upstream/kallithea Commit - r3525:0cef54d3

Pass in old groups data to CanWriteToGroup validator for later skipping group checks....

marcink -

r3525:0cef54d3 default

parent child

rhodecode/controllers/admin/repos.py

0 +4 -2

             # -*- coding: utf-8 -*-
             """
                 rhodecode.controllers.admin.repos
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                 Repositories controller for RhodeCode
                 :created_on: Apr 7, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import logging
             import traceback
             import formencode
             from formencode import htmlfill
             from webob.exc import HTTPInternalServerError
             from pylons import request, session, tmpl_context as c, url
             from pylons.controllers.util import redirect
             from pylons.i18n.translation import _
             from sqlalchemy.exc import IntegrityError
             import rhodecode
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
                 HasPermissionAnyDecorator, HasRepoPermissionAllDecorator
             from rhodecode.lib.base import BaseController, render
             from rhodecode.lib.utils import invalidate_cache, action_logger, repo_name_slug
             from rhodecode.lib.helpers import get_token
             from rhodecode.model.meta import Session
             from rhodecode.model.db import User, Repository, UserFollowing, RepoGroup,\
                 RhodeCodeSetting
             from rhodecode.model.forms import RepoForm
             from rhodecode.model.scm import ScmModel
             from rhodecode.model.repo import RepoModel
             from rhodecode.lib.compat import json
             from sqlalchemy.sql.expression import func
             log = logging.getLogger(__name__)
             class ReposController(BaseController):
                 """
                 REST Controller styled on the Atom Publishing Protocol"""
                 # To properly map this controller, ensure your config/routing.py
                 # file has a resource setup:
                 #     map.resource('repo', 'repos')
                 @LoginRequired()
                 @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
                 def __before__(self):
                     c.admin_user = session.get('admin_user')
                     c.admin_username = session.get('admin_username')
                     super(ReposController, self).__before__()
                 def __load_defaults(self):
                     c.repo_groups = RepoGroup.groups_choices(check_perms=True)
                     c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
                     repo_model = RepoModel()
                     c.users_array = repo_model.get_users_js()
                     c.users_groups_array = repo_model.get_users_groups_js()
                     choices, c.landing_revs = ScmModel().get_repo_landing_revs()
                     c.landing_revs_choices = choices
                 def __load_data(self, repo_name=None):
                     """
                     Load defaults settings for edit, and update
                     :param repo_name:
                     """
                     self.__load_defaults()
                     c.repo_info = db_repo = Repository.get_by_repo_name(repo_name)
                     repo = db_repo.scm_instance
                     if c.repo_info is None:
                         h.not_mapped_error(repo_name)
                         return redirect(url('repos'))
                     ##override defaults for exact repo info here git/hg etc
                     choices, c.landing_revs = ScmModel().get_repo_landing_revs(c.repo_info)
                     c.landing_revs_choices = choices
                     c.default_user_id = User.get_by_username('default').user_id
                     c.in_public_journal = UserFollowing.query()\
                         .filter(UserFollowing.user_id == c.default_user_id)\
                         .filter(UserFollowing.follows_repository == c.repo_info).scalar()
                     if c.repo_info.stats:
                         # this is on what revision we ended up so we add +1 for count
                         last_rev = c.repo_info.stats.stat_on_revision + 1
                     else:
                         last_rev = 0
                     c.stats_revision = last_rev
                     c.repo_last_rev = repo.count() if repo.revisions else 0
                     if last_rev == 0 or c.repo_last_rev == 0:
                         c.stats_percentage = 0
                     else:
                         c.stats_percentage = '%.2f' % ((float((last_rev)) /
                                                         c.repo_last_rev) * 100)
                     defaults = RepoModel()._get_defaults(repo_name)
                     c.repos_list = [('', _('--REMOVE FORK--'))]
                     c.repos_list += [(x.repo_id, x.repo_name) for x in
                                 Repository.query().order_by(Repository.repo_name).all()
                                 if x.repo_id != c.repo_info.repo_id]
                     defaults['id_fork_of'] = db_repo.fork.repo_id if db_repo.fork else ''
                     return defaults
                 @HasPermissionAllDecorator('hg.admin')
                 def index(self, format='html'):
                     """GET /repos: All items in the collection"""
                     # url('repos')
                     c.repos_list = Repository.query()\
                                     .order_by(func.lower(Repository.repo_name))\
                                     .all()
                     repos_data = RepoModel().get_repos_as_dict(repos_list=c.repos_list,
                                                                admin=True)
                     #json used to render the grid
                     c.data = json.dumps(repos_data)
                     return render('admin/repos/repos.html')
                 @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
                 def create(self):
                     """
                     POST /repos: Create a new item"""
                     # url('repos')
                     self.__load_defaults()
                     form_result = {}
                     try:
                         form_result = RepoForm(repo_groups=c.repo_groups_choices,
                                                landing_revs=c.landing_revs_choices)()\
                                         .to_python(dict(request.POST))
                         new_repo = RepoModel().create(form_result,
                                                       self.rhodecode_user.user_id)
                         if form_result['clone_uri']:
                             h.flash(_('created repository %s from %s') \
                                 % (form_result['repo_name'], form_result['clone_uri']),
                                 category='success')
                         else:
                             h.flash(_('created repository %s') % form_result['repo_name'],
                                 category='success')
                         if request.POST.get('user_created'):
                             # created by regular non admin user
                             action_logger(self.rhodecode_user, 'user_created_repo',
                                           form_result['repo_name_full'], self.ip_addr,
                                           self.sa)
                         else:
                             action_logger(self.rhodecode_user, 'admin_created_repo',
                                           form_result['repo_name_full'], self.ip_addr,
                                           self.sa)
                         Session().commit()
                     except formencode.Invalid, errors:
                         c.new_repo = errors.value['repo_name']
                         if request.POST.get('user_created'):
                             r = render('admin/repos/repo_add_create_repository.html')
                         else:
                             r = render('admin/repos/repo_add.html')
                         return htmlfill.render(
                             r,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8")
                     except Exception:
                         log.error(traceback.format_exc())
                         msg = _('error occurred during creation of repository %s') \
                                 % form_result.get('repo_name')
                         h.flash(msg, category='error')
                         return redirect(url('repos'))
                     #redirect to our new repo !
                     return redirect(url('summary_home', repo_name=new_repo.repo_name))
                 @HasPermissionAllDecorator('hg.admin')
                 def new(self, format='html'):
                     """GET /repos/new: Form to create a new item"""
                     new_repo = request.GET.get('repo', '')
                     c.new_repo = repo_name_slug(new_repo)
                     self.__load_defaults()
                     ## apply the defaults from defaults page
                     defaults = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True)
                     return htmlfill.render(
                         render('admin/repos/repo_add.html'),
                         defaults=defaults,
                         errors={},
                         prefix_error=False,
                         encoding="UTF-8"
                     )
                 @HasPermissionAllDecorator('hg.admin')
                 def update(self, repo_name):
                     """
                     PUT /repos/repo_name: Update an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     #    <input type="hidden" name="_method" value="PUT" />
                     # Or using helpers:
                     #    h.form(url('repo', repo_name=ID),
                     #           method='put')
                     # url('repo', repo_name=ID)
                     self.__load_defaults()
                     repo_model = RepoModel()
                     changed_name = repo_name
                     #override the choices with extracted revisions !
                     choices, c.landing_revs = ScmModel().get_repo_landing_revs(repo_name)
                     c.landing_revs_choices = choices
+                    repo = Repository.get_by_repo_name(repo_name)
-                    _form = RepoForm(edit=True, old_data={'repo_name': repo_name},
+                    _form = RepoForm(edit=True, old_data={'repo_name': repo_name,
+                                                          'repo_group': repo.group.get_dict() \
+                                                          if repo.group else {}},
                                      repo_groups=c.repo_groups_choices,
                                      landing_revs=c.landing_revs_choices)()
                     try:
                         form_result = _form.to_python(dict(request.POST))
                         repo = repo_model.update(repo_name, **form_result)
                         invalidate_cache('get_repo_cached_%s' % repo_name)
                         h.flash(_('Repository %s updated successfully') % repo_name,
                                 category='success')
                         changed_name = repo.repo_name
                         action_logger(self.rhodecode_user, 'admin_updated_repo',
                                           changed_name, self.ip_addr, self.sa)
                         Session().commit()
                     except formencode.Invalid, errors:
                         defaults = self.__load_data(repo_name)
                         defaults.update(errors.value)
                         return htmlfill.render(
                             render('admin/repos/repo_edit.html'),
                             defaults=defaults,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8")
                     except Exception:
                         log.error(traceback.format_exc())
                         h.flash(_('error occurred during update of repository %s') \
                                 % repo_name, category='error')
                     return redirect(url('edit_repo', repo_name=changed_name))
                 @HasPermissionAllDecorator('hg.admin')
                 def delete(self, repo_name):
                     """
                     DELETE /repos/repo_name: Delete an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     #    <input type="hidden" name="_method" value="DELETE" />
                     # Or using helpers:
                     #    h.form(url('repo', repo_name=ID),
                     #           method='delete')
                     # url('repo', repo_name=ID)
                     repo_model = RepoModel()
                     repo = repo_model.get_by_repo_name(repo_name)
                     if not repo:
                         h.not_mapped_error(repo_name)
                         return redirect(url('repos'))
                     try:
                         action_logger(self.rhodecode_user, 'admin_deleted_repo',
                                           repo_name, self.ip_addr, self.sa)
                         repo_model.delete(repo)
                         invalidate_cache('get_repo_cached_%s' % repo_name)
                         h.flash(_('deleted repository %s') % repo_name, category='success')
                         Session().commit()
                     except IntegrityError, e:
                         if e.message.find('repositories_fork_id_fkey') != -1:
                             log.error(traceback.format_exc())
                             h.flash(_('Cannot delete %s it still contains attached '
                                       'forks') % repo_name,
                                     category='warning')
                         else:
                             log.error(traceback.format_exc())
                             h.flash(_('An error occurred during '
                                       'deletion of %s') % repo_name,
                                     category='error')
                     except Exception, e:
                         log.error(traceback.format_exc())
                         h.flash(_('An error occurred during deletion of %s') % repo_name,
                                 category='error')
                     return redirect(url('repos'))
                 @HasRepoPermissionAllDecorator('repository.admin')
                 def delete_perm_user(self, repo_name):
                     """
                     DELETE an existing repository permission user
                     :param repo_name:
                     """
                     try:
                         RepoModel().revoke_user_permission(repo=repo_name,
                                                            user=request.POST['user_id'])
                         Session().commit()
                     except Exception:
                         log.error(traceback.format_exc())
                         h.flash(_('An error occurred during deletion of repository user'),
                                 category='error')
                         raise HTTPInternalServerError()
                 @HasRepoPermissionAllDecorator('repository.admin')
                 def delete_perm_users_group(self, repo_name):
                     """
                     DELETE an existing repository permission users group
                     :param repo_name:
                     """
                     try:
                         RepoModel().revoke_users_group_permission(
                             repo=repo_name, group_name=request.POST['users_group_id']
                         )
                         Session().commit()
                     except Exception:
                         log.error(traceback.format_exc())
                         h.flash(_('An error occurred during deletion of repository'
                                   ' users groups'),
                                 category='error')
                         raise HTTPInternalServerError()
                 @HasPermissionAllDecorator('hg.admin')
                 def repo_stats(self, repo_name):
                     """
                     DELETE an existing repository statistics
                     :param repo_name:
                     """
                     try:
                         RepoModel().delete_stats(repo_name)
                         Session().commit()
                     except Exception, e:
                         log.error(traceback.format_exc())
                         h.flash(_('An error occurred during deletion of repository stats'),
                                 category='error')
                     return redirect(url('edit_repo', repo_name=repo_name))
                 @HasPermissionAllDecorator('hg.admin')
                 def repo_cache(self, repo_name):
                     """
                     INVALIDATE existing repository cache
                     :param repo_name:
                     """
                     try:
                         ScmModel().mark_for_invalidation(repo_name)
                         Session().commit()
                     except Exception, e:
                         log.error(traceback.format_exc())
                         h.flash(_('An error occurred during cache invalidation'),
                                 category='error')
                     return redirect(url('edit_repo', repo_name=repo_name))
                 @HasPermissionAllDecorator('hg.admin')
                 def repo_locking(self, repo_name):
                     """
                     Unlock repository when it is locked !
                     :param repo_name:
                     """
                     try:
                         repo = Repository.get_by_repo_name(repo_name)
                         if request.POST.get('set_lock'):
                             Repository.lock(repo, c.rhodecode_user.user_id)
                         elif request.POST.get('set_unlock'):
                             Repository.unlock(repo)
                     except Exception, e:
                         log.error(traceback.format_exc())
                         h.flash(_('An error occurred during unlocking'),
                                 category='error')
                     return redirect(url('edit_repo', repo_name=repo_name))
                 @HasPermissionAllDecorator('hg.admin')
                 def repo_public_journal(self, repo_name):
                     """
                     Set's this repository to be visible in public journal,
                     in other words assing default user to follow this repo
                     :param repo_name:
                     """
                     cur_token = request.POST.get('auth_token')
                     token = get_token()
                     if cur_token == token:
                         try:
                             repo_id = Repository.get_by_repo_name(repo_name).repo_id
                             user_id = User.get_by_username('default').user_id
                             self.scm_model.toggle_following_repo(repo_id, user_id)
                             h.flash(_('Updated repository visibility in public journal'),
                                     category='success')
                             Session().commit()
                         except:
                             h.flash(_('An error occurred during setting this'
                                       ' repository in public journal'),
                                     category='error')
                     else:
                         h.flash(_('Token mismatch'), category='error')
                     return redirect(url('edit_repo', repo_name=repo_name))
                 @HasPermissionAllDecorator('hg.admin')
                 def repo_pull(self, repo_name):
                     """
                     Runs task to update given repository with remote changes,
                     ie. make pull on remote location
                     :param repo_name:
                     """
                     try:
                         ScmModel().pull_changes(repo_name, self.rhodecode_user.username)
                         h.flash(_('Pulled from remote location'), category='success')
                     except Exception, e:
                         h.flash(_('An error occurred during pull from remote location'),
                                 category='error')
                     return redirect(url('edit_repo', repo_name=repo_name))
                 @HasPermissionAllDecorator('hg.admin')
                 def repo_as_fork(self, repo_name):
                     """
                     Mark given repository as a fork of another
                     :param repo_name:
                     """
                     try:
                         fork_id = request.POST.get('id_fork_of')
                         repo = ScmModel().mark_as_fork(repo_name, fork_id,
                                                 self.rhodecode_user.username)
                         fork = repo.fork.repo_name if repo.fork else _('Nothing')
                         Session().commit()
                         h.flash(_('Marked repo %s as fork of %s') % (repo_name, fork),
                                 category='success')
                     except Exception, e:
                         log.error(traceback.format_exc())
                         h.flash(_('An error occurred during this operation'),
                                 category='error')
                     return redirect(url('edit_repo', repo_name=repo_name))
                 @HasPermissionAllDecorator('hg.admin')
                 def show(self, repo_name, format='html'):
                     """GET /repos/repo_name: Show a specific item"""
                     # url('repo', repo_name=ID)
                 @HasPermissionAllDecorator('hg.admin')
                 def edit(self, repo_name, format='html'):
                     """GET /repos/repo_name/edit: Form to edit an existing item"""
                     # url('edit_repo', repo_name=ID)
                     defaults = self.__load_data(repo_name)
                     return htmlfill.render(
                         render('admin/repos/repo_edit.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )

rhodecode/controllers/settings.py

0 +4 -2

             # -*- coding: utf-8 -*-
             """
                 rhodecode.controllers.settings
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                 Settings controller for rhodecode
                 :created_on: Jun 30, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import logging
             import traceback
             import formencode
             from formencode import htmlfill
             from pylons import tmpl_context as c, request, url
             from pylons.controllers.util import redirect
             from pylons.i18n.translation import _
             import rhodecode.lib.helpers as h
             from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAllDecorator,\
                 HasRepoPermissionAnyDecorator
             from rhodecode.lib.base import BaseRepoController, render
             from rhodecode.lib.utils import invalidate_cache, action_logger
             from rhodecode.model.forms import RepoSettingsForm
             from rhodecode.model.repo import RepoModel
             from rhodecode.model.db import RepoGroup, Repository
             from rhodecode.model.meta import Session
             from rhodecode.model.scm import ScmModel
             log = logging.getLogger(__name__)
             class SettingsController(BaseRepoController):
                 @LoginRequired()
                 def __before__(self):
                     super(SettingsController, self).__before__()
                 def __load_defaults(self):
                     c.repo_groups = RepoGroup.groups_choices(check_perms=True)
                     c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
                     repo_model = RepoModel()
                     c.users_array = repo_model.get_users_js()
                     c.users_groups_array = repo_model.get_users_groups_js()
                     choices, c.landing_revs = ScmModel().get_repo_landing_revs()
                     c.landing_revs_choices = choices
                 def __load_data(self, repo_name=None):
                     """
                     Load defaults settings for edit, and update
                     :param repo_name:
                     """
                     self.__load_defaults()
                     c.repo_info = db_repo = Repository.get_by_repo_name(repo_name)
                     repo = db_repo.scm_instance
                     if c.repo_info is None:
                         h.not_mapped_error(repo_name)
                         return redirect(url('home'))
                     ##override defaults for exact repo info here git/hg etc
                     choices, c.landing_revs = ScmModel().get_repo_landing_revs(c.repo_info)
                     c.landing_revs_choices = choices
                     defaults = RepoModel()._get_defaults(repo_name)
                     return defaults
                 @HasRepoPermissionAllDecorator('repository.admin')
                 def index(self, repo_name):
                     defaults = self.__load_data(repo_name)
                     return htmlfill.render(
                         render('settings/repo_settings.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                 @HasRepoPermissionAllDecorator('repository.admin')
                 def update(self, repo_name):
                     self.__load_defaults()
                     repo_model = RepoModel()
                     changed_name = repo_name
                     #override the choices with extracted revisions !
                     choices, c.landing_revs = ScmModel().get_repo_landing_revs(repo_name)
                     c.landing_revs_choices = choices
+                    repo = Repository.get_by_repo_name(repo_name)
                     _form = RepoSettingsForm(edit=True,
-                                             old_data={'repo_name': repo_name},
+                                            old_data={'repo_name': repo_name,
+                                                      'repo_group': repo.group.get_dict() \
+                                                          if repo.group else {}},
                                              repo_groups=c.repo_groups_choices,
                                              landing_revs=c.landing_revs_choices)()
                     try:
                         form_result = _form.to_python(dict(request.POST))
                         repo_model.update(repo_name, **form_result)
                         invalidate_cache('get_repo_cached_%s' % repo_name)
                         h.flash(_('Repository %s updated successfully') % repo_name,
                                 category='success')
                         changed_name = form_result['repo_name_full']
                         action_logger(self.rhodecode_user, 'user_updated_repo',
                                       changed_name, self.ip_addr, self.sa)
                         Session().commit()
                     except formencode.Invalid, errors:
                         defaults = self.__load_data(repo_name)
                         defaults.update(errors.value)
                         return htmlfill.render(
                             render('settings/repo_settings.html'),
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8")
                     except Exception:
                         log.error(traceback.format_exc())
                         h.flash(_('error occurred during update of repository %s') \
                                 % repo_name, category='error')
                     return redirect(url('repo_settings_home', repo_name=changed_name))
                 @HasRepoPermissionAllDecorator('repository.admin')
                 def delete(self, repo_name):
                     """DELETE /repos/repo_name: Delete an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     #    <input type="hidden" name="_method" value="DELETE" />
                     # Or using helpers:
                     #    h.form(url('repo_settings_delete', repo_name=ID),
                     #           method='delete')
                     # url('repo_settings_delete', repo_name=ID)
                     repo_model = RepoModel()
                     repo = repo_model.get_by_repo_name(repo_name)
                     if not repo:
                         h.not_mapped_error(repo_name)
                         return redirect(url('home'))
                     try:
                         action_logger(self.rhodecode_user, 'user_deleted_repo',
                                           repo_name, self.ip_addr, self.sa)
                         repo_model.delete(repo)
                         invalidate_cache('get_repo_cached_%s' % repo_name)
                         h.flash(_('deleted repository %s') % repo_name, category='success')
                         Session().commit()
                     except Exception:
                         log.error(traceback.format_exc())
                         h.flash(_('An error occurred during deletion of %s') % repo_name,
                                 category='error')
                     return redirect(url('admin_settings_my_account', anchor='my'))
                 @HasRepoPermissionAnyDecorator('repository.write', 'repository.admin')
                 def toggle_locking(self, repo_name):
                     """
                     Toggle locking of repository by simple GET call to url
                     :param repo_name:
                     """
                     try:
                         repo = Repository.get_by_repo_name(repo_name)
                         if repo.enable_locking:
                             if repo.locked[0]:
                                 Repository.unlock(repo)
                                 action = _('unlocked')
                             else:
                                 Repository.lock(repo, c.rhodecode_user.user_id)
                                 action = _('locked')
                             h.flash(_('Repository has been %s') % action,
                                     category='success')
                     except Exception, e:
                         log.error(traceback.format_exc())
                         h.flash(_('An error occurred during unlocking'),
                                 category='error')
                     return redirect(url('summary_home', repo_name=repo_name))

rhodecode/model/forms.py

0 +2 -2

             """ this is forms validation classes
             http://formencode.org/module-formencode.validators.html
             for list off all availible validators
             we can create our own validators
             The table below outlines the options which can be used in a schema in addition to the validators themselves
             pre_validators          []     These validators will be applied before the schema
             chained_validators      []     These validators will be applied after the schema
             allow_extra_fields      False     If True, then it is not an error when keys that aren't associated with a validator are present
             filter_extra_fields     False     If True, then keys that aren't associated with a validator are removed
             if_key_missing          NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value.
             ignore_key_missing      False     If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already
             <name> = formencode.validators.<name of validator>
             <name> must equal form name
             list=[1,2,3,4,5]
             for SELECT use formencode.All(OneOf(list), Int())
             """
             import logging
             import formencode
             from formencode import All
             from pylons.i18n.translation import _
             from rhodecode.model import validators as v
             from rhodecode import BACKENDS
             log = logging.getLogger(__name__)
             class LoginForm(formencode.Schema):
                 allow_extra_fields = True
                 filter_extra_fields = True
                 username = v.UnicodeString(
                     strip=True,
                     min=1,
                     not_empty=True,
                     messages={
                        'empty': _(u'Please enter a login'),
                        'tooShort': _(u'Enter a value %(min)i characters long or more')}
                 )
                 password = v.UnicodeString(
                     strip=False,
                     min=3,
                     not_empty=True,
                     messages={
                         'empty': _(u'Please enter a password'),
                         'tooShort': _(u'Enter %(min)i characters or more')}
                 )
                 remember = v.StringBoolean(if_missing=False)
                 chained_validators = [v.ValidAuth()]
             def UserForm(edit=False, old_data={}):
                 class _UserForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     username = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                                    v.ValidUsername(edit, old_data))
                     if edit:
                         new_password = All(
                             v.ValidPassword(),
                             v.UnicodeString(strip=False, min=6, not_empty=False)
                         )
                         password_confirmation = All(
                             v.ValidPassword(),
                             v.UnicodeString(strip=False, min=6, not_empty=False),
                         )
                         admin = v.StringBoolean(if_missing=False)
                     else:
                         password = All(
                             v.ValidPassword(),
                             v.UnicodeString(strip=False, min=6, not_empty=True)
                         )
                         password_confirmation = All(
                             v.ValidPassword(),
                             v.UnicodeString(strip=False, min=6, not_empty=False)
                         )
                     active = v.StringBoolean(if_missing=False)
                     firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
                     lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
                     email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
                     chained_validators = [v.ValidPasswordsMatch()]
                 return _UserForm
             def UsersGroupForm(edit=False, old_data={}, available_members=[]):
                 class _UsersGroupForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     users_group_name = All(
                         v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.ValidUsersGroup(edit, old_data)
                     )
                     users_group_active = v.StringBoolean(if_missing=False)
                     if edit:
                         users_group_members = v.OneOf(
                             available_members, hideList=False, testValueList=True,
                             if_missing=None, not_empty=False
                         )
                 return _UsersGroupForm
             def ReposGroupForm(edit=False, old_data={}, available_groups=[]):
                 class _ReposGroupForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     group_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                                            v.SlugifyName())
                     group_description = v.UnicodeString(strip=True, min=1,
                                                             not_empty=True)
                     group_parent_id = v.OneOf(available_groups, hideList=False,
                                                     testValueList=True,
                                                     if_missing=None, not_empty=False)
                     enable_locking = v.StringBoolean(if_missing=False)
                     recursive = v.StringBoolean(if_missing=False)
                     chained_validators = [v.ValidReposGroup(edit, old_data),
                                           v.ValidPerms('group')]
                 return _ReposGroupForm
             def RegisterForm(edit=False, old_data={}):
                 class _RegisterForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     username = All(
                         v.ValidUsername(edit, old_data),
                         v.UnicodeString(strip=True, min=1, not_empty=True)
                     )
                     password = All(
                         v.ValidPassword(),
                         v.UnicodeString(strip=False, min=6, not_empty=True)
                     )
                     password_confirmation = All(
                         v.ValidPassword(),
                         v.UnicodeString(strip=False, min=6, not_empty=True)
                     )
                     active = v.StringBoolean(if_missing=False)
                     firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
                     lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
                     email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
                     chained_validators = [v.ValidPasswordsMatch()]
                 return _RegisterForm
             def PasswordResetForm():
                 class _PasswordResetForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     email = All(v.ValidSystemEmail(), v.Email(not_empty=True))
                 return _PasswordResetForm
             def RepoForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
                          repo_groups=[], landing_revs=[]):
                 class _RepoForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                                     v.SlugifyName())
-                    repo_group = All(v.CanWriteGroup(),
+                    repo_group = All(v.CanWriteGroup(old_data),
                                      v.OneOf(repo_groups, hideList=True))
                     repo_type = v.OneOf(supported_backends)
                     repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
                     repo_private = v.StringBoolean(if_missing=False)
                     repo_landing_rev = v.OneOf(landing_revs, hideList=True)
                     clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))
                     repo_enable_statistics = v.StringBoolean(if_missing=False)
                     repo_enable_downloads = v.StringBoolean(if_missing=False)
                     repo_enable_locking = v.StringBoolean(if_missing=False)
                     if edit:
                         #this is repo owner
                         user = All(v.UnicodeString(not_empty=True), v.ValidRepoUser())
                     chained_validators = [v.ValidCloneUri(),
                                           v.ValidRepoName(edit, old_data),
                                           v.ValidPerms()]
                 return _RepoForm
             def RepoSettingsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
                                  repo_groups=[], landing_revs=[]):
                 class _RepoForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                                     v.SlugifyName())
-                    repo_group = All(v.CanWriteGroup(),
+                    repo_group = All(v.CanWriteGroup(old_data),
                                      v.OneOf(repo_groups, hideList=True))
                     repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
                     repo_private = v.StringBoolean(if_missing=False)
                     repo_landing_rev = v.OneOf(landing_revs, hideList=True)
                     clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))
                     chained_validators = [v.ValidCloneUri(),
                                           v.ValidRepoName(edit, old_data),
                                           v.ValidPerms(),
                                           v.ValidSettings()]
                 return _RepoForm
             def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
                              repo_groups=[], landing_revs=[]):
                 class _RepoForkForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                                     v.SlugifyName())
                     repo_group = All(v.CanWriteGroup(),
                                      v.OneOf(repo_groups, hideList=True))
                     repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends))
                     description = v.UnicodeString(strip=True, min=1, not_empty=True)
                     private = v.StringBoolean(if_missing=False)
                     copy_permissions = v.StringBoolean(if_missing=False)
                     update_after_clone = v.StringBoolean(if_missing=False)
                     fork_parent_id = v.UnicodeString()
                     chained_validators = [v.ValidForkName(edit, old_data)]
                     landing_rev = v.OneOf(landing_revs, hideList=True)
                 return _RepoForkForm
             def ApplicationSettingsForm():
                 class _ApplicationSettingsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     rhodecode_title = v.UnicodeString(strip=True, min=1, not_empty=True)
                     rhodecode_realm = v.UnicodeString(strip=True, min=1, not_empty=True)
                     rhodecode_ga_code = v.UnicodeString(strip=True, min=1, not_empty=False)
                 return _ApplicationSettingsForm
             def ApplicationVisualisationForm():
                 class _ApplicationVisualisationForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     rhodecode_show_public_icon = v.StringBoolean(if_missing=False)
                     rhodecode_show_private_icon = v.StringBoolean(if_missing=False)
                     rhodecode_stylify_metatags = v.StringBoolean(if_missing=False)
                     rhodecode_lightweight_dashboard = v.StringBoolean(if_missing=False)
                     rhodecode_lightweight_journal = v.StringBoolean(if_missing=False)
                 return _ApplicationVisualisationForm
             def ApplicationUiSettingsForm():
                 class _ApplicationUiSettingsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     web_push_ssl = v.StringBoolean(if_missing=False)
                     paths_root_path = All(
                         v.ValidPath(),
                         v.UnicodeString(strip=True, min=1, not_empty=True)
                     )
                     hooks_changegroup_update = v.StringBoolean(if_missing=False)
                     hooks_changegroup_repo_size = v.StringBoolean(if_missing=False)
                     hooks_changegroup_push_logger = v.StringBoolean(if_missing=False)
                     hooks_outgoing_pull_logger = v.StringBoolean(if_missing=False)
                     extensions_largefiles = v.StringBoolean(if_missing=False)
                     extensions_hgsubversion = v.StringBoolean(if_missing=False)
                     extensions_hggit = v.StringBoolean(if_missing=False)
                 return _ApplicationUiSettingsForm
             def DefaultPermissionsForm(repo_perms_choices, group_perms_choices,
                                        register_choices, create_choices, fork_choices):
                 class _DefaultPermissionsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     overwrite_default_repo = v.StringBoolean(if_missing=False)
                     overwrite_default_group = v.StringBoolean(if_missing=False)
                     anonymous = v.StringBoolean(if_missing=False)
                     default_repo_perm = v.OneOf(repo_perms_choices)
                     default_group_perm = v.OneOf(group_perms_choices)
                     default_register = v.OneOf(register_choices)
                     default_create = v.OneOf(create_choices)
                     default_fork = v.OneOf(fork_choices)
                 return _DefaultPermissionsForm
             def DefaultsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):
                 class _DefaultsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     default_repo_type = v.OneOf(supported_backends)
                     default_repo_private = v.StringBoolean(if_missing=False)
                     default_repo_enable_statistics = v.StringBoolean(if_missing=False)
                     default_repo_enable_downloads = v.StringBoolean(if_missing=False)
                     default_repo_enable_locking = v.StringBoolean(if_missing=False)
                 return _DefaultsForm
             def LdapSettingsForm(tls_reqcert_choices, search_scope_choices,
                                  tls_kind_choices):
                 class _LdapSettingsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     #pre_validators = [LdapLibValidator]
                     ldap_active = v.StringBoolean(if_missing=False)
                     ldap_host = v.UnicodeString(strip=True,)
                     ldap_port = v.Number(strip=True,)
                     ldap_tls_kind = v.OneOf(tls_kind_choices)
                     ldap_tls_reqcert = v.OneOf(tls_reqcert_choices)
                     ldap_dn_user = v.UnicodeString(strip=True,)
                     ldap_dn_pass = v.UnicodeString(strip=True,)
                     ldap_base_dn = v.UnicodeString(strip=True,)
                     ldap_filter = v.UnicodeString(strip=True,)
                     ldap_search_scope = v.OneOf(search_scope_choices)
                     ldap_attr_login = All(
                         v.AttrLoginValidator(),
                         v.UnicodeString(strip=True,)
                     )
                     ldap_attr_firstname = v.UnicodeString(strip=True,)
                     ldap_attr_lastname = v.UnicodeString(strip=True,)
                     ldap_attr_email = v.UnicodeString(strip=True,)
                 return _LdapSettingsForm
             def UserExtraEmailForm():
                 class _UserExtraEmailForm(formencode.Schema):
                     email = All(v.UniqSystemEmail(), v.Email(not_empty=True))
                 return _UserExtraEmailForm
             def UserExtraIpForm():
                 class _UserExtraIpForm(formencode.Schema):
                     ip = v.ValidIp()(not_empty=True)
                 return _UserExtraIpForm
             def PullRequestForm(repo_id):
                 class _PullRequestForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     user = v.UnicodeString(strip=True, required=True)
                     org_repo = v.UnicodeString(strip=True, required=True)
                     org_ref = v.UnicodeString(strip=True, required=True)
                     other_repo = v.UnicodeString(strip=True, required=True)
                     other_ref = v.UnicodeString(strip=True, required=True)
                     revisions = All(#v.NotReviewedRevisions(repo_id)(),
                                     v.UniqueList(not_empty=True))
                     review_members = v.UniqueList(not_empty=True)
                     pullrequest_title = v.UnicodeString(strip=True, required=True, min=3)
                     pullrequest_desc = v.UnicodeString(strip=True, required=False)
                 return _PullRequestForm

rhodecode/model/validators.py

0 +52 -6

             """
             Set of generic validators
             """
             import os
             import re
             import formencode
             import logging
             from collections import defaultdict
             from pylons.i18n.translation import _
             from webhelpers.pylonslib.secure_form import authentication_token
             from formencode.validators import (
                 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set,
                 NotEmpty, IPAddress, CIDR
             )
             from rhodecode.lib.compat import OrderedSet
             from rhodecode.lib import ipaddr
             from rhodecode.lib.utils import repo_name_slug
+            from rhodecode.lib.utils2 import safe_int
             from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\
                 ChangesetStatus
             from rhodecode.lib.exceptions import LdapImportError
             from rhodecode.config.routing import ADMIN_PREFIX
-            from rhodecode.lib.auth import HasReposGroupPermissionAny
+            from rhodecode.lib.auth import HasReposGroupPermissionAny, HasPermissionAny
             # silence warnings and pylint
             UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \
                 NotEmpty, IPAddress, CIDR
             log = logging.getLogger(__name__)
             class UniqueList(formencode.FancyValidator):
                 """
                 Unique List !
                 """
                 messages = dict(
                     empty=_('Value cannot be an empty list'),
                     missing_value=_('Value cannot be an empty list'),
                 )
                 def _to_python(self, value, state):
                     if isinstance(value, list):
                         return value
                     elif isinstance(value, set):
                         return list(value)
                     elif isinstance(value, tuple):
                         return list(value)
                     elif value is None:
                         return []
                     else:
                         return [value]
                 def empty_value(self, value):
                     return []
             class StateObj(object):
                 """
                 this is needed to translate the messages using _() in validators
                 """
                 _ = staticmethod(_)
             def M(self, key, state=None, **kwargs):
                 """
                 returns string from self.message based on given key,
                 passed kw params are used to substitute %(named)s params inside
                 translated strings
                 :param msg:
                 :param state:
                 """
                 if state is None:
                     state = StateObj()
                 else:
                     state._ = staticmethod(_)
                 #inject validator into state object
                 return self.message(key, state, **kwargs)
             def ValidUsername(edit=False, old_data={}):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'username_exists': _(u'Username "%(username)s" already exists'),
                         'system_invalid_username':
                             _(u'Username "%(username)s" is forbidden'),
                         'invalid_username':
                             _(u'Username may only contain alphanumeric characters '
                               'underscores, periods or dashes and must begin with '
                               'alphanumeric character')
                     }
                     def validate_python(self, value, state):
                         if value in ['default', 'new_user']:
                             msg = M(self, 'system_invalid_username', state, username=value)
                             raise formencode.Invalid(msg, value, state)
                         #check if user is unique
                         old_un = None
                         if edit:
                             old_un = User.get(old_data.get('user_id')).username
                         if old_un != value or not edit:
                             if User.get_by_username(value, case_insensitive=True):
                                 msg = M(self, 'username_exists', state, username=value)
                                 raise formencode.Invalid(msg, value, state)
                         if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
                             msg = M(self, 'invalid_username', state)
                             raise formencode.Invalid(msg, value, state)
                 return _validator
             def ValidRepoUser():
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_username': _(u'Username %(username)s is not valid')
                     }
                     def validate_python(self, value, state):
                         try:
                             User.query().filter(User.active == True)\
                                 .filter(User.username == value).one()
                         except Exception:
                             msg = M(self, 'invalid_username', state, username=value)
                             raise formencode.Invalid(msg, value, state,
                                 error_dict=dict(username=msg)
                             )
                 return _validator
             def ValidUsersGroup(edit=False, old_data={}):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_group': _(u'Invalid users group name'),
                         'group_exist': _(u'Users group "%(usersgroup)s" already exists'),
                         'invalid_usersgroup_name':
                             _(u'users group name may only contain  alphanumeric '
                               'characters underscores, periods or dashes and must begin '
                               'with alphanumeric character')
                     }
                     def validate_python(self, value, state):
                         if value in ['default']:
                             msg = M(self, 'invalid_group', state)
                             raise formencode.Invalid(msg, value, state,
                                 error_dict=dict(users_group_name=msg)
                             )
                         #check if group is unique
                         old_ugname = None
                         if edit:
                             old_id = old_data.get('users_group_id')
                             old_ugname = UsersGroup.get(old_id).users_group_name
                         if old_ugname != value or not edit:
                             is_existing_group = UsersGroup.get_by_group_name(value,
                                                                     case_insensitive=True)
                             if is_existing_group:
                                 msg = M(self, 'group_exist', state, usersgroup=value)
                                 raise formencode.Invalid(msg, value, state,
                                     error_dict=dict(users_group_name=msg)
                                 )
                         if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
                             msg = M(self, 'invalid_usersgroup_name', state)
                             raise formencode.Invalid(msg, value, state,
                                 error_dict=dict(users_group_name=msg)
                             )
                 return _validator
             def ValidReposGroup(edit=False, old_data={}):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'group_parent_id': _(u'Cannot assign this group as parent'),
                         'group_exists': _(u'Group "%(group_name)s" already exists'),
                         'repo_exists':
                             _(u'Repository with name "%(group_name)s" already exists')
                     }
                     def validate_python(self, value, state):
                         # TODO WRITE VALIDATIONS
                         group_name = value.get('group_name')
                         group_parent_id = value.get('group_parent_id')
                         # slugify repo group just in case :)
                         slug = repo_name_slug(group_name)
                         # check for parent of self
                         parent_of_self = lambda: (
                             old_data['group_id'] == int(group_parent_id)
                             if group_parent_id else False
                         )
                         if edit and parent_of_self():
                             msg = M(self, 'group_parent_id', state)
                             raise formencode.Invalid(msg, value, state,
                                 error_dict=dict(group_parent_id=msg)
                             )
                         old_gname = None
                         if edit:
                             old_gname = RepoGroup.get(old_data.get('group_id')).group_name
                         if old_gname != group_name or not edit:
                             # check group
                             gr = RepoGroup.query()\
                                   .filter(RepoGroup.group_name == slug)\
                                   .filter(RepoGroup.group_parent_id == group_parent_id)\
                                   .scalar()
                             if gr:
                                 msg = M(self, 'group_exists', state, group_name=slug)
                                 raise formencode.Invalid(msg, value, state,
                                         error_dict=dict(group_name=msg)
                                 )
                             # check for same repo
                             repo = Repository.query()\
                                   .filter(Repository.repo_name == slug)\
                                   .scalar()
                             if repo:
                                 msg = M(self, 'repo_exists', state, group_name=slug)
                                 raise formencode.Invalid(msg, value, state,
                                         error_dict=dict(group_name=msg)
                                 )
                 return _validator
             def ValidPassword():
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_password':
                             _(u'Invalid characters (non-ascii) in password')
                     }
                     def validate_python(self, value, state):
                         try:
                             (value or '').decode('ascii')
                         except UnicodeError:
                             msg = M(self, 'invalid_password', state)
                             raise formencode.Invalid(msg, value, state,)
                 return _validator
             def ValidPasswordsMatch():
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'password_mismatch': _(u'Passwords do not match'),
                     }
                     def validate_python(self, value, state):
                         pass_val = value.get('password') or value.get('new_password')
                         if pass_val != value['password_confirmation']:
                             msg = M(self, 'password_mismatch', state)
                             raise formencode.Invalid(msg, value, state,
                                  error_dict=dict(password_confirmation=msg)
                             )
                 return _validator
             def ValidAuth():
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_password': _(u'invalid password'),
                         'invalid_username': _(u'invalid user name'),
                         'disabled_account': _(u'Your account is disabled')
                     }
                     def validate_python(self, value, state):
                         from rhodecode.lib.auth import authenticate
                         password = value['password']
                         username = value['username']
                         if not authenticate(username, password):
                             user = User.get_by_username(username)
                             if user and user.active is False:
                                 log.warning('user %s is disabled' % username)
                                 msg = M(self, 'disabled_account', state)
                                 raise formencode.Invalid(msg, value, state,
                                     error_dict=dict(username=msg)
                                 )
                             else:
                                 log.warning('user %s failed to authenticate' % username)
                                 msg = M(self, 'invalid_username', state)
                                 msg2 = M(self, 'invalid_password', state)
                                 raise formencode.Invalid(msg, value, state,
                                     error_dict=dict(username=msg, password=msg2)
                                 )
                 return _validator
             def ValidAuthToken():
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_token': _(u'Token mismatch')
                     }
                     def validate_python(self, value, state):
                         if value != authentication_token():
                             msg = M(self, 'invalid_token', state)
                             raise formencode.Invalid(msg, value, state)
                 return _validator
             def ValidRepoName(edit=False, old_data={}):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_repo_name':
                             _(u'Repository name %(repo)s is disallowed'),
                         'repository_exists':
                             _(u'Repository named %(repo)s already exists'),
                         'repository_in_group_exists': _(u'Repository "%(repo)s" already '
                                                         'exists in group "%(group)s"'),
                         'same_group_exists': _(u'Repositories group with name "%(repo)s" '
                                                'already exists')
                     }
                     def _to_python(self, value, state):
                         repo_name = repo_name_slug(value.get('repo_name', ''))
                         repo_group = value.get('repo_group')
                         if repo_group:
                             gr = RepoGroup.get(repo_group)
                             group_path = gr.full_path
                             group_name = gr.group_name
                             # value needs to be aware of group name in order to check
                             # db key This is an actual just the name to store in the
                             # database
                             repo_name_full = group_path + RepoGroup.url_sep() + repo_name
                         else:
                             group_name = group_path = ''
                             repo_name_full = repo_name
                         value['repo_name'] = repo_name
                         value['repo_name_full'] = repo_name_full
                         value['group_path'] = group_path
                         value['group_name'] = group_name
                         return value
                     def validate_python(self, value, state):
                         repo_name = value.get('repo_name')
                         repo_name_full = value.get('repo_name_full')
                         group_path = value.get('group_path')
                         group_name = value.get('group_name')
                         if repo_name in [ADMIN_PREFIX, '']:
                             msg = M(self, 'invalid_repo_name', state, repo=repo_name)
                             raise formencode.Invalid(msg, value, state,
                                 error_dict=dict(repo_name=msg)
                             )
                         rename = old_data.get('repo_name') != repo_name_full
                         create = not edit
                         if rename or create:
                             if group_path != '':
                                 if Repository.get_by_repo_name(repo_name_full):
                                     msg = M(self, 'repository_in_group_exists', state,
                                             repo=repo_name, group=group_name)
                                     raise formencode.Invalid(msg, value, state,
                                         error_dict=dict(repo_name=msg)
                                     )
                             elif RepoGroup.get_by_group_name(repo_name_full):
                                     msg = M(self, 'same_group_exists', state,
                                             repo=repo_name)
                                     raise formencode.Invalid(msg, value, state,
                                         error_dict=dict(repo_name=msg)
                                     )
                             elif Repository.get_by_repo_name(repo_name_full):
                                     msg = M(self, 'repository_exists', state,
                                             repo=repo_name)
                                     raise formencode.Invalid(msg, value, state,
                                         error_dict=dict(repo_name=msg)
                                     )
                         return value
                 return _validator
             def ValidForkName(*args, **kwargs):
                 return ValidRepoName(*args, **kwargs)
             def SlugifyName():
                 class _validator(formencode.validators.FancyValidator):
                     def _to_python(self, value, state):
                         return repo_name_slug(value)
                     def validate_python(self, value, state):
                         pass
                 return _validator
             def ValidCloneUri():
                 from rhodecode.lib.utils import make_ui
                 def url_handler(repo_type, url, ui=None):
                     if repo_type == 'hg':
                         from rhodecode.lib.vcs.backends.hg.repository import MercurialRepository
                         from mercurial.httppeer import httppeer
                         if url.startswith('http'):
                             ## initially check if it's at least the proper URL
                             ## or does it pass basic auth
                             MercurialRepository._check_url(url)
                             httppeer(ui, url)._capabilities()
                         elif url.startswith('svn+http'):
                             from hgsubversion.svnrepo import svnremoterepo
                             svnremoterepo(ui, url).capabilities
                         elif url.startswith('git+http'):
                             raise NotImplementedError()
                         else:
                             raise Exception('clone from URI %s not allowed' % (url))
                     elif repo_type == 'git':
                         from rhodecode.lib.vcs.backends.git.repository import GitRepository
                         if url.startswith('http'):
                             ## initially check if it's at least the proper URL
                             ## or does it pass basic auth
                             GitRepository._check_url(url)
                         elif url.startswith('svn+http'):
                             raise NotImplementedError()
                         elif url.startswith('hg+http'):
                             raise NotImplementedError()
                         else:
                             raise Exception('clone from URI %s not allowed' % (url))
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'clone_uri': _(u'invalid clone url'),
                         'invalid_clone_uri': _(u'Invalid clone url, provide a '
                                                 'valid clone http(s)/svn+http(s) url')
                     }
                     def validate_python(self, value, state):
                         repo_type = value.get('repo_type')
                         url = value.get('clone_uri')
                         if not url:
                             pass
                         else:
                             try:
                                 url_handler(repo_type, url, make_ui('db', clear_session=False))
                             except Exception:
                                 log.exception('Url validation failed')
                                 msg = M(self, 'clone_uri')
                                 raise formencode.Invalid(msg, value, state,
                                     error_dict=dict(clone_uri=msg)
                                 )
                 return _validator
             def ValidForkType(old_data={}):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_fork_type': _(u'Fork have to be the same type as parent')
                     }
                     def validate_python(self, value, state):
                         if old_data['repo_type'] != value:
                             msg = M(self, 'invalid_fork_type', state)
                             raise formencode.Invalid(msg, value, state,
                                 error_dict=dict(repo_type=msg)
                             )
                 return _validator
-            def CanWriteGroup():
+            def CanWriteGroup(old_data=None):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'permission_denied': _(u"You don't have permissions "
                                                "to create repository in this group")
                     }
                     def validate_python(self, value, state):
                         gr = RepoGroup.get(value)
-                        if not HasReposGroupPermissionAny(
+                        gr_name = gr.group_name if gr else None  # None means ROOT location
-                            'group.write', 'group.admin'
+                        val = HasReposGroupPermissionAny('group.write', 'group.admin')
-                        )(gr.group_name, 'get group of repo form'):
+                        can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository')
+                        forbidden = not val(gr_name, 'can write into group validator')
+                        value_changed = old_data['repo_group'].get('group_id') != safe_int(value)
+                        if value_changed:  # do check if we changed the value
+                            #parent group need to be existing
+                            if gr and forbidden:
+                                msg = M(self, 'permission_denied', state)
+                                raise formencode.Invalid(msg, value, state,
+                                    error_dict=dict(repo_type=msg)
+                                )
+                            ## check if we can write to root location !
+                            elif gr is None and can_create_repos() is False:
+                                msg = M(self, 'permission_denied_root', state)
+                                raise formencode.Invalid(msg, value, state,
+                                    error_dict=dict(repo_type=msg)
+                                )
+                return _validator
+            def CanCreateGroup(can_create_in_root=False):
+                class _validator(formencode.validators.FancyValidator):
+                    messages = {
+                        'permission_denied': _(u"You don't have permissions "
+                                               "to create a group in this location")
+                    }
+                    def to_python(self, value, state):
+                        #root location
+                        if value in [-1, "-1"]:
+                            return None
+                        return value
+                    def validate_python(self, value, state):
+                        gr = RepoGroup.get(value)
+                        gr_name = gr.group_name if gr else None  # None means ROOT location
+                        if can_create_in_root and gr is None:
+                            #we can create in root, we're fine no validations required
+                            return
+                        forbidden_in_root = gr is None and can_create_in_root is False
+                        val = HasReposGroupPermissionAny('group.admin')
+                        forbidden = not val(gr_name, 'can create group validator')
+                        if forbidden_in_root or forbidden:
                             msg = M(self, 'permission_denied', state)
                             raise formencode.Invalid(msg, value, state,
-                                error_dict=dict(repo_type=msg)
+                                error_dict=dict(group_parent_id=msg)
                             )
                 return _validator
             def ValidPerms(type_='repo'):
                 if type_ == 'group':
                     EMPTY_PERM = 'group.none'
                 elif type_ == 'repo':
                     EMPTY_PERM = 'repository.none'
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'perm_new_member_name':
                             _(u'This username or users group name is not valid')
                     }
                     def to_python(self, value, state):
                         perms_update = OrderedSet()
                         perms_new = OrderedSet()
                         # build a list of permission to update and new permission to create
                         #CLEAN OUT ORG VALUE FROM NEW MEMBERS, and group them using
                         new_perms_group = defaultdict(dict)
                         for k, v in value.copy().iteritems():
                             if k.startswith('perm_new_member'):
                                 del value[k]
                                 _type, part = k.split('perm_new_member_')
                                 args = part.split('_')
                                 if len(args) == 1:
                                     new_perms_group[args[0]]['perm'] = v
                                 elif len(args) == 2:
                                     _key, pos = args
                                     new_perms_group[pos][_key] = v
                         # fill new permissions in order of how they were added
                         for k in sorted(map(int, new_perms_group.keys())):
                             perm_dict = new_perms_group[str(k)]
                             new_member = perm_dict.get('name')
                             new_perm = perm_dict.get('perm')
                             new_type = perm_dict.get('type')
                             if new_member and new_perm and new_type:
                                 perms_new.add((new_member, new_perm, new_type))
                         for k, v in value.iteritems():
                             if k.startswith('u_perm_') or k.startswith('g_perm_'):
                                 member = k[7:]
                                 t = {'u': 'user',
                                      'g': 'users_group'
                                 }[k[0]]
                                 if member == 'default':
                                     if value.get('repo_private'):
                                         # set none for default when updating to
                                         # private repo
                                         v = EMPTY_PERM
                                 perms_update.add((member, v, t))
                         value['perms_updates'] = list(perms_update)
                         value['perms_new'] = list(perms_new)
                         # update permissions
                         for k, v, t in perms_new:
                             try:
                                 if t is 'user':
                                     self.user_db = User.query()\
                                         .filter(User.active == True)\
                                         .filter(User.username == k).one()
                                 if t is 'users_group':
                                     self.user_db = UsersGroup.query()\
                                         .filter(UsersGroup.users_group_active == True)\
                                         .filter(UsersGroup.users_group_name == k).one()
                             except Exception:
                                 log.exception('Updated permission failed')
                                 msg = M(self, 'perm_new_member_type', state)
                                 raise formencode.Invalid(msg, value, state,
                                     error_dict=dict(perm_new_member_name=msg)
                                 )
                         return value
                 return _validator
             def ValidSettings():
                 class _validator(formencode.validators.FancyValidator):
                     def _to_python(self, value, state):
                         # settings  form for users that are not admin
                         # can't edit certain parameters, it's extra backup if they mangle
                         # with forms
                         forbidden_params = [
                             'user', 'repo_type', 'repo_enable_locking',
                             'repo_enable_downloads', 'repo_enable_statistics'
                         ]
                         for param in forbidden_params:
                             if param in value:
                                 del value[param]
                         return value
                     def validate_python(self, value, state):
                         pass
                 return _validator
             def ValidPath():
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_path': _(u'This is not a valid path')
                     }
                     def validate_python(self, value, state):
                         if not os.path.isdir(value):
                             msg = M(self, 'invalid_path', state)
                             raise formencode.Invalid(msg, value, state,
                                 error_dict=dict(paths_root_path=msg)
                             )
                 return _validator
             def UniqSystemEmail(old_data={}):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'email_taken': _(u'This e-mail address is already taken')
                     }
                     def _to_python(self, value, state):
                         return value.lower()
                     def validate_python(self, value, state):
                         if (old_data.get('email') or '').lower() != value:
                             user = User.get_by_email(value, case_insensitive=True)
                             if user:
                                 msg = M(self, 'email_taken', state)
                                 raise formencode.Invalid(msg, value, state,
                                     error_dict=dict(email=msg)
                                 )
                 return _validator
             def ValidSystemEmail():
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'non_existing_email': _(u'e-mail "%(email)s" does not exist.')
                     }
                     def _to_python(self, value, state):
                         return value.lower()
                     def validate_python(self, value, state):
                         user = User.get_by_email(value, case_insensitive=True)
                         if user is None:
                             msg = M(self, 'non_existing_email', state, email=value)
                             raise formencode.Invalid(msg, value, state,
                                 error_dict=dict(email=msg)
                             )
                 return _validator
             def LdapLibValidator():
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                     }
                     def validate_python(self, value, state):
                         try:
                             import ldap
                             ldap  # pyflakes silence !
                         except ImportError:
                             raise LdapImportError()
                 return _validator
             def AttrLoginValidator():
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_cn':
                               _(u'The LDAP Login attribute of the CN must be specified - '
                                 'this is the name of the attribute that is equivalent '
                                 'to "username"')
                     }
                     def validate_python(self, value, state):
                         if not value or not isinstance(value, (str, unicode)):
                             msg = M(self, 'invalid_cn', state)
                             raise formencode.Invalid(msg, value, state,
                                 error_dict=dict(ldap_attr_login=msg)
                             )
                 return _validator
             def NotReviewedRevisions(repo_id):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'rev_already_reviewed':
                               _(u'Revisions %(revs)s are already part of pull request '
                                 'or have set status')
                     }
                     def validate_python(self, value, state):
                         # check revisions if they are not reviewed, or a part of another
                         # pull request
                         statuses = ChangesetStatus.query()\
                             .filter(ChangesetStatus.revision.in_(value))\
                             .filter(ChangesetStatus.repo_id == repo_id)\
                             .all()
                         errors = []
                         for cs in statuses:
                             if cs.pull_request_id:
                                 errors.append(['pull_req', cs.revision[:12]])
                             elif cs.status:
                                 errors.append(['status', cs.revision[:12]])
                         if errors:
                             revs = ','.join([x[1] for x in errors])
                             msg = M(self, 'rev_already_reviewed', state, revs=revs)
                             raise formencode.Invalid(msg, value, state,
                                 error_dict=dict(revisions=revs)
                             )
                 return _validator
             def ValidIp():
                 class _validator(CIDR):
                     messages = dict(
                         badFormat=_('Please enter a valid IPv4 or IpV6 address'),
                         illegalBits=_('The network size (bits) must be within the range'
                             ' of 0-32 (not %(bits)r)'))
                     def to_python(self, value, state):
                         v = super(_validator, self).to_python(value, state)
                         v = v.strip()
                         net = ipaddr.IPNetwork(address=v)
                         if isinstance(net, ipaddr.IPv4Network):
                             #if IPv4 doesn't end with a mask, add /32
                             if '/' not in value:
                                 v += '/32'
                         if isinstance(net, ipaddr.IPv6Network):
                             #if IPv6 doesn't end with a mask, add /128
                             if '/' not in value:
                                 v += '/128'
                         return v
                     def validate_python(self, value, state):
                         try:
                             addr = value.strip()
                             #this raises an ValueError if address is not IpV4 or IpV6
                             ipaddr.IPNetwork(address=addr)
                         except ValueError:
                             raise formencode.Invalid(self.message('badFormat', state),
                                                      value, state)
                 return _validator

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages