Show More
@@ -37,7 +37,7 b' from webob.exc import HTTPFound, HTTPInt' | |||
|
37 | 37 | from kallithea.config.routing import url |
|
38 | 38 | from kallithea.lib import helpers as h |
|
39 | 39 | from kallithea.lib.auth import LoginRequired, \ |
|
40 |
HasRepoPermission |
|
|
40 | HasRepoPermissionLevelDecorator, NotAnonymous, HasPermissionAny | |
|
41 | 41 | from kallithea.lib.base import BaseRepoController, render, jsonify |
|
42 | 42 | from kallithea.lib.utils import action_logger |
|
43 | 43 | from kallithea.lib.vcs import RepositoryError |
@@ -100,7 +100,7 b' class ReposController(BaseRepoController' | |||
|
100 | 100 | def index(self, format='html'): |
|
101 | 101 | _list = Repository.query(sorted=True).all() |
|
102 | 102 | |
|
103 |
c.repos_list = RepoList(_list, perm_ |
|
|
103 | c.repos_list = RepoList(_list, perm_level='admin') | |
|
104 | 104 | repos_data = RepoModel().get_repos_as_dict(repos_list=c.repos_list, |
|
105 | 105 | admin=True, |
|
106 | 106 | super_user_actions=True) |
@@ -212,7 +212,7 b' class ReposController(BaseRepoController' | |||
|
212 | 212 | return {'result': True} |
|
213 | 213 | return {'result': False} |
|
214 | 214 | |
|
215 |
@HasRepoPermission |
|
|
215 | @HasRepoPermissionLevelDecorator('admin') | |
|
216 | 216 | def update(self, repo_name): |
|
217 | 217 | c.repo_info = self._load_repo() |
|
218 | 218 | self.__load_defaults(c.repo_info) |
@@ -261,7 +261,7 b' class ReposController(BaseRepoController' | |||
|
261 | 261 | % repo_name, category='error') |
|
262 | 262 | raise HTTPFound(location=url('edit_repo', repo_name=changed_name)) |
|
263 | 263 | |
|
264 |
@HasRepoPermission |
|
|
264 | @HasRepoPermissionLevelDecorator('admin') | |
|
265 | 265 | def delete(self, repo_name): |
|
266 | 266 | repo_model = RepoModel() |
|
267 | 267 | repo = repo_model.get_by_repo_name(repo_name) |
@@ -298,7 +298,7 b' class ReposController(BaseRepoController' | |||
|
298 | 298 | raise HTTPFound(location=url('repos_group_home', group_name=repo.group.group_name)) |
|
299 | 299 | raise HTTPFound(location=url('repos')) |
|
300 | 300 | |
|
301 |
@HasRepoPermission |
|
|
301 | @HasRepoPermissionLevelDecorator('admin') | |
|
302 | 302 | def edit(self, repo_name): |
|
303 | 303 | defaults = self.__load_data() |
|
304 | 304 | c.repo_fields = RepositoryField.query() \ |
@@ -312,7 +312,7 b' class ReposController(BaseRepoController' | |||
|
312 | 312 | encoding="UTF-8", |
|
313 | 313 | force_defaults=False) |
|
314 | 314 | |
|
315 |
@HasRepoPermission |
|
|
315 | @HasRepoPermissionLevelDecorator('admin') | |
|
316 | 316 | def edit_permissions(self, repo_name): |
|
317 | 317 | c.repo_info = self._load_repo() |
|
318 | 318 | repo_model = RepoModel() |
@@ -363,7 +363,7 b' class ReposController(BaseRepoController' | |||
|
363 | 363 | category='error') |
|
364 | 364 | raise HTTPInternalServerError() |
|
365 | 365 | |
|
366 |
@HasRepoPermission |
|
|
366 | @HasRepoPermissionLevelDecorator('admin') | |
|
367 | 367 | def edit_fields(self, repo_name): |
|
368 | 368 | c.repo_info = self._load_repo() |
|
369 | 369 | c.repo_fields = RepositoryField.query() \ |
@@ -374,7 +374,7 b' class ReposController(BaseRepoController' | |||
|
374 | 374 | raise HTTPFound(location=url('repo_edit_fields')) |
|
375 | 375 | return render('admin/repos/repo_edit.html') |
|
376 | 376 | |
|
377 |
@HasRepoPermission |
|
|
377 | @HasRepoPermissionLevelDecorator('admin') | |
|
378 | 378 | def create_repo_field(self, repo_name): |
|
379 | 379 | try: |
|
380 | 380 | form_result = RepoFieldForm()().to_python(dict(request.POST)) |
@@ -395,7 +395,7 b' class ReposController(BaseRepoController' | |||
|
395 | 395 | h.flash(msg, category='error') |
|
396 | 396 | raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name)) |
|
397 | 397 | |
|
398 |
@HasRepoPermission |
|
|
398 | @HasRepoPermissionLevelDecorator('admin') | |
|
399 | 399 | def delete_repo_field(self, repo_name, field_id): |
|
400 | 400 | field = RepositoryField.get_or_404(field_id) |
|
401 | 401 | try: |
@@ -407,7 +407,7 b' class ReposController(BaseRepoController' | |||
|
407 | 407 | h.flash(msg, category='error') |
|
408 | 408 | raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name)) |
|
409 | 409 | |
|
410 |
@HasRepoPermission |
|
|
410 | @HasRepoPermissionLevelDecorator('admin') | |
|
411 | 411 | def edit_advanced(self, repo_name): |
|
412 | 412 | c.repo_info = self._load_repo() |
|
413 | 413 | c.default_user_id = User.get_default_user().user_id |
@@ -416,7 +416,7 b' class ReposController(BaseRepoController' | |||
|
416 | 416 | .filter(UserFollowing.follows_repository == c.repo_info).scalar() |
|
417 | 417 | |
|
418 | 418 | _repos = Repository.query(sorted=True).all() |
|
419 | read_access_repos = RepoList(_repos) | |
|
419 | read_access_repos = RepoList(_repos, perm_level='read') | |
|
420 | 420 | c.repos_list = [(None, _('-- Not a fork --'))] |
|
421 | 421 | c.repos_list += [(x.repo_id, x.repo_name) |
|
422 | 422 | for x in read_access_repos |
@@ -435,7 +435,7 b' class ReposController(BaseRepoController' | |||
|
435 | 435 | encoding="UTF-8", |
|
436 | 436 | force_defaults=False) |
|
437 | 437 | |
|
438 |
@HasRepoPermission |
|
|
438 | @HasRepoPermissionLevelDecorator('admin') | |
|
439 | 439 | def edit_advanced_journal(self, repo_name): |
|
440 | 440 | """ |
|
441 | 441 | Sets this repository to be visible in public journal, |
@@ -458,7 +458,7 b' class ReposController(BaseRepoController' | |||
|
458 | 458 | raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name)) |
|
459 | 459 | |
|
460 | 460 | |
|
461 |
@HasRepoPermission |
|
|
461 | @HasRepoPermissionLevelDecorator('admin') | |
|
462 | 462 | def edit_advanced_fork(self, repo_name): |
|
463 | 463 | """ |
|
464 | 464 | Mark given repository as a fork of another |
@@ -483,7 +483,7 b' class ReposController(BaseRepoController' | |||
|
483 | 483 | |
|
484 | 484 | raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name)) |
|
485 | 485 | |
|
486 |
@HasRepoPermission |
|
|
486 | @HasRepoPermissionLevelDecorator('admin') | |
|
487 | 487 | def edit_advanced_locking(self, repo_name): |
|
488 | 488 | """ |
|
489 | 489 | Unlock repository when it is locked ! |
@@ -504,7 +504,7 b' class ReposController(BaseRepoController' | |||
|
504 | 504 | category='error') |
|
505 | 505 | raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name)) |
|
506 | 506 | |
|
507 |
@HasRepoPermission |
|
|
507 | @HasRepoPermissionLevelDecorator('write') | |
|
508 | 508 | def toggle_locking(self, repo_name): |
|
509 | 509 | try: |
|
510 | 510 | repo = Repository.get_by_repo_name(repo_name) |
@@ -523,7 +523,7 b' class ReposController(BaseRepoController' | |||
|
523 | 523 | category='error') |
|
524 | 524 | raise HTTPFound(location=url('summary_home', repo_name=repo_name)) |
|
525 | 525 | |
|
526 |
@HasRepoPermission |
|
|
526 | @HasRepoPermissionLevelDecorator('admin') | |
|
527 | 527 | def edit_caches(self, repo_name): |
|
528 | 528 | c.repo_info = self._load_repo() |
|
529 | 529 | c.active = 'caches' |
@@ -541,7 +541,7 b' class ReposController(BaseRepoController' | |||
|
541 | 541 | raise HTTPFound(location=url('edit_repo_caches', repo_name=c.repo_name)) |
|
542 | 542 | return render('admin/repos/repo_edit.html') |
|
543 | 543 | |
|
544 |
@HasRepoPermission |
|
|
544 | @HasRepoPermissionLevelDecorator('admin') | |
|
545 | 545 | def edit_remote(self, repo_name): |
|
546 | 546 | c.repo_info = self._load_repo() |
|
547 | 547 | c.active = 'remote' |
@@ -556,7 +556,7 b' class ReposController(BaseRepoController' | |||
|
556 | 556 | raise HTTPFound(location=url('edit_repo_remote', repo_name=c.repo_name)) |
|
557 | 557 | return render('admin/repos/repo_edit.html') |
|
558 | 558 | |
|
559 |
@HasRepoPermission |
|
|
559 | @HasRepoPermissionLevelDecorator('admin') | |
|
560 | 560 | def edit_statistics(self, repo_name): |
|
561 | 561 | c.repo_info = self._load_repo() |
|
562 | 562 | repo = c.repo_info.scm_instance |
@@ -35,7 +35,7 b' from pylons import request' | |||
|
35 | 35 | from kallithea.controllers.api import JSONRPCController, JSONRPCError |
|
36 | 36 | from kallithea.lib.auth import ( |
|
37 | 37 | PasswordGenerator, AuthUser, HasPermissionAnyDecorator, |
|
38 |
HasPermissionAnyDecorator, HasPermissionAny, HasRepoPermission |
|
|
38 | HasPermissionAnyDecorator, HasPermissionAny, HasRepoPermissionLevel, | |
|
39 | 39 | HasRepoGroupPermissionAny, HasUserGroupPermissionAny) |
|
40 | 40 | from kallithea.lib.utils import map_groups, repo2db_mapper |
|
41 | 41 | from kallithea.lib.utils2 import ( |
@@ -277,10 +277,7 b' class ApiController(JSONRPCController):' | |||
|
277 | 277 | """ |
|
278 | 278 | repo = get_repo_or_error(repoid) |
|
279 | 279 | if not HasPermissionAny('hg.admin')(): |
|
280 | # check if we have admin permission for this repo ! | |
|
281 | if not HasRepoPermissionAny('repository.admin', | |
|
282 | 'repository.write')( | |
|
283 | repo_name=repo.repo_name): | |
|
280 | if not HasRepoPermissionLevel('write')(repo.repo_name): | |
|
284 | 281 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) |
|
285 | 282 | |
|
286 | 283 | try: |
@@ -342,8 +339,7 b' class ApiController(JSONRPCController):' | |||
|
342 | 339 | repo = get_repo_or_error(repoid) |
|
343 | 340 | if HasPermissionAny('hg.admin')(): |
|
344 | 341 | pass |
|
345 |
elif HasRepoPermission |
|
|
346 | 'repository.write')(repo_name=repo.repo_name): | |
|
342 | elif HasRepoPermissionLevel('write')(repo.repo_name): | |
|
347 | 343 | # make sure normal user does not pass someone else userid, |
|
348 | 344 | # he is not allowed to do that |
|
349 | 345 | if not isinstance(userid, Optional) and userid != request.authuser.user_id: |
@@ -1204,9 +1200,7 b' class ApiController(JSONRPCController):' | |||
|
1204 | 1200 | repo = get_repo_or_error(repoid) |
|
1205 | 1201 | |
|
1206 | 1202 | if not HasPermissionAny('hg.admin')(): |
|
1207 | # check if we have admin permission for this repo ! | |
|
1208 | perms = ('repository.admin', 'repository.write', 'repository.read') | |
|
1209 | if not HasRepoPermissionAny(*perms)(repo_name=repo.repo_name): | |
|
1203 | if not HasRepoPermissionLevel('read')(repo.repo_name): | |
|
1210 | 1204 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) |
|
1211 | 1205 | |
|
1212 | 1206 | members = [] |
@@ -1314,9 +1308,7 b' class ApiController(JSONRPCController):' | |||
|
1314 | 1308 | repo = get_repo_or_error(repoid) |
|
1315 | 1309 | |
|
1316 | 1310 | if not HasPermissionAny('hg.admin')(): |
|
1317 | # check if we have admin permission for this repo ! | |
|
1318 | perms = ('repository.admin', 'repository.write', 'repository.read') | |
|
1319 | if not HasRepoPermissionAny(*perms)(repo_name=repo.repo_name): | |
|
1311 | if not HasRepoPermissionLevel('read')(repo.repo_name): | |
|
1320 | 1312 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) |
|
1321 | 1313 | |
|
1322 | 1314 | ret_type = Optional.extract(ret_type) |
@@ -1492,8 +1484,7 b' class ApiController(JSONRPCController):' | |||
|
1492 | 1484 | """ |
|
1493 | 1485 | repo = get_repo_or_error(repoid) |
|
1494 | 1486 | if not HasPermissionAny('hg.admin')(): |
|
1495 | # check if we have admin permission for this repo ! | |
|
1496 | if not HasRepoPermissionAny('repository.admin')(repo_name=repo.repo_name): | |
|
1487 | if not HasRepoPermissionLevel('admin')(repo.repo_name): | |
|
1497 | 1488 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) |
|
1498 | 1489 | |
|
1499 | 1490 | if (name != repo.repo_name and |
@@ -1590,9 +1581,7 b' class ApiController(JSONRPCController):' | |||
|
1590 | 1581 | |
|
1591 | 1582 | if HasPermissionAny('hg.admin')(): |
|
1592 | 1583 | pass |
|
1593 |
elif HasRepoPermission |
|
|
1594 | 'repository.write', | |
|
1595 | 'repository.read')(repo_name=repo.repo_name): | |
|
1584 | elif HasRepoPermissionLevel('read')(repo.repo_name): | |
|
1596 | 1585 | if not isinstance(owner, Optional): |
|
1597 | 1586 | # forbid setting owner for non-admins |
|
1598 | 1587 | raise JSONRPCError( |
@@ -1669,8 +1658,7 b' class ApiController(JSONRPCController):' | |||
|
1669 | 1658 | repo = get_repo_or_error(repoid) |
|
1670 | 1659 | |
|
1671 | 1660 | if not HasPermissionAny('hg.admin')(): |
|
1672 | # check if we have admin permission for this repo ! | |
|
1673 | if not HasRepoPermissionAny('repository.admin')(repo_name=repo.repo_name): | |
|
1661 | if not HasRepoPermissionLevel('admin')(repo.repo_name): | |
|
1674 | 1662 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) |
|
1675 | 1663 | |
|
1676 | 1664 | try: |
@@ -1821,10 +1809,7 b' class ApiController(JSONRPCController):' | |||
|
1821 | 1809 | perm = get_perm_or_error(perm) |
|
1822 | 1810 | user_group = get_user_group_or_error(usergroupid) |
|
1823 | 1811 | if not HasPermissionAny('hg.admin')(): |
|
1824 | # check if we have admin permission for this repo ! | |
|
1825 | _perms = ('repository.admin',) | |
|
1826 | if not HasRepoPermissionAny(*_perms)( | |
|
1827 | repo_name=repo.repo_name): | |
|
1812 | if not HasRepoPermissionLevel('admin')(repo.repo_name): | |
|
1828 | 1813 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) |
|
1829 | 1814 | |
|
1830 | 1815 | # check if we have at least read permission for this user group ! |
@@ -1877,10 +1862,7 b' class ApiController(JSONRPCController):' | |||
|
1877 | 1862 | repo = get_repo_or_error(repoid) |
|
1878 | 1863 | user_group = get_user_group_or_error(usergroupid) |
|
1879 | 1864 | if not HasPermissionAny('hg.admin')(): |
|
1880 | # check if we have admin permission for this repo ! | |
|
1881 | _perms = ('repository.admin',) | |
|
1882 | if not HasRepoPermissionAny(*_perms)( | |
|
1883 | repo_name=repo.repo_name): | |
|
1865 | if not HasRepoPermissionLevel('admin')(repo.repo_name): | |
|
1884 | 1866 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) |
|
1885 | 1867 | |
|
1886 | 1868 | # check if we have at least read permission for this user group ! |
@@ -34,7 +34,7 b' from webob.exc import HTTPFound, HTTPNot' | |||
|
34 | 34 | |
|
35 | 35 | import kallithea.lib.helpers as h |
|
36 | 36 | from kallithea.config.routing import url |
|
37 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
|
37 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator | |
|
38 | 38 | from kallithea.lib.base import BaseRepoController, render |
|
39 | 39 | from kallithea.lib.compat import json |
|
40 | 40 | from kallithea.lib.graphmod import graph_data |
@@ -92,8 +92,7 b' class ChangelogController(BaseRepoContro' | |||
|
92 | 92 | raise HTTPBadRequest() |
|
93 | 93 | |
|
94 | 94 | @LoginRequired() |
|
95 |
@HasRepoPermission |
|
|
96 | 'repository.admin') | |
|
95 | @HasRepoPermissionLevelDecorator('read') | |
|
97 | 96 | def index(self, repo_name, revision=None, f_path=None): |
|
98 | 97 | # Fix URL after page size form submission via GET |
|
99 | 98 | # TODO: Somehow just don't send this extra junk in the GET URL |
@@ -179,8 +178,7 b' class ChangelogController(BaseRepoContro' | |||
|
179 | 178 | return render('changelog/changelog.html') |
|
180 | 179 | |
|
181 | 180 | @LoginRequired() |
|
182 |
@HasRepoPermission |
|
|
183 | 'repository.admin') | |
|
181 | @HasRepoPermissionLevelDecorator('read') | |
|
184 | 182 | def changelog_details(self, cs): |
|
185 | 183 | if request.environ.get('HTTP_X_PARTIAL_XHR'): |
|
186 | 184 | c.cs = c.db_repo_scm_instance.get_changeset(cs) |
@@ -188,8 +186,7 b' class ChangelogController(BaseRepoContro' | |||
|
188 | 186 | raise HTTPNotFound() |
|
189 | 187 | |
|
190 | 188 | @LoginRequired() |
|
191 |
@HasRepoPermission |
|
|
192 | 'repository.admin') | |
|
189 | @HasRepoPermissionLevelDecorator('read') | |
|
193 | 190 | def changelog_summary(self, repo_name): |
|
194 | 191 | if request.environ.get('HTTP_X_PARTIAL_XHR'): |
|
195 | 192 | _load_changelog_summary() |
@@ -38,7 +38,7 b' from kallithea.lib.vcs.exceptions import' | |||
|
38 | 38 | |
|
39 | 39 | from kallithea.lib.compat import json |
|
40 | 40 | import kallithea.lib.helpers as h |
|
41 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
|
41 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator, \ | |
|
42 | 42 | NotAnonymous |
|
43 | 43 | from kallithea.lib.base import BaseRepoController, render, jsonify |
|
44 | 44 | from kallithea.lib.utils import action_logger |
@@ -337,33 +337,28 b' class ChangesetController(BaseRepoContro' | |||
|
337 | 337 | return render('changeset/changeset_range.html') |
|
338 | 338 | |
|
339 | 339 | @LoginRequired() |
|
340 |
@HasRepoPermission |
|
|
341 | 'repository.admin') | |
|
340 | @HasRepoPermissionLevelDecorator('read') | |
|
342 | 341 | def index(self, revision, method='show'): |
|
343 | 342 | return self._index(revision, method=method) |
|
344 | 343 | |
|
345 | 344 | @LoginRequired() |
|
346 |
@HasRepoPermission |
|
|
347 | 'repository.admin') | |
|
345 | @HasRepoPermissionLevelDecorator('read') | |
|
348 | 346 | def changeset_raw(self, revision): |
|
349 | 347 | return self._index(revision, method='raw') |
|
350 | 348 | |
|
351 | 349 | @LoginRequired() |
|
352 |
@HasRepoPermission |
|
|
353 | 'repository.admin') | |
|
350 | @HasRepoPermissionLevelDecorator('read') | |
|
354 | 351 | def changeset_patch(self, revision): |
|
355 | 352 | return self._index(revision, method='patch') |
|
356 | 353 | |
|
357 | 354 | @LoginRequired() |
|
358 |
@HasRepoPermission |
|
|
359 | 'repository.admin') | |
|
355 | @HasRepoPermissionLevelDecorator('read') | |
|
360 | 356 | def changeset_download(self, revision): |
|
361 | 357 | return self._index(revision, method='download') |
|
362 | 358 | |
|
363 | 359 | @LoginRequired() |
|
364 | 360 | @NotAnonymous() |
|
365 |
@HasRepoPermission |
|
|
366 | 'repository.admin') | |
|
361 | @HasRepoPermissionLevelDecorator('read') | |
|
367 | 362 | @jsonify |
|
368 | 363 | def comment(self, repo_name, revision): |
|
369 | 364 | assert request.environ.get('HTTP_X_PARTIAL_XHR') |
@@ -414,15 +409,14 b' class ChangesetController(BaseRepoContro' | |||
|
414 | 409 | |
|
415 | 410 | @LoginRequired() |
|
416 | 411 | @NotAnonymous() |
|
417 |
@HasRepoPermission |
|
|
418 | 'repository.admin') | |
|
412 | @HasRepoPermissionLevelDecorator('read') | |
|
419 | 413 | @jsonify |
|
420 | 414 | def delete_comment(self, repo_name, comment_id): |
|
421 | 415 | co = ChangesetComment.get_or_404(comment_id) |
|
422 | 416 | if co.repo.repo_name != repo_name: |
|
423 | 417 | raise HTTPNotFound() |
|
424 | 418 | owner = co.author_id == request.authuser.user_id |
|
425 |
repo_admin = h.HasRepoPermission |
|
|
419 | repo_admin = h.HasRepoPermissionLevel('admin')(repo_name) | |
|
426 | 420 | if h.HasPermissionAny('hg.admin')() or repo_admin or owner: |
|
427 | 421 | ChangesetCommentsModel().delete(comment=co) |
|
428 | 422 | Session().commit() |
@@ -431,8 +425,7 b' class ChangesetController(BaseRepoContro' | |||
|
431 | 425 | raise HTTPForbidden() |
|
432 | 426 | |
|
433 | 427 | @LoginRequired() |
|
434 |
@HasRepoPermission |
|
|
435 | 'repository.admin') | |
|
428 | @HasRepoPermissionLevelDecorator('read') | |
|
436 | 429 | @jsonify |
|
437 | 430 | def changeset_info(self, repo_name, revision): |
|
438 | 431 | if request.is_xhr: |
@@ -444,8 +437,7 b' class ChangesetController(BaseRepoContro' | |||
|
444 | 437 | raise HTTPBadRequest() |
|
445 | 438 | |
|
446 | 439 | @LoginRequired() |
|
447 |
@HasRepoPermission |
|
|
448 | 'repository.admin') | |
|
440 | @HasRepoPermissionLevelDecorator('read') | |
|
449 | 441 | @jsonify |
|
450 | 442 | def changeset_children(self, repo_name, revision): |
|
451 | 443 | if request.is_xhr: |
@@ -458,8 +450,7 b' class ChangesetController(BaseRepoContro' | |||
|
458 | 450 | raise HTTPBadRequest() |
|
459 | 451 | |
|
460 | 452 | @LoginRequired() |
|
461 |
@HasRepoPermission |
|
|
462 | 'repository.admin') | |
|
453 | @HasRepoPermissionLevelDecorator('read') | |
|
463 | 454 | @jsonify |
|
464 | 455 | def changeset_parents(self, repo_name, revision): |
|
465 | 456 | if request.is_xhr: |
@@ -39,7 +39,7 b' from kallithea.lib.utils2 import safe_st' | |||
|
39 | 39 | from kallithea.lib.vcs.utils.hgcompat import unionrepo |
|
40 | 40 | from kallithea.lib import helpers as h |
|
41 | 41 | from kallithea.lib.base import BaseRepoController, render |
|
42 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
|
42 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator | |
|
43 | 43 | from kallithea.lib import diffs |
|
44 | 44 | from kallithea.model.db import Repository |
|
45 | 45 | from kallithea.lib.diffs import LimitedDiffContainer |
@@ -168,16 +168,14 b' class CompareController(BaseRepoControll' | |||
|
168 | 168 | return other_changesets, org_changesets, ancestors |
|
169 | 169 | |
|
170 | 170 | @LoginRequired() |
|
171 |
@HasRepoPermission |
|
|
172 | 'repository.admin') | |
|
171 | @HasRepoPermissionLevelDecorator('read') | |
|
173 | 172 | def index(self, repo_name): |
|
174 | 173 | c.compare_home = True |
|
175 | 174 | c.a_ref_name = c.cs_ref_name = _('Select changeset') |
|
176 | 175 | return render('compare/compare_diff.html') |
|
177 | 176 | |
|
178 | 177 | @LoginRequired() |
|
179 |
@HasRepoPermission |
|
|
180 | 'repository.admin') | |
|
178 | @HasRepoPermissionLevelDecorator('read') | |
|
181 | 179 | def compare(self, repo_name, org_ref_type, org_ref_name, other_ref_type, other_ref_name): |
|
182 | 180 | org_ref_name = org_ref_name.strip() |
|
183 | 181 | other_ref_name = other_ref_name.strip() |
@@ -36,7 +36,7 b' from webhelpers.feedgenerator import Ato' | |||
|
36 | 36 | |
|
37 | 37 | from kallithea import CONFIG |
|
38 | 38 | from kallithea.lib import helpers as h |
|
39 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
|
39 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator | |
|
40 | 40 | from kallithea.lib.base import BaseRepoController |
|
41 | 41 | from kallithea.lib.diffs import DiffProcessor, LimitedDiffContainer |
|
42 | 42 | from kallithea.model.db import CacheInvalidation |
@@ -52,8 +52,7 b' ttl = "5"' | |||
|
52 | 52 | class FeedController(BaseRepoController): |
|
53 | 53 | |
|
54 | 54 | @LoginRequired(api_access=True) |
|
55 |
@HasRepoPermission |
|
|
56 | 'repository.admin') | |
|
55 | @HasRepoPermissionLevelDecorator('read') | |
|
57 | 56 | def __before__(self): |
|
58 | 57 | super(FeedController, self).__before__() |
|
59 | 58 |
@@ -44,7 +44,7 b' from kallithea.lib import helpers as h' | |||
|
44 | 44 | from kallithea.lib.compat import OrderedDict |
|
45 | 45 | from kallithea.lib.utils2 import convert_line_endings, detect_mode, safe_str, \ |
|
46 | 46 | str2bool, safe_int |
|
47 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
|
47 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator | |
|
48 | 48 | from kallithea.lib.base import BaseRepoController, render, jsonify |
|
49 | 49 | from kallithea.lib.vcs.backends.base import EmptyChangeset |
|
50 | 50 | from kallithea.lib.vcs.conf import settings |
@@ -125,8 +125,7 b' class FilesController(BaseRepoController' | |||
|
125 | 125 | return file_node |
|
126 | 126 | |
|
127 | 127 | @LoginRequired() |
|
128 |
@HasRepoPermission |
|
|
129 | 'repository.admin') | |
|
128 | @HasRepoPermissionLevelDecorator('read') | |
|
130 | 129 | def index(self, repo_name, revision, f_path, annotate=False): |
|
131 | 130 | # redirect to given revision from form if given |
|
132 | 131 | post_revision = request.POST.get('at_rev', None) |
@@ -199,8 +198,7 b' class FilesController(BaseRepoController' | |||
|
199 | 198 | return render('files/files.html') |
|
200 | 199 | |
|
201 | 200 | @LoginRequired() |
|
202 |
@HasRepoPermission |
|
|
203 | 'repository.admin') | |
|
201 | @HasRepoPermissionLevelDecorator('read') | |
|
204 | 202 | @jsonify |
|
205 | 203 | def history(self, repo_name, revision, f_path): |
|
206 | 204 | changeset = self.__get_cs(revision) |
@@ -222,8 +220,7 b' class FilesController(BaseRepoController' | |||
|
222 | 220 | return data |
|
223 | 221 | |
|
224 | 222 | @LoginRequired() |
|
225 |
@HasRepoPermission |
|
|
226 | 'repository.admin') | |
|
223 | @HasRepoPermissionLevelDecorator('read') | |
|
227 | 224 | def authors(self, repo_name, revision, f_path): |
|
228 | 225 | changeset = self.__get_cs(revision) |
|
229 | 226 | _file = changeset.get_node(f_path) |
@@ -235,8 +232,7 b' class FilesController(BaseRepoController' | |||
|
235 | 232 | return render('files/files_history_box.html') |
|
236 | 233 | |
|
237 | 234 | @LoginRequired() |
|
238 |
@HasRepoPermission |
|
|
239 | 'repository.admin') | |
|
235 | @HasRepoPermissionLevelDecorator('read') | |
|
240 | 236 | def rawfile(self, repo_name, revision, f_path): |
|
241 | 237 | cs = self.__get_cs(revision) |
|
242 | 238 | file_node = self.__get_filenode(cs, f_path) |
@@ -248,8 +244,7 b' class FilesController(BaseRepoController' | |||
|
248 | 244 | return file_node.content |
|
249 | 245 | |
|
250 | 246 | @LoginRequired() |
|
251 |
@HasRepoPermission |
|
|
252 | 'repository.admin') | |
|
247 | @HasRepoPermissionLevelDecorator('read') | |
|
253 | 248 | def raw(self, repo_name, revision, f_path): |
|
254 | 249 | cs = self.__get_cs(revision) |
|
255 | 250 | file_node = self.__get_filenode(cs, f_path) |
@@ -295,7 +290,7 b' class FilesController(BaseRepoController' | |||
|
295 | 290 | return file_node.content |
|
296 | 291 | |
|
297 | 292 | @LoginRequired() |
|
298 |
@HasRepoPermission |
|
|
293 | @HasRepoPermissionLevelDecorator('write') | |
|
299 | 294 | def delete(self, repo_name, revision, f_path): |
|
300 | 295 | repo = c.db_repo |
|
301 | 296 | if repo.enable_locking and repo.locked[0]: |
@@ -355,7 +350,7 b' class FilesController(BaseRepoController' | |||
|
355 | 350 | return render('files/files_delete.html') |
|
356 | 351 | |
|
357 | 352 | @LoginRequired() |
|
358 |
@HasRepoPermission |
|
|
353 | @HasRepoPermissionLevelDecorator('write') | |
|
359 | 354 | def edit(self, repo_name, revision, f_path): |
|
360 | 355 | repo = c.db_repo |
|
361 | 356 | if repo.enable_locking and repo.locked[0]: |
@@ -421,7 +416,7 b' class FilesController(BaseRepoController' | |||
|
421 | 416 | return render('files/files_edit.html') |
|
422 | 417 | |
|
423 | 418 | @LoginRequired() |
|
424 |
@HasRepoPermission |
|
|
419 | @HasRepoPermissionLevelDecorator('write') | |
|
425 | 420 | def add(self, repo_name, revision, f_path): |
|
426 | 421 | |
|
427 | 422 | repo = c.db_repo |
@@ -502,8 +497,7 b' class FilesController(BaseRepoController' | |||
|
502 | 497 | return render('files/files_add.html') |
|
503 | 498 | |
|
504 | 499 | @LoginRequired() |
|
505 |
@HasRepoPermission |
|
|
506 | 'repository.admin') | |
|
500 | @HasRepoPermissionLevelDecorator('read') | |
|
507 | 501 | def archivefile(self, repo_name, fname): |
|
508 | 502 | fileformat = None |
|
509 | 503 | revision = None |
@@ -589,8 +583,7 b' class FilesController(BaseRepoController' | |||
|
589 | 583 | return get_chunked_archive(archive_path) |
|
590 | 584 | |
|
591 | 585 | @LoginRequired() |
|
592 |
@HasRepoPermission |
|
|
593 | 'repository.admin') | |
|
586 | @HasRepoPermissionLevelDecorator('read') | |
|
594 | 587 | def diff(self, repo_name, f_path): |
|
595 | 588 | ignore_whitespace = request.GET.get('ignorews') == '1' |
|
596 | 589 | line_context = safe_int(request.GET.get('context'), 3) |
@@ -693,8 +686,7 b' class FilesController(BaseRepoController' | |||
|
693 | 686 | return render('files/file_diff.html') |
|
694 | 687 | |
|
695 | 688 | @LoginRequired() |
|
696 |
@HasRepoPermission |
|
|
697 | 'repository.admin') | |
|
689 | @HasRepoPermissionLevelDecorator('read') | |
|
698 | 690 | def diff_2way(self, repo_name, f_path): |
|
699 | 691 | diff1 = request.GET.get('diff1', '') |
|
700 | 692 | diff2 = request.GET.get('diff2', '') |
@@ -781,8 +773,7 b' class FilesController(BaseRepoController' | |||
|
781 | 773 | return hist_l, changesets |
|
782 | 774 | |
|
783 | 775 | @LoginRequired() |
|
784 |
@HasRepoPermission |
|
|
785 | 'repository.admin') | |
|
776 | @HasRepoPermissionLevelDecorator('read') | |
|
786 | 777 | @jsonify |
|
787 | 778 | def nodelist(self, repo_name, revision, f_path): |
|
788 | 779 | if request.environ.get('HTTP_X_PARTIAL_XHR'): |
@@ -29,7 +29,7 b' import logging' | |||
|
29 | 29 | |
|
30 | 30 | from pylons import tmpl_context as c, request |
|
31 | 31 | |
|
32 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
|
32 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator | |
|
33 | 33 | from kallithea.lib.base import BaseRepoController, render |
|
34 | 34 | from kallithea.lib.page import Page |
|
35 | 35 | from kallithea.lib.utils2 import safe_int |
@@ -44,8 +44,7 b' class FollowersController(BaseRepoContro' | |||
|
44 | 44 | super(FollowersController, self).__before__() |
|
45 | 45 | |
|
46 | 46 | @LoginRequired() |
|
47 |
@HasRepoPermission |
|
|
48 | 'repository.admin') | |
|
47 | @HasRepoPermissionLevelDecorator('read') | |
|
49 | 48 | def followers(self, repo_name): |
|
50 | 49 | p = safe_int(request.GET.get('page'), 1) |
|
51 | 50 | repo_id = c.db_repo.repo_id |
@@ -37,8 +37,8 b' from webob.exc import HTTPFound' | |||
|
37 | 37 | import kallithea.lib.helpers as h |
|
38 | 38 | |
|
39 | 39 | from kallithea.config.routing import url |
|
40 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
|
41 |
NotAnonymous, HasRepoPermission |
|
|
40 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator, \ | |
|
41 | NotAnonymous, HasRepoPermissionLevel, HasPermissionAnyDecorator, HasPermissionAny | |
|
42 | 42 | from kallithea.lib.base import BaseRepoController, render |
|
43 | 43 | from kallithea.lib.page import Page |
|
44 | 44 | from kallithea.lib.utils2 import safe_int |
@@ -108,16 +108,13 b' class ForksController(BaseRepoController' | |||
|
108 | 108 | return defaults |
|
109 | 109 | |
|
110 | 110 | @LoginRequired() |
|
111 |
@HasRepoPermission |
|
|
112 | 'repository.admin') | |
|
111 | @HasRepoPermissionLevelDecorator('read') | |
|
113 | 112 | def forks(self, repo_name): |
|
114 | 113 | p = safe_int(request.GET.get('page'), 1) |
|
115 | 114 | repo_id = c.db_repo.repo_id |
|
116 | 115 | d = [] |
|
117 | 116 | for r in Repository.get_repo_forks(repo_id): |
|
118 |
if not HasRepoPermission |
|
|
119 | 'repository.read', 'repository.write', 'repository.admin' | |
|
120 | )(r.repo_name, 'get forks check'): | |
|
117 | if not HasRepoPermissionLevel('read')(r.repo_name, 'get forks check'): | |
|
121 | 118 | continue |
|
122 | 119 | d.append(r) |
|
123 | 120 | c.forks_pager = Page(d, page=p, items_per_page=20) |
@@ -130,8 +127,7 b' class ForksController(BaseRepoController' | |||
|
130 | 127 | @LoginRequired() |
|
131 | 128 | @NotAnonymous() |
|
132 | 129 | @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository') |
|
133 |
@HasRepoPermission |
|
|
134 | 'repository.admin') | |
|
130 | @HasRepoPermissionLevelDecorator('read') | |
|
135 | 131 | def fork(self, repo_name): |
|
136 | 132 | c.repo_info = Repository.get_by_repo_name(repo_name) |
|
137 | 133 | if not c.repo_info: |
@@ -149,8 +145,7 b' class ForksController(BaseRepoController' | |||
|
149 | 145 | @LoginRequired() |
|
150 | 146 | @NotAnonymous() |
|
151 | 147 | @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository') |
|
152 |
@HasRepoPermission |
|
|
153 | 'repository.admin') | |
|
148 | @HasRepoPermissionLevelDecorator('read') | |
|
154 | 149 | def fork_create(self, repo_name): |
|
155 | 150 | self.__load_defaults() |
|
156 | 151 | c.repo_info = Repository.get_by_repo_name(repo_name) |
@@ -35,7 +35,7 b' from sqlalchemy.sql.expression import fu' | |||
|
35 | 35 | |
|
36 | 36 | from kallithea.lib.utils import conditional_cache |
|
37 | 37 | from kallithea.lib.compat import json |
|
38 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
|
38 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator | |
|
39 | 39 | from kallithea.lib.base import BaseController, render, jsonify |
|
40 | 40 | from kallithea.model.db import Repository, RepoGroup |
|
41 | 41 | from kallithea.model.repo import RepoModel |
@@ -113,8 +113,7 b' class HomeController(BaseController):' | |||
|
113 | 113 | raise HTTPBadRequest() |
|
114 | 114 | |
|
115 | 115 | @LoginRequired() |
|
116 |
@HasRepoPermission |
|
|
117 | 'repository.admin') | |
|
116 | @HasRepoPermissionLevelDecorator('read') | |
|
118 | 117 | @jsonify |
|
119 | 118 | def repo_refs_data(self, repo_name): |
|
120 | 119 | repo = Repository.get_by_repo_name(repo_name).scm_instance |
@@ -37,7 +37,7 b' from webob.exc import HTTPFound, HTTPNot' | |||
|
37 | 37 | from kallithea.config.routing import url |
|
38 | 38 | from kallithea.lib import helpers as h |
|
39 | 39 | from kallithea.lib import diffs |
|
40 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
|
40 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator, \ | |
|
41 | 41 | NotAnonymous |
|
42 | 42 | from kallithea.lib.base import BaseRepoController, render, jsonify |
|
43 | 43 | from kallithea.lib.compat import json, OrderedDict |
@@ -190,8 +190,7 b' class PullrequestsController(BaseRepoCon' | |||
|
190 | 190 | return request.authuser.admin or owner or reviewer |
|
191 | 191 | |
|
192 | 192 | @LoginRequired() |
|
193 |
@HasRepoPermission |
|
|
194 | 'repository.admin') | |
|
193 | @HasRepoPermissionLevelDecorator('read') | |
|
195 | 194 | def show_all(self, repo_name): |
|
196 | 195 | c.from_ = request.GET.get('from_') or '' |
|
197 | 196 | c.closed = request.GET.get('closed') or '' |
@@ -236,8 +235,7 b' class PullrequestsController(BaseRepoCon' | |||
|
236 | 235 | |
|
237 | 236 | @LoginRequired() |
|
238 | 237 | @NotAnonymous() |
|
239 |
@HasRepoPermission |
|
|
240 | 'repository.admin') | |
|
238 | @HasRepoPermissionLevelDecorator('read') | |
|
241 | 239 | def index(self): |
|
242 | 240 | org_repo = c.db_repo |
|
243 | 241 | org_scm_instance = org_repo.scm_instance |
@@ -293,8 +291,7 b' class PullrequestsController(BaseRepoCon' | |||
|
293 | 291 | |
|
294 | 292 | @LoginRequired() |
|
295 | 293 | @NotAnonymous() |
|
296 |
@HasRepoPermission |
|
|
297 | 'repository.admin') | |
|
294 | @HasRepoPermissionLevelDecorator('read') | |
|
298 | 295 | @jsonify |
|
299 | 296 | def repo_info(self, repo_name): |
|
300 | 297 | repo = c.db_repo |
@@ -307,8 +304,7 b' class PullrequestsController(BaseRepoCon' | |||
|
307 | 304 | |
|
308 | 305 | @LoginRequired() |
|
309 | 306 | @NotAnonymous() |
|
310 |
@HasRepoPermission |
|
|
311 | 'repository.admin') | |
|
307 | @HasRepoPermissionLevelDecorator('read') | |
|
312 | 308 | def create(self, repo_name): |
|
313 | 309 | repo = c.db_repo |
|
314 | 310 | try: |
@@ -513,8 +509,7 b' class PullrequestsController(BaseRepoCon' | |||
|
513 | 509 | # pullrequest_post for PR editing |
|
514 | 510 | @LoginRequired() |
|
515 | 511 | @NotAnonymous() |
|
516 |
@HasRepoPermission |
|
|
517 | 'repository.admin') | |
|
512 | @HasRepoPermissionLevelDecorator('read') | |
|
518 | 513 | def post(self, repo_name, pull_request_id): |
|
519 | 514 | pull_request = PullRequest.get_or_404(pull_request_id) |
|
520 | 515 | if pull_request.is_closed(): |
@@ -522,7 +517,7 b' class PullrequestsController(BaseRepoCon' | |||
|
522 | 517 | assert pull_request.other_repo.repo_name == repo_name |
|
523 | 518 | #only owner or admin can update it |
|
524 | 519 | owner = pull_request.owner_id == request.authuser.user_id |
|
525 |
repo_admin = h.HasRepoPermission |
|
|
520 | repo_admin = h.HasRepoPermissionLevel('admin')(c.repo_name) | |
|
526 | 521 | if not (h.HasPermissionAny('hg.admin')() or repo_admin or owner): |
|
527 | 522 | raise HTTPForbidden() |
|
528 | 523 | |
@@ -571,8 +566,7 b' class PullrequestsController(BaseRepoCon' | |||
|
571 | 566 | |
|
572 | 567 | @LoginRequired() |
|
573 | 568 | @NotAnonymous() |
|
574 |
@HasRepoPermission |
|
|
575 | 'repository.admin') | |
|
569 | @HasRepoPermissionLevelDecorator('read') | |
|
576 | 570 | @jsonify |
|
577 | 571 | def delete(self, repo_name, pull_request_id): |
|
578 | 572 | pull_request = PullRequest.get_or_404(pull_request_id) |
@@ -586,8 +580,7 b' class PullrequestsController(BaseRepoCon' | |||
|
586 | 580 | raise HTTPForbidden() |
|
587 | 581 | |
|
588 | 582 | @LoginRequired() |
|
589 |
@HasRepoPermission |
|
|
590 | 'repository.admin') | |
|
583 | @HasRepoPermissionLevelDecorator('read') | |
|
591 | 584 | def show(self, repo_name, pull_request_id, extra=None): |
|
592 | 585 | repo_model = RepoModel() |
|
593 | 586 | c.users_array = repo_model.get_users_js() |
@@ -775,8 +768,7 b' class PullrequestsController(BaseRepoCon' | |||
|
775 | 768 | |
|
776 | 769 | @LoginRequired() |
|
777 | 770 | @NotAnonymous() |
|
778 |
@HasRepoPermission |
|
|
779 | 'repository.admin') | |
|
771 | @HasRepoPermissionLevelDecorator('read') | |
|
780 | 772 | @jsonify |
|
781 | 773 | def comment(self, repo_name, pull_request_id): |
|
782 | 774 | pull_request = PullRequest.get_or_404(pull_request_id) |
@@ -800,8 +792,8 b' class PullrequestsController(BaseRepoCon' | |||
|
800 | 792 | if delete == "delete": |
|
801 | 793 | if (pull_request.owner_id == request.authuser.user_id or |
|
802 | 794 | h.HasPermissionAny('hg.admin')() or |
|
803 |
h.HasRepoPermission |
|
|
804 |
h.HasRepoPermission |
|
|
795 | h.HasRepoPermissionLevel('admin')(pull_request.org_repo.repo_name) or | |
|
796 | h.HasRepoPermissionLevel('admin')(pull_request.other_repo.repo_name) | |
|
805 | 797 | ) and not pull_request.is_closed(): |
|
806 | 798 | PullRequestModel().delete(pull_request) |
|
807 | 799 | Session().commit() |
@@ -861,8 +853,7 b' class PullrequestsController(BaseRepoCon' | |||
|
861 | 853 | |
|
862 | 854 | @LoginRequired() |
|
863 | 855 | @NotAnonymous() |
|
864 |
@HasRepoPermission |
|
|
865 | 'repository.admin') | |
|
856 | @HasRepoPermissionLevelDecorator('read') | |
|
866 | 857 | @jsonify |
|
867 | 858 | def delete_comment(self, repo_name, comment_id): |
|
868 | 859 | co = ChangesetComment.get(comment_id) |
@@ -871,7 +862,7 b' class PullrequestsController(BaseRepoCon' | |||
|
871 | 862 | raise HTTPForbidden() |
|
872 | 863 | |
|
873 | 864 | owner = co.author_id == request.authuser.user_id |
|
874 |
repo_admin = h.HasRepoPermission |
|
|
865 | repo_admin = h.HasRepoPermissionLevel('admin')(c.repo_name) | |
|
875 | 866 | if h.HasPermissionAny('hg.admin')() or repo_admin or owner: |
|
876 | 867 | ChangesetCommentsModel().delete(comment=co) |
|
877 | 868 | Session().commit() |
@@ -43,7 +43,7 b' from kallithea.lib.vcs.exceptions import' | |||
|
43 | 43 | from kallithea.config.conf import ALL_READMES, ALL_EXTS, LANGUAGES_EXTENSIONS_MAP |
|
44 | 44 | from kallithea.model.db import Statistics, CacheInvalidation, User |
|
45 | 45 | from kallithea.lib.utils2 import safe_str |
|
46 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
|
46 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator, \ | |
|
47 | 47 | NotAnonymous |
|
48 | 48 | from kallithea.lib.base import BaseRepoController, render, jsonify |
|
49 | 49 | from kallithea.lib.vcs.backends.base import EmptyChangeset |
@@ -107,8 +107,7 b' class SummaryController(BaseRepoControll' | |||
|
107 | 107 | return _get_readme_from_cache(repo_name, kind) |
|
108 | 108 | |
|
109 | 109 | @LoginRequired() |
|
110 |
@HasRepoPermission |
|
|
111 | 'repository.admin') | |
|
110 | @HasRepoPermissionLevelDecorator('read') | |
|
112 | 111 | def index(self, repo_name): |
|
113 | 112 | _load_changelog_summary() |
|
114 | 113 | |
@@ -161,8 +160,7 b' class SummaryController(BaseRepoControll' | |||
|
161 | 160 | |
|
162 | 161 | @LoginRequired() |
|
163 | 162 | @NotAnonymous() |
|
164 |
@HasRepoPermission |
|
|
165 | 'repository.admin') | |
|
163 | @HasRepoPermissionLevelDecorator('read') | |
|
166 | 164 | @jsonify |
|
167 | 165 | def repo_size(self, repo_name): |
|
168 | 166 | if request.is_xhr: |
@@ -171,8 +169,7 b' class SummaryController(BaseRepoControll' | |||
|
171 | 169 | raise HTTPBadRequest() |
|
172 | 170 | |
|
173 | 171 | @LoginRequired() |
|
174 |
@HasRepoPermission |
|
|
175 | 'repository.admin') | |
|
172 | @HasRepoPermissionLevelDecorator('read') | |
|
176 | 173 | def statistics(self, repo_name): |
|
177 | 174 | if c.db_repo.enable_statistics: |
|
178 | 175 | c.show_stats = True |
@@ -537,6 +537,18 b' class AuthUser(object):' | |||
|
537 | 537 | def permissions(self): |
|
538 | 538 | return self.__get_perms(user=self, cache=False) |
|
539 | 539 | |
|
540 | def has_repository_permission_level(self, repo_name, level, purpose=None): | |
|
541 | required_perms = { | |
|
542 | 'read': ['repository.read', 'repository.write', 'repository.admin'], | |
|
543 | 'write': ['repository.write', 'repository.admin'], | |
|
544 | 'admin': ['repository.admin'], | |
|
545 | }[level] | |
|
546 | actual_perm = self.permissions['repositories'].get(repo_name) | |
|
547 | ok = actual_perm in required_perms | |
|
548 | log.debug('Checking if user %r can %r repo %r (%s): %s (has %r)', | |
|
549 | self.username, level, repo_name, purpose, ok, actual_perm) | |
|
550 | return ok | |
|
551 | ||
|
540 | 552 | @property |
|
541 | 553 | def api_keys(self): |
|
542 | 554 | return self._get_api_keys() |
@@ -836,17 +848,15 b' class HasPermissionAnyDecorator(_PermsDe' | |||
|
836 | 848 | return any(p in global_permissions for p in self.required_perms) |
|
837 | 849 | |
|
838 | 850 | |
|
839 |
class HasRepoPermission |
|
|
851 | class HasRepoPermissionLevelDecorator(_PermsDecorator): | |
|
840 | 852 | """ |
|
841 |
Checks the user has a |
|
|
853 | Checks the user has at least the specified permission level for the requested repository. | |
|
842 | 854 | """ |
|
843 | 855 | |
|
844 | 856 | def check_permissions(self, user): |
|
845 | 857 | repo_name = get_repo_slug(request) |
|
846 | try: | |
|
847 | return user.permissions['repositories'][repo_name] in self.required_perms | |
|
848 | except KeyError: | |
|
849 | return False | |
|
858 | (level,) = self.required_perms | |
|
859 | return user.has_repository_permission_level(repo_name, level) | |
|
850 | 860 | |
|
851 | 861 | |
|
852 | 862 | class HasRepoGroupPermissionAnyDecorator(_PermsDecorator): |
@@ -908,17 +918,11 b' class HasPermissionAny(_PermsFunction):' | |||
|
908 | 918 | return ok |
|
909 | 919 | |
|
910 | 920 | |
|
911 |
class HasRepoPermission |
|
|
921 | class HasRepoPermissionLevel(_PermsFunction): | |
|
912 | 922 | |
|
913 | 923 | def __call__(self, repo_name, purpose=None): |
|
914 | try: | |
|
915 | ok = request.user.permissions['repositories'][repo_name] in self.required_perms | |
|
916 | except KeyError: | |
|
917 | ok = False | |
|
918 | ||
|
919 | log.debug('Check %s for %s for repo %s (%s): %s' % | |
|
920 | (request.user.username, self.required_perms, repo_name, purpose, ok)) | |
|
921 | return ok | |
|
924 | (level,) = self.required_perms | |
|
925 | return request.user.has_repository_permission_level(repo_name, level, purpose) | |
|
922 | 926 | |
|
923 | 927 | |
|
924 | 928 | class HasRepoGroupPermissionAny(_PermsFunction): |
@@ -778,7 +778,7 b' def action_parser(user_log, feed=False, ' | |||
|
778 | 778 | # PERMS |
|
779 | 779 | #============================================================================== |
|
780 | 780 | from kallithea.lib.auth import HasPermissionAny, \ |
|
781 |
HasRepoPermission |
|
|
781 | HasRepoPermissionLevel, HasRepoGroupPermissionAny | |
|
782 | 782 | |
|
783 | 783 | |
|
784 | 784 | #============================================================================== |
@@ -47,7 +47,7 b' from kallithea.model.db import Repositor' | |||
|
47 | 47 | Statistics, UserGroup, Ui, RepoGroup, RepositoryField |
|
48 | 48 | |
|
49 | 49 | from kallithea.lib import helpers as h |
|
50 |
from kallithea.lib.auth import HasRepoPermission |
|
|
50 | from kallithea.lib.auth import HasRepoPermissionLevel, HasUserGroupPermissionAny | |
|
51 | 51 | from kallithea.lib.exceptions import AttachedForksError |
|
52 | 52 | from kallithea.model.scm import UserGroupList |
|
53 | 53 | |
@@ -207,10 +207,7 b' class RepoModel(BaseModel):' | |||
|
207 | 207 | for repo in repos_list: |
|
208 | 208 | if perm_check: |
|
209 | 209 | # check permission at this level |
|
210 | if not HasRepoPermissionAny( | |
|
211 | 'repository.read', 'repository.write', | |
|
212 | 'repository.admin' | |
|
213 | )(repo.repo_name, 'get_repos_as_dict check'): | |
|
210 | if not HasRepoPermissionLevel('read')(repo.repo_name, 'get_repos_as_dict check'): | |
|
214 | 211 | continue |
|
215 | 212 | cs_cache = repo.changeset_cache |
|
216 | 213 | row = { |
@@ -49,7 +49,7 b' from kallithea import BACKENDS' | |||
|
49 | 49 | from kallithea.lib import helpers as h |
|
50 | 50 | from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \ |
|
51 | 51 | _set_extras |
|
52 |
from kallithea.lib.auth import HasRepoPermission |
|
|
52 | from kallithea.lib.auth import HasRepoPermissionLevel, HasRepoGroupPermissionAny, \ | |
|
53 | 53 | HasUserGroupPermissionAny, HasPermissionAny, HasPermissionAny |
|
54 | 54 | from kallithea.lib.utils import get_filesystem_repos, make_ui, \ |
|
55 | 55 | action_logger |
@@ -114,13 +114,10 b' class _PermCheckIterator(object):' | |||
|
114 | 114 | |
|
115 | 115 | class RepoList(_PermCheckIterator): |
|
116 | 116 | |
|
117 |
def __init__(self, db_repo_list, perm_ |
|
|
118 | if not perm_set: | |
|
119 | perm_set = ['repository.read', 'repository.write', 'repository.admin'] | |
|
120 | ||
|
117 | def __init__(self, db_repo_list, perm_level, extra_kwargs=None): | |
|
121 | 118 | super(RepoList, self).__init__(obj_list=db_repo_list, |
|
122 |
obj_attr='repo_name', perm_set= |
|
|
123 |
perm_checker=HasRepoPermission |
|
|
119 | obj_attr='repo_name', perm_set=[perm_level], | |
|
120 | perm_checker=HasRepoPermissionLevel, | |
|
124 | 121 | extra_kwargs=extra_kwargs) |
|
125 | 122 | |
|
126 | 123 | |
@@ -216,7 +213,7 b' class ScmModel(BaseModel):' | |||
|
216 | 213 | |
|
217 | 214 | def get_repos(self, repos): |
|
218 | 215 | """Return the repos the user has access to""" |
|
219 | return RepoList(repos) | |
|
216 | return RepoList(repos, perm_level='read') | |
|
220 | 217 | |
|
221 | 218 | def get_repo_groups(self, groups=None): |
|
222 | 219 | """Return the repo groups the user has access to |
@@ -133,13 +133,13 b'' | |||
|
133 | 133 | <input id="branch_switcher" name="branch_switcher" type="hidden"> |
|
134 | 134 | </li> |
|
135 | 135 | <li class="${'active' if current == 'options' else ''} dropdown" data-context="options"> |
|
136 |
%if h.HasRepoPermission |
|
|
136 | %if h.HasRepoPermissionLevel('admin')(c.repo_name): | |
|
137 | 137 | <a href="${h.url('edit_repo',repo_name=c.repo_name)}" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a> |
|
138 | 138 | %else: |
|
139 | 139 | <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a> |
|
140 | 140 | %endif |
|
141 | 141 | <ul class="dropdown-menu" role="menu" aria-hidden="true"> |
|
142 |
%if h.HasRepoPermission |
|
|
142 | %if h.HasRepoPermissionLevel('admin')(c.repo_name): | |
|
143 | 143 | <li><a href="${h.url('edit_repo',repo_name=c.repo_name)}"><i class="icon-gear"></i> ${_('Settings')}</a></li> |
|
144 | 144 | %endif |
|
145 | 145 | %if c.db_repo.fork: |
@@ -150,7 +150,7 b'' | |||
|
150 | 150 | |
|
151 | 151 | <li><a href="${h.url('search_repo',repo_name=c.repo_name)}"><i class="icon-search"></i> ${_('Search')}</a></li> |
|
152 | 152 | |
|
153 |
%if h.HasRepoPermission |
|
|
153 | %if h.HasRepoPermissionLevel('write')(c.repo_name) and c.db_repo.enable_locking: | |
|
154 | 154 | %if c.db_repo.locked[0]: |
|
155 | 155 | <li><a href="${h.url('toggle_locking', repo_name=c.repo_name)}"><i class="icon-lock"></i> ${_('Unlock')}</a></li> |
|
156 | 156 | %else: |
@@ -80,7 +80,7 b'' | |||
|
80 | 80 | </ul> |
|
81 | 81 | %else: |
|
82 | 82 | |
|
83 |
%if h.HasRepoPermission |
|
|
83 | %if h.HasRepoPermissionLevel('write')(c.repo_name): | |
|
84 | 84 | <h4>${_('Add or upload files directly via Kallithea')}</h4> |
|
85 | 85 | <div style="margin: 20px 30px;"> |
|
86 | 86 | <div id="add_node_id" class="add_node"> |
@@ -24,7 +24,7 b'' | |||
|
24 | 24 | <a class="permalink" href="${co.url()}">¶</a> |
|
25 | 25 | </span> |
|
26 | 26 | |
|
27 |
%if co.author_id == request.authuser.user_id or h.HasRepoPermission |
|
|
27 | %if co.author_id == request.authuser.user_id or h.HasRepoPermissionLevel('admin')(c.repo_name): | |
|
28 | 28 | %if co.deletable(): |
|
29 | 29 | <div onClick="confirm('${_('Delete comment?')}') && deleteComment(${co.comment_id})" class="buttons delete-comment btn btn-default btn-xs" style="margin:0 5px">${_('Delete')}</div> |
|
30 | 30 | %endif |
@@ -80,7 +80,7 b'' | |||
|
80 | 80 | %endfor |
|
81 | 81 | |
|
82 | 82 | %if c.pull_request is not None and ( \ |
|
83 |
h.HasPermissionAny('hg.admin')() or h.HasRepoPermission |
|
|
83 | h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionLevel('admin')(c.repo_name) \ | |
|
84 | 84 | or c.pull_request.owner_id == request.authuser.user_id): |
|
85 | 85 | <div> |
|
86 | 86 | ${_('Finish pull request')}: |
@@ -48,7 +48,7 b'' | |||
|
48 | 48 | ${h.link_to(_('Show Annotation'),h.url('files_annotate_home',repo_name=c.repo_name,revision=c.cs.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} |
|
49 | 49 | ${h.link_to(_('Show as Raw'),h.url('files_raw_home',repo_name=c.repo_name,revision=c.cs.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} |
|
50 | 50 | ${h.link_to(_('Download as Raw'),h.url('files_rawfile_home',repo_name=c.repo_name,revision=c.cs.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} |
|
51 |
% if h.HasRepoPermission |
|
|
51 | % if h.HasRepoPermissionLevel('write')(c.repo_name): | |
|
52 | 52 | % if not c.file.is_binary: |
|
53 | 53 | ${h.link_to(_('Source'),h.url('files_home',repo_name=c.repo_name,revision=c.cs.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} |
|
54 | 54 | % endif |
@@ -34,7 +34,7 b'' | |||
|
34 | 34 | %endif |
|
35 | 35 | ${h.link_to(_('Show as Raw'),h.url('files_raw_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} |
|
36 | 36 | ${h.link_to(_('Download as Raw'),h.url('files_rawfile_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} |
|
37 |
%if h.HasRepoPermission |
|
|
37 | %if h.HasRepoPermissionLevel('write')(c.repo_name): | |
|
38 | 38 | %if c.on_branch_head and not c.file.is_binary: |
|
39 | 39 | ${h.link_to(_('Edit on Branch: %s') % c.changeset.branch, h.url('files_edit_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path, anchor='edit'),class_="btn btn-default btn-xs")} |
|
40 | 40 | ${h.link_to(_('Delete'), h.url('files_delete_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path, anchor='edit'),class_="btn btn-danger btn-xs")} |
@@ -5,7 +5,7 b'' | |||
|
5 | 5 | - ${_('annotation')} |
|
6 | 6 | %endif |
|
7 | 7 | %if c.file.is_dir(): |
|
8 |
% if h.HasRepoPermission |
|
|
8 | % if h.HasRepoPermissionLevel('write')(c.repo_name): | |
|
9 | 9 | / <span title="${_('Add New File')}"> |
|
10 | 10 | <a href="${h.url('files_add_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path, anchor='edit')}"> |
|
11 | 11 | <i class="icon-plus-circled" style="color:#5bb75b; font-size: 16px"></i></a> |
@@ -15,7 +15,7 b'' | |||
|
15 | 15 | </%block> |
|
16 | 16 | |
|
17 | 17 | <%def name="main()"> |
|
18 |
<% editable = not c.pull_request.is_closed() and (h.HasPermissionAny('hg.admin')() or h.HasRepoPermission |
|
|
18 | <% editable = not c.pull_request.is_closed() and (h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionLevel('admin')(c.repo_name) or c.pull_request.owner_id == request.authuser.user_id) %> | |
|
19 | 19 | ${self.repo_context_bar('showpullrequest')} |
|
20 | 20 | <div class="panel panel-primary"> |
|
21 | 21 | <div class="panel-heading clearfix"> |
@@ -1,7 +1,7 b'' | |||
|
1 | 1 | ##commit highlighting |
|
2 | 2 | |
|
3 | 3 | %for cnt,sr in enumerate(c.formated_results): |
|
4 |
%if h.HasRepoPermission |
|
|
4 | %if h.HasRepoPermissionLevel('read')(sr['repository'],'search results check'): | |
|
5 | 5 | <div id="body${cnt}" class="codeblock"> |
|
6 | 6 | <div class="code-header"> |
|
7 | 7 | <div class="search-path">${h.link_to(h.literal('%s » %s' % (sr['repository'],sr['raw_id'])), |
@@ -1,7 +1,7 b'' | |||
|
1 | 1 | ##content highlighting |
|
2 | 2 | |
|
3 | 3 | %for cnt,sr in enumerate(c.formated_results): |
|
4 |
%if h.HasRepoPermission |
|
|
4 | %if h.HasRepoPermissionLevel('read')(sr['repository'],'search results check'): | |
|
5 | 5 | <div id="body${cnt}" class="codeblock"> |
|
6 | 6 | <div class="code-header"> |
|
7 | 7 | <div class="search-path">${h.link_to(h.literal('%s » %s' % (sr['repository'],sr['f_path'])), |
@@ -1,7 +1,7 b'' | |||
|
1 | 1 | ##path search |
|
2 | 2 | |
|
3 | 3 | %for cnt,sr in enumerate(c.formated_results): |
|
4 |
%if h.HasRepoPermission |
|
|
4 | %if h.HasRepoPermissionLevel('read')(sr['repository'],'search results check'): | |
|
5 | 5 | <div class="panel panel-default"> |
|
6 | 6 | <div class="panel-heading"> |
|
7 | 7 | ${h.link_to(h.literal('%s » %s' % (sr['repository'],sr['f_path'])), |
General Comments 0
You need to be logged in to leave comments.
Login now