPermissionAnyDecorator('repository.admin') | |
415 | def create_repo_field(self, repo_name): |
|
414 | def create_repo_field(self, repo_name): | |
416 | try: |
|
415 | try: | |
417 | form_result = RepoFieldForm()().to_python(dict(request.POST)) |
|
416 | form_result = RepoFieldForm()().to_python(dict(request.POST)) | |
@@ -432,7 +431,7 b' class ReposController(BaseRepoController' | |||||
432 | h.flash(msg, category='error') |
|
431 | h.flash(msg, category='error') | |
433 | raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name)) |
|
432 | raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name)) | |
434 |
|
433 | |||
435 |
@HasRepoPermissionA |
|
434 | @HasRepoPermissionAnyDecorator('repository.admin') | |
436 | def delete_repo_field(self, repo_name, field_id): |
|
435 | def delete_repo_field(self, repo_name, field_id): | |
437 | field = RepositoryField.get_or_404(field_id) |
|
436 | field = RepositoryField.get_or_404(field_id) | |
438 | try: |
|
437 | try: | |
@@ -444,7 +443,7 b' class ReposController(BaseRepoController' | |||||
444 | h.flash(msg, category='error') |
|
443 | h.flash(msg, category='error') | |
445 | raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name)) |
|
444 | raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name)) | |
446 |
|
445 | |||
447 |
@HasRepoPermissionA |
|
446 | @HasRepoPermissionAnyDecorator('repository.admin') | |
448 | def edit_advanced(self, repo_name): |
|
447 | def edit_advanced(self, repo_name): | |
449 | """GET /repo_name/settings: Form to edit an existing item""" |
|
448 | """GET /repo_name/settings: Form to edit an existing item""" | |
450 | # url('edit_repo', repo_name=ID) |
|
449 | # url('edit_repo', repo_name=ID) | |
@@ -474,7 +473,7 b' class ReposController(BaseRepoController' | |||||
474 | encoding="UTF-8", |
|
473 | encoding="UTF-8", | |
475 | force_defaults=False) |
|
474 | force_defaults=False) | |
476 |
|
475 | |||
477 |
@HasRepoPermissionA |
|
476 | @HasRepoPermissionAnyDecorator('repository.admin') | |
478 | def edit_advanced_journal(self, repo_name): |
|
477 | def edit_advanced_journal(self, repo_name): | |
479 | """ |
|
478 | """ | |
480 | Sets this repository to be visible in public journal, |
|
479 | Sets this repository to be visible in public journal, | |
@@ -497,7 +496,7 b' class ReposController(BaseRepoController' | |||||
497 | raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name)) |
|
496 | raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name)) | |
498 |
|
497 | |||
499 |
|
498 | |||
500 |
@HasRepoPermissionA |
|
499 | @HasRepoPermissionAnyDecorator('repository.admin') | |
501 | def edit_advanced_fork(self, repo_name): |
|
500 | def edit_advanced_fork(self, repo_name): | |
502 | """ |
|
501 | """ | |
503 | Mark given repository as a fork of another |
|
502 | Mark given repository as a fork of another | |
@@ -522,7 +521,7 b' class ReposController(BaseRepoController' | |||||
522 |
|
521 | |||
523 | raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name)) |
|
522 | raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name)) | |
524 |
|
523 | |||
525 |
@HasRepoPermissionA |
|
524 | @HasRepoPermissionAnyDecorator('repository.admin') | |
526 | def edit_advanced_locking(self, repo_name): |
|
525 | def edit_advanced_locking(self, repo_name): | |
527 | """ |
|
526 | """ | |
528 | Unlock repository when it is locked ! |
|
527 | Unlock repository when it is locked ! | |
@@ -568,7 +567,7 b' class ReposController(BaseRepoController' | |||||
568 | category='error') |
|
567 | category='error') | |
569 | raise HTTPFound(location=url('summary_home', repo_name=repo_name)) |
|
568 | raise HTTPFound(location=url('summary_home', repo_name=repo_name)) | |
570 |
|
569 | |||
571 |
@HasRepoPermissionA |
|
570 | @HasRepoPermissionAnyDecorator('repository.admin') | |
572 | def edit_caches(self, repo_name): |
|
571 | def edit_caches(self, repo_name): | |
573 | """GET /repo_name/settings: Form to edit an existing item""" |
|
572 | """GET /repo_name/settings: Form to edit an existing item""" | |
574 | # url('edit_repo', repo_name=ID) |
|
573 | # url('edit_repo', repo_name=ID) | |
@@ -588,7 +587,7 b' class ReposController(BaseRepoController' | |||||
588 | raise HTTPFound(location=url('edit_repo_caches', repo_name=c.repo_name)) |
|
587 | raise HTTPFound(location=url('edit_repo_caches', repo_name=c.repo_name)) | |
589 | return render('admin/repos/repo_edit.html') |
|
588 | return render('admin/repos/repo_edit.html') | |
590 |
|
589 | |||
591 |
@HasRepoPermissionA |
|
590 | @HasRepoPermissionAnyDecorator('repository.admin') | |
592 | def edit_remote(self, repo_name): |
|
591 | def edit_remote(self, repo_name): | |
593 | """GET /repo_name/settings: Form to edit an existing item""" |
|
592 | """GET /repo_name/settings: Form to edit an existing item""" | |
594 | # url('edit_repo', repo_name=ID) |
|
593 | # url('edit_repo', repo_name=ID) | |
@@ -605,7 +604,7 b' class ReposController(BaseRepoController' | |||||
605 | raise HTTPFound(location=url('edit_repo_remote', repo_name=c.repo_name)) |
|
604 | raise HTTPFound(location=url('edit_repo_remote', repo_name=c.repo_name)) | |
606 | return render('admin/repos/repo_edit.html') |
|
605 | return render('admin/repos/repo_edit.html') | |
607 |
|
606 | |||
608 |
@HasRepoPermissionA |
|
607 | @HasRepoPermissionAnyDecorator('repository.admin') | |
609 | def edit_statistics(self, repo_name): |
|
608 | def edit_statistics(self, repo_name): | |
610 | """GET /repo_name/settings: Form to edit an existing item""" |
|
609 | """GET /repo_name/settings: Form to edit an existing item""" | |
611 | # url('edit_repo', repo_name=ID) |
|
610 | # url('edit_repo', repo_name=ID) |
@@ -35,7 +35,7 b' from pylons.i18n.translation import _' | |||||
35 | from webob.exc import HTTPFound |
|
35 | from webob.exc import HTTPFound | |
36 |
|
36 | |||
37 | from kallithea.lib import helpers as h |
|
37 | from kallithea.lib import helpers as h | |
38 |
from kallithea.lib.auth import LoginRequired, HasPermissionA |
|
38 | from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator | |
39 | from kallithea.lib.base import BaseController, render |
|
39 | from kallithea.lib.base import BaseController, render | |
40 | from kallithea.lib.celerylib import tasks, run_task |
|
40 | from kallithea.lib.celerylib import tasks, run_task | |
41 | from kallithea.lib.exceptions import HgsubversionImportError |
|
41 | from kallithea.lib.exceptions import HgsubversionImportError | |
@@ -82,7 +82,7 b' class SettingsController(BaseController)' | |||||
82 | settings[k] = v |
|
82 | settings[k] = v | |
83 | return settings |
|
83 | return settings | |
84 |
|
84 | |||
85 |
@HasPermissionA |
|
85 | @HasPermissionAnyDecorator('hg.admin') | |
86 | def settings_vcs(self): |
|
86 | def settings_vcs(self): | |
87 | """GET /admin/settings: All items in the collection""" |
|
87 | """GET /admin/settings: All items in the collection""" | |
88 | # url('admin_settings') |
|
88 | # url('admin_settings') | |
@@ -160,7 +160,7 b' class SettingsController(BaseController)' | |||||
160 | encoding="UTF-8", |
|
160 | encoding="UTF-8", | |
161 | force_defaults=False) |
|
161 | force_defaults=False) | |
162 |
|
162 | |||
163 |
@HasPermissionA |
|
163 | @HasPermissionAnyDecorator('hg.admin') | |
164 | def settings_mapping(self): |
|
164 | def settings_mapping(self): | |
165 | """GET /admin/settings/mapping: All items in the collection""" |
|
165 | """GET /admin/settings/mapping: All items in the collection""" | |
166 | # url('admin_settings_mapping') |
|
166 | # url('admin_settings_mapping') | |
@@ -200,7 +200,7 b' class SettingsController(BaseController)' | |||||
200 | encoding="UTF-8", |
|
200 | encoding="UTF-8", | |
201 | force_defaults=False) |
|
201 | force_defaults=False) | |
202 |
|
202 | |||
203 |
@HasPermissionA |
|
203 | @HasPermissionAnyDecorator('hg.admin') | |
204 | def settings_global(self): |
|
204 | def settings_global(self): | |
205 | """GET /admin/settings/global: All items in the collection""" |
|
205 | """GET /admin/settings/global: All items in the collection""" | |
206 | # url('admin_settings_global') |
|
206 | # url('admin_settings_global') | |
@@ -260,7 +260,7 b' class SettingsController(BaseController)' | |||||
260 | encoding="UTF-8", |
|
260 | encoding="UTF-8", | |
261 | force_defaults=False) |
|
261 | force_defaults=False) | |
262 |
|
262 | |||
263 |
@HasPermissionA |
|
263 | @HasPermissionAnyDecorator('hg.admin') | |
264 | def settings_visual(self): |
|
264 | def settings_visual(self): | |
265 | """GET /admin/settings/visual: All items in the collection""" |
|
265 | """GET /admin/settings/visual: All items in the collection""" | |
266 | # url('admin_settings_visual') |
|
266 | # url('admin_settings_visual') | |
@@ -318,7 +318,7 b' class SettingsController(BaseController)' | |||||
318 | encoding="UTF-8", |
|
318 | encoding="UTF-8", | |
319 | force_defaults=False) |
|
319 | force_defaults=False) | |
320 |
|
320 | |||
321 |
@HasPermissionA |
|
321 | @HasPermissionAnyDecorator('hg.admin') | |
322 | def settings_email(self): |
|
322 | def settings_email(self): | |
323 | """GET /admin/settings/email: All items in the collection""" |
|
323 | """GET /admin/settings/email: All items in the collection""" | |
324 | # url('admin_settings_email') |
|
324 | # url('admin_settings_email') | |
@@ -359,7 +359,7 b' class SettingsController(BaseController)' | |||||
359 | encoding="UTF-8", |
|
359 | encoding="UTF-8", | |
360 | force_defaults=False) |
|
360 | force_defaults=False) | |
361 |
|
361 | |||
362 |
@HasPermissionA |
|
362 | @HasPermissionAnyDecorator('hg.admin') | |
363 | def settings_hooks(self): |
|
363 | def settings_hooks(self): | |
364 | """GET /admin/settings/hooks: All items in the collection""" |
|
364 | """GET /admin/settings/hooks: All items in the collection""" | |
365 | # url('admin_settings_hooks') |
|
365 | # url('admin_settings_hooks') | |
@@ -410,7 +410,7 b' class SettingsController(BaseController)' | |||||
410 | encoding="UTF-8", |
|
410 | encoding="UTF-8", | |
411 | force_defaults=False) |
|
411 | force_defaults=False) | |
412 |
|
412 | |||
413 |
@HasPermissionA |
|
413 | @HasPermissionAnyDecorator('hg.admin') | |
414 | def settings_search(self): |
|
414 | def settings_search(self): | |
415 | """GET /admin/settings/search: All items in the collection""" |
|
415 | """GET /admin/settings/search: All items in the collection""" | |
416 | # url('admin_settings_search') |
|
416 | # url('admin_settings_search') | |
@@ -431,7 +431,7 b' class SettingsController(BaseController)' | |||||
431 | encoding="UTF-8", |
|
431 | encoding="UTF-8", | |
432 | force_defaults=False) |
|
432 | force_defaults=False) | |
433 |
|
433 | |||
434 |
@HasPermissionA |
|
434 | @HasPermissionAnyDecorator('hg.admin') | |
435 | def settings_system(self): |
|
435 | def settings_system(self): | |
436 | """GET /admin/settings/system: All items in the collection""" |
|
436 | """GET /admin/settings/system: All items in the collection""" | |
437 | # url('admin_settings_system') |
|
437 | # url('admin_settings_system') | |
@@ -453,7 +453,7 b' class SettingsController(BaseController)' | |||||
453 | encoding="UTF-8", |
|
453 | encoding="UTF-8", | |
454 | force_defaults=False) |
|
454 | force_defaults=False) | |
455 |
|
455 | |||
456 |
@HasPermissionA |
|
456 | @HasPermissionAnyDecorator('hg.admin') | |
457 | def settings_system_update(self): |
|
457 | def settings_system_update(self): | |
458 | """GET /admin/settings/system/updates: All items in the collection""" |
|
458 | """GET /admin/settings/system/updates: All items in the collection""" | |
459 | # url('admin_settings_system_update') |
|
459 | # url('admin_settings_system_update') |
@@ -39,7 +39,7 b' import kallithea' | |||||
39 | from kallithea.lib.exceptions import DefaultUserException, \ |
|
39 | from kallithea.lib.exceptions import DefaultUserException, \ | |
40 | UserOwnsReposException, UserCreationError |
|
40 | UserOwnsReposException, UserCreationError | |
41 | from kallithea.lib import helpers as h |
|
41 | from kallithea.lib import helpers as h | |
42 |
from kallithea.lib.auth import LoginRequired, HasPermissionA |
|
42 | from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator, \ | |
43 | AuthUser |
|
43 | AuthUser | |
44 | from kallithea.lib import auth_modules |
|
44 | from kallithea.lib import auth_modules | |
45 | from kallithea.lib.auth_modules import auth_internal |
|
45 | from kallithea.lib.auth_modules import auth_internal | |
@@ -61,7 +61,7 b' class UsersController(BaseController):' | |||||
61 | """REST Controller styled on the Atom Publishing Protocol""" |
|
61 | """REST Controller styled on the Atom Publishing Protocol""" | |
62 |
|
62 | |||
63 | @LoginRequired() |
|
63 | @LoginRequired() | |
64 |
@HasPermissionA |
|
64 | @HasPermissionAnyDecorator('hg.admin') | |
65 | def __before__(self): |
|
65 | def __before__(self): | |
66 | super(UsersController, self).__before__() |
|
66 | super(UsersController, self).__before__() | |
67 | c.available_permissions = config['available_permissions'] |
|
67 | c.available_permissions = config['available_permissions'] |
@@ -33,7 +33,7 b' from sqlalchemy import or_' | |||||
33 | from kallithea import EXTERN_TYPE_INTERNAL |
|
33 | from kallithea import EXTERN_TYPE_INTERNAL | |
34 | from kallithea.controllers.api import JSONRPCController, JSONRPCError |
|
34 | from kallithea.controllers.api import JSONRPCController, JSONRPCError | |
35 | from kallithea.lib.auth import ( |
|
35 | from kallithea.lib.auth import ( | |
36 |
PasswordGenerator, AuthUser, HasPermissionA |
|
36 | PasswordGenerator, AuthUser, HasPermissionAnyDecorator, | |
37 | HasPermissionAnyDecorator, HasPermissionAnyApi, HasRepoPermissionAnyApi, |
|
37 | HasPermissionAnyDecorator, HasPermissionAnyApi, HasRepoPermissionAnyApi, | |
38 | HasRepoGroupPermissionAnyApi, HasUserGroupPermissionAny) |
|
38 | HasRepoGroupPermissionAnyApi, HasUserGroupPermissionAny) | |
39 | from kallithea.lib.utils import map_groups, repo2db_mapper |
|
39 | from kallithea.lib.utils import map_groups, repo2db_mapper | |
@@ -159,11 +159,11 b' class ApiController(JSONRPCController):' | |||||
159 |
|
159 | |||
160 | """ |
|
160 | """ | |
161 |
|
161 | |||
162 |
@HasPermissionA |
|
162 | @HasPermissionAnyDecorator('hg.admin') | |
163 | def test(self, apiuser, args): |
|
163 | def test(self, apiuser, args): | |
164 | return args |
|
164 | return args | |
165 |
|
165 | |||
166 |
@HasPermissionA |
|
166 | @HasPermissionAnyDecorator('hg.admin') | |
167 | def pull(self, apiuser, repoid): |
|
167 | def pull(self, apiuser, repoid): | |
168 | """ |
|
168 | """ | |
169 | Triggers a pull from remote location on given repo. Can be used to |
|
169 | Triggers a pull from remote location on given repo. Can be used to | |
@@ -209,7 +209,7 b' class ApiController(JSONRPCController):' | |||||
209 | 'Unable to pull changes from `%s`' % repo.repo_name |
|
209 | 'Unable to pull changes from `%s`' % repo.repo_name | |
210 | ) |
|
210 | ) | |
211 |
|
211 | |||
212 |
@HasPermissionA |
|
212 | @HasPermissionAnyDecorator('hg.admin') | |
213 | def rescan_repos(self, apiuser, remove_obsolete=Optional(False)): |
|
213 | def rescan_repos(self, apiuser, remove_obsolete=Optional(False)): | |
214 | """ |
|
214 | """ | |
215 | Triggers rescan repositories action. If remove_obsolete is set |
|
215 | Triggers rescan repositories action. If remove_obsolete is set | |
@@ -470,7 +470,7 b' class ApiController(JSONRPCController):' | |||||
470 |
|
470 | |||
471 | return ret |
|
471 | return ret | |
472 |
|
472 | |||
473 |
@HasPermissionA |
|
473 | @HasPermissionAnyDecorator('hg.admin') | |
474 | def get_ip(self, apiuser, userid=Optional(OAttr('apiuser'))): |
|
474 | def get_ip(self, apiuser, userid=Optional(OAttr('apiuser'))): | |
475 | """ |
|
475 | """ | |
476 | Shows IP address as seen from Kallithea server, together with all |
|
476 | Shows IP address as seen from Kallithea server, together with all | |
@@ -511,7 +511,7 b' class ApiController(JSONRPCController):' | |||||
511 | # alias for old |
|
511 | # alias for old | |
512 | show_ip = get_ip |
|
512 | show_ip = get_ip | |
513 |
|
513 | |||
514 |
@HasPermissionA |
|
514 | @HasPermissionAnyDecorator('hg.admin') | |
515 | def get_server_info(self, apiuser): |
|
515 | def get_server_info(self, apiuser): | |
516 | """ |
|
516 | """ | |
517 | return server info, including Kallithea version and installed packages |
|
517 | return server info, including Kallithea version and installed packages | |
@@ -592,7 +592,7 b' class ApiController(JSONRPCController):' | |||||
592 | data['permissions'] = AuthUser(user_id=user.user_id).permissions |
|
592 | data['permissions'] = AuthUser(user_id=user.user_id).permissions | |
593 | return data |
|
593 | return data | |
594 |
|
594 | |||
595 |
@HasPermissionA |
|
595 | @HasPermissionAnyDecorator('hg.admin') | |
596 | def get_users(self, apiuser): |
|
596 | def get_users(self, apiuser): | |
597 | """ |
|
597 | """ | |
598 | Lists all existing users. This command can be executed only using api_key |
|
598 | Lists all existing users. This command can be executed only using api_key | |
@@ -616,7 +616,7 b' class ApiController(JSONRPCController):' | |||||
616 | result.append(user.get_api_data()) |
|
616 | result.append(user.get_api_data()) | |
617 | return result |
|
617 | return result | |
618 |
|
618 | |||
619 |
@HasPermissionA |
|
619 | @HasPermissionAnyDecorator('hg.admin') | |
620 | def create_user(self, apiuser, username, email, password=Optional(''), |
|
620 | def create_user(self, apiuser, username, email, password=Optional(''), | |
621 | firstname=Optional(''), lastname=Optional(''), |
|
621 | firstname=Optional(''), lastname=Optional(''), | |
622 | active=Optional(True), admin=Optional(False), |
|
622 | active=Optional(True), admin=Optional(False), | |
@@ -702,7 +702,7 b' class ApiController(JSONRPCController):' | |||||
702 | log.error(traceback.format_exc()) |
|
702 | log.error(traceback.format_exc()) | |
703 | raise JSONRPCError('failed to create user `%s`' % (username,)) |
|
703 | raise JSONRPCError('failed to create user `%s`' % (username,)) | |
704 |
|
704 | |||
705 |
@HasPermissionA |
|
705 | @HasPermissionAnyDecorator('hg.admin') | |
706 | def update_user(self, apiuser, userid, username=Optional(None), |
|
706 | def update_user(self, apiuser, userid, username=Optional(None), | |
707 | email=Optional(None), password=Optional(None), |
|
707 | email=Optional(None), password=Optional(None), | |
708 | firstname=Optional(None), lastname=Optional(None), |
|
708 | firstname=Optional(None), lastname=Optional(None), | |
@@ -785,7 +785,7 b' class ApiController(JSONRPCController):' | |||||
785 | log.error(traceback.format_exc()) |
|
785 | log.error(traceback.format_exc()) | |
786 | raise JSONRPCError('failed to update user `%s`' % (userid,)) |
|
786 | raise JSONRPCError('failed to update user `%s`' % (userid,)) | |
787 |
|
787 | |||
788 |
@HasPermissionA |
|
788 | @HasPermissionAnyDecorator('hg.admin') | |
789 | def delete_user(self, apiuser, userid): |
|
789 | def delete_user(self, apiuser, userid): | |
790 | """ |
|
790 | """ | |
791 | deletes given user if such user exists. This command can |
|
791 | deletes given user if such user exists. This command can | |
@@ -1767,7 +1767,7 b' class ApiController(JSONRPCController):' | |||||
1767 | 'failed to delete repository `%s`' % (repo.repo_name,) |
|
1767 | 'failed to delete repository `%s`' % (repo.repo_name,) | |
1768 | ) |
|
1768 | ) | |
1769 |
|
1769 | |||
1770 |
@HasPermissionA |
|
1770 | @HasPermissionAnyDecorator('hg.admin') | |
1771 | def grant_user_permission(self, apiuser, repoid, userid, perm): |
|
1771 | def grant_user_permission(self, apiuser, repoid, userid, perm): | |
1772 | """ |
|
1772 | """ | |
1773 | Grant permission for user on given repository, or update existing one |
|
1773 | Grant permission for user on given repository, or update existing one | |
@@ -1814,7 +1814,7 b' class ApiController(JSONRPCController):' | |||||
1814 | ) |
|
1814 | ) | |
1815 | ) |
|
1815 | ) | |
1816 |
|
1816 | |||
1817 |
@HasPermissionA |
|
1817 | @HasPermissionAnyDecorator('hg.admin') | |
1818 | def revoke_user_permission(self, apiuser, repoid, userid): |
|
1818 | def revoke_user_permission(self, apiuser, repoid, userid): | |
1819 | """ |
|
1819 | """ | |
1820 | Revoke permission for user on given repository. This command can be executed |
|
1820 | Revoke permission for user on given repository. This command can be executed | |
@@ -1985,7 +1985,7 b' class ApiController(JSONRPCController):' | |||||
1985 | ) |
|
1985 | ) | |
1986 | ) |
|
1986 | ) | |
1987 |
|
1987 | |||
1988 |
@HasPermissionA |
|
1988 | @HasPermissionAnyDecorator('hg.admin') | |
1989 | def get_repo_group(self, apiuser, repogroupid): |
|
1989 | def get_repo_group(self, apiuser, repogroupid): | |
1990 | """ |
|
1990 | """ | |
1991 | Returns given repo group together with permissions, and repositories |
|
1991 | Returns given repo group together with permissions, and repositories | |
@@ -2023,7 +2023,7 b' class ApiController(JSONRPCController):' | |||||
2023 | data["members"] = members |
|
2023 | data["members"] = members | |
2024 | return data |
|
2024 | return data | |
2025 |
|
2025 | |||
2026 |
@HasPermissionA |
|
2026 | @HasPermissionAnyDecorator('hg.admin') | |
2027 | def get_repo_groups(self, apiuser): |
|
2027 | def get_repo_groups(self, apiuser): | |
2028 | """ |
|
2028 | """ | |
2029 | Returns all repository groups |
|
2029 | Returns all repository groups | |
@@ -2036,7 +2036,7 b' class ApiController(JSONRPCController):' | |||||
2036 | result.append(repo_group.get_api_data()) |
|
2036 | result.append(repo_group.get_api_data()) | |
2037 | return result |
|
2037 | return result | |
2038 |
|
2038 | |||
2039 |
@HasPermissionA |
|
2039 | @HasPermissionAnyDecorator('hg.admin') | |
2040 | def create_repo_group(self, apiuser, group_name, description=Optional(''), |
|
2040 | def create_repo_group(self, apiuser, group_name, description=Optional(''), | |
2041 | owner=Optional(OAttr('apiuser')), |
|
2041 | owner=Optional(OAttr('apiuser')), | |
2042 | parent=Optional(None), |
|
2042 | parent=Optional(None), | |
@@ -2105,7 +2105,7 b' class ApiController(JSONRPCController):' | |||||
2105 | log.error(traceback.format_exc()) |
|
2105 | log.error(traceback.format_exc()) | |
2106 | raise JSONRPCError('failed to create repo group `%s`' % (group_name,)) |
|
2106 | raise JSONRPCError('failed to create repo group `%s`' % (group_name,)) | |
2107 |
|
2107 | |||
2108 |
@HasPermissionA |
|
2108 | @HasPermissionAnyDecorator('hg.admin') | |
2109 | def update_repo_group(self, apiuser, repogroupid, group_name=Optional(''), |
|
2109 | def update_repo_group(self, apiuser, repogroupid, group_name=Optional(''), | |
2110 | description=Optional(''), |
|
2110 | description=Optional(''), | |
2111 | owner=Optional(OAttr('apiuser')), |
|
2111 | owner=Optional(OAttr('apiuser')), | |
@@ -2131,7 +2131,7 b' class ApiController(JSONRPCController):' | |||||
2131 | raise JSONRPCError('failed to update repository group `%s`' |
|
2131 | raise JSONRPCError('failed to update repository group `%s`' | |
2132 | % (repogroupid,)) |
|
2132 | % (repogroupid,)) | |
2133 |
|
2133 | |||
2134 |
@HasPermissionA |
|
2134 | @HasPermissionAnyDecorator('hg.admin') | |
2135 | def delete_repo_group(self, apiuser, repogroupid): |
|
2135 | def delete_repo_group(self, apiuser, repogroupid): | |
2136 | """ |
|
2136 | """ | |
2137 |
|
2137 |
@@ -859,18 +859,6 b' class PermsDecorator(object):' | |||||
859 | raise Exception('You have to write this function in child class') |
|
859 | raise Exception('You have to write this function in child class') | |
860 |
|
860 | |||
861 |
|
861 | |||
862 | class HasPermissionAllDecorator(PermsDecorator): |
|
|||
863 | """ |
|
|||
864 | Checks for access permission for all given predicates. All of them |
|
|||
865 | have to be meet in order to fulfill the request |
|
|||
866 | """ |
|
|||
867 |
|
||||
868 | def check_permissions(self): |
|
|||
869 | if self.required_perms.issubset(self.user_perms.get('global')): |
|
|||
870 | return True |
|
|||
871 | return False |
|
|||
872 |
|
||||
873 |
|
||||
874 | class HasPermissionAnyDecorator(PermsDecorator): |
|
862 | class HasPermissionAnyDecorator(PermsDecorator): | |
875 | """ |
|
863 | """ | |
876 | Checks for access permission for any of given predicates. In order to |
|
864 | Checks for access permission for any of given predicates. In order to | |
@@ -883,23 +871,6 b' class HasPermissionAnyDecorator(PermsDec' | |||||
883 | return False |
|
871 | return False | |
884 |
|
872 | |||
885 |
|
873 | |||
886 | class HasRepoPermissionAllDecorator(PermsDecorator): |
|
|||
887 | """ |
|
|||
888 | Checks for access permission for all given predicates for specific |
|
|||
889 | repository. All of them have to be meet in order to fulfill the request |
|
|||
890 | """ |
|
|||
891 |
|
||||
892 | def check_permissions(self): |
|
|||
893 | repo_name = get_repo_slug(request) |
|
|||
894 | try: |
|
|||
895 | user_perms = set([self.user_perms['repositories'][repo_name]]) |
|
|||
896 | except KeyError: |
|
|||
897 | return False |
|
|||
898 | if self.required_perms.issubset(user_perms): |
|
|||
899 | return True |
|
|||
900 | return False |
|
|||
901 |
|
||||
902 |
|
||||
903 | class HasRepoPermissionAnyDecorator(PermsDecorator): |
|
874 | class HasRepoPermissionAnyDecorator(PermsDecorator): | |
904 | """ |
|
875 | """ | |
905 | Checks for access permission for any of given predicates for specific |
|
876 | Checks for access permission for any of given predicates for specific | |
@@ -918,24 +889,6 b' class HasRepoPermissionAnyDecorator(Perm' | |||||
918 | return False |
|
889 | return False | |
919 |
|
890 | |||
920 |
|
891 | |||
921 | class HasRepoGroupPermissionAllDecorator(PermsDecorator): |
|
|||
922 | """ |
|
|||
923 | Checks for access permission for all given predicates for specific |
|
|||
924 | repository group. All of them have to be meet in order to fulfill the request |
|
|||
925 | """ |
|
|||
926 |
|
||||
927 | def check_permissions(self): |
|
|||
928 | group_name = get_repo_group_slug(request) |
|
|||
929 | try: |
|
|||
930 | user_perms = set([self.user_perms['repositories_groups'][group_name]]) |
|
|||
931 | except KeyError: |
|
|||
932 | return False |
|
|||
933 |
|
||||
934 | if self.required_perms.issubset(user_perms): |
|
|||
935 | return True |
|
|||
936 | return False |
|
|||
937 |
|
||||
938 |
|
||||
939 | class HasRepoGroupPermissionAnyDecorator(PermsDecorator): |
|
892 | class HasRepoGroupPermissionAnyDecorator(PermsDecorator): | |
940 | """ |
|
893 | """ | |
941 | Checks for access permission for any of given predicates for specific |
|
894 | Checks for access permission for any of given predicates for specific | |
@@ -954,24 +907,6 b' class HasRepoGroupPermissionAnyDecorator' | |||||
954 | return False |
|
907 | return False | |
955 |
|
908 | |||
956 |
|
909 | |||
957 | class HasUserGroupPermissionAllDecorator(PermsDecorator): |
|
|||
958 | """ |
|
|||
959 | Checks for access permission for all given predicates for specific |
|
|||
960 | user group. All of them have to be meet in order to fulfill the request |
|
|||
961 | """ |
|
|||
962 |
|
||||
963 | def check_permissions(self): |
|
|||
964 | group_name = get_user_group_slug(request) |
|
|||
965 | try: |
|
|||
966 | user_perms = set([self.user_perms['user_groups'][group_name]]) |
|
|||
967 | except KeyError: |
|
|||
968 | return False |
|
|||
969 |
|
||||
970 | if self.required_perms.issubset(user_perms): |
|
|||
971 | return True |
|
|||
972 | return False |
|
|||
973 |
|
||||
974 |
|
||||
975 | class HasUserGroupPermissionAnyDecorator(PermsDecorator): |
|
910 | class HasUserGroupPermissionAnyDecorator(PermsDecorator): | |
976 | """ |
|
911 | """ | |
977 | Checks for access permission for any of given predicates for specific |
|
912 | Checks for access permission for any of given predicates for specific | |
@@ -1020,11 +955,8 b' class PermsFunction(object):' | |||||
1020 |
|
955 | |||
1021 | cls_name = self.__class__.__name__ |
|
956 | cls_name = self.__class__.__name__ | |
1022 | check_scope = { |
|
957 | check_scope = { | |
1023 | 'HasPermissionAll': '', |
|
|||
1024 | 'HasPermissionAny': '', |
|
958 | 'HasPermissionAny': '', | |
1025 | 'HasRepoPermissionAll': 'repo:%s' % self.repo_name, |
|
|||
1026 | 'HasRepoPermissionAny': 'repo:%s' % self.repo_name, |
|
959 | 'HasRepoPermissionAny': 'repo:%s' % self.repo_name, | |
1027 | 'HasRepoGroupPermissionAll': 'group:%s' % self.group_name, |
|
|||
1028 | 'HasRepoGroupPermissionAny': 'group:%s' % self.group_name, |
|
960 | 'HasRepoGroupPermissionAny': 'group:%s' % self.group_name, | |
1029 | }.get(cls_name, '?') |
|
961 | }.get(cls_name, '?') | |
1030 | log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name, |
|
962 | log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name, | |
@@ -1051,13 +983,6 b' class PermsFunction(object):' | |||||
1051 | raise Exception('You have to write this function in child class') |
|
983 | raise Exception('You have to write this function in child class') | |
1052 |
|
984 | |||
1053 |
|
985 | |||
1054 | class HasPermissionAll(PermsFunction): |
|
|||
1055 | def check_permissions(self): |
|
|||
1056 | if self.required_perms.issubset(self.user_perms.get('global')): |
|
|||
1057 | return True |
|
|||
1058 | return False |
|
|||
1059 |
|
||||
1060 |
|
||||
1061 | class HasPermissionAny(PermsFunction): |
|
986 | class HasPermissionAny(PermsFunction): | |
1062 | def check_permissions(self): |
|
987 | def check_permissions(self): | |
1063 | if self.required_perms.intersection(self.user_perms.get('global')): |
|
988 | if self.required_perms.intersection(self.user_perms.get('global')): | |
@@ -1065,26 +990,6 b' class HasPermissionAny(PermsFunction):' | |||||
1065 | return False |
|
990 | return False | |
1066 |
|
991 | |||
1067 |
|
992 | |||
1068 | class HasRepoPermissionAll(PermsFunction): |
|
|||
1069 | def __call__(self, repo_name=None, check_location='', user=None): |
|
|||
1070 | self.repo_name = repo_name |
|
|||
1071 | return super(HasRepoPermissionAll, self).__call__(check_location, user) |
|
|||
1072 |
|
||||
1073 | def check_permissions(self): |
|
|||
1074 | if not self.repo_name: |
|
|||
1075 | self.repo_name = get_repo_slug(request) |
|
|||
1076 |
|
||||
1077 | try: |
|
|||
1078 | self._user_perms = set( |
|
|||
1079 | [self.user_perms['repositories'][self.repo_name]] |
|
|||
1080 | ) |
|
|||
1081 | except KeyError: |
|
|||
1082 | return False |
|
|||
1083 | if self.required_perms.issubset(self._user_perms): |
|
|||
1084 | return True |
|
|||
1085 | return False |
|
|||
1086 |
|
||||
1087 |
|
||||
1088 | class HasRepoPermissionAny(PermsFunction): |
|
993 | class HasRepoPermissionAny(PermsFunction): | |
1089 | def __call__(self, repo_name=None, check_location='', user=None): |
|
994 | def __call__(self, repo_name=None, check_location='', user=None): | |
1090 | self.repo_name = repo_name |
|
995 | self.repo_name = repo_name | |
@@ -1122,23 +1027,6 b' class HasRepoGroupPermissionAny(PermsFun' | |||||
1122 | return False |
|
1027 | return False | |
1123 |
|
1028 | |||
1124 |
|
1029 | |||
1125 | class HasRepoGroupPermissionAll(PermsFunction): |
|
|||
1126 | def __call__(self, group_name=None, check_location='', user=None): |
|
|||
1127 | self.group_name = group_name |
|
|||
1128 | return super(HasRepoGroupPermissionAll, self).__call__(check_location, user) |
|
|||
1129 |
|
||||
1130 | def check_permissions(self): |
|
|||
1131 | try: |
|
|||
1132 | self._user_perms = set( |
|
|||
1133 | [self.user_perms['repositories_groups'][self.group_name]] |
|
|||
1134 | ) |
|
|||
1135 | except KeyError: |
|
|||
1136 | return False |
|
|||
1137 | if self.required_perms.issubset(self._user_perms): |
|
|||
1138 | return True |
|
|||
1139 | return False |
|
|||
1140 |
|
||||
1141 |
|
||||
1142 | class HasUserGroupPermissionAny(PermsFunction): |
|
1030 | class HasUserGroupPermissionAny(PermsFunction): | |
1143 | def __call__(self, user_group_name=None, check_location='', user=None): |
|
1031 | def __call__(self, user_group_name=None, check_location='', user=None): | |
1144 | self.user_group_name = user_group_name |
|
1032 | self.user_group_name = user_group_name | |
@@ -1156,23 +1044,6 b' class HasUserGroupPermissionAny(PermsFun' | |||||
1156 | return False |
|
1044 | return False | |
1157 |
|
1045 | |||
1158 |
|
1046 | |||
1159 | class HasUserGroupPermissionAll(PermsFunction): |
|
|||
1160 | def __call__(self, user_group_name=None, check_location='', user=None): |
|
|||
1161 | self.user_group_name = user_group_name |
|
|||
1162 | return super(HasUserGroupPermissionAll, self).__call__(check_location, user) |
|
|||
1163 |
|
||||
1164 | def check_permissions(self): |
|
|||
1165 | try: |
|
|||
1166 | self._user_perms = set( |
|
|||
1167 | [self.user_perms['user_groups'][self.user_group_name]] |
|
|||
1168 | ) |
|
|||
1169 | except KeyError: |
|
|||
1170 | return False |
|
|||
1171 | if self.required_perms.issubset(self._user_perms): |
|
|||
1172 | return True |
|
|||
1173 | return False |
|
|||
1174 |
|
||||
1175 |
|
||||
1176 | #============================================================================== |
|
1047 | #============================================================================== | |
1177 | # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH |
|
1048 | # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH | |
1178 | #============================================================================== |
|
1049 | #============================================================================== | |
@@ -1252,13 +1123,6 b' class _BaseApiPerm(object):' | |||||
1252 | raise NotImplementedError() |
|
1123 | raise NotImplementedError() | |
1253 |
|
1124 | |||
1254 |
|
1125 | |||
1255 | class HasPermissionAllApi(_BaseApiPerm): |
|
|||
1256 | def check_permissions(self, perm_defs, repo_name=None, group_name=None): |
|
|||
1257 | if self.required_perms.issubset(perm_defs.get('global')): |
|
|||
1258 | return True |
|
|||
1259 | return False |
|
|||
1260 |
|
||||
1261 |
|
||||
1262 | class HasPermissionAnyApi(_BaseApiPerm): |
|
1126 | class HasPermissionAnyApi(_BaseApiPerm): | |
1263 | def check_permissions(self, perm_defs, repo_name=None, group_name=None): |
|
1127 | def check_permissions(self, perm_defs, repo_name=None, group_name=None): | |
1264 | if self.required_perms.intersection(perm_defs.get('global')): |
|
1128 | if self.required_perms.intersection(perm_defs.get('global')): | |
@@ -1266,18 +1130,6 b' class HasPermissionAnyApi(_BaseApiPerm):' | |||||
1266 | return False |
|
1130 | return False | |
1267 |
|
1131 | |||
1268 |
|
1132 | |||
1269 | class HasRepoPermissionAllApi(_BaseApiPerm): |
|
|||
1270 | def check_permissions(self, perm_defs, repo_name=None, group_name=None): |
|
|||
1271 | try: |
|
|||
1272 | _user_perms = set([perm_defs['repositories'][repo_name]]) |
|
|||
1273 | except KeyError: |
|
|||
1274 | log.warning(traceback.format_exc()) |
|
|||
1275 | return False |
|
|||
1276 | if self.required_perms.issubset(_user_perms): |
|
|||
1277 | return True |
|
|||
1278 | return False |
|
|||
1279 |
|
||||
1280 |
|
||||
1281 | class HasRepoPermissionAnyApi(_BaseApiPerm): |
|
1133 | class HasRepoPermissionAnyApi(_BaseApiPerm): | |
1282 | def check_permissions(self, perm_defs, repo_name=None, group_name=None): |
|
1134 | def check_permissions(self, perm_defs, repo_name=None, group_name=None): | |
1283 | try: |
|
1135 | try: | |
@@ -1301,16 +1153,6 b' class HasRepoGroupPermissionAnyApi(_Base' | |||||
1301 | return True |
|
1153 | return True | |
1302 | return False |
|
1154 | return False | |
1303 |
|
1155 | |||
1304 | class HasRepoGroupPermissionAllApi(_BaseApiPerm): |
|
|||
1305 | def check_permissions(self, perm_defs, repo_name=None, group_name=None): |
|
|||
1306 | try: |
|
|||
1307 | _user_perms = set([perm_defs['repositories_groups'][group_name]]) |
|
|||
1308 | except KeyError: |
|
|||
1309 | log.warning(traceback.format_exc()) |
|
|||
1310 | return False |
|
|||
1311 | if self.required_perms.issubset(_user_perms): |
|
|||
1312 | return True |
|
|||
1313 | return False |
|
|||
1314 |
|
1156 | |||
1315 | def check_ip_access(source_ip, allowed_ips=None): |
|
1157 | def check_ip_access(source_ip, allowed_ips=None): | |
1316 | """ |
|
1158 | """ |
@@ -835,9 +835,8 b' def action_parser(user_log, feed=False, ' | |||||
835 | #============================================================================== |
|
835 | #============================================================================== | |
836 | # PERMS |
|
836 | # PERMS | |
837 | #============================================================================== |
|
837 | #============================================================================== | |
838 |
from kallithea.lib.auth import HasPermissionAny, |
|
838 | from kallithea.lib.auth import HasPermissionAny, \ | |
839 |
HasRepoPermissionAny, |
|
839 | HasRepoPermissionAny, HasRepoGroupPermissionAny | |
840 | HasRepoGroupPermissionAny |
|
|||
841 |
|
840 | |||
842 |
|
841 | |||
843 | #============================================================================== |
|
842 | #============================================================================== |
@@ -50,7 +50,7 b' from kallithea.lib import helpers as h' | |||||
50 | from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \ |
|
50 | from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \ | |
51 | _set_extras |
|
51 | _set_extras | |
52 | from kallithea.lib.auth import HasRepoPermissionAny, HasRepoGroupPermissionAny, \ |
|
52 | from kallithea.lib.auth import HasRepoPermissionAny, HasRepoGroupPermissionAny, \ | |
53 |
HasUserGroupPermissionAny, HasPermissionAny, HasPermissionA |
|
53 | HasUserGroupPermissionAny, HasPermissionAny, HasPermissionAny | |
54 | from kallithea.lib.utils import get_filesystem_repos, make_ui, \ |
|
54 | from kallithea.lib.utils import get_filesystem_repos, make_ui, \ | |
55 | action_logger |
|
55 | action_logger | |
56 | from kallithea.model import BaseModel |
|
56 | from kallithea.model import BaseModel | |
@@ -794,7 +794,7 b' def AvailableRepoGroupChoices(top_perms,' | |||||
794 | Top level is -1. |
|
794 | Top level is -1. | |
795 | """ |
|
795 | """ | |
796 | groups = RepoGroup.query().all() |
|
796 | groups = RepoGroup.query().all() | |
797 |
if HasPermissionA |
|
797 | if HasPermissionAny('hg.admin')('available repo groups'): | |
798 | groups.append(None) |
|
798 | groups.append(None) | |
799 | else: |
|
799 | else: | |
800 | groups = list(RepoGroupList(groups, perm_set=repo_group_perms)) |
|
800 | groups = list(RepoGroupList(groups, perm_set=repo_group_perms)) |
@@ -138,13 +138,13 b'' | |||||
138 | <input id="branch_switcher" name="branch_switcher" type="hidden"> |
|
138 | <input id="branch_switcher" name="branch_switcher" type="hidden"> | |
139 | </li> |
|
139 | </li> | |
140 | <li ${is_current('options')} data-context="options"> |
|
140 | <li ${is_current('options')} data-context="options"> | |
141 |
%if h.HasRepoPermissionA |
|
141 | %if h.HasRepoPermissionAny('repository.admin')(c.repo_name): | |
142 | <a href="${h.url('edit_repo',repo_name=c.repo_name)}" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a> |
|
142 | <a href="${h.url('edit_repo',repo_name=c.repo_name)}" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a> | |
143 | %else: |
|
143 | %else: | |
144 | <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a> |
|
144 | <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a> | |
145 | %endif |
|
145 | %endif | |
146 | <ul class="dropdown-menu" role="menu"> |
|
146 | <ul class="dropdown-menu" role="menu"> | |
147 |
%if h.HasRepoPermissionA |
|
147 | %if h.HasRepoPermissionAny('repository.admin')(c.repo_name): | |
148 | <li><a href="${h.url('edit_repo',repo_name=c.repo_name)}"><i class="icon-gear"></i> ${_('Settings')}</a></li> |
|
148 | <li><a href="${h.url('edit_repo',repo_name=c.repo_name)}"><i class="icon-gear"></i> ${_('Settings')}</a></li> | |
149 | %endif |
|
149 | %endif | |
150 | %if c.db_repo.fork: |
|
150 | %if c.db_repo.fork: | |
@@ -331,7 +331,7 b'' | |||||
331 | <i class="icon-search"></i> ${_('Search')} |
|
331 | <i class="icon-search"></i> ${_('Search')} | |
332 | </a> |
|
332 | </a> | |
333 | </li> |
|
333 | </li> | |
334 |
% if h.HasPermissionA |
|
334 | % if h.HasPermissionAny('hg.admin')('access admin main page'): | |
335 | <li ${is_current('admin')} class="dropdown"> |
|
335 | <li ${is_current('admin')} class="dropdown"> | |
336 | <a class="menu_link dropdown-toggle" data-toggle="dropdown" role="button" title="${_('Admin')}" href="${h.url('admin_home')}"> |
|
336 | <a class="menu_link dropdown-toggle" data-toggle="dropdown" role="button" title="${_('Admin')}" href="${h.url('admin_home')}"> | |
337 | <i class="icon-gear"></i> ${_('Admin')} <span class="caret"></span> |
|
337 | <i class="icon-gear"></i> ${_('Admin')} <span class="caret"></span> |
@@ -32,7 +32,7 b'' | |||||
32 | <div style="padding:0 10px 10px 17px;"> |
|
32 | <div style="padding:0 10px 10px 17px;"> | |
33 | %if c.no_data: |
|
33 | %if c.no_data: | |
34 | ${c.no_data_msg} |
|
34 | ${c.no_data_msg} | |
35 |
%if h.HasPermissionA |
|
35 | %if h.HasPermissionAny('hg.admin')('enable stats on from summary'): | |
36 | ${h.link_to(_('Enable'),h.url('edit_repo',repo_name=c.repo_name),class_="btn btn-mini")} |
|
36 | ${h.link_to(_('Enable'),h.url('edit_repo',repo_name=c.repo_name),class_="btn btn-mini")} | |
37 | %endif |
|
37 | %endif | |
38 | %else: |
|
38 | %else: |
@@ -96,7 +96,7 b" summary = lambda n:{False:'summary-short" | |||||
96 | <div id="lang_stats"></div> |
|
96 | <div id="lang_stats"></div> | |
97 | %else: |
|
97 | %else: | |
98 | ${_('Statistics are disabled for this repository')} |
|
98 | ${_('Statistics are disabled for this repository')} | |
99 |
%if h.HasPermissionA |
|
99 | %if h.HasPermissionAny('hg.admin')('enable stats on from summary'): | |
100 | ${h.link_to(_('Enable'),h.url('edit_repo',repo_name=c.repo_name, anchor='repo_enable_statistics'),class_="btn btn-mini")} |
|
100 | ${h.link_to(_('Enable'),h.url('edit_repo',repo_name=c.repo_name, anchor='repo_enable_statistics'),class_="btn btn-mini")} | |
101 | %endif |
|
101 | %endif | |
102 | %endif |
|
102 | %endif | |
@@ -112,7 +112,7 b" summary = lambda n:{False:'summary-short" | |||||
112 | ${_('There are no downloads yet')} |
|
112 | ${_('There are no downloads yet')} | |
113 | %elif not c.enable_downloads: |
|
113 | %elif not c.enable_downloads: | |
114 | ${_('Downloads are disabled for this repository')} |
|
114 | ${_('Downloads are disabled for this repository')} | |
115 |
%if h.HasPermissionA |
|
115 | %if h.HasPermissionAny('hg.admin')('enable downloads on from summary'): | |
116 | ${h.link_to(_('Enable'),h.url('edit_repo',repo_name=c.repo_name, anchor='repo_enable_downloads'),class_="btn btn-mini")} |
|
116 | ${h.link_to(_('Enable'),h.url('edit_repo',repo_name=c.repo_name, anchor='repo_enable_downloads'),class_="btn btn-mini")} | |
117 | %endif |
|
117 | %endif | |
118 | %else: |
|
118 | %else: |
General Comments 0
You need to be logged in to leave comments.
Login now