Show More
| @@ -4,6 +4,9 b' Provides the BaseController class for su' | |||
|
|
4 | 4 | """ |
|
|
5 | 5 | import logging |
|
|
6 | 6 | import time |
|
|
7 | ||
|
|
8 | from paste.auth.basic import AuthBasicAuthenticator | |
|
|
9 | ||
|
|
7 | 10 | from pylons import config, tmpl_context as c, request, session, url |
|
|
8 | 11 | from pylons.controllers import WSGIController |
|
|
9 | 12 | from pylons.controllers.util import redirect |
| @@ -12,8 +15,9 b' from pylons.templating import render_mak' | |||
|
|
12 | 15 | from rhodecode import __version__, BACKENDS |
|
|
13 | 16 | |
|
|
14 | 17 | from rhodecode.lib import str2bool |
|
|
15 | from rhodecode.lib.auth import AuthUser, get_container_username | |
|
|
16 | from rhodecode.lib.utils import get_repo_slug | |
|
|
18 | from rhodecode.lib.auth import AuthUser, get_container_username, authfunc,\ | |
|
|
19 | HasPermissionAnyMiddleware | |
|
|
20 | from rhodecode.lib.utils import get_repo_slug, invalidate_cache | |
|
|
17 | 21 | from rhodecode.model import meta |
|
|
18 | 22 | |
|
|
19 | 23 | from rhodecode.model.db import Repository |
| @@ -22,6 +26,60 b' from rhodecode.model.scm import ScmModel' | |||
|
|
22 | 26 | |
|
|
23 | 27 | log = logging.getLogger(__name__) |
|
|
24 | 28 | |
|
|
29 | class BaseVCSController(object): | |
|
|
30 | ||
|
|
31 | def __init__(self, application, config): | |
|
|
32 | self.application = application | |
|
|
33 | self.config = config | |
|
|
34 | # base path of repo locations | |
|
|
35 | self.basepath = self.config['base_path'] | |
|
|
36 | #authenticate this mercurial request using authfunc | |
|
|
37 | self.authenticate = AuthBasicAuthenticator('', authfunc) | |
|
|
38 | self.ipaddr = '0.0.0.0' | |
|
|
39 | ||
|
|
40 | def _invalidate_cache(self, repo_name): | |
|
|
41 | """ | |
|
|
42 | Set's cache for this repository for invalidation on next access | |
|
|
43 | ||
|
|
44 | :param repo_name: full repo name, also a cache key | |
|
|
45 | """ | |
|
|
46 | invalidate_cache('get_repo_cached_%s' % repo_name) | |
|
|
47 | ||
|
|
48 | def _check_permission(self, action, user, repo_name): | |
|
|
49 | """ | |
|
|
50 | Checks permissions using action (push/pull) user and repository | |
|
|
51 | name | |
|
|
52 | ||
|
|
53 | :param action: push or pull action | |
|
|
54 | :param user: user instance | |
|
|
55 | :param repo_name: repository name | |
|
|
56 | """ | |
|
|
57 | if action == 'push': | |
|
|
58 | if not HasPermissionAnyMiddleware('repository.write', | |
|
|
59 | 'repository.admin')(user, | |
|
|
60 | repo_name): | |
|
|
61 | return False | |
|
|
62 | ||
|
|
63 | else: | |
|
|
64 | #any other action need at least read permission | |
|
|
65 | if not HasPermissionAnyMiddleware('repository.read', | |
|
|
66 | 'repository.write', | |
|
|
67 | 'repository.admin')(user, | |
|
|
68 | repo_name): | |
|
|
69 | return False | |
|
|
70 | ||
|
|
71 | return True | |
|
|
72 | ||
|
|
73 | def __call__(self, environ, start_response): | |
|
|
74 | start = time.time() | |
|
|
75 | try: | |
|
|
76 | return self._handle_request(environ, start_response) | |
|
|
77 | finally: | |
|
|
78 | log = logging.getLogger(self.__class__.__name__) | |
|
|
79 | log.debug('Request time: %.3fs' % (time.time() - start)) | |
|
|
80 | meta.Session.remove() | |
|
|
81 | ||
|
|
82 | ||
|
|
25 | 83 | class BaseController(WSGIController): |
|
|
26 | 84 | |
|
|
27 | 85 | def __before__(self): |
| @@ -30,7 +30,6 b' import traceback' | |||
|
|
30 | 30 | |
|
|
31 | 31 | from dulwich import server as dulserver |
|
|
32 | 32 | |
|
|
33 | ||
|
|
34 | 33 | class SimpleGitUploadPackHandler(dulserver.UploadPackHandler): |
|
|
35 | 34 | |
|
|
36 | 35 | def handle(self): |
| @@ -66,12 +65,12 b' dulserver.DEFAULT_HANDLERS = {' | |||
|
|
66 | 65 | from dulwich.repo import Repo |
|
|
67 | 66 | from dulwich.web import HTTPGitApplication |
|
|
68 | 67 | |
|
|
69 | from paste.auth.basic import AuthBasicAuthenticator | |
|
|
70 | 68 | from paste.httpheaders import REMOTE_USER, AUTH_TYPE |
|
|
71 | 69 | |
|
|
72 | 70 | from rhodecode.lib import safe_str |
|
|
73 | from rhodecode.lib.auth import authfunc, HasPermissionAnyMiddleware, get_container_username | |
|
|
74 | from rhodecode.lib.utils import invalidate_cache, is_valid_repo | |
|
|
71 | from rhodecode.lib.base import BaseVCSController | |
|
|
72 | from rhodecode.lib.auth import get_container_username | |
|
|
73 | from rhodecode.lib.utils import is_valid_repo | |
|
|
75 | 74 | from rhodecode.model.db import User |
|
|
76 | 75 | |
|
|
77 | 76 | from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError |
| @@ -91,17 +90,9 b' def is_git(environ):' | |||
|
|
91 | 90 | return False |
|
|
92 | 91 | |
|
|
93 | 92 | |
|
|
94 |
class SimpleGit( |
|
|
|
93 | class SimpleGit(BaseVCSController): | |
|
|
95 | 94 | |
|
|
96 | def __init__(self, application, config): | |
|
|
97 | self.application = application | |
|
|
98 | self.config = config | |
|
|
99 | # base path of repo locations | |
|
|
100 | self.basepath = self.config['base_path'] | |
|
|
101 | #authenticate this mercurial request using authfunc | |
|
|
102 | self.authenticate = AuthBasicAuthenticator('', authfunc) | |
|
|
103 | ||
|
|
104 | def __call__(self, environ, start_response): | |
|
|
95 | def _handle_request(self, environ, start_response): | |
|
|
105 | 96 | if not is_git(environ): |
|
|
106 | 97 | return self.application(environ, start_response) |
|
|
107 | 98 | |
| @@ -132,9 +123,8 b' class SimpleGit(object):' | |||
|
|
132 | 123 | if action in ['pull', 'push']: |
|
|
133 | 124 | anonymous_user = self.__get_user('default') |
|
|
134 | 125 | username = anonymous_user.username |
|
|
135 |
anonymous_perm = self. |
|
|
|
136 |
|
|
|
|
137 | repo_name) | |
|
|
126 | anonymous_perm = self._check_permission(action,anonymous_user, | |
|
|
127 | repo_name) | |
|
|
138 | 128 | |
|
|
139 | 129 | if anonymous_perm is not True or anonymous_user.active is False: |
|
|
140 | 130 | if anonymous_perm is not True: |
| @@ -179,16 +169,11 b' class SimpleGit(object):' | |||
|
|
179 | 169 | start_response) |
|
|
180 | 170 | |
|
|
181 | 171 | #check permissions for this repository |
|
|
182 |
perm = self. |
|
|
|
172 | perm = self._check_permission(action, user, | |
|
|
183 | 173 | repo_name) |
|
|
184 | 174 | if perm is not True: |
|
|
185 | 175 | return HTTPForbidden()(environ, start_response) |
|
|
186 | 176 | |
|
|
187 | extras = {'ip': ipaddr, | |
|
|
188 | 'username': username, | |
|
|
189 | 'action': action, | |
|
|
190 | 'repository': repo_name} | |
|
|
191 | ||
|
|
192 | 177 | #=================================================================== |
|
|
193 | 178 | # GIT REQUEST HANDLING |
|
|
194 | 179 | #=================================================================== |
| @@ -203,7 +188,7 b' class SimpleGit(object):' | |||
|
|
203 | 188 | try: |
|
|
204 | 189 | #invalidate cache on push |
|
|
205 | 190 | if action == 'push': |
|
|
206 |
self. |
|
|
|
191 | self._invalidate_cache(repo_name) | |
|
|
207 | 192 | |
|
|
208 | 193 | app = self.__make_app(repo_name, repo_path) |
|
|
209 | 194 | return app(environ, start_response) |
| @@ -225,31 +210,6 b' class SimpleGit(object):' | |||
|
|
225 | 210 | |
|
|
226 | 211 | return gitserve |
|
|
227 | 212 | |
|
|
228 | def __check_permission(self, action, user, repo_name): | |
|
|
229 | """ | |
|
|
230 | Checks permissions using action (push/pull) user and repository | |
|
|
231 | name | |
|
|
232 | ||
|
|
233 | :param action: push or pull action | |
|
|
234 | :param user: user instance | |
|
|
235 | :param repo_name: repository name | |
|
|
236 | """ | |
|
|
237 | if action == 'push': | |
|
|
238 | if not HasPermissionAnyMiddleware('repository.write', | |
|
|
239 | 'repository.admin')(user, | |
|
|
240 | repo_name): | |
|
|
241 | return False | |
|
|
242 | ||
|
|
243 | else: | |
|
|
244 | #any other action need at least read permission | |
|
|
245 | if not HasPermissionAnyMiddleware('repository.read', | |
|
|
246 | 'repository.write', | |
|
|
247 | 'repository.admin')(user, | |
|
|
248 | repo_name): | |
|
|
249 | return False | |
|
|
250 | ||
|
|
251 | return True | |
|
|
252 | ||
|
|
253 | 213 | def __get_repository(self, environ): |
|
|
254 | 214 | """ |
|
|
255 | 215 | Get's repository name out of PATH_INFO header |
| @@ -285,10 +245,3 b' class SimpleGit(object):' | |||
|
|
285 | 245 | service_cmd if service_cmd else 'other') |
|
|
286 | 246 | else: |
|
|
287 | 247 | return 'other' |
|
|
288 | ||
|
|
289 | def __invalidate_cache(self, repo_name): | |
|
|
290 | """we know that some change was made to repositories and we should | |
|
|
291 | invalidate the cache to see the changes right away but only for | |
|
|
292 | push requests""" | |
|
|
293 | invalidate_cache('get_repo_cached_%s' % repo_name) | |
|
|
294 | ||
| @@ -31,13 +31,12 b' import traceback' | |||
|
|
31 | 31 | from mercurial.error import RepoError |
|
|
32 | 32 | from mercurial.hgweb import hgweb_mod |
|
|
33 | 33 | |
|
|
34 | from paste.auth.basic import AuthBasicAuthenticator | |
|
|
35 | 34 | from paste.httpheaders import REMOTE_USER, AUTH_TYPE |
|
|
36 | 35 | |
|
|
37 | 36 | from rhodecode.lib import safe_str |
|
|
38 | from rhodecode.lib.auth import authfunc, HasPermissionAnyMiddleware, get_container_username | |
|
|
39 |
from rhodecode.lib. |
|
|
|
40 | is_valid_repo, ui_sections | |
|
|
37 | from rhodecode.lib.base import BaseVCSController | |
|
|
38 | from rhodecode.lib.auth import get_container_username | |
|
|
39 | from rhodecode.lib.utils import make_ui, is_valid_repo, ui_sections | |
|
|
41 | 40 | from rhodecode.model.db import User |
|
|
42 | 41 | |
|
|
43 | 42 | from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError |
| @@ -55,18 +54,9 b' def is_mercurial(environ):' | |||
|
|
55 | 54 | return False |
|
|
56 | 55 | |
|
|
57 | 56 | |
|
|
58 |
class SimpleHg( |
|
|
|
57 | class SimpleHg(BaseVCSController): | |
|
|
59 | 58 | |
|
|
60 | def __init__(self, application, config): | |
|
|
61 | self.application = application | |
|
|
62 | self.config = config | |
|
|
63 | # base path of repo locations | |
|
|
64 | self.basepath = self.config['base_path'] | |
|
|
65 | #authenticate this mercurial request using authfunc | |
|
|
66 | self.authenticate = AuthBasicAuthenticator('', authfunc) | |
|
|
67 | self.ipaddr = '0.0.0.0' | |
|
|
68 | ||
|
|
69 | def __call__(self, environ, start_response): | |
|
|
59 | def _handle_request(self, environ, start_response): | |
|
|
70 | 60 | if not is_mercurial(environ): |
|
|
71 | 61 | return self.application(environ, start_response) |
|
|
72 | 62 | |
| @@ -98,9 +88,8 b' class SimpleHg(object):' | |||
|
|
98 | 88 | anonymous_user = self.__get_user('default') |
|
|
99 | 89 | |
|
|
100 | 90 | username = anonymous_user.username |
|
|
101 |
anonymous_perm = self. |
|
|
|
102 |
|
|
|
|
103 | repo_name) | |
|
|
91 | anonymous_perm = self._check_permission(action,anonymous_user, | |
|
|
92 | repo_name) | |
|
|
104 | 93 | |
|
|
105 | 94 | if anonymous_perm is not True or anonymous_user.active is False: |
|
|
106 | 95 | if anonymous_perm is not True: |
| @@ -145,7 +134,7 b' class SimpleHg(object):' | |||
|
|
145 | 134 | start_response) |
|
|
146 | 135 | |
|
|
147 | 136 | #check permissions for this repository |
|
|
148 |
perm = self. |
|
|
|
137 | perm = self._check_permission(action, user, | |
|
|
149 | 138 | repo_name) |
|
|
150 | 139 | if perm is not True: |
|
|
151 | 140 | return HTTPForbidden()(environ, start_response) |
| @@ -171,9 +160,9 b' class SimpleHg(object):' | |||
|
|
171 | 160 | return HTTPNotFound()(environ, start_response) |
|
|
172 | 161 | |
|
|
173 | 162 | try: |
|
|
174 | #invalidate cache on push | |
|
|
163 | # invalidate cache on push | |
|
|
175 | 164 | if action == 'push': |
|
|
176 |
self. |
|
|
|
165 | self._invalidate_cache(repo_name) | |
|
|
177 | 166 | |
|
|
178 | 167 | app = self.__make_app(repo_path, baseui, extras) |
|
|
179 | 168 | return app(environ, start_response) |
| @@ -192,31 +181,6 b' class SimpleHg(object):' | |||
|
|
192 | 181 | return hgweb_mod.hgweb(repo_name, name=repo_name, baseui=baseui) |
|
|
193 | 182 | |
|
|
194 | 183 | |
|
|
195 | def __check_permission(self, action, user, repo_name): | |
|
|
196 | """ | |
|
|
197 | Checks permissions using action (push/pull) user and repository | |
|
|
198 | name | |
|
|
199 | ||
|
|
200 | :param action: push or pull action | |
|
|
201 | :param user: user instance | |
|
|
202 | :param repo_name: repository name | |
|
|
203 | """ | |
|
|
204 | if action == 'push': | |
|
|
205 | if not HasPermissionAnyMiddleware('repository.write', | |
|
|
206 | 'repository.admin')(user, | |
|
|
207 | repo_name): | |
|
|
208 | return False | |
|
|
209 | ||
|
|
210 | else: | |
|
|
211 | #any other action need at least read permission | |
|
|
212 | if not HasPermissionAnyMiddleware('repository.read', | |
|
|
213 | 'repository.write', | |
|
|
214 | 'repository.admin')(user, | |
|
|
215 | repo_name): | |
|
|
216 | return False | |
|
|
217 | ||
|
|
218 | return True | |
|
|
219 | ||
|
|
220 | 184 | def __get_repository(self, environ): |
|
|
221 | 185 | """ |
|
|
222 | 186 | Get's repository name out of PATH_INFO header |
| @@ -257,11 +221,6 b' class SimpleHg(object):' | |||
|
|
257 | 221 | else: |
|
|
258 | 222 | return 'pull' |
|
|
259 | 223 | |
|
|
260 | def __invalidate_cache(self, repo_name): | |
|
|
261 | """we know that some change was made to repositories and we should | |
|
|
262 | invalidate the cache to see the changes right away but only for | |
|
|
263 | push requests""" | |
|
|
264 | invalidate_cache('get_repo_cached_%s' % repo_name) | |
|
|
265 | 224 | |
|
|
266 | 225 | def __inject_extras(self, repo_path, baseui, extras={}): |
|
|
267 | 226 | """ |
General Comments 0
You need to be logged in to leave comments.
Login now