Show More
| @@ -116,7 +116,7 b' def get_repo_or_error(repoid):' | |||
|
|
116 | 116 | """ |
|
|
117 | 117 | Get repo by id or name or return JsonRPCError if not found |
|
|
118 | 118 | |
|
|
119 |
:param |
|
|
|
119 | :param repoid: | |
|
|
120 | 120 | """ |
|
|
121 | 121 | repo = RepoModel().get_repo(repoid) |
|
|
122 | 122 | if repo is None: |
| @@ -215,7 +215,7 b' class ApiController(JSONRPCController):' | |||
|
|
215 | 215 | :param repoid: |
|
|
216 | 216 | """ |
|
|
217 | 217 | repo = get_repo_or_error(repoid) |
|
|
218 |
if HasPermissionAnyApi('hg.admin')(user=apiuser) |
|
|
|
218 | if not HasPermissionAnyApi('hg.admin')(user=apiuser): | |
|
|
219 | 219 | # check if we have admin permission for this repo ! |
|
|
220 | 220 | if HasRepoPermissionAnyApi('repository.admin', |
|
|
221 | 221 | 'repository.write')(user=apiuser, |
| @@ -231,6 +231,7 b' class ApiController(JSONRPCController):' | |||
|
|
231 | 231 | 'Error occurred during cache invalidation action' |
|
|
232 | 232 | ) |
|
|
233 | 233 | |
|
|
234 | # permission check inside | |
|
|
234 | 235 | def lock(self, apiuser, repoid, locked=Optional(None), |
|
|
235 | 236 | userid=Optional(OAttr('apiuser'))): |
|
|
236 | 237 | """ |
| @@ -323,9 +324,8 b' class ApiController(JSONRPCController):' | |||
|
|
323 | 324 | :param apiuser: |
|
|
324 | 325 | :param userid: |
|
|
325 | 326 | """ |
|
|
326 | if HasPermissionAnyApi('hg.admin')(user=apiuser): | |
|
|
327 | pass | |
|
|
328 | else: | |
|
|
327 | ||
|
|
328 | if not HasPermissionAnyApi('hg.admin')(user=apiuser): | |
|
|
329 | 329 | #make sure normal user does not pass someone else userid, |
|
|
330 | 330 | #he is not allowed to do that |
|
|
331 | 331 | if not isinstance(userid, Optional) and userid != apiuser.user_id: |
| @@ -375,7 +375,7 b' class ApiController(JSONRPCController):' | |||
|
|
375 | 375 | :param apiuser: |
|
|
376 | 376 | :param userid: |
|
|
377 | 377 | """ |
|
|
378 |
if HasPermissionAnyApi('hg.admin')(user=apiuser) |
|
|
|
378 | if not HasPermissionAnyApi('hg.admin')(user=apiuser): | |
|
|
379 | 379 | #make sure normal user does not pass someone else userid, |
|
|
380 | 380 | #he is not allowed to do that |
|
|
381 | 381 | if not isinstance(userid, Optional) and userid != apiuser.user_id: |
| @@ -669,10 +669,10 b' class ApiController(JSONRPCController):' | |||
|
|
669 | 669 | """ |
|
|
670 | 670 | repo = get_repo_or_error(repoid) |
|
|
671 | 671 | |
|
|
672 |
if HasPermissionAnyApi('hg.admin')(user=apiuser) |
|
|
|
672 | if not HasPermissionAnyApi('hg.admin')(user=apiuser): | |
|
|
673 | 673 | # check if we have admin permission for this repo ! |
|
|
674 | if HasRepoPermissionAnyApi('repository.admin')(user=apiuser, | |
|
|
675 |
repo_name=repo.repo_name) |
|
|
|
674 | if not HasRepoPermissionAnyApi('repository.admin')(user=apiuser, | |
|
|
675 | repo_name=repo.repo_name): | |
|
|
676 | 676 | raise JSONRPCError('repository `%s` does not exist' % (repoid)) |
|
|
677 | 677 | |
|
|
678 | 678 | members = [] |
| @@ -701,6 +701,7 b' class ApiController(JSONRPCController):' | |||
|
|
701 | 701 | data['followers'] = followers |
|
|
702 | 702 | return data |
|
|
703 | 703 | |
|
|
704 | # permission check inside | |
|
|
704 | 705 | def get_repos(self, apiuser): |
|
|
705 | 706 | """" |
|
|
706 | 707 | Get all repositories |
General Comments 0
You need to be logged in to leave comments.
Login now