Show More
| @@ -15,10 +15,13 b' news' | |||||
| 15 | ++++ |
|
15 | ++++ | |
| 16 |
|
16 | |||
| 17 | - #558 Added config file to hooks extra data |
|
17 | - #558 Added config file to hooks extra data | |
|
|
18 | - bumbped mercurial version to 2.3.1 | |||
| 18 |
|
19 | |||
| 19 | fixes |
|
20 | fixes | |
| 20 | +++++ |
|
21 | +++++ | |
| 21 |
|
22 | |||
|
|
23 | - fixed #570 explicit users group permissions can overwrite owner permissions | |||
|
|
24 | ||||
| 22 | 1.4.2 (**2012-09-12**) |
|
25 | 1.4.2 (**2012-09-12**) | |
| 23 | ---------------------- |
|
26 | ---------------------- | |
| 24 |
|
27 | |||
| @@ -524,8 +524,12 b' class UserModel(BaseModel):' | |||||
| 524 | p = perm.Permission.permission_name |
|
524 | p = perm.Permission.permission_name | |
| 525 | cur_perm = user.permissions[RK][r_k] |
|
525 | cur_perm = user.permissions[RK][r_k] | |
| 526 | # overwrite permission only if it's greater than permission |
|
526 | # overwrite permission only if it's greater than permission | |
| 527 | # given from other sources |
|
527 | # given from other sources - disabled with `or 1` now | |
| 528 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1: # disable check |
|
528 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1: # disable check | |
|
|
529 | if perm.Repository.user_id == uid: | |||
|
|
530 | # set admin if owner | |||
|
|
531 | p = 'repository.admin' | |||
|
|
532 | ||||
| 529 | user.permissions[RK][r_k] = p |
|
533 | user.permissions[RK][r_k] = p | |
| 530 |
|
534 | |||
| 531 | # user explicit permissions for repositories |
|
535 | # user explicit permissions for repositories | |
| @@ -10,7 +10,7 b' from rhodecode.model.user import UserMod' | |||||
| 10 | from rhodecode.model.meta import Session |
|
10 | from rhodecode.model.meta import Session | |
| 11 | from rhodecode.model.users_group import UsersGroupModel |
|
11 | from rhodecode.model.users_group import UsersGroupModel | |
| 12 | from rhodecode.lib.auth import AuthUser |
|
12 | from rhodecode.lib.auth import AuthUser | |
| 13 |
|
13 | from rhodecode.tests.api.api_base import create_repo | ||
| 14 |
|
14 | |||
| 15 |
|
15 | |||
| 16 | class TestPermissions(unittest.TestCase): |
|
16 | class TestPermissions(unittest.TestCase): | |
| @@ -40,6 +40,7 b' class TestPermissions(unittest.TestCase)' | |||||
| 40 | def tearDown(self): |
|
40 | def tearDown(self): | |
| 41 | if hasattr(self, 'test_repo'): |
|
41 | if hasattr(self, 'test_repo'): | |
| 42 | RepoModel().delete(repo=self.test_repo) |
|
42 | RepoModel().delete(repo=self.test_repo) | |
|
|
43 | ||||
| 43 | UserModel().delete(self.u1) |
|
44 | UserModel().delete(self.u1) | |
| 44 | UserModel().delete(self.u2) |
|
45 | UserModel().delete(self.u2) | |
| 45 | UserModel().delete(self.u3) |
|
46 | UserModel().delete(self.u3) | |
| @@ -425,3 +426,47 b' class TestPermissions(unittest.TestCase)' | |||||
| 425 | set(['hg.create.repository', 'hg.fork.repository', |
|
426 | set(['hg.create.repository', 'hg.fork.repository', | |
| 426 | 'hg.register.manual_activate', |
|
427 | 'hg.register.manual_activate', | |
| 427 | 'repository.read'])) |
|
428 | 'repository.read'])) | |
|
|
429 | ||||
|
|
430 | def test_owner_permissions_doesnot_get_overwritten_by_group(self): | |||
|
|
431 | #create repo as USER, | |||
|
|
432 | self.test_repo = repo = RepoModel().create_repo(repo_name='myownrepo', | |||
|
|
433 | repo_type='hg', | |||
|
|
434 | description='desc', | |||
|
|
435 | owner=self.u1) | |||
|
|
436 | ||||
|
|
437 | Session().commit() | |||
|
|
438 | #he has permissions of admin as owner | |||
|
|
439 | u1_auth = AuthUser(user_id=self.u1.user_id) | |||
|
|
440 | self.assertEqual(u1_auth.permissions['repositories']['myownrepo'], | |||
|
|
441 | 'repository.admin') | |||
|
|
442 | #set his permission as users group, he should still be admin | |||
|
|
443 | self.ug1 = UsersGroupModel().create('G1') | |||
|
|
444 | # add user to group | |||
|
|
445 | UsersGroupModel().add_user_to_group(self.ug1, self.u1) | |||
|
|
446 | RepoModel().grant_users_group_permission(repo, group_name=self.ug1, | |||
|
|
447 | perm='repository.none') | |||
|
|
448 | ||||
|
|
449 | Session().commit() | |||
|
|
450 | u1_auth = AuthUser(user_id=self.u1.user_id) | |||
|
|
451 | self.assertEqual(u1_auth.permissions['repositories']['myownrepo'], | |||
|
|
452 | 'repository.admin') | |||
|
|
453 | ||||
|
|
454 | def test_owner_permissions_doesnot_get_overwritten_by_others(self): | |||
|
|
455 | #create repo as USER, | |||
|
|
456 | self.test_repo = repo = RepoModel().create_repo(repo_name='myownrepo', | |||
|
|
457 | repo_type='hg', | |||
|
|
458 | description='desc', | |||
|
|
459 | owner=self.u1) | |||
|
|
460 | ||||
|
|
461 | Session().commit() | |||
|
|
462 | #he has permissions of admin as owner | |||
|
|
463 | u1_auth = AuthUser(user_id=self.u1.user_id) | |||
|
|
464 | self.assertEqual(u1_auth.permissions['repositories']['myownrepo'], | |||
|
|
465 | 'repository.admin') | |||
|
|
466 | #set his permission as user, he should still be admin | |||
|
|
467 | RepoModel().grant_user_permission(repo, user=self.u1, | |||
|
|
468 | perm='repository.none') | |||
|
|
469 | Session().commit() | |||
|
|
470 | u1_auth = AuthUser(user_id=self.u1.user_id) | |||
|
|
471 | self.assertEqual(u1_auth.permissions['repositories']['myownrepo'], | |||
|
|
472 | 'repository.admin') | |||
General Comments 0
You need to be logged in to leave comments.
Login now