Show More
| @@ -111,6 +111,12 b' rss_include_diff = false' | |||||
| 111 | show_sha_length = 12 |
|
111 | show_sha_length = 12 | |
| 112 | show_revision_number = true |
|
112 | show_revision_number = true | |
| 113 |
|
113 | |||
|
|
114 | ## white list of API enabled controllers. This allows to add list of | |||
|
|
115 | ## controllers to which access will be enabled by api_key. eg: to enable | |||
|
|
116 | ## api access to raw_files put `FilesController:raw`, to enable access to patches | |||
|
|
117 | ## add `ChangesetController:changeset_patch`. This list should be "," separated | |||
|
|
118 | ## Syntax is <ControllerClass>:<function>. Check debug logs for generated names | |||
|
|
119 | api_access_controllers_whitelist = | |||
| 114 |
|
120 | |||
| 115 | ## alternative_gravatar_url allows you to use your own avatar server application |
|
121 | ## alternative_gravatar_url allows you to use your own avatar server application | |
| 116 | ## the following parts of the URL will be replaced |
|
122 | ## the following parts of the URL will be replaced | |
| @@ -111,6 +111,12 b' rss_include_diff = false' | |||||
| 111 | show_sha_length = 12 |
|
111 | show_sha_length = 12 | |
| 112 | show_revision_number = true |
|
112 | show_revision_number = true | |
| 113 |
|
113 | |||
|
|
114 | ## white list of API enabled controllers. This allows to add list of | |||
|
|
115 | ## controllers to which access will be enabled by api_key. eg: to enable | |||
|
|
116 | ## api access to raw_files put `FilesController:raw`, to enable access to patches | |||
|
|
117 | ## add `ChangesetController:changeset_patch`. This list should be "," separated | |||
|
|
118 | ## Syntax is <ControllerClass>:<function>. Check debug logs for generated names | |||
|
|
119 | api_access_controllers_whitelist = | |||
| 114 |
|
120 | |||
| 115 | ## alternative_gravatar_url allows you to use your own avatar server application |
|
121 | ## alternative_gravatar_url allows you to use your own avatar server application | |
| 116 | ## the following parts of the URL will be replaced |
|
122 | ## the following parts of the URL will be replaced | |
| @@ -111,6 +111,12 b' rss_include_diff = false' | |||||
| 111 | show_sha_length = 12 |
|
111 | show_sha_length = 12 | |
| 112 | show_revision_number = true |
|
112 | show_revision_number = true | |
| 113 |
|
113 | |||
|
|
114 | ## white list of API enabled controllers. This allows to add list of | |||
|
|
115 | ## controllers to which access will be enabled by api_key. eg: to enable | |||
|
|
116 | ## api access to raw_files put `FilesController:raw`, to enable access to patches | |||
|
|
117 | ## add `ChangesetController:changeset_patch`. This list should be "," separated | |||
|
|
118 | ## Syntax is <ControllerClass>:<function>. Check debug logs for generated names | |||
|
|
119 | api_access_controllers_whitelist = | |||
| 114 |
|
120 | |||
| 115 | ## alternative_gravatar_url allows you to use your own avatar server application |
|
121 | ## alternative_gravatar_url allows you to use your own avatar server application | |
| 116 | ## the following parts of the URL will be replaced |
|
122 | ## the following parts of the URL will be replaced | |
| @@ -39,7 +39,7 b' from sqlalchemy.orm.exc import ObjectDel' | |||||
| 39 | from rhodecode import __platform__, is_windows, is_unix |
|
39 | from rhodecode import __platform__, is_windows, is_unix | |
| 40 | from rhodecode.model.meta import Session |
|
40 | from rhodecode.model.meta import Session | |
| 41 |
|
41 | |||
| 42 | from rhodecode.lib.utils2 import str2bool, safe_unicode |
|
42 | from rhodecode.lib.utils2 import str2bool, safe_unicode, aslist | |
| 43 | from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError,\ |
|
43 | from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError,\ | |
| 44 | LdapImportError |
|
44 | LdapImportError | |
| 45 | from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug,\ |
|
45 | from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug,\ | |
| @@ -531,7 +531,12 b' class LoginRequired(object):' | |||||
| 531 | cls = fargs[0] |
|
531 | cls = fargs[0] | |
| 532 | user = cls.rhodecode_user |
|
532 | user = cls.rhodecode_user | |
| 533 | loc = "%s:%s" % (cls.__class__.__name__, func.__name__) |
|
533 | loc = "%s:%s" % (cls.__class__.__name__, func.__name__) | |
| 534 |
|
534 | # defined whitelist of controllers which API access will be enabled | ||
|
|
535 | whitelist = aslist(config.get('api_access_controllers_whitelist'), | |||
|
|
536 | sep=',') | |||
|
|
537 | api_access_whitelist = loc in whitelist | |||
|
|
538 | log.debug('loc:%s is in API whitelist:%s:%s' % (loc, whitelist, | |||
|
|
539 | api_access_whitelist)) | |||
| 535 | #check IP |
|
540 | #check IP | |
| 536 | ip_access_ok = True |
|
541 | ip_access_ok = True | |
| 537 | if not user.ip_allowed: |
|
542 | if not user.ip_allowed: | |
| @@ -541,7 +546,7 b' class LoginRequired(object):' | |||||
| 541 | ip_access_ok = False |
|
546 | ip_access_ok = False | |
| 542 |
|
547 | |||
| 543 | api_access_ok = False |
|
548 | api_access_ok = False | |
| 544 | if self.api_access: |
|
549 | if self.api_access or api_access_whitelist: | |
| 545 | log.debug('Checking API KEY access for %s' % cls) |
|
550 | log.debug('Checking API KEY access for %s' % cls) | |
| 546 | if user.api_key == request.GET.get('api_key'): |
|
551 | if user.api_key == request.GET.get('api_key'): | |
| 547 | api_access_ok = True |
|
552 | api_access_ok = True | |
General Comments 0
You need to be logged in to leave comments.
Login now