##// END OF EJS Templates
Pass in old groups data to CanWriteToGroup validator for later skipping group checks....
marcink -
r3525:0cef54d3 default
parent child Browse files
Show More
@@ -231,8 +231,10 b' class ReposController(BaseController):'
231 #override the choices with extracted revisions !
231 #override the choices with extracted revisions !
232 choices, c.landing_revs = ScmModel().get_repo_landing_revs(repo_name)
232 choices, c.landing_revs = ScmModel().get_repo_landing_revs(repo_name)
233 c.landing_revs_choices = choices
233 c.landing_revs_choices = choices
234
234 repo = Repository.get_by_repo_name(repo_name)
235 _form = RepoForm(edit=True, old_data={'repo_name': repo_name},
235 _form = RepoForm(edit=True, old_data={'repo_name': repo_name,
236 'repo_group': repo.group.get_dict() \
237 if repo.group else {}},
236 repo_groups=c.repo_groups_choices,
238 repo_groups=c.repo_groups_choices,
237 landing_revs=c.landing_revs_choices)()
239 landing_revs=c.landing_revs_choices)()
238 try:
240 try:
@@ -107,9 +107,11 b' class SettingsController(BaseRepoControl'
107 #override the choices with extracted revisions !
107 #override the choices with extracted revisions !
108 choices, c.landing_revs = ScmModel().get_repo_landing_revs(repo_name)
108 choices, c.landing_revs = ScmModel().get_repo_landing_revs(repo_name)
109 c.landing_revs_choices = choices
109 c.landing_revs_choices = choices
110
110 repo = Repository.get_by_repo_name(repo_name)
111 _form = RepoSettingsForm(edit=True,
111 _form = RepoSettingsForm(edit=True,
112 old_data={'repo_name': repo_name},
112 old_data={'repo_name': repo_name,
113 'repo_group': repo.group.get_dict() \
114 if repo.group else {}},
113 repo_groups=c.repo_groups_choices,
115 repo_groups=c.repo_groups_choices,
114 landing_revs=c.landing_revs_choices)()
116 landing_revs=c.landing_revs_choices)()
115 try:
117 try:
@@ -176,7 +176,7 b' def RepoForm(edit=False, old_data={}, su'
176 filter_extra_fields = False
176 filter_extra_fields = False
177 repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
177 repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
178 v.SlugifyName())
178 v.SlugifyName())
179 repo_group = All(v.CanWriteGroup(),
179 repo_group = All(v.CanWriteGroup(old_data),
180 v.OneOf(repo_groups, hideList=True))
180 v.OneOf(repo_groups, hideList=True))
181 repo_type = v.OneOf(supported_backends)
181 repo_type = v.OneOf(supported_backends)
182 repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
182 repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
@@ -205,7 +205,7 b' def RepoSettingsForm(edit=False, old_dat'
205 filter_extra_fields = False
205 filter_extra_fields = False
206 repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
206 repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
207 v.SlugifyName())
207 v.SlugifyName())
208 repo_group = All(v.CanWriteGroup(),
208 repo_group = All(v.CanWriteGroup(old_data),
209 v.OneOf(repo_groups, hideList=True))
209 v.OneOf(repo_groups, hideList=True))
210 repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
210 repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
211 repo_private = v.StringBoolean(if_missing=False)
211 repo_private = v.StringBoolean(if_missing=False)
@@ -16,11 +16,12 b' from formencode.validators import ('
16 from rhodecode.lib.compat import OrderedSet
16 from rhodecode.lib.compat import OrderedSet
17 from rhodecode.lib import ipaddr
17 from rhodecode.lib import ipaddr
18 from rhodecode.lib.utils import repo_name_slug
18 from rhodecode.lib.utils import repo_name_slug
19 from rhodecode.lib.utils2 import safe_int
19 from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\
20 from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\
20 ChangesetStatus
21 ChangesetStatus
21 from rhodecode.lib.exceptions import LdapImportError
22 from rhodecode.lib.exceptions import LdapImportError
22 from rhodecode.config.routing import ADMIN_PREFIX
23 from rhodecode.config.routing import ADMIN_PREFIX
23 from rhodecode.lib.auth import HasReposGroupPermissionAny
24 from rhodecode.lib.auth import HasReposGroupPermissionAny, HasPermissionAny
24
25
25 # silence warnings and pylint
26 # silence warnings and pylint
26 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \
27 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \
@@ -472,7 +473,7 b' def ValidForkType(old_data={}):'
472 return _validator
473 return _validator
473
474
474
475
475 def CanWriteGroup():
476 def CanWriteGroup(old_data=None):
476 class _validator(formencode.validators.FancyValidator):
477 class _validator(formencode.validators.FancyValidator):
477 messages = {
478 messages = {
478 'permission_denied': _(u"You don't have permissions "
479 'permission_denied': _(u"You don't have permissions "
@@ -481,13 +482,58 b' def CanWriteGroup():'
481
482
482 def validate_python(self, value, state):
483 def validate_python(self, value, state):
483 gr = RepoGroup.get(value)
484 gr = RepoGroup.get(value)
484 if not HasReposGroupPermissionAny(
485 gr_name = gr.group_name if gr else None # None means ROOT location
485 'group.write', 'group.admin'
486 val = HasReposGroupPermissionAny('group.write', 'group.admin')
486 )(gr.group_name, 'get group of repo form'):
487 can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository')
488 forbidden = not val(gr_name, 'can write into group validator')
489 value_changed = old_data['repo_group'].get('group_id') != safe_int(value)
490 if value_changed: # do check if we changed the value
491 #parent group need to be existing
492 if gr and forbidden:
487 msg = M(self, 'permission_denied', state)
493 msg = M(self, 'permission_denied', state)
488 raise formencode.Invalid(msg, value, state,
494 raise formencode.Invalid(msg, value, state,
489 error_dict=dict(repo_type=msg)
495 error_dict=dict(repo_type=msg)
490 )
496 )
497 ## check if we can write to root location !
498 elif gr is None and can_create_repos() is False:
499 msg = M(self, 'permission_denied_root', state)
500 raise formencode.Invalid(msg, value, state,
501 error_dict=dict(repo_type=msg)
502 )
503
504 return _validator
505
506
507 def CanCreateGroup(can_create_in_root=False):
508 class _validator(formencode.validators.FancyValidator):
509 messages = {
510 'permission_denied': _(u"You don't have permissions "
511 "to create a group in this location")
512 }
513
514 def to_python(self, value, state):
515 #root location
516 if value in [-1, "-1"]:
517 return None
518 return value
519
520 def validate_python(self, value, state):
521 gr = RepoGroup.get(value)
522 gr_name = gr.group_name if gr else None # None means ROOT location
523
524 if can_create_in_root and gr is None:
525 #we can create in root, we're fine no validations required
526 return
527
528 forbidden_in_root = gr is None and can_create_in_root is False
529 val = HasReposGroupPermissionAny('group.admin')
530 forbidden = not val(gr_name, 'can create group validator')
531 if forbidden_in_root or forbidden:
532 msg = M(self, 'permission_denied', state)
533 raise formencode.Invalid(msg, value, state,
534 error_dict=dict(group_parent_id=msg)
535 )
536
491 return _validator
537 return _validator
492
538
493
539
General Comments 0
You need to be logged in to leave comments. Login now