Show More
@@ -37,7 +37,7 b' from webob.exc import HTTPFound, HTTPInt' | |||||
37 | from kallithea.config.routing import url |
|
37 | from kallithea.config.routing import url | |
38 | from kallithea.lib import helpers as h |
|
38 | from kallithea.lib import helpers as h | |
39 | from kallithea.lib.auth import LoginRequired, \ |
|
39 | from kallithea.lib.auth import LoginRequired, \ | |
40 |
HasRepoPermission |
|
40 | HasRepoPermissionLevelDecorator, NotAnonymous, HasPermissionAny | |
41 | from kallithea.lib.base import BaseRepoController, render, jsonify |
|
41 | from kallithea.lib.base import BaseRepoController, render, jsonify | |
42 | from kallithea.lib.utils import action_logger |
|
42 | from kallithea.lib.utils import action_logger | |
43 | from kallithea.lib.vcs import RepositoryError |
|
43 | from kallithea.lib.vcs import RepositoryError | |
@@ -100,7 +100,7 b' class ReposController(BaseRepoController' | |||||
100 | def index(self, format='html'): |
|
100 | def index(self, format='html'): | |
101 | _list = Repository.query(sorted=True).all() |
|
101 | _list = Repository.query(sorted=True).all() | |
102 |
|
102 | |||
103 |
c.repos_list = RepoList(_list, perm_ |
|
103 | c.repos_list = RepoList(_list, perm_level='admin') | |
104 | repos_data = RepoModel().get_repos_as_dict(repos_list=c.repos_list, |
|
104 | repos_data = RepoModel().get_repos_as_dict(repos_list=c.repos_list, | |
105 | admin=True, |
|
105 | admin=True, | |
106 | super_user_actions=True) |
|
106 | super_user_actions=True) | |
@@ -212,7 +212,7 b' class ReposController(BaseRepoController' | |||||
212 | return {'result': True} |
|
212 | return {'result': True} | |
213 | return {'result': False} |
|
213 | return {'result': False} | |
214 |
|
214 | |||
215 |
@HasRepoPermission |
|
215 | @HasRepoPermissionLevelDecorator('admin') | |
216 | def update(self, repo_name): |
|
216 | def update(self, repo_name): | |
217 | c.repo_info = self._load_repo() |
|
217 | c.repo_info = self._load_repo() | |
218 | self.__load_defaults(c.repo_info) |
|
218 | self.__load_defaults(c.repo_info) | |
@@ -261,7 +261,7 b' class ReposController(BaseRepoController' | |||||
261 | % repo_name, category='error') |
|
261 | % repo_name, category='error') | |
262 | raise HTTPFound(location=url('edit_repo', repo_name=changed_name)) |
|
262 | raise HTTPFound(location=url('edit_repo', repo_name=changed_name)) | |
263 |
|
263 | |||
264 |
@HasRepoPermission |
|
264 | @HasRepoPermissionLevelDecorator('admin') | |
265 | def delete(self, repo_name): |
|
265 | def delete(self, repo_name): | |
266 | repo_model = RepoModel() |
|
266 | repo_model = RepoModel() | |
267 | repo = repo_model.get_by_repo_name(repo_name) |
|
267 | repo = repo_model.get_by_repo_name(repo_name) | |
@@ -298,7 +298,7 b' class ReposController(BaseRepoController' | |||||
298 | raise HTTPFound(location=url('repos_group_home', group_name=repo.group.group_name)) |
|
298 | raise HTTPFound(location=url('repos_group_home', group_name=repo.group.group_name)) | |
299 | raise HTTPFound(location=url('repos')) |
|
299 | raise HTTPFound(location=url('repos')) | |
300 |
|
300 | |||
301 |
@HasRepoPermission |
|
301 | @HasRepoPermissionLevelDecorator('admin') | |
302 | def edit(self, repo_name): |
|
302 | def edit(self, repo_name): | |
303 | defaults = self.__load_data() |
|
303 | defaults = self.__load_data() | |
304 | c.repo_fields = RepositoryField.query() \ |
|
304 | c.repo_fields = RepositoryField.query() \ | |
@@ -312,7 +312,7 b' class ReposController(BaseRepoController' | |||||
312 | encoding="UTF-8", |
|
312 | encoding="UTF-8", | |
313 | force_defaults=False) |
|
313 | force_defaults=False) | |
314 |
|
314 | |||
315 |
@HasRepoPermission |
|
315 | @HasRepoPermissionLevelDecorator('admin') | |
316 | def edit_permissions(self, repo_name): |
|
316 | def edit_permissions(self, repo_name): | |
317 | c.repo_info = self._load_repo() |
|
317 | c.repo_info = self._load_repo() | |
318 | repo_model = RepoModel() |
|
318 | repo_model = RepoModel() | |
@@ -363,7 +363,7 b' class ReposController(BaseRepoController' | |||||
363 | category='error') |
|
363 | category='error') | |
364 | raise HTTPInternalServerError() |
|
364 | raise HTTPInternalServerError() | |
365 |
|
365 | |||
366 |
@HasRepoPermission |
|
366 | @HasRepoPermissionLevelDecorator('admin') | |
367 | def edit_fields(self, repo_name): |
|
367 | def edit_fields(self, repo_name): | |
368 | c.repo_info = self._load_repo() |
|
368 | c.repo_info = self._load_repo() | |
369 | c.repo_fields = RepositoryField.query() \ |
|
369 | c.repo_fields = RepositoryField.query() \ | |
@@ -374,7 +374,7 b' class ReposController(BaseRepoController' | |||||
374 | raise HTTPFound(location=url('repo_edit_fields')) |
|
374 | raise HTTPFound(location=url('repo_edit_fields')) | |
375 | return render('admin/repos/repo_edit.html') |
|
375 | return render('admin/repos/repo_edit.html') | |
376 |
|
376 | |||
377 |
@HasRepoPermission |
|
377 | @HasRepoPermissionLevelDecorator('admin') | |
378 | def create_repo_field(self, repo_name): |
|
378 | def create_repo_field(self, repo_name): | |
379 | try: |
|
379 | try: | |
380 | form_result = RepoFieldForm()().to_python(dict(request.POST)) |
|
380 | form_result = RepoFieldForm()().to_python(dict(request.POST)) | |
@@ -395,7 +395,7 b' class ReposController(BaseRepoController' | |||||
395 | h.flash(msg, category='error') |
|
395 | h.flash(msg, category='error') | |
396 | raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name)) |
|
396 | raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name)) | |
397 |
|
397 | |||
398 |
@HasRepoPermission |
|
398 | @HasRepoPermissionLevelDecorator('admin') | |
399 | def delete_repo_field(self, repo_name, field_id): |
|
399 | def delete_repo_field(self, repo_name, field_id): | |
400 | field = RepositoryField.get_or_404(field_id) |
|
400 | field = RepositoryField.get_or_404(field_id) | |
401 | try: |
|
401 | try: | |
@@ -407,7 +407,7 b' class ReposController(BaseRepoController' | |||||
407 | h.flash(msg, category='error') |
|
407 | h.flash(msg, category='error') | |
408 | raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name)) |
|
408 | raise HTTPFound(location=url('edit_repo_fields', repo_name=repo_name)) | |
409 |
|
409 | |||
410 |
@HasRepoPermission |
|
410 | @HasRepoPermissionLevelDecorator('admin') | |
411 | def edit_advanced(self, repo_name): |
|
411 | def edit_advanced(self, repo_name): | |
412 | c.repo_info = self._load_repo() |
|
412 | c.repo_info = self._load_repo() | |
413 | c.default_user_id = User.get_default_user().user_id |
|
413 | c.default_user_id = User.get_default_user().user_id | |
@@ -416,7 +416,7 b' class ReposController(BaseRepoController' | |||||
416 | .filter(UserFollowing.follows_repository == c.repo_info).scalar() |
|
416 | .filter(UserFollowing.follows_repository == c.repo_info).scalar() | |
417 |
|
417 | |||
418 | _repos = Repository.query(sorted=True).all() |
|
418 | _repos = Repository.query(sorted=True).all() | |
419 | read_access_repos = RepoList(_repos) |
|
419 | read_access_repos = RepoList(_repos, perm_level='read') | |
420 | c.repos_list = [(None, _('-- Not a fork --'))] |
|
420 | c.repos_list = [(None, _('-- Not a fork --'))] | |
421 | c.repos_list += [(x.repo_id, x.repo_name) |
|
421 | c.repos_list += [(x.repo_id, x.repo_name) | |
422 | for x in read_access_repos |
|
422 | for x in read_access_repos | |
@@ -435,7 +435,7 b' class ReposController(BaseRepoController' | |||||
435 | encoding="UTF-8", |
|
435 | encoding="UTF-8", | |
436 | force_defaults=False) |
|
436 | force_defaults=False) | |
437 |
|
437 | |||
438 |
@HasRepoPermission |
|
438 | @HasRepoPermissionLevelDecorator('admin') | |
439 | def edit_advanced_journal(self, repo_name): |
|
439 | def edit_advanced_journal(self, repo_name): | |
440 | """ |
|
440 | """ | |
441 | Sets this repository to be visible in public journal, |
|
441 | Sets this repository to be visible in public journal, | |
@@ -458,7 +458,7 b' class ReposController(BaseRepoController' | |||||
458 | raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name)) |
|
458 | raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name)) | |
459 |
|
459 | |||
460 |
|
460 | |||
461 |
@HasRepoPermission |
|
461 | @HasRepoPermissionLevelDecorator('admin') | |
462 | def edit_advanced_fork(self, repo_name): |
|
462 | def edit_advanced_fork(self, repo_name): | |
463 | """ |
|
463 | """ | |
464 | Mark given repository as a fork of another |
|
464 | Mark given repository as a fork of another | |
@@ -483,7 +483,7 b' class ReposController(BaseRepoController' | |||||
483 |
|
483 | |||
484 | raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name)) |
|
484 | raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name)) | |
485 |
|
485 | |||
486 |
@HasRepoPermission |
|
486 | @HasRepoPermissionLevelDecorator('admin') | |
487 | def edit_advanced_locking(self, repo_name): |
|
487 | def edit_advanced_locking(self, repo_name): | |
488 | """ |
|
488 | """ | |
489 | Unlock repository when it is locked ! |
|
489 | Unlock repository when it is locked ! | |
@@ -504,7 +504,7 b' class ReposController(BaseRepoController' | |||||
504 | category='error') |
|
504 | category='error') | |
505 | raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name)) |
|
505 | raise HTTPFound(location=url('edit_repo_advanced', repo_name=repo_name)) | |
506 |
|
506 | |||
507 |
@HasRepoPermission |
|
507 | @HasRepoPermissionLevelDecorator('write') | |
508 | def toggle_locking(self, repo_name): |
|
508 | def toggle_locking(self, repo_name): | |
509 | try: |
|
509 | try: | |
510 | repo = Repository.get_by_repo_name(repo_name) |
|
510 | repo = Repository.get_by_repo_name(repo_name) | |
@@ -523,7 +523,7 b' class ReposController(BaseRepoController' | |||||
523 | category='error') |
|
523 | category='error') | |
524 | raise HTTPFound(location=url('summary_home', repo_name=repo_name)) |
|
524 | raise HTTPFound(location=url('summary_home', repo_name=repo_name)) | |
525 |
|
525 | |||
526 |
@HasRepoPermission |
|
526 | @HasRepoPermissionLevelDecorator('admin') | |
527 | def edit_caches(self, repo_name): |
|
527 | def edit_caches(self, repo_name): | |
528 | c.repo_info = self._load_repo() |
|
528 | c.repo_info = self._load_repo() | |
529 | c.active = 'caches' |
|
529 | c.active = 'caches' | |
@@ -541,7 +541,7 b' class ReposController(BaseRepoController' | |||||
541 | raise HTTPFound(location=url('edit_repo_caches', repo_name=c.repo_name)) |
|
541 | raise HTTPFound(location=url('edit_repo_caches', repo_name=c.repo_name)) | |
542 | return render('admin/repos/repo_edit.html') |
|
542 | return render('admin/repos/repo_edit.html') | |
543 |
|
543 | |||
544 |
@HasRepoPermission |
|
544 | @HasRepoPermissionLevelDecorator('admin') | |
545 | def edit_remote(self, repo_name): |
|
545 | def edit_remote(self, repo_name): | |
546 | c.repo_info = self._load_repo() |
|
546 | c.repo_info = self._load_repo() | |
547 | c.active = 'remote' |
|
547 | c.active = 'remote' | |
@@ -556,7 +556,7 b' class ReposController(BaseRepoController' | |||||
556 | raise HTTPFound(location=url('edit_repo_remote', repo_name=c.repo_name)) |
|
556 | raise HTTPFound(location=url('edit_repo_remote', repo_name=c.repo_name)) | |
557 | return render('admin/repos/repo_edit.html') |
|
557 | return render('admin/repos/repo_edit.html') | |
558 |
|
558 | |||
559 |
@HasRepoPermission |
|
559 | @HasRepoPermissionLevelDecorator('admin') | |
560 | def edit_statistics(self, repo_name): |
|
560 | def edit_statistics(self, repo_name): | |
561 | c.repo_info = self._load_repo() |
|
561 | c.repo_info = self._load_repo() | |
562 | repo = c.repo_info.scm_instance |
|
562 | repo = c.repo_info.scm_instance |
@@ -35,7 +35,7 b' from pylons import request' | |||||
35 | from kallithea.controllers.api import JSONRPCController, JSONRPCError |
|
35 | from kallithea.controllers.api import JSONRPCController, JSONRPCError | |
36 | from kallithea.lib.auth import ( |
|
36 | from kallithea.lib.auth import ( | |
37 | PasswordGenerator, AuthUser, HasPermissionAnyDecorator, |
|
37 | PasswordGenerator, AuthUser, HasPermissionAnyDecorator, | |
38 |
HasPermissionAnyDecorator, HasPermissionAny, HasRepoPermission |
|
38 | HasPermissionAnyDecorator, HasPermissionAny, HasRepoPermissionLevel, | |
39 | HasRepoGroupPermissionAny, HasUserGroupPermissionAny) |
|
39 | HasRepoGroupPermissionAny, HasUserGroupPermissionAny) | |
40 | from kallithea.lib.utils import map_groups, repo2db_mapper |
|
40 | from kallithea.lib.utils import map_groups, repo2db_mapper | |
41 | from kallithea.lib.utils2 import ( |
|
41 | from kallithea.lib.utils2 import ( | |
@@ -277,10 +277,7 b' class ApiController(JSONRPCController):' | |||||
277 | """ |
|
277 | """ | |
278 | repo = get_repo_or_error(repoid) |
|
278 | repo = get_repo_or_error(repoid) | |
279 | if not HasPermissionAny('hg.admin')(): |
|
279 | if not HasPermissionAny('hg.admin')(): | |
280 | # check if we have admin permission for this repo ! |
|
280 | if not HasRepoPermissionLevel('write')(repo.repo_name): | |
281 | if not HasRepoPermissionAny('repository.admin', |
|
|||
282 | 'repository.write')( |
|
|||
283 | repo_name=repo.repo_name): |
|
|||
284 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) |
|
281 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) | |
285 |
|
282 | |||
286 | try: |
|
283 | try: | |
@@ -342,8 +339,7 b' class ApiController(JSONRPCController):' | |||||
342 | repo = get_repo_or_error(repoid) |
|
339 | repo = get_repo_or_error(repoid) | |
343 | if HasPermissionAny('hg.admin')(): |
|
340 | if HasPermissionAny('hg.admin')(): | |
344 | pass |
|
341 | pass | |
345 |
elif HasRepoPermission |
|
342 | elif HasRepoPermissionLevel('write')(repo.repo_name): | |
346 | 'repository.write')(repo_name=repo.repo_name): |
|
|||
347 | # make sure normal user does not pass someone else userid, |
|
343 | # make sure normal user does not pass someone else userid, | |
348 | # he is not allowed to do that |
|
344 | # he is not allowed to do that | |
349 | if not isinstance(userid, Optional) and userid != request.authuser.user_id: |
|
345 | if not isinstance(userid, Optional) and userid != request.authuser.user_id: | |
@@ -1204,9 +1200,7 b' class ApiController(JSONRPCController):' | |||||
1204 | repo = get_repo_or_error(repoid) |
|
1200 | repo = get_repo_or_error(repoid) | |
1205 |
|
1201 | |||
1206 | if not HasPermissionAny('hg.admin')(): |
|
1202 | if not HasPermissionAny('hg.admin')(): | |
1207 | # check if we have admin permission for this repo ! |
|
1203 | if not HasRepoPermissionLevel('read')(repo.repo_name): | |
1208 | perms = ('repository.admin', 'repository.write', 'repository.read') |
|
|||
1209 | if not HasRepoPermissionAny(*perms)(repo_name=repo.repo_name): |
|
|||
1210 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) |
|
1204 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) | |
1211 |
|
1205 | |||
1212 | members = [] |
|
1206 | members = [] | |
@@ -1314,9 +1308,7 b' class ApiController(JSONRPCController):' | |||||
1314 | repo = get_repo_or_error(repoid) |
|
1308 | repo = get_repo_or_error(repoid) | |
1315 |
|
1309 | |||
1316 | if not HasPermissionAny('hg.admin')(): |
|
1310 | if not HasPermissionAny('hg.admin')(): | |
1317 | # check if we have admin permission for this repo ! |
|
1311 | if not HasRepoPermissionLevel('read')(repo.repo_name): | |
1318 | perms = ('repository.admin', 'repository.write', 'repository.read') |
|
|||
1319 | if not HasRepoPermissionAny(*perms)(repo_name=repo.repo_name): |
|
|||
1320 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) |
|
1312 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) | |
1321 |
|
1313 | |||
1322 | ret_type = Optional.extract(ret_type) |
|
1314 | ret_type = Optional.extract(ret_type) | |
@@ -1492,8 +1484,7 b' class ApiController(JSONRPCController):' | |||||
1492 | """ |
|
1484 | """ | |
1493 | repo = get_repo_or_error(repoid) |
|
1485 | repo = get_repo_or_error(repoid) | |
1494 | if not HasPermissionAny('hg.admin')(): |
|
1486 | if not HasPermissionAny('hg.admin')(): | |
1495 | # check if we have admin permission for this repo ! |
|
1487 | if not HasRepoPermissionLevel('admin')(repo.repo_name): | |
1496 | if not HasRepoPermissionAny('repository.admin')(repo_name=repo.repo_name): |
|
|||
1497 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) |
|
1488 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) | |
1498 |
|
1489 | |||
1499 | if (name != repo.repo_name and |
|
1490 | if (name != repo.repo_name and | |
@@ -1590,9 +1581,7 b' class ApiController(JSONRPCController):' | |||||
1590 |
|
1581 | |||
1591 | if HasPermissionAny('hg.admin')(): |
|
1582 | if HasPermissionAny('hg.admin')(): | |
1592 | pass |
|
1583 | pass | |
1593 |
elif HasRepoPermission |
|
1584 | elif HasRepoPermissionLevel('read')(repo.repo_name): | |
1594 | 'repository.write', |
|
|||
1595 | 'repository.read')(repo_name=repo.repo_name): |
|
|||
1596 | if not isinstance(owner, Optional): |
|
1585 | if not isinstance(owner, Optional): | |
1597 | # forbid setting owner for non-admins |
|
1586 | # forbid setting owner for non-admins | |
1598 | raise JSONRPCError( |
|
1587 | raise JSONRPCError( | |
@@ -1669,8 +1658,7 b' class ApiController(JSONRPCController):' | |||||
1669 | repo = get_repo_or_error(repoid) |
|
1658 | repo = get_repo_or_error(repoid) | |
1670 |
|
1659 | |||
1671 | if not HasPermissionAny('hg.admin')(): |
|
1660 | if not HasPermissionAny('hg.admin')(): | |
1672 | # check if we have admin permission for this repo ! |
|
1661 | if not HasRepoPermissionLevel('admin')(repo.repo_name): | |
1673 | if not HasRepoPermissionAny('repository.admin')(repo_name=repo.repo_name): |
|
|||
1674 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) |
|
1662 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) | |
1675 |
|
1663 | |||
1676 | try: |
|
1664 | try: | |
@@ -1821,10 +1809,7 b' class ApiController(JSONRPCController):' | |||||
1821 | perm = get_perm_or_error(perm) |
|
1809 | perm = get_perm_or_error(perm) | |
1822 | user_group = get_user_group_or_error(usergroupid) |
|
1810 | user_group = get_user_group_or_error(usergroupid) | |
1823 | if not HasPermissionAny('hg.admin')(): |
|
1811 | if not HasPermissionAny('hg.admin')(): | |
1824 | # check if we have admin permission for this repo ! |
|
1812 | if not HasRepoPermissionLevel('admin')(repo.repo_name): | |
1825 | _perms = ('repository.admin',) |
|
|||
1826 | if not HasRepoPermissionAny(*_perms)( |
|
|||
1827 | repo_name=repo.repo_name): |
|
|||
1828 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) |
|
1813 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) | |
1829 |
|
1814 | |||
1830 | # check if we have at least read permission for this user group ! |
|
1815 | # check if we have at least read permission for this user group ! | |
@@ -1877,10 +1862,7 b' class ApiController(JSONRPCController):' | |||||
1877 | repo = get_repo_or_error(repoid) |
|
1862 | repo = get_repo_or_error(repoid) | |
1878 | user_group = get_user_group_or_error(usergroupid) |
|
1863 | user_group = get_user_group_or_error(usergroupid) | |
1879 | if not HasPermissionAny('hg.admin')(): |
|
1864 | if not HasPermissionAny('hg.admin')(): | |
1880 | # check if we have admin permission for this repo ! |
|
1865 | if not HasRepoPermissionLevel('admin')(repo.repo_name): | |
1881 | _perms = ('repository.admin',) |
|
|||
1882 | if not HasRepoPermissionAny(*_perms)( |
|
|||
1883 | repo_name=repo.repo_name): |
|
|||
1884 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) |
|
1866 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) | |
1885 |
|
1867 | |||
1886 | # check if we have at least read permission for this user group ! |
|
1868 | # check if we have at least read permission for this user group ! |
@@ -34,7 +34,7 b' from webob.exc import HTTPFound, HTTPNot' | |||||
34 |
|
34 | |||
35 | import kallithea.lib.helpers as h |
|
35 | import kallithea.lib.helpers as h | |
36 | from kallithea.config.routing import url |
|
36 | from kallithea.config.routing import url | |
37 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
37 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator | |
38 | from kallithea.lib.base import BaseRepoController, render |
|
38 | from kallithea.lib.base import BaseRepoController, render | |
39 | from kallithea.lib.compat import json |
|
39 | from kallithea.lib.compat import json | |
40 | from kallithea.lib.graphmod import graph_data |
|
40 | from kallithea.lib.graphmod import graph_data | |
@@ -92,8 +92,7 b' class ChangelogController(BaseRepoContro' | |||||
92 | raise HTTPBadRequest() |
|
92 | raise HTTPBadRequest() | |
93 |
|
93 | |||
94 | @LoginRequired() |
|
94 | @LoginRequired() | |
95 |
@HasRepoPermission |
|
95 | @HasRepoPermissionLevelDecorator('read') | |
96 | 'repository.admin') |
|
|||
97 | def index(self, repo_name, revision=None, f_path=None): |
|
96 | def index(self, repo_name, revision=None, f_path=None): | |
98 | # Fix URL after page size form submission via GET |
|
97 | # Fix URL after page size form submission via GET | |
99 | # TODO: Somehow just don't send this extra junk in the GET URL |
|
98 | # TODO: Somehow just don't send this extra junk in the GET URL | |
@@ -179,8 +178,7 b' class ChangelogController(BaseRepoContro' | |||||
179 | return render('changelog/changelog.html') |
|
178 | return render('changelog/changelog.html') | |
180 |
|
179 | |||
181 | @LoginRequired() |
|
180 | @LoginRequired() | |
182 |
@HasRepoPermission |
|
181 | @HasRepoPermissionLevelDecorator('read') | |
183 | 'repository.admin') |
|
|||
184 | def changelog_details(self, cs): |
|
182 | def changelog_details(self, cs): | |
185 | if request.environ.get('HTTP_X_PARTIAL_XHR'): |
|
183 | if request.environ.get('HTTP_X_PARTIAL_XHR'): | |
186 | c.cs = c.db_repo_scm_instance.get_changeset(cs) |
|
184 | c.cs = c.db_repo_scm_instance.get_changeset(cs) | |
@@ -188,8 +186,7 b' class ChangelogController(BaseRepoContro' | |||||
188 | raise HTTPNotFound() |
|
186 | raise HTTPNotFound() | |
189 |
|
187 | |||
190 | @LoginRequired() |
|
188 | @LoginRequired() | |
191 |
@HasRepoPermission |
|
189 | @HasRepoPermissionLevelDecorator('read') | |
192 | 'repository.admin') |
|
|||
193 | def changelog_summary(self, repo_name): |
|
190 | def changelog_summary(self, repo_name): | |
194 | if request.environ.get('HTTP_X_PARTIAL_XHR'): |
|
191 | if request.environ.get('HTTP_X_PARTIAL_XHR'): | |
195 | _load_changelog_summary() |
|
192 | _load_changelog_summary() |
@@ -38,7 +38,7 b' from kallithea.lib.vcs.exceptions import' | |||||
38 |
|
38 | |||
39 | from kallithea.lib.compat import json |
|
39 | from kallithea.lib.compat import json | |
40 | import kallithea.lib.helpers as h |
|
40 | import kallithea.lib.helpers as h | |
41 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
41 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator, \ | |
42 | NotAnonymous |
|
42 | NotAnonymous | |
43 | from kallithea.lib.base import BaseRepoController, render, jsonify |
|
43 | from kallithea.lib.base import BaseRepoController, render, jsonify | |
44 | from kallithea.lib.utils import action_logger |
|
44 | from kallithea.lib.utils import action_logger | |
@@ -337,33 +337,28 b' class ChangesetController(BaseRepoContro' | |||||
337 | return render('changeset/changeset_range.html') |
|
337 | return render('changeset/changeset_range.html') | |
338 |
|
338 | |||
339 | @LoginRequired() |
|
339 | @LoginRequired() | |
340 |
@HasRepoPermission |
|
340 | @HasRepoPermissionLevelDecorator('read') | |
341 | 'repository.admin') |
|
|||
342 | def index(self, revision, method='show'): |
|
341 | def index(self, revision, method='show'): | |
343 | return self._index(revision, method=method) |
|
342 | return self._index(revision, method=method) | |
344 |
|
343 | |||
345 | @LoginRequired() |
|
344 | @LoginRequired() | |
346 |
@HasRepoPermission |
|
345 | @HasRepoPermissionLevelDecorator('read') | |
347 | 'repository.admin') |
|
|||
348 | def changeset_raw(self, revision): |
|
346 | def changeset_raw(self, revision): | |
349 | return self._index(revision, method='raw') |
|
347 | return self._index(revision, method='raw') | |
350 |
|
348 | |||
351 | @LoginRequired() |
|
349 | @LoginRequired() | |
352 |
@HasRepoPermission |
|
350 | @HasRepoPermissionLevelDecorator('read') | |
353 | 'repository.admin') |
|
|||
354 | def changeset_patch(self, revision): |
|
351 | def changeset_patch(self, revision): | |
355 | return self._index(revision, method='patch') |
|
352 | return self._index(revision, method='patch') | |
356 |
|
353 | |||
357 | @LoginRequired() |
|
354 | @LoginRequired() | |
358 |
@HasRepoPermission |
|
355 | @HasRepoPermissionLevelDecorator('read') | |
359 | 'repository.admin') |
|
|||
360 | def changeset_download(self, revision): |
|
356 | def changeset_download(self, revision): | |
361 | return self._index(revision, method='download') |
|
357 | return self._index(revision, method='download') | |
362 |
|
358 | |||
363 | @LoginRequired() |
|
359 | @LoginRequired() | |
364 | @NotAnonymous() |
|
360 | @NotAnonymous() | |
365 |
@HasRepoPermission |
|
361 | @HasRepoPermissionLevelDecorator('read') | |
366 | 'repository.admin') |
|
|||
367 | @jsonify |
|
362 | @jsonify | |
368 | def comment(self, repo_name, revision): |
|
363 | def comment(self, repo_name, revision): | |
369 | assert request.environ.get('HTTP_X_PARTIAL_XHR') |
|
364 | assert request.environ.get('HTTP_X_PARTIAL_XHR') | |
@@ -414,15 +409,14 b' class ChangesetController(BaseRepoContro' | |||||
414 |
|
409 | |||
415 | @LoginRequired() |
|
410 | @LoginRequired() | |
416 | @NotAnonymous() |
|
411 | @NotAnonymous() | |
417 |
@HasRepoPermission |
|
412 | @HasRepoPermissionLevelDecorator('read') | |
418 | 'repository.admin') |
|
|||
419 | @jsonify |
|
413 | @jsonify | |
420 | def delete_comment(self, repo_name, comment_id): |
|
414 | def delete_comment(self, repo_name, comment_id): | |
421 | co = ChangesetComment.get_or_404(comment_id) |
|
415 | co = ChangesetComment.get_or_404(comment_id) | |
422 | if co.repo.repo_name != repo_name: |
|
416 | if co.repo.repo_name != repo_name: | |
423 | raise HTTPNotFound() |
|
417 | raise HTTPNotFound() | |
424 | owner = co.author_id == request.authuser.user_id |
|
418 | owner = co.author_id == request.authuser.user_id | |
425 |
repo_admin = h.HasRepoPermission |
|
419 | repo_admin = h.HasRepoPermissionLevel('admin')(repo_name) | |
426 | if h.HasPermissionAny('hg.admin')() or repo_admin or owner: |
|
420 | if h.HasPermissionAny('hg.admin')() or repo_admin or owner: | |
427 | ChangesetCommentsModel().delete(comment=co) |
|
421 | ChangesetCommentsModel().delete(comment=co) | |
428 | Session().commit() |
|
422 | Session().commit() | |
@@ -431,8 +425,7 b' class ChangesetController(BaseRepoContro' | |||||
431 | raise HTTPForbidden() |
|
425 | raise HTTPForbidden() | |
432 |
|
426 | |||
433 | @LoginRequired() |
|
427 | @LoginRequired() | |
434 |
@HasRepoPermission |
|
428 | @HasRepoPermissionLevelDecorator('read') | |
435 | 'repository.admin') |
|
|||
436 | @jsonify |
|
429 | @jsonify | |
437 | def changeset_info(self, repo_name, revision): |
|
430 | def changeset_info(self, repo_name, revision): | |
438 | if request.is_xhr: |
|
431 | if request.is_xhr: | |
@@ -444,8 +437,7 b' class ChangesetController(BaseRepoContro' | |||||
444 | raise HTTPBadRequest() |
|
437 | raise HTTPBadRequest() | |
445 |
|
438 | |||
446 | @LoginRequired() |
|
439 | @LoginRequired() | |
447 |
@HasRepoPermission |
|
440 | @HasRepoPermissionLevelDecorator('read') | |
448 | 'repository.admin') |
|
|||
449 | @jsonify |
|
441 | @jsonify | |
450 | def changeset_children(self, repo_name, revision): |
|
442 | def changeset_children(self, repo_name, revision): | |
451 | if request.is_xhr: |
|
443 | if request.is_xhr: | |
@@ -458,8 +450,7 b' class ChangesetController(BaseRepoContro' | |||||
458 | raise HTTPBadRequest() |
|
450 | raise HTTPBadRequest() | |
459 |
|
451 | |||
460 | @LoginRequired() |
|
452 | @LoginRequired() | |
461 |
@HasRepoPermission |
|
453 | @HasRepoPermissionLevelDecorator('read') | |
462 | 'repository.admin') |
|
|||
463 | @jsonify |
|
454 | @jsonify | |
464 | def changeset_parents(self, repo_name, revision): |
|
455 | def changeset_parents(self, repo_name, revision): | |
465 | if request.is_xhr: |
|
456 | if request.is_xhr: |
@@ -39,7 +39,7 b' from kallithea.lib.utils2 import safe_st' | |||||
39 | from kallithea.lib.vcs.utils.hgcompat import unionrepo |
|
39 | from kallithea.lib.vcs.utils.hgcompat import unionrepo | |
40 | from kallithea.lib import helpers as h |
|
40 | from kallithea.lib import helpers as h | |
41 | from kallithea.lib.base import BaseRepoController, render |
|
41 | from kallithea.lib.base import BaseRepoController, render | |
42 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
42 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator | |
43 | from kallithea.lib import diffs |
|
43 | from kallithea.lib import diffs | |
44 | from kallithea.model.db import Repository |
|
44 | from kallithea.model.db import Repository | |
45 | from kallithea.lib.diffs import LimitedDiffContainer |
|
45 | from kallithea.lib.diffs import LimitedDiffContainer | |
@@ -168,16 +168,14 b' class CompareController(BaseRepoControll' | |||||
168 | return other_changesets, org_changesets, ancestors |
|
168 | return other_changesets, org_changesets, ancestors | |
169 |
|
169 | |||
170 | @LoginRequired() |
|
170 | @LoginRequired() | |
171 |
@HasRepoPermission |
|
171 | @HasRepoPermissionLevelDecorator('read') | |
172 | 'repository.admin') |
|
|||
173 | def index(self, repo_name): |
|
172 | def index(self, repo_name): | |
174 | c.compare_home = True |
|
173 | c.compare_home = True | |
175 | c.a_ref_name = c.cs_ref_name = _('Select changeset') |
|
174 | c.a_ref_name = c.cs_ref_name = _('Select changeset') | |
176 | return render('compare/compare_diff.html') |
|
175 | return render('compare/compare_diff.html') | |
177 |
|
176 | |||
178 | @LoginRequired() |
|
177 | @LoginRequired() | |
179 |
@HasRepoPermission |
|
178 | @HasRepoPermissionLevelDecorator('read') | |
180 | 'repository.admin') |
|
|||
181 | def compare(self, repo_name, org_ref_type, org_ref_name, other_ref_type, other_ref_name): |
|
179 | def compare(self, repo_name, org_ref_type, org_ref_name, other_ref_type, other_ref_name): | |
182 | org_ref_name = org_ref_name.strip() |
|
180 | org_ref_name = org_ref_name.strip() | |
183 | other_ref_name = other_ref_name.strip() |
|
181 | other_ref_name = other_ref_name.strip() |
@@ -36,7 +36,7 b' from webhelpers.feedgenerator import Ato' | |||||
36 |
|
36 | |||
37 | from kallithea import CONFIG |
|
37 | from kallithea import CONFIG | |
38 | from kallithea.lib import helpers as h |
|
38 | from kallithea.lib import helpers as h | |
39 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
39 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator | |
40 | from kallithea.lib.base import BaseRepoController |
|
40 | from kallithea.lib.base import BaseRepoController | |
41 | from kallithea.lib.diffs import DiffProcessor, LimitedDiffContainer |
|
41 | from kallithea.lib.diffs import DiffProcessor, LimitedDiffContainer | |
42 | from kallithea.model.db import CacheInvalidation |
|
42 | from kallithea.model.db import CacheInvalidation | |
@@ -52,8 +52,7 b' ttl = "5"' | |||||
52 | class FeedController(BaseRepoController): |
|
52 | class FeedController(BaseRepoController): | |
53 |
|
53 | |||
54 | @LoginRequired(api_access=True) |
|
54 | @LoginRequired(api_access=True) | |
55 |
@HasRepoPermission |
|
55 | @HasRepoPermissionLevelDecorator('read') | |
56 | 'repository.admin') |
|
|||
57 | def __before__(self): |
|
56 | def __before__(self): | |
58 | super(FeedController, self).__before__() |
|
57 | super(FeedController, self).__before__() | |
59 |
|
58 |
@@ -44,7 +44,7 b' from kallithea.lib import helpers as h' | |||||
44 | from kallithea.lib.compat import OrderedDict |
|
44 | from kallithea.lib.compat import OrderedDict | |
45 | from kallithea.lib.utils2 import convert_line_endings, detect_mode, safe_str, \ |
|
45 | from kallithea.lib.utils2 import convert_line_endings, detect_mode, safe_str, \ | |
46 | str2bool, safe_int |
|
46 | str2bool, safe_int | |
47 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
47 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator | |
48 | from kallithea.lib.base import BaseRepoController, render, jsonify |
|
48 | from kallithea.lib.base import BaseRepoController, render, jsonify | |
49 | from kallithea.lib.vcs.backends.base import EmptyChangeset |
|
49 | from kallithea.lib.vcs.backends.base import EmptyChangeset | |
50 | from kallithea.lib.vcs.conf import settings |
|
50 | from kallithea.lib.vcs.conf import settings | |
@@ -125,8 +125,7 b' class FilesController(BaseRepoController' | |||||
125 | return file_node |
|
125 | return file_node | |
126 |
|
126 | |||
127 | @LoginRequired() |
|
127 | @LoginRequired() | |
128 |
@HasRepoPermission |
|
128 | @HasRepoPermissionLevelDecorator('read') | |
129 | 'repository.admin') |
|
|||
130 | def index(self, repo_name, revision, f_path, annotate=False): |
|
129 | def index(self, repo_name, revision, f_path, annotate=False): | |
131 | # redirect to given revision from form if given |
|
130 | # redirect to given revision from form if given | |
132 | post_revision = request.POST.get('at_rev', None) |
|
131 | post_revision = request.POST.get('at_rev', None) | |
@@ -199,8 +198,7 b' class FilesController(BaseRepoController' | |||||
199 | return render('files/files.html') |
|
198 | return render('files/files.html') | |
200 |
|
199 | |||
201 | @LoginRequired() |
|
200 | @LoginRequired() | |
202 |
@HasRepoPermission |
|
201 | @HasRepoPermissionLevelDecorator('read') | |
203 | 'repository.admin') |
|
|||
204 | @jsonify |
|
202 | @jsonify | |
205 | def history(self, repo_name, revision, f_path): |
|
203 | def history(self, repo_name, revision, f_path): | |
206 | changeset = self.__get_cs(revision) |
|
204 | changeset = self.__get_cs(revision) | |
@@ -222,8 +220,7 b' class FilesController(BaseRepoController' | |||||
222 | return data |
|
220 | return data | |
223 |
|
221 | |||
224 | @LoginRequired() |
|
222 | @LoginRequired() | |
225 |
@HasRepoPermission |
|
223 | @HasRepoPermissionLevelDecorator('read') | |
226 | 'repository.admin') |
|
|||
227 | def authors(self, repo_name, revision, f_path): |
|
224 | def authors(self, repo_name, revision, f_path): | |
228 | changeset = self.__get_cs(revision) |
|
225 | changeset = self.__get_cs(revision) | |
229 | _file = changeset.get_node(f_path) |
|
226 | _file = changeset.get_node(f_path) | |
@@ -235,8 +232,7 b' class FilesController(BaseRepoController' | |||||
235 | return render('files/files_history_box.html') |
|
232 | return render('files/files_history_box.html') | |
236 |
|
233 | |||
237 | @LoginRequired() |
|
234 | @LoginRequired() | |
238 |
@HasRepoPermission |
|
235 | @HasRepoPermissionLevelDecorator('read') | |
239 | 'repository.admin') |
|
|||
240 | def rawfile(self, repo_name, revision, f_path): |
|
236 | def rawfile(self, repo_name, revision, f_path): | |
241 | cs = self.__get_cs(revision) |
|
237 | cs = self.__get_cs(revision) | |
242 | file_node = self.__get_filenode(cs, f_path) |
|
238 | file_node = self.__get_filenode(cs, f_path) | |
@@ -248,8 +244,7 b' class FilesController(BaseRepoController' | |||||
248 | return file_node.content |
|
244 | return file_node.content | |
249 |
|
245 | |||
250 | @LoginRequired() |
|
246 | @LoginRequired() | |
251 |
@HasRepoPermission |
|
247 | @HasRepoPermissionLevelDecorator('read') | |
252 | 'repository.admin') |
|
|||
253 | def raw(self, repo_name, revision, f_path): |
|
248 | def raw(self, repo_name, revision, f_path): | |
254 | cs = self.__get_cs(revision) |
|
249 | cs = self.__get_cs(revision) | |
255 | file_node = self.__get_filenode(cs, f_path) |
|
250 | file_node = self.__get_filenode(cs, f_path) | |
@@ -295,7 +290,7 b' class FilesController(BaseRepoController' | |||||
295 | return file_node.content |
|
290 | return file_node.content | |
296 |
|
291 | |||
297 | @LoginRequired() |
|
292 | @LoginRequired() | |
298 |
@HasRepoPermission |
|
293 | @HasRepoPermissionLevelDecorator('write') | |
299 | def delete(self, repo_name, revision, f_path): |
|
294 | def delete(self, repo_name, revision, f_path): | |
300 | repo = c.db_repo |
|
295 | repo = c.db_repo | |
301 | if repo.enable_locking and repo.locked[0]: |
|
296 | if repo.enable_locking and repo.locked[0]: | |
@@ -355,7 +350,7 b' class FilesController(BaseRepoController' | |||||
355 | return render('files/files_delete.html') |
|
350 | return render('files/files_delete.html') | |
356 |
|
351 | |||
357 | @LoginRequired() |
|
352 | @LoginRequired() | |
358 |
@HasRepoPermission |
|
353 | @HasRepoPermissionLevelDecorator('write') | |
359 | def edit(self, repo_name, revision, f_path): |
|
354 | def edit(self, repo_name, revision, f_path): | |
360 | repo = c.db_repo |
|
355 | repo = c.db_repo | |
361 | if repo.enable_locking and repo.locked[0]: |
|
356 | if repo.enable_locking and repo.locked[0]: | |
@@ -421,7 +416,7 b' class FilesController(BaseRepoController' | |||||
421 | return render('files/files_edit.html') |
|
416 | return render('files/files_edit.html') | |
422 |
|
417 | |||
423 | @LoginRequired() |
|
418 | @LoginRequired() | |
424 |
@HasRepoPermission |
|
419 | @HasRepoPermissionLevelDecorator('write') | |
425 | def add(self, repo_name, revision, f_path): |
|
420 | def add(self, repo_name, revision, f_path): | |
426 |
|
421 | |||
427 | repo = c.db_repo |
|
422 | repo = c.db_repo | |
@@ -502,8 +497,7 b' class FilesController(BaseRepoController' | |||||
502 | return render('files/files_add.html') |
|
497 | return render('files/files_add.html') | |
503 |
|
498 | |||
504 | @LoginRequired() |
|
499 | @LoginRequired() | |
505 |
@HasRepoPermission |
|
500 | @HasRepoPermissionLevelDecorator('read') | |
506 | 'repository.admin') |
|
|||
507 | def archivefile(self, repo_name, fname): |
|
501 | def archivefile(self, repo_name, fname): | |
508 | fileformat = None |
|
502 | fileformat = None | |
509 | revision = None |
|
503 | revision = None | |
@@ -589,8 +583,7 b' class FilesController(BaseRepoController' | |||||
589 | return get_chunked_archive(archive_path) |
|
583 | return get_chunked_archive(archive_path) | |
590 |
|
584 | |||
591 | @LoginRequired() |
|
585 | @LoginRequired() | |
592 |
@HasRepoPermission |
|
586 | @HasRepoPermissionLevelDecorator('read') | |
593 | 'repository.admin') |
|
|||
594 | def diff(self, repo_name, f_path): |
|
587 | def diff(self, repo_name, f_path): | |
595 | ignore_whitespace = request.GET.get('ignorews') == '1' |
|
588 | ignore_whitespace = request.GET.get('ignorews') == '1' | |
596 | line_context = safe_int(request.GET.get('context'), 3) |
|
589 | line_context = safe_int(request.GET.get('context'), 3) | |
@@ -693,8 +686,7 b' class FilesController(BaseRepoController' | |||||
693 | return render('files/file_diff.html') |
|
686 | return render('files/file_diff.html') | |
694 |
|
687 | |||
695 | @LoginRequired() |
|
688 | @LoginRequired() | |
696 |
@HasRepoPermission |
|
689 | @HasRepoPermissionLevelDecorator('read') | |
697 | 'repository.admin') |
|
|||
698 | def diff_2way(self, repo_name, f_path): |
|
690 | def diff_2way(self, repo_name, f_path): | |
699 | diff1 = request.GET.get('diff1', '') |
|
691 | diff1 = request.GET.get('diff1', '') | |
700 | diff2 = request.GET.get('diff2', '') |
|
692 | diff2 = request.GET.get('diff2', '') | |
@@ -781,8 +773,7 b' class FilesController(BaseRepoController' | |||||
781 | return hist_l, changesets |
|
773 | return hist_l, changesets | |
782 |
|
774 | |||
783 | @LoginRequired() |
|
775 | @LoginRequired() | |
784 |
@HasRepoPermission |
|
776 | @HasRepoPermissionLevelDecorator('read') | |
785 | 'repository.admin') |
|
|||
786 | @jsonify |
|
777 | @jsonify | |
787 | def nodelist(self, repo_name, revision, f_path): |
|
778 | def nodelist(self, repo_name, revision, f_path): | |
788 | if request.environ.get('HTTP_X_PARTIAL_XHR'): |
|
779 | if request.environ.get('HTTP_X_PARTIAL_XHR'): |
@@ -29,7 +29,7 b' import logging' | |||||
29 |
|
29 | |||
30 | from pylons import tmpl_context as c, request |
|
30 | from pylons import tmpl_context as c, request | |
31 |
|
31 | |||
32 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
32 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator | |
33 | from kallithea.lib.base import BaseRepoController, render |
|
33 | from kallithea.lib.base import BaseRepoController, render | |
34 | from kallithea.lib.page import Page |
|
34 | from kallithea.lib.page import Page | |
35 | from kallithea.lib.utils2 import safe_int |
|
35 | from kallithea.lib.utils2 import safe_int | |
@@ -44,8 +44,7 b' class FollowersController(BaseRepoContro' | |||||
44 | super(FollowersController, self).__before__() |
|
44 | super(FollowersController, self).__before__() | |
45 |
|
45 | |||
46 | @LoginRequired() |
|
46 | @LoginRequired() | |
47 |
@HasRepoPermission |
|
47 | @HasRepoPermissionLevelDecorator('read') | |
48 | 'repository.admin') |
|
|||
49 | def followers(self, repo_name): |
|
48 | def followers(self, repo_name): | |
50 | p = safe_int(request.GET.get('page'), 1) |
|
49 | p = safe_int(request.GET.get('page'), 1) | |
51 | repo_id = c.db_repo.repo_id |
|
50 | repo_id = c.db_repo.repo_id |
@@ -37,8 +37,8 b' from webob.exc import HTTPFound' | |||||
37 | import kallithea.lib.helpers as h |
|
37 | import kallithea.lib.helpers as h | |
38 |
|
38 | |||
39 | from kallithea.config.routing import url |
|
39 | from kallithea.config.routing import url | |
40 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
40 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator, \ | |
41 |
NotAnonymous, HasRepoPermission |
|
41 | NotAnonymous, HasRepoPermissionLevel, HasPermissionAnyDecorator, HasPermissionAny | |
42 | from kallithea.lib.base import BaseRepoController, render |
|
42 | from kallithea.lib.base import BaseRepoController, render | |
43 | from kallithea.lib.page import Page |
|
43 | from kallithea.lib.page import Page | |
44 | from kallithea.lib.utils2 import safe_int |
|
44 | from kallithea.lib.utils2 import safe_int | |
@@ -108,16 +108,13 b' class ForksController(BaseRepoController' | |||||
108 | return defaults |
|
108 | return defaults | |
109 |
|
109 | |||
110 | @LoginRequired() |
|
110 | @LoginRequired() | |
111 |
@HasRepoPermission |
|
111 | @HasRepoPermissionLevelDecorator('read') | |
112 | 'repository.admin') |
|
|||
113 | def forks(self, repo_name): |
|
112 | def forks(self, repo_name): | |
114 | p = safe_int(request.GET.get('page'), 1) |
|
113 | p = safe_int(request.GET.get('page'), 1) | |
115 | repo_id = c.db_repo.repo_id |
|
114 | repo_id = c.db_repo.repo_id | |
116 | d = [] |
|
115 | d = [] | |
117 | for r in Repository.get_repo_forks(repo_id): |
|
116 | for r in Repository.get_repo_forks(repo_id): | |
118 |
if not HasRepoPermission |
|
117 | if not HasRepoPermissionLevel('read')(r.repo_name, 'get forks check'): | |
119 | 'repository.read', 'repository.write', 'repository.admin' |
|
|||
120 | )(r.repo_name, 'get forks check'): |
|
|||
121 | continue |
|
118 | continue | |
122 | d.append(r) |
|
119 | d.append(r) | |
123 | c.forks_pager = Page(d, page=p, items_per_page=20) |
|
120 | c.forks_pager = Page(d, page=p, items_per_page=20) | |
@@ -130,8 +127,7 b' class ForksController(BaseRepoController' | |||||
130 | @LoginRequired() |
|
127 | @LoginRequired() | |
131 | @NotAnonymous() |
|
128 | @NotAnonymous() | |
132 | @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository') |
|
129 | @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository') | |
133 |
@HasRepoPermission |
|
130 | @HasRepoPermissionLevelDecorator('read') | |
134 | 'repository.admin') |
|
|||
135 | def fork(self, repo_name): |
|
131 | def fork(self, repo_name): | |
136 | c.repo_info = Repository.get_by_repo_name(repo_name) |
|
132 | c.repo_info = Repository.get_by_repo_name(repo_name) | |
137 | if not c.repo_info: |
|
133 | if not c.repo_info: | |
@@ -149,8 +145,7 b' class ForksController(BaseRepoController' | |||||
149 | @LoginRequired() |
|
145 | @LoginRequired() | |
150 | @NotAnonymous() |
|
146 | @NotAnonymous() | |
151 | @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository') |
|
147 | @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository') | |
152 |
@HasRepoPermission |
|
148 | @HasRepoPermissionLevelDecorator('read') | |
153 | 'repository.admin') |
|
|||
154 | def fork_create(self, repo_name): |
|
149 | def fork_create(self, repo_name): | |
155 | self.__load_defaults() |
|
150 | self.__load_defaults() | |
156 | c.repo_info = Repository.get_by_repo_name(repo_name) |
|
151 | c.repo_info = Repository.get_by_repo_name(repo_name) |
@@ -35,7 +35,7 b' from sqlalchemy.sql.expression import fu' | |||||
35 |
|
35 | |||
36 | from kallithea.lib.utils import conditional_cache |
|
36 | from kallithea.lib.utils import conditional_cache | |
37 | from kallithea.lib.compat import json |
|
37 | from kallithea.lib.compat import json | |
38 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
38 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator | |
39 | from kallithea.lib.base import BaseController, render, jsonify |
|
39 | from kallithea.lib.base import BaseController, render, jsonify | |
40 | from kallithea.model.db import Repository, RepoGroup |
|
40 | from kallithea.model.db import Repository, RepoGroup | |
41 | from kallithea.model.repo import RepoModel |
|
41 | from kallithea.model.repo import RepoModel | |
@@ -113,8 +113,7 b' class HomeController(BaseController):' | |||||
113 | raise HTTPBadRequest() |
|
113 | raise HTTPBadRequest() | |
114 |
|
114 | |||
115 | @LoginRequired() |
|
115 | @LoginRequired() | |
116 |
@HasRepoPermission |
|
116 | @HasRepoPermissionLevelDecorator('read') | |
117 | 'repository.admin') |
|
|||
118 | @jsonify |
|
117 | @jsonify | |
119 | def repo_refs_data(self, repo_name): |
|
118 | def repo_refs_data(self, repo_name): | |
120 | repo = Repository.get_by_repo_name(repo_name).scm_instance |
|
119 | repo = Repository.get_by_repo_name(repo_name).scm_instance |
@@ -37,7 +37,7 b' from webob.exc import HTTPFound, HTTPNot' | |||||
37 | from kallithea.config.routing import url |
|
37 | from kallithea.config.routing import url | |
38 | from kallithea.lib import helpers as h |
|
38 | from kallithea.lib import helpers as h | |
39 | from kallithea.lib import diffs |
|
39 | from kallithea.lib import diffs | |
40 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
40 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator, \ | |
41 | NotAnonymous |
|
41 | NotAnonymous | |
42 | from kallithea.lib.base import BaseRepoController, render, jsonify |
|
42 | from kallithea.lib.base import BaseRepoController, render, jsonify | |
43 | from kallithea.lib.compat import json, OrderedDict |
|
43 | from kallithea.lib.compat import json, OrderedDict | |
@@ -190,8 +190,7 b' class PullrequestsController(BaseRepoCon' | |||||
190 | return request.authuser.admin or owner or reviewer |
|
190 | return request.authuser.admin or owner or reviewer | |
191 |
|
191 | |||
192 | @LoginRequired() |
|
192 | @LoginRequired() | |
193 |
@HasRepoPermission |
|
193 | @HasRepoPermissionLevelDecorator('read') | |
194 | 'repository.admin') |
|
|||
195 | def show_all(self, repo_name): |
|
194 | def show_all(self, repo_name): | |
196 | c.from_ = request.GET.get('from_') or '' |
|
195 | c.from_ = request.GET.get('from_') or '' | |
197 | c.closed = request.GET.get('closed') or '' |
|
196 | c.closed = request.GET.get('closed') or '' | |
@@ -236,8 +235,7 b' class PullrequestsController(BaseRepoCon' | |||||
236 |
|
235 | |||
237 | @LoginRequired() |
|
236 | @LoginRequired() | |
238 | @NotAnonymous() |
|
237 | @NotAnonymous() | |
239 |
@HasRepoPermission |
|
238 | @HasRepoPermissionLevelDecorator('read') | |
240 | 'repository.admin') |
|
|||
241 | def index(self): |
|
239 | def index(self): | |
242 | org_repo = c.db_repo |
|
240 | org_repo = c.db_repo | |
243 | org_scm_instance = org_repo.scm_instance |
|
241 | org_scm_instance = org_repo.scm_instance | |
@@ -293,8 +291,7 b' class PullrequestsController(BaseRepoCon' | |||||
293 |
|
291 | |||
294 | @LoginRequired() |
|
292 | @LoginRequired() | |
295 | @NotAnonymous() |
|
293 | @NotAnonymous() | |
296 |
@HasRepoPermission |
|
294 | @HasRepoPermissionLevelDecorator('read') | |
297 | 'repository.admin') |
|
|||
298 | @jsonify |
|
295 | @jsonify | |
299 | def repo_info(self, repo_name): |
|
296 | def repo_info(self, repo_name): | |
300 | repo = c.db_repo |
|
297 | repo = c.db_repo | |
@@ -307,8 +304,7 b' class PullrequestsController(BaseRepoCon' | |||||
307 |
|
304 | |||
308 | @LoginRequired() |
|
305 | @LoginRequired() | |
309 | @NotAnonymous() |
|
306 | @NotAnonymous() | |
310 |
@HasRepoPermission |
|
307 | @HasRepoPermissionLevelDecorator('read') | |
311 | 'repository.admin') |
|
|||
312 | def create(self, repo_name): |
|
308 | def create(self, repo_name): | |
313 | repo = c.db_repo |
|
309 | repo = c.db_repo | |
314 | try: |
|
310 | try: | |
@@ -513,8 +509,7 b' class PullrequestsController(BaseRepoCon' | |||||
513 | # pullrequest_post for PR editing |
|
509 | # pullrequest_post for PR editing | |
514 | @LoginRequired() |
|
510 | @LoginRequired() | |
515 | @NotAnonymous() |
|
511 | @NotAnonymous() | |
516 |
@HasRepoPermission |
|
512 | @HasRepoPermissionLevelDecorator('read') | |
517 | 'repository.admin') |
|
|||
518 | def post(self, repo_name, pull_request_id): |
|
513 | def post(self, repo_name, pull_request_id): | |
519 | pull_request = PullRequest.get_or_404(pull_request_id) |
|
514 | pull_request = PullRequest.get_or_404(pull_request_id) | |
520 | if pull_request.is_closed(): |
|
515 | if pull_request.is_closed(): | |
@@ -522,7 +517,7 b' class PullrequestsController(BaseRepoCon' | |||||
522 | assert pull_request.other_repo.repo_name == repo_name |
|
517 | assert pull_request.other_repo.repo_name == repo_name | |
523 | #only owner or admin can update it |
|
518 | #only owner or admin can update it | |
524 | owner = pull_request.owner_id == request.authuser.user_id |
|
519 | owner = pull_request.owner_id == request.authuser.user_id | |
525 |
repo_admin = h.HasRepoPermission |
|
520 | repo_admin = h.HasRepoPermissionLevel('admin')(c.repo_name) | |
526 | if not (h.HasPermissionAny('hg.admin')() or repo_admin or owner): |
|
521 | if not (h.HasPermissionAny('hg.admin')() or repo_admin or owner): | |
527 | raise HTTPForbidden() |
|
522 | raise HTTPForbidden() | |
528 |
|
523 | |||
@@ -571,8 +566,7 b' class PullrequestsController(BaseRepoCon' | |||||
571 |
|
566 | |||
572 | @LoginRequired() |
|
567 | @LoginRequired() | |
573 | @NotAnonymous() |
|
568 | @NotAnonymous() | |
574 |
@HasRepoPermission |
|
569 | @HasRepoPermissionLevelDecorator('read') | |
575 | 'repository.admin') |
|
|||
576 | @jsonify |
|
570 | @jsonify | |
577 | def delete(self, repo_name, pull_request_id): |
|
571 | def delete(self, repo_name, pull_request_id): | |
578 | pull_request = PullRequest.get_or_404(pull_request_id) |
|
572 | pull_request = PullRequest.get_or_404(pull_request_id) | |
@@ -586,8 +580,7 b' class PullrequestsController(BaseRepoCon' | |||||
586 | raise HTTPForbidden() |
|
580 | raise HTTPForbidden() | |
587 |
|
581 | |||
588 | @LoginRequired() |
|
582 | @LoginRequired() | |
589 |
@HasRepoPermission |
|
583 | @HasRepoPermissionLevelDecorator('read') | |
590 | 'repository.admin') |
|
|||
591 | def show(self, repo_name, pull_request_id, extra=None): |
|
584 | def show(self, repo_name, pull_request_id, extra=None): | |
592 | repo_model = RepoModel() |
|
585 | repo_model = RepoModel() | |
593 | c.users_array = repo_model.get_users_js() |
|
586 | c.users_array = repo_model.get_users_js() | |
@@ -775,8 +768,7 b' class PullrequestsController(BaseRepoCon' | |||||
775 |
|
768 | |||
776 | @LoginRequired() |
|
769 | @LoginRequired() | |
777 | @NotAnonymous() |
|
770 | @NotAnonymous() | |
778 |
@HasRepoPermission |
|
771 | @HasRepoPermissionLevelDecorator('read') | |
779 | 'repository.admin') |
|
|||
780 | @jsonify |
|
772 | @jsonify | |
781 | def comment(self, repo_name, pull_request_id): |
|
773 | def comment(self, repo_name, pull_request_id): | |
782 | pull_request = PullRequest.get_or_404(pull_request_id) |
|
774 | pull_request = PullRequest.get_or_404(pull_request_id) | |
@@ -800,8 +792,8 b' class PullrequestsController(BaseRepoCon' | |||||
800 | if delete == "delete": |
|
792 | if delete == "delete": | |
801 | if (pull_request.owner_id == request.authuser.user_id or |
|
793 | if (pull_request.owner_id == request.authuser.user_id or | |
802 | h.HasPermissionAny('hg.admin')() or |
|
794 | h.HasPermissionAny('hg.admin')() or | |
803 |
h.HasRepoPermission |
|
795 | h.HasRepoPermissionLevel('admin')(pull_request.org_repo.repo_name) or | |
804 |
h.HasRepoPermission |
|
796 | h.HasRepoPermissionLevel('admin')(pull_request.other_repo.repo_name) | |
805 | ) and not pull_request.is_closed(): |
|
797 | ) and not pull_request.is_closed(): | |
806 | PullRequestModel().delete(pull_request) |
|
798 | PullRequestModel().delete(pull_request) | |
807 | Session().commit() |
|
799 | Session().commit() | |
@@ -861,8 +853,7 b' class PullrequestsController(BaseRepoCon' | |||||
861 |
|
853 | |||
862 | @LoginRequired() |
|
854 | @LoginRequired() | |
863 | @NotAnonymous() |
|
855 | @NotAnonymous() | |
864 |
@HasRepoPermission |
|
856 | @HasRepoPermissionLevelDecorator('read') | |
865 | 'repository.admin') |
|
|||
866 | @jsonify |
|
857 | @jsonify | |
867 | def delete_comment(self, repo_name, comment_id): |
|
858 | def delete_comment(self, repo_name, comment_id): | |
868 | co = ChangesetComment.get(comment_id) |
|
859 | co = ChangesetComment.get(comment_id) | |
@@ -871,7 +862,7 b' class PullrequestsController(BaseRepoCon' | |||||
871 | raise HTTPForbidden() |
|
862 | raise HTTPForbidden() | |
872 |
|
863 | |||
873 | owner = co.author_id == request.authuser.user_id |
|
864 | owner = co.author_id == request.authuser.user_id | |
874 |
repo_admin = h.HasRepoPermission |
|
865 | repo_admin = h.HasRepoPermissionLevel('admin')(c.repo_name) | |
875 | if h.HasPermissionAny('hg.admin')() or repo_admin or owner: |
|
866 | if h.HasPermissionAny('hg.admin')() or repo_admin or owner: | |
876 | ChangesetCommentsModel().delete(comment=co) |
|
867 | ChangesetCommentsModel().delete(comment=co) | |
877 | Session().commit() |
|
868 | Session().commit() |
@@ -43,7 +43,7 b' from kallithea.lib.vcs.exceptions import' | |||||
43 | from kallithea.config.conf import ALL_READMES, ALL_EXTS, LANGUAGES_EXTENSIONS_MAP |
|
43 | from kallithea.config.conf import ALL_READMES, ALL_EXTS, LANGUAGES_EXTENSIONS_MAP | |
44 | from kallithea.model.db import Statistics, CacheInvalidation, User |
|
44 | from kallithea.model.db import Statistics, CacheInvalidation, User | |
45 | from kallithea.lib.utils2 import safe_str |
|
45 | from kallithea.lib.utils2 import safe_str | |
46 |
from kallithea.lib.auth import LoginRequired, HasRepoPermission |
|
46 | from kallithea.lib.auth import LoginRequired, HasRepoPermissionLevelDecorator, \ | |
47 | NotAnonymous |
|
47 | NotAnonymous | |
48 | from kallithea.lib.base import BaseRepoController, render, jsonify |
|
48 | from kallithea.lib.base import BaseRepoController, render, jsonify | |
49 | from kallithea.lib.vcs.backends.base import EmptyChangeset |
|
49 | from kallithea.lib.vcs.backends.base import EmptyChangeset | |
@@ -107,8 +107,7 b' class SummaryController(BaseRepoControll' | |||||
107 | return _get_readme_from_cache(repo_name, kind) |
|
107 | return _get_readme_from_cache(repo_name, kind) | |
108 |
|
108 | |||
109 | @LoginRequired() |
|
109 | @LoginRequired() | |
110 |
@HasRepoPermission |
|
110 | @HasRepoPermissionLevelDecorator('read') | |
111 | 'repository.admin') |
|
|||
112 | def index(self, repo_name): |
|
111 | def index(self, repo_name): | |
113 | _load_changelog_summary() |
|
112 | _load_changelog_summary() | |
114 |
|
113 | |||
@@ -161,8 +160,7 b' class SummaryController(BaseRepoControll' | |||||
161 |
|
160 | |||
162 | @LoginRequired() |
|
161 | @LoginRequired() | |
163 | @NotAnonymous() |
|
162 | @NotAnonymous() | |
164 |
@HasRepoPermission |
|
163 | @HasRepoPermissionLevelDecorator('read') | |
165 | 'repository.admin') |
|
|||
166 | @jsonify |
|
164 | @jsonify | |
167 | def repo_size(self, repo_name): |
|
165 | def repo_size(self, repo_name): | |
168 | if request.is_xhr: |
|
166 | if request.is_xhr: | |
@@ -171,8 +169,7 b' class SummaryController(BaseRepoControll' | |||||
171 | raise HTTPBadRequest() |
|
169 | raise HTTPBadRequest() | |
172 |
|
170 | |||
173 | @LoginRequired() |
|
171 | @LoginRequired() | |
174 |
@HasRepoPermission |
|
172 | @HasRepoPermissionLevelDecorator('read') | |
175 | 'repository.admin') |
|
|||
176 | def statistics(self, repo_name): |
|
173 | def statistics(self, repo_name): | |
177 | if c.db_repo.enable_statistics: |
|
174 | if c.db_repo.enable_statistics: | |
178 | c.show_stats = True |
|
175 | c.show_stats = True |
@@ -537,6 +537,18 b' class AuthUser(object):' | |||||
537 | def permissions(self): |
|
537 | def permissions(self): | |
538 | return self.__get_perms(user=self, cache=False) |
|
538 | return self.__get_perms(user=self, cache=False) | |
539 |
|
539 | |||
|
540 | def has_repository_permission_level(self, repo_name, level, purpose=None): | |||
|
541 | required_perms = { | |||
|
542 | 'read': ['repository.read', 'repository.write', 'repository.admin'], | |||
|
543 | 'write': ['repository.write', 'repository.admin'], | |||
|
544 | 'admin': ['repository.admin'], | |||
|
545 | }[level] | |||
|
546 | actual_perm = self.permissions['repositories'].get(repo_name) | |||
|
547 | ok = actual_perm in required_perms | |||
|
548 | log.debug('Checking if user %r can %r repo %r (%s): %s (has %r)', | |||
|
549 | self.username, level, repo_name, purpose, ok, actual_perm) | |||
|
550 | return ok | |||
|
551 | ||||
540 | @property |
|
552 | @property | |
541 | def api_keys(self): |
|
553 | def api_keys(self): | |
542 | return self._get_api_keys() |
|
554 | return self._get_api_keys() | |
@@ -836,17 +848,15 b' class HasPermissionAnyDecorator(_PermsDe' | |||||
836 | return any(p in global_permissions for p in self.required_perms) |
|
848 | return any(p in global_permissions for p in self.required_perms) | |
837 |
|
849 | |||
838 |
|
850 | |||
839 |
class HasRepoPermission |
|
851 | class HasRepoPermissionLevelDecorator(_PermsDecorator): | |
840 | """ |
|
852 | """ | |
841 |
Checks the user has a |
|
853 | Checks the user has at least the specified permission level for the requested repository. | |
842 | """ |
|
854 | """ | |
843 |
|
855 | |||
844 | def check_permissions(self, user): |
|
856 | def check_permissions(self, user): | |
845 | repo_name = get_repo_slug(request) |
|
857 | repo_name = get_repo_slug(request) | |
846 | try: |
|
858 | (level,) = self.required_perms | |
847 | return user.permissions['repositories'][repo_name] in self.required_perms |
|
859 | return user.has_repository_permission_level(repo_name, level) | |
848 | except KeyError: |
|
|||
849 | return False |
|
|||
850 |
|
860 | |||
851 |
|
861 | |||
852 | class HasRepoGroupPermissionAnyDecorator(_PermsDecorator): |
|
862 | class HasRepoGroupPermissionAnyDecorator(_PermsDecorator): | |
@@ -908,17 +918,11 b' class HasPermissionAny(_PermsFunction):' | |||||
908 | return ok |
|
918 | return ok | |
909 |
|
919 | |||
910 |
|
920 | |||
911 |
class HasRepoPermission |
|
921 | class HasRepoPermissionLevel(_PermsFunction): | |
912 |
|
922 | |||
913 | def __call__(self, repo_name, purpose=None): |
|
923 | def __call__(self, repo_name, purpose=None): | |
914 | try: |
|
924 | (level,) = self.required_perms | |
915 | ok = request.user.permissions['repositories'][repo_name] in self.required_perms |
|
925 | return request.user.has_repository_permission_level(repo_name, level, purpose) | |
916 | except KeyError: |
|
|||
917 | ok = False |
|
|||
918 |
|
||||
919 | log.debug('Check %s for %s for repo %s (%s): %s' % |
|
|||
920 | (request.user.username, self.required_perms, repo_name, purpose, ok)) |
|
|||
921 | return ok |
|
|||
922 |
|
926 | |||
923 |
|
927 | |||
924 | class HasRepoGroupPermissionAny(_PermsFunction): |
|
928 | class HasRepoGroupPermissionAny(_PermsFunction): |
@@ -778,7 +778,7 b' def action_parser(user_log, feed=False, ' | |||||
778 | # PERMS |
|
778 | # PERMS | |
779 | #============================================================================== |
|
779 | #============================================================================== | |
780 | from kallithea.lib.auth import HasPermissionAny, \ |
|
780 | from kallithea.lib.auth import HasPermissionAny, \ | |
781 |
HasRepoPermission |
|
781 | HasRepoPermissionLevel, HasRepoGroupPermissionAny | |
782 |
|
782 | |||
783 |
|
783 | |||
784 | #============================================================================== |
|
784 | #============================================================================== |
@@ -47,7 +47,7 b' from kallithea.model.db import Repositor' | |||||
47 | Statistics, UserGroup, Ui, RepoGroup, RepositoryField |
|
47 | Statistics, UserGroup, Ui, RepoGroup, RepositoryField | |
48 |
|
48 | |||
49 | from kallithea.lib import helpers as h |
|
49 | from kallithea.lib import helpers as h | |
50 |
from kallithea.lib.auth import HasRepoPermission |
|
50 | from kallithea.lib.auth import HasRepoPermissionLevel, HasUserGroupPermissionAny | |
51 | from kallithea.lib.exceptions import AttachedForksError |
|
51 | from kallithea.lib.exceptions import AttachedForksError | |
52 | from kallithea.model.scm import UserGroupList |
|
52 | from kallithea.model.scm import UserGroupList | |
53 |
|
53 | |||
@@ -207,10 +207,7 b' class RepoModel(BaseModel):' | |||||
207 | for repo in repos_list: |
|
207 | for repo in repos_list: | |
208 | if perm_check: |
|
208 | if perm_check: | |
209 | # check permission at this level |
|
209 | # check permission at this level | |
210 | if not HasRepoPermissionAny( |
|
210 | if not HasRepoPermissionLevel('read')(repo.repo_name, 'get_repos_as_dict check'): | |
211 | 'repository.read', 'repository.write', |
|
|||
212 | 'repository.admin' |
|
|||
213 | )(repo.repo_name, 'get_repos_as_dict check'): |
|
|||
214 | continue |
|
211 | continue | |
215 | cs_cache = repo.changeset_cache |
|
212 | cs_cache = repo.changeset_cache | |
216 | row = { |
|
213 | row = { |
@@ -49,7 +49,7 b' from kallithea import BACKENDS' | |||||
49 | from kallithea.lib import helpers as h |
|
49 | from kallithea.lib import helpers as h | |
50 | from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \ |
|
50 | from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \ | |
51 | _set_extras |
|
51 | _set_extras | |
52 |
from kallithea.lib.auth import HasRepoPermission |
|
52 | from kallithea.lib.auth import HasRepoPermissionLevel, HasRepoGroupPermissionAny, \ | |
53 | HasUserGroupPermissionAny, HasPermissionAny, HasPermissionAny |
|
53 | HasUserGroupPermissionAny, HasPermissionAny, HasPermissionAny | |
54 | from kallithea.lib.utils import get_filesystem_repos, make_ui, \ |
|
54 | from kallithea.lib.utils import get_filesystem_repos, make_ui, \ | |
55 | action_logger |
|
55 | action_logger | |
@@ -114,13 +114,10 b' class _PermCheckIterator(object):' | |||||
114 |
|
114 | |||
115 | class RepoList(_PermCheckIterator): |
|
115 | class RepoList(_PermCheckIterator): | |
116 |
|
116 | |||
117 |
def __init__(self, db_repo_list, perm_ |
|
117 | def __init__(self, db_repo_list, perm_level, extra_kwargs=None): | |
118 | if not perm_set: |
|
|||
119 | perm_set = ['repository.read', 'repository.write', 'repository.admin'] |
|
|||
120 |
|
||||
121 | super(RepoList, self).__init__(obj_list=db_repo_list, |
|
118 | super(RepoList, self).__init__(obj_list=db_repo_list, | |
122 |
obj_attr='repo_name', perm_set= |
|
119 | obj_attr='repo_name', perm_set=[perm_level], | |
123 |
perm_checker=HasRepoPermission |
|
120 | perm_checker=HasRepoPermissionLevel, | |
124 | extra_kwargs=extra_kwargs) |
|
121 | extra_kwargs=extra_kwargs) | |
125 |
|
122 | |||
126 |
|
123 | |||
@@ -216,7 +213,7 b' class ScmModel(BaseModel):' | |||||
216 |
|
213 | |||
217 | def get_repos(self, repos): |
|
214 | def get_repos(self, repos): | |
218 | """Return the repos the user has access to""" |
|
215 | """Return the repos the user has access to""" | |
219 | return RepoList(repos) |
|
216 | return RepoList(repos, perm_level='read') | |
220 |
|
217 | |||
221 | def get_repo_groups(self, groups=None): |
|
218 | def get_repo_groups(self, groups=None): | |
222 | """Return the repo groups the user has access to |
|
219 | """Return the repo groups the user has access to |
@@ -133,13 +133,13 b'' | |||||
133 | <input id="branch_switcher" name="branch_switcher" type="hidden"> |
|
133 | <input id="branch_switcher" name="branch_switcher" type="hidden"> | |
134 | </li> |
|
134 | </li> | |
135 | <li class="${'active' if current == 'options' else ''} dropdown" data-context="options"> |
|
135 | <li class="${'active' if current == 'options' else ''} dropdown" data-context="options"> | |
136 |
%if h.HasRepoPermission |
|
136 | %if h.HasRepoPermissionLevel('admin')(c.repo_name): | |
137 | <a href="${h.url('edit_repo',repo_name=c.repo_name)}" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a> |
|
137 | <a href="${h.url('edit_repo',repo_name=c.repo_name)}" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a> | |
138 | %else: |
|
138 | %else: | |
139 | <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a> |
|
139 | <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false" aria-haspopup="true"><i class="icon-wrench"></i> ${_('Options')} <i class="caret"></i></a> | |
140 | %endif |
|
140 | %endif | |
141 | <ul class="dropdown-menu" role="menu" aria-hidden="true"> |
|
141 | <ul class="dropdown-menu" role="menu" aria-hidden="true"> | |
142 |
%if h.HasRepoPermission |
|
142 | %if h.HasRepoPermissionLevel('admin')(c.repo_name): | |
143 | <li><a href="${h.url('edit_repo',repo_name=c.repo_name)}"><i class="icon-gear"></i> ${_('Settings')}</a></li> |
|
143 | <li><a href="${h.url('edit_repo',repo_name=c.repo_name)}"><i class="icon-gear"></i> ${_('Settings')}</a></li> | |
144 | %endif |
|
144 | %endif | |
145 | %if c.db_repo.fork: |
|
145 | %if c.db_repo.fork: | |
@@ -150,7 +150,7 b'' | |||||
150 |
|
150 | |||
151 | <li><a href="${h.url('search_repo',repo_name=c.repo_name)}"><i class="icon-search"></i> ${_('Search')}</a></li> |
|
151 | <li><a href="${h.url('search_repo',repo_name=c.repo_name)}"><i class="icon-search"></i> ${_('Search')}</a></li> | |
152 |
|
152 | |||
153 |
%if h.HasRepoPermission |
|
153 | %if h.HasRepoPermissionLevel('write')(c.repo_name) and c.db_repo.enable_locking: | |
154 | %if c.db_repo.locked[0]: |
|
154 | %if c.db_repo.locked[0]: | |
155 | <li><a href="${h.url('toggle_locking', repo_name=c.repo_name)}"><i class="icon-lock"></i> ${_('Unlock')}</a></li> |
|
155 | <li><a href="${h.url('toggle_locking', repo_name=c.repo_name)}"><i class="icon-lock"></i> ${_('Unlock')}</a></li> | |
156 | %else: |
|
156 | %else: |
@@ -80,7 +80,7 b'' | |||||
80 | </ul> |
|
80 | </ul> | |
81 | %else: |
|
81 | %else: | |
82 |
|
82 | |||
83 |
%if h.HasRepoPermission |
|
83 | %if h.HasRepoPermissionLevel('write')(c.repo_name): | |
84 | <h4>${_('Add or upload files directly via Kallithea')}</h4> |
|
84 | <h4>${_('Add or upload files directly via Kallithea')}</h4> | |
85 | <div style="margin: 20px 30px;"> |
|
85 | <div style="margin: 20px 30px;"> | |
86 | <div id="add_node_id" class="add_node"> |
|
86 | <div id="add_node_id" class="add_node"> |
@@ -24,7 +24,7 b'' | |||||
24 | <a class="permalink" href="${co.url()}">¶</a> |
|
24 | <a class="permalink" href="${co.url()}">¶</a> | |
25 | </span> |
|
25 | </span> | |
26 |
|
26 | |||
27 |
%if co.author_id == request.authuser.user_id or h.HasRepoPermission |
|
27 | %if co.author_id == request.authuser.user_id or h.HasRepoPermissionLevel('admin')(c.repo_name): | |
28 | %if co.deletable(): |
|
28 | %if co.deletable(): | |
29 | <div onClick="confirm('${_('Delete comment?')}') && deleteComment(${co.comment_id})" class="buttons delete-comment btn btn-default btn-xs" style="margin:0 5px">${_('Delete')}</div> |
|
29 | <div onClick="confirm('${_('Delete comment?')}') && deleteComment(${co.comment_id})" class="buttons delete-comment btn btn-default btn-xs" style="margin:0 5px">${_('Delete')}</div> | |
30 | %endif |
|
30 | %endif | |
@@ -80,7 +80,7 b'' | |||||
80 | %endfor |
|
80 | %endfor | |
81 |
|
81 | |||
82 | %if c.pull_request is not None and ( \ |
|
82 | %if c.pull_request is not None and ( \ | |
83 |
h.HasPermissionAny('hg.admin')() or h.HasRepoPermission |
|
83 | h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionLevel('admin')(c.repo_name) \ | |
84 | or c.pull_request.owner_id == request.authuser.user_id): |
|
84 | or c.pull_request.owner_id == request.authuser.user_id): | |
85 | <div> |
|
85 | <div> | |
86 | ${_('Finish pull request')}: |
|
86 | ${_('Finish pull request')}: |
@@ -48,7 +48,7 b'' | |||||
48 | ${h.link_to(_('Show Annotation'),h.url('files_annotate_home',repo_name=c.repo_name,revision=c.cs.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} |
|
48 | ${h.link_to(_('Show Annotation'),h.url('files_annotate_home',repo_name=c.repo_name,revision=c.cs.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} | |
49 | ${h.link_to(_('Show as Raw'),h.url('files_raw_home',repo_name=c.repo_name,revision=c.cs.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} |
|
49 | ${h.link_to(_('Show as Raw'),h.url('files_raw_home',repo_name=c.repo_name,revision=c.cs.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} | |
50 | ${h.link_to(_('Download as Raw'),h.url('files_rawfile_home',repo_name=c.repo_name,revision=c.cs.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} |
|
50 | ${h.link_to(_('Download as Raw'),h.url('files_rawfile_home',repo_name=c.repo_name,revision=c.cs.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} | |
51 |
% if h.HasRepoPermission |
|
51 | % if h.HasRepoPermissionLevel('write')(c.repo_name): | |
52 | % if not c.file.is_binary: |
|
52 | % if not c.file.is_binary: | |
53 | ${h.link_to(_('Source'),h.url('files_home',repo_name=c.repo_name,revision=c.cs.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} |
|
53 | ${h.link_to(_('Source'),h.url('files_home',repo_name=c.repo_name,revision=c.cs.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} | |
54 | % endif |
|
54 | % endif |
@@ -34,7 +34,7 b'' | |||||
34 | %endif |
|
34 | %endif | |
35 | ${h.link_to(_('Show as Raw'),h.url('files_raw_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} |
|
35 | ${h.link_to(_('Show as Raw'),h.url('files_raw_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} | |
36 | ${h.link_to(_('Download as Raw'),h.url('files_rawfile_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} |
|
36 | ${h.link_to(_('Download as Raw'),h.url('files_rawfile_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path),class_="btn btn-default btn-xs")} | |
37 |
%if h.HasRepoPermission |
|
37 | %if h.HasRepoPermissionLevel('write')(c.repo_name): | |
38 | %if c.on_branch_head and not c.file.is_binary: |
|
38 | %if c.on_branch_head and not c.file.is_binary: | |
39 | ${h.link_to(_('Edit on Branch: %s') % c.changeset.branch, h.url('files_edit_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path, anchor='edit'),class_="btn btn-default btn-xs")} |
|
39 | ${h.link_to(_('Edit on Branch: %s') % c.changeset.branch, h.url('files_edit_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path, anchor='edit'),class_="btn btn-default btn-xs")} | |
40 | ${h.link_to(_('Delete'), h.url('files_delete_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path, anchor='edit'),class_="btn btn-danger btn-xs")} |
|
40 | ${h.link_to(_('Delete'), h.url('files_delete_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path, anchor='edit'),class_="btn btn-danger btn-xs")} |
@@ -5,7 +5,7 b'' | |||||
5 | - ${_('annotation')} |
|
5 | - ${_('annotation')} | |
6 | %endif |
|
6 | %endif | |
7 | %if c.file.is_dir(): |
|
7 | %if c.file.is_dir(): | |
8 |
% if h.HasRepoPermission |
|
8 | % if h.HasRepoPermissionLevel('write')(c.repo_name): | |
9 | / <span title="${_('Add New File')}"> |
|
9 | / <span title="${_('Add New File')}"> | |
10 | <a href="${h.url('files_add_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path, anchor='edit')}"> |
|
10 | <a href="${h.url('files_add_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=c.f_path, anchor='edit')}"> | |
11 | <i class="icon-plus-circled" style="color:#5bb75b; font-size: 16px"></i></a> |
|
11 | <i class="icon-plus-circled" style="color:#5bb75b; font-size: 16px"></i></a> |
@@ -15,7 +15,7 b'' | |||||
15 | </%block> |
|
15 | </%block> | |
16 |
|
16 | |||
17 | <%def name="main()"> |
|
17 | <%def name="main()"> | |
18 |
<% editable = not c.pull_request.is_closed() and (h.HasPermissionAny('hg.admin')() or h.HasRepoPermission |
|
18 | <% editable = not c.pull_request.is_closed() and (h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionLevel('admin')(c.repo_name) or c.pull_request.owner_id == request.authuser.user_id) %> | |
19 | ${self.repo_context_bar('showpullrequest')} |
|
19 | ${self.repo_context_bar('showpullrequest')} | |
20 | <div class="panel panel-primary"> |
|
20 | <div class="panel panel-primary"> | |
21 | <div class="panel-heading clearfix"> |
|
21 | <div class="panel-heading clearfix"> |
@@ -1,7 +1,7 b'' | |||||
1 | ##commit highlighting |
|
1 | ##commit highlighting | |
2 |
|
2 | |||
3 | %for cnt,sr in enumerate(c.formated_results): |
|
3 | %for cnt,sr in enumerate(c.formated_results): | |
4 |
%if h.HasRepoPermission |
|
4 | %if h.HasRepoPermissionLevel('read')(sr['repository'],'search results check'): | |
5 | <div id="body${cnt}" class="codeblock"> |
|
5 | <div id="body${cnt}" class="codeblock"> | |
6 | <div class="code-header"> |
|
6 | <div class="code-header"> | |
7 | <div class="search-path">${h.link_to(h.literal('%s » %s' % (sr['repository'],sr['raw_id'])), |
|
7 | <div class="search-path">${h.link_to(h.literal('%s » %s' % (sr['repository'],sr['raw_id'])), |
@@ -1,7 +1,7 b'' | |||||
1 | ##content highlighting |
|
1 | ##content highlighting | |
2 |
|
2 | |||
3 | %for cnt,sr in enumerate(c.formated_results): |
|
3 | %for cnt,sr in enumerate(c.formated_results): | |
4 |
%if h.HasRepoPermission |
|
4 | %if h.HasRepoPermissionLevel('read')(sr['repository'],'search results check'): | |
5 | <div id="body${cnt}" class="codeblock"> |
|
5 | <div id="body${cnt}" class="codeblock"> | |
6 | <div class="code-header"> |
|
6 | <div class="code-header"> | |
7 | <div class="search-path">${h.link_to(h.literal('%s » %s' % (sr['repository'],sr['f_path'])), |
|
7 | <div class="search-path">${h.link_to(h.literal('%s » %s' % (sr['repository'],sr['f_path'])), |
@@ -1,7 +1,7 b'' | |||||
1 | ##path search |
|
1 | ##path search | |
2 |
|
2 | |||
3 | %for cnt,sr in enumerate(c.formated_results): |
|
3 | %for cnt,sr in enumerate(c.formated_results): | |
4 |
%if h.HasRepoPermission |
|
4 | %if h.HasRepoPermissionLevel('read')(sr['repository'],'search results check'): | |
5 | <div class="panel panel-default"> |
|
5 | <div class="panel panel-default"> | |
6 | <div class="panel-heading"> |
|
6 | <div class="panel-heading"> | |
7 | ${h.link_to(h.literal('%s » %s' % (sr['repository'],sr['f_path'])), |
|
7 | ${h.link_to(h.literal('%s » %s' % (sr['repository'],sr['f_path'])), |
General Comments 0
You need to be logged in to leave comments.
Login now