##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

fixed #570 explicit users group permissions can overwrite owner permissions...
marcink -
r2864:5c1ad3b4 beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -15,10 +15,13 b' news'
15 15 ++++
16 16
17 17 - #558 Added config file to hooks extra data
18 - bumbped mercurial version to 2.3.1
18 19
19 20 fixes
20 21 +++++
21 22
23 - fixed #570 explicit users group permissions can overwrite owner permissions
24
22 25 1.4.2 (**2012-09-12**)
23 26 ----------------------
24 27
Show file before | Show file after | Hide comments
@@ -524,8 +524,12 b' class UserModel(BaseModel):'
524 524 p = perm.Permission.permission_name
525 525 cur_perm = user.permissions[RK][r_k]
526 526 # overwrite permission only if it's greater than permission
527 # given from other sources
527 # given from other sources - disabled with `or 1` now
528 528 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1: # disable check
529 if perm.Repository.user_id == uid:
530 # set admin if owner
531 p = 'repository.admin'
532
529 533 user.permissions[RK][r_k] = p
530 534
531 535 # user explicit permissions for repositories
Show file before | Show file after | Hide comments
@@ -10,7 +10,7 b' from rhodecode.model.user import UserMod'
10 10 from rhodecode.model.meta import Session
11 11 from rhodecode.model.users_group import UsersGroupModel
12 12 from rhodecode.lib.auth import AuthUser
13
13 from rhodecode.tests.api.api_base import create_repo
14 14
15 15
16 16 class TestPermissions(unittest.TestCase):
@@ -40,6 +40,7 b' class TestPermissions(unittest.TestCase)'
40 40 def tearDown(self):
41 41 if hasattr(self, 'test_repo'):
42 42 RepoModel().delete(repo=self.test_repo)
43
43 44 UserModel().delete(self.u1)
44 45 UserModel().delete(self.u2)
45 46 UserModel().delete(self.u3)
@@ -425,3 +426,47 b' class TestPermissions(unittest.TestCase)'
425 426 set(['hg.create.repository', 'hg.fork.repository',
426 427 'hg.register.manual_activate',
427 428 'repository.read']))
429
430 def test_owner_permissions_doesnot_get_overwritten_by_group(self):
431 #create repo as USER,
432 self.test_repo = repo = RepoModel().create_repo(repo_name='myownrepo',
433 repo_type='hg',
434 description='desc',
435 owner=self.u1)
436
437 Session().commit()
438 #he has permissions of admin as owner
439 u1_auth = AuthUser(user_id=self.u1.user_id)
440 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
441 'repository.admin')
442 #set his permission as users group, he should still be admin
443 self.ug1 = UsersGroupModel().create('G1')
444 # add user to group
445 UsersGroupModel().add_user_to_group(self.ug1, self.u1)
446 RepoModel().grant_users_group_permission(repo, group_name=self.ug1,
447 perm='repository.none')
448
449 Session().commit()
450 u1_auth = AuthUser(user_id=self.u1.user_id)
451 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
452 'repository.admin')
453
454 def test_owner_permissions_doesnot_get_overwritten_by_others(self):
455 #create repo as USER,
456 self.test_repo = repo = RepoModel().create_repo(repo_name='myownrepo',
457 repo_type='hg',
458 description='desc',
459 owner=self.u1)
460
461 Session().commit()
462 #he has permissions of admin as owner
463 u1_auth = AuthUser(user_id=self.u1.user_id)
464 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
465 'repository.admin')
466 #set his permission as user, he should still be admin
467 RepoModel().grant_user_permission(repo, user=self.u1,
468 perm='repository.none')
469 Session().commit()
470 u1_auth = AuthUser(user_id=self.u1.user_id)
471 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
472 'repository.admin')
General Comments 0
You need to be logged in to leave comments. Login now