Show More
| @@ -160,19 +160,6 b' class ReposController(BaseRepoController' | |||||
| 160 | form_result = RepoForm(repo_groups=c.repo_groups_choices, |
|
160 | form_result = RepoForm(repo_groups=c.repo_groups_choices, | |
| 161 | landing_revs=c.landing_revs_choices)()\ |
|
161 | landing_revs=c.landing_revs_choices)()\ | |
| 162 | .to_python(dict(request.POST)) |
|
162 | .to_python(dict(request.POST)) | |
| 163 | #we check ACLs after form, since we want to display nicer errors |
|
|||
| 164 | #if form forbids creation of repos inside a group we don't have |
|
|||
| 165 | #perms for |
|
|||
| 166 | if not HasPermissionAny('hg.admin', 'hg.create.repository')(): |
|
|||
| 167 | #you're not super admin nor have global create permissions, |
|
|||
| 168 | #but maybe you have at least write permission to a parent group ? |
|
|||
| 169 | parent_group = request.POST.get('repo_group') |
|
|||
| 170 | _gr = RepoGroup.get(parent_group) |
|
|||
| 171 | gr_name = _gr.group_name if _gr else None |
|
|||
| 172 | if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name): |
|
|||
| 173 | msg = _('no permission to create repository in root location') |
|
|||
| 174 | raise formencode.Invalid('', form_result, None, |
|
|||
| 175 | error_dict={'repo_group': msg}) |
|
|||
| 176 |
|
163 | |||
| 177 | new_repo = RepoModel().create(form_result, |
|
164 | new_repo = RepoModel().create(form_result, | |
| 178 | self.rhodecode_user.user_id) |
|
165 | self.rhodecode_user.user_id) | |
| @@ -20,7 +20,7 b' from rhodecode.model.db import RepoGroup' | |||||
| 20 | ChangesetStatus |
|
20 | ChangesetStatus | |
| 21 | from rhodecode.lib.exceptions import LdapImportError |
|
21 | from rhodecode.lib.exceptions import LdapImportError | |
| 22 | from rhodecode.config.routing import ADMIN_PREFIX |
|
22 | from rhodecode.config.routing import ADMIN_PREFIX | |
| 23 | from rhodecode.lib.auth import HasReposGroupPermissionAny |
|
23 | from rhodecode.lib.auth import HasReposGroupPermissionAny, HasPermissionAny | |
| 24 |
|
24 | |||
| 25 | # silence warnings and pylint |
|
25 | # silence warnings and pylint | |
| 26 | UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \ |
|
26 | UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \ | |
| @@ -472,10 +472,12 b' def CanWriteGroup():' | |||||
| 472 | class _validator(formencode.validators.FancyValidator): |
|
472 | class _validator(formencode.validators.FancyValidator): | |
| 473 | messages = { |
|
473 | messages = { | |
| 474 | 'permission_denied': _(u"You don't have permissions " |
|
474 | 'permission_denied': _(u"You don't have permissions " | |
| 475 | "to create repository in this group") |
|
475 | "to create repository in this group"), | |
|
|
476 | 'permission_denied_root': _(u"no permission to create repository " | |||
|
|
477 | "in root location") | |||
| 476 | } |
|
478 | } | |
| 477 |
|
479 | |||
| 478 | def to_python(self, value, state): |
|
480 | def _to_python(self, value, state): | |
| 479 | #root location |
|
481 | #root location | |
| 480 | if value in [-1, "-1"]: |
|
482 | if value in [-1, "-1"]: | |
| 481 | return None |
|
483 | return None | |
| @@ -485,6 +487,7 b' def CanWriteGroup():' | |||||
| 485 | gr = RepoGroup.get(value) |
|
487 | gr = RepoGroup.get(value) | |
| 486 | gr_name = gr.group_name if gr else None # None means ROOT location |
|
488 | gr_name = gr.group_name if gr else None # None means ROOT location | |
| 487 | val = HasReposGroupPermissionAny('group.write', 'group.admin') |
|
489 | val = HasReposGroupPermissionAny('group.write', 'group.admin') | |
|
|
490 | can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository') | |||
| 488 | forbidden = not val(gr_name, 'can write into group validator') |
|
491 | forbidden = not val(gr_name, 'can write into group validator') | |
| 489 | #parent group need to be existing |
|
492 | #parent group need to be existing | |
| 490 | if gr and forbidden: |
|
493 | if gr and forbidden: | |
| @@ -492,6 +495,13 b' def CanWriteGroup():' | |||||
| 492 | raise formencode.Invalid(msg, value, state, |
|
495 | raise formencode.Invalid(msg, value, state, | |
| 493 | error_dict=dict(repo_type=msg) |
|
496 | error_dict=dict(repo_type=msg) | |
| 494 | ) |
|
497 | ) | |
|
|
498 | ## check if we can write to root location ! | |||
|
|
499 | elif gr is None and can_create_repos() is False: | |||
|
|
500 | msg = M(self, 'permission_denied_root', state) | |||
|
|
501 | raise formencode.Invalid(msg, value, state, | |||
|
|
502 | error_dict=dict(repo_type=msg) | |||
|
|
503 | ) | |||
|
|
504 | ||||
| 495 | return _validator |
|
505 | return _validator | |
| 496 |
|
506 | |||
| 497 |
|
507 | |||
General Comments 0
You need to be logged in to leave comments.
Login now