##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

managing users groups enforce permissions checks....
marcink -
r3789:32f66c83 beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -41,8 +41,9 b' from rhodecode.model.db import Repositor'
41 Statistics, UserGroup, UserGroupRepoToPerm, RhodeCodeUi, RepoGroup,\
41 Statistics, UserGroup, UserGroupRepoToPerm, RhodeCodeUi, RepoGroup,\
42 RhodeCodeSetting, RepositoryField
42 RhodeCodeSetting, RepositoryField
43 from rhodecode.lib import helpers as h
43 from rhodecode.lib import helpers as h
44 from rhodecode.lib.auth import HasRepoPermissionAny
44 from rhodecode.lib.auth import HasRepoPermissionAny, HasUserGroupPermissionAny
45 from rhodecode.lib.exceptions import AttachedForksError
45 from rhodecode.lib.exceptions import AttachedForksError
46 from rhodecode.model.scm import UserGroupList
46
47
47 log = logging.getLogger(__name__)
48 log = logging.getLogger(__name__)
48
49
@@ -140,7 +141,9 b' class RepoModel(BaseModel):'
140 def get_users_groups_js(self):
141 def get_users_groups_js(self):
141 users_groups = self.sa.query(UserGroup)\
142 users_groups = self.sa.query(UserGroup)\
142 .filter(UserGroup.users_group_active == True).all()
143 .filter(UserGroup.users_group_active == True).all()
143
144 users_groups = UserGroupList(users_groups, perm_set=['usergroup.read',
145 'usergroup.write',
146 'usergroup.admin'])
144 return json.dumps([
147 return json.dumps([
145 {
148 {
146 'id': gr.users_group_id,
149 'id': gr.users_group_id,
@@ -472,6 +475,9 b' class RepoModel(BaseModel):'
472 repo=repo, user=member, perm=perm
475 repo=repo, user=member, perm=perm
473 )
476 )
474 else:
477 else:
478 #check if we have permissions to alter this usergroup
479 if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
480 'usergroup.admin')(member):
475 self.grant_users_group_permission(
481 self.grant_users_group_permission(
476 repo=repo, group_name=member, perm=perm
482 repo=repo, group_name=member, perm=perm
477 )
483 )
@@ -482,6 +488,9 b' class RepoModel(BaseModel):'
482 repo=repo, user=member, perm=perm
488 repo=repo, user=member, perm=perm
483 )
489 )
484 else:
490 else:
491 #check if we have permissions to alter this usergroup
492 if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
493 'usergroup.admin')(member):
485 self.grant_users_group_permission(
494 self.grant_users_group_permission(
486 repo=repo, group_name=member, perm=perm
495 repo=repo, group_name=member, perm=perm
487 )
496 )
Show file before | Show file after | Hide comments
@@ -169,6 +169,7 b' class ReposGroupModel(BaseModel):'
169 def _update_permissions(self, repos_group, perms_new=None,
169 def _update_permissions(self, repos_group, perms_new=None,
170 perms_updates=None, recursive=False):
170 perms_updates=None, recursive=False):
171 from rhodecode.model.repo import RepoModel
171 from rhodecode.model.repo import RepoModel
172 from rhodecode.lib.auth import HasUserGroupPermissionAny
172 if not perms_new:
173 if not perms_new:
173 perms_new = []
174 perms_new = []
174 if not perms_updates:
175 if not perms_updates:
@@ -220,12 +221,18 b' class ReposGroupModel(BaseModel):'
220 _set_perm_user(obj, user=member, perm=perm)
221 _set_perm_user(obj, user=member, perm=perm)
221 ## set for user group
222 ## set for user group
222 else:
223 else:
224 #check if we have permissions to alter this usergroup
225 if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
226 'usergroup.admin')(member):
223 _set_perm_group(obj, users_group=member, perm=perm)
227 _set_perm_group(obj, users_group=member, perm=perm)
224 # set new permissions
228 # set new permissions
225 for member, perm, member_type in perms_new:
229 for member, perm, member_type in perms_new:
226 if member_type == 'user':
230 if member_type == 'user':
227 _set_perm_user(obj, user=member, perm=perm)
231 _set_perm_user(obj, user=member, perm=perm)
228 else:
232 else:
233 #check if we have permissions to alter this usergroup
234 if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
235 'usergroup.admin')(member):
229 _set_perm_group(obj, users_group=member, perm=perm)
236 _set_perm_group(obj, users_group=member, perm=perm)
230 updates.append(obj)
237 updates.append(obj)
231 #if it's not recursive call
238 #if it's not recursive call
Show file before | Show file after | Hide comments
@@ -63,6 +63,7 b' class UserGroupModel(BaseModel):'
63
63
64 def _update_permissions(self, user_group, perms_new=None,
64 def _update_permissions(self, user_group, perms_new=None,
65 perms_updates=None):
65 perms_updates=None):
66 from rhodecode.lib.auth import HasUserGroupPermissionAny
66 if not perms_new:
67 if not perms_new:
67 perms_new = []
68 perms_new = []
68 if not perms_updates:
69 if not perms_updates:
@@ -76,6 +77,9 b' class UserGroupModel(BaseModel):'
76 user_group=user_group, user=member, perm=perm
77 user_group=user_group, user=member, perm=perm
77 )
78 )
78 else:
79 else:
80 #check if we have permissions to alter this usergroup
81 if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
82 'usergroup.admin')(member):
79 self.grant_users_group_permission(
83 self.grant_users_group_permission(
80 target_user_group=user_group, user_group=member, perm=perm
84 target_user_group=user_group, user_group=member, perm=perm
81 )
85 )
@@ -86,6 +90,9 b' class UserGroupModel(BaseModel):'
86 user_group=user_group, user=member, perm=perm
90 user_group=user_group, user=member, perm=perm
87 )
91 )
88 else:
92 else:
93 #check if we have permissions to alter this usergroup
94 if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
95 'usergroup.admin')(member):
89 self.grant_users_group_permission(
96 self.grant_users_group_permission(
90 target_user_group=user_group, user_group=member, perm=perm
97 target_user_group=user_group, user_group=member, perm=perm
91 )
98 )
General Comments 0
You need to be logged in to leave comments. Login now