Show More
@@ -45,7 +45,7 b' from kallithea.lib.exceptions import Use' | |||||
45 | RepoGroupAssignmentError |
|
45 | RepoGroupAssignmentError | |
46 | from kallithea.lib.utils2 import safe_unicode, safe_int |
|
46 | from kallithea.lib.utils2 import safe_unicode, safe_int | |
47 | from kallithea.lib.auth import LoginRequired, \ |
|
47 | from kallithea.lib.auth import LoginRequired, \ | |
48 |
HasUserGroupPermission |
|
48 | HasUserGroupPermissionLevelDecorator, HasPermissionAnyDecorator | |
49 | from kallithea.lib.base import BaseController, render |
|
49 | from kallithea.lib.base import BaseController, render | |
50 | from kallithea.model.scm import UserGroupList |
|
50 | from kallithea.model.scm import UserGroupList | |
51 | from kallithea.model.user_group import UserGroupModel |
|
51 | from kallithea.model.user_group import UserGroupModel | |
@@ -92,7 +92,7 b' class UserGroupsController(BaseControlle' | |||||
92 | _list = UserGroup.query() \ |
|
92 | _list = UserGroup.query() \ | |
93 | .order_by(func.lower(UserGroup.users_group_name)) \ |
|
93 | .order_by(func.lower(UserGroup.users_group_name)) \ | |
94 | .all() |
|
94 | .all() | |
95 |
group_iter = UserGroupList(_list, perm_ |
|
95 | group_iter = UserGroupList(_list, perm_level='admin') | |
96 | user_groups_data = [] |
|
96 | user_groups_data = [] | |
97 | total_records = len(group_iter) |
|
97 | total_records = len(group_iter) | |
98 | _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup |
|
98 | _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup | |
@@ -165,7 +165,7 b' class UserGroupsController(BaseControlle' | |||||
165 | def new(self, format='html'): |
|
165 | def new(self, format='html'): | |
166 | return render('admin/user_groups/user_group_add.html') |
|
166 | return render('admin/user_groups/user_group_add.html') | |
167 |
|
167 | |||
168 |
@HasUserGroupPermission |
|
168 | @HasUserGroupPermissionLevelDecorator('admin') | |
169 | def update(self, id): |
|
169 | def update(self, id): | |
170 | c.user_group = UserGroup.get_or_404(id) |
|
170 | c.user_group = UserGroup.get_or_404(id) | |
171 | c.active = 'settings' |
|
171 | c.active = 'settings' | |
@@ -211,7 +211,7 b' class UserGroupsController(BaseControlle' | |||||
211 |
|
211 | |||
212 | raise HTTPFound(location=url('edit_users_group', id=id)) |
|
212 | raise HTTPFound(location=url('edit_users_group', id=id)) | |
213 |
|
213 | |||
214 |
@HasUserGroupPermission |
|
214 | @HasUserGroupPermissionLevelDecorator('admin') | |
215 | def delete(self, id): |
|
215 | def delete(self, id): | |
216 | usr_gr = UserGroup.get_or_404(id) |
|
216 | usr_gr = UserGroup.get_or_404(id) | |
217 | try: |
|
217 | try: | |
@@ -226,7 +226,7 b' class UserGroupsController(BaseControlle' | |||||
226 | category='error') |
|
226 | category='error') | |
227 | raise HTTPFound(location=url('users_groups')) |
|
227 | raise HTTPFound(location=url('users_groups')) | |
228 |
|
228 | |||
229 |
@HasUserGroupPermission |
|
229 | @HasUserGroupPermissionLevelDecorator('admin') | |
230 | def edit(self, id, format='html'): |
|
230 | def edit(self, id, format='html'): | |
231 | c.user_group = UserGroup.get_or_404(id) |
|
231 | c.user_group = UserGroup.get_or_404(id) | |
232 | c.active = 'settings' |
|
232 | c.active = 'settings' | |
@@ -241,7 +241,7 b' class UserGroupsController(BaseControlle' | |||||
241 | force_defaults=False |
|
241 | force_defaults=False | |
242 | ) |
|
242 | ) | |
243 |
|
243 | |||
244 |
@HasUserGroupPermission |
|
244 | @HasUserGroupPermissionLevelDecorator('admin') | |
245 | def edit_perms(self, id): |
|
245 | def edit_perms(self, id): | |
246 | c.user_group = UserGroup.get_or_404(id) |
|
246 | c.user_group = UserGroup.get_or_404(id) | |
247 | c.active = 'perms' |
|
247 | c.active = 'perms' | |
@@ -267,7 +267,7 b' class UserGroupsController(BaseControlle' | |||||
267 | force_defaults=False |
|
267 | force_defaults=False | |
268 | ) |
|
268 | ) | |
269 |
|
269 | |||
270 |
@HasUserGroupPermission |
|
270 | @HasUserGroupPermissionLevelDecorator('admin') | |
271 | def update_perms(self, id): |
|
271 | def update_perms(self, id): | |
272 | """ |
|
272 | """ | |
273 | grant permission for given usergroup |
|
273 | grant permission for given usergroup | |
@@ -291,7 +291,7 b' class UserGroupsController(BaseControlle' | |||||
291 | h.flash(_('User group permissions updated'), category='success') |
|
291 | h.flash(_('User group permissions updated'), category='success') | |
292 | raise HTTPFound(location=url('edit_user_group_perms', id=id)) |
|
292 | raise HTTPFound(location=url('edit_user_group_perms', id=id)) | |
293 |
|
293 | |||
294 |
@HasUserGroupPermission |
|
294 | @HasUserGroupPermissionLevelDecorator('admin') | |
295 | def delete_perms(self, id): |
|
295 | def delete_perms(self, id): | |
296 | try: |
|
296 | try: | |
297 | obj_type = request.POST.get('obj_type') |
|
297 | obj_type = request.POST.get('obj_type') | |
@@ -319,7 +319,7 b' class UserGroupsController(BaseControlle' | |||||
319 | category='error') |
|
319 | category='error') | |
320 | raise HTTPInternalServerError() |
|
320 | raise HTTPInternalServerError() | |
321 |
|
321 | |||
322 |
@HasUserGroupPermission |
|
322 | @HasUserGroupPermissionLevelDecorator('admin') | |
323 | def edit_default_perms(self, id): |
|
323 | def edit_default_perms(self, id): | |
324 | c.user_group = UserGroup.get_or_404(id) |
|
324 | c.user_group = UserGroup.get_or_404(id) | |
325 | c.active = 'default_perms' |
|
325 | c.active = 'default_perms' | |
@@ -368,7 +368,7 b' class UserGroupsController(BaseControlle' | |||||
368 | force_defaults=False |
|
368 | force_defaults=False | |
369 | ) |
|
369 | ) | |
370 |
|
370 | |||
371 |
@HasUserGroupPermission |
|
371 | @HasUserGroupPermissionLevelDecorator('admin') | |
372 | def update_default_perms(self, id): |
|
372 | def update_default_perms(self, id): | |
373 | user_group = UserGroup.get_or_404(id) |
|
373 | user_group = UserGroup.get_or_404(id) | |
374 |
|
374 | |||
@@ -408,7 +408,7 b' class UserGroupsController(BaseControlle' | |||||
408 |
|
408 | |||
409 | raise HTTPFound(location=url('edit_user_group_default_perms', id=id)) |
|
409 | raise HTTPFound(location=url('edit_user_group_default_perms', id=id)) | |
410 |
|
410 | |||
411 |
@HasUserGroupPermission |
|
411 | @HasUserGroupPermissionLevelDecorator('admin') | |
412 | def edit_advanced(self, id): |
|
412 | def edit_advanced(self, id): | |
413 | c.user_group = UserGroup.get_or_404(id) |
|
413 | c.user_group = UserGroup.get_or_404(id) | |
414 | c.active = 'advanced' |
|
414 | c.active = 'advanced' | |
@@ -417,7 +417,7 b' class UserGroupsController(BaseControlle' | |||||
417 | return render('admin/user_groups/user_group_edit.html') |
|
417 | return render('admin/user_groups/user_group_edit.html') | |
418 |
|
418 | |||
419 |
|
419 | |||
420 |
@HasUserGroupPermission |
|
420 | @HasUserGroupPermissionLevelDecorator('admin') | |
421 | def edit_members(self, id): |
|
421 | def edit_members(self, id): | |
422 | c.user_group = UserGroup.get_or_404(id) |
|
422 | c.user_group = UserGroup.get_or_404(id) | |
423 | c.active = 'members' |
|
423 | c.active = 'members' |
@@ -36,7 +36,7 b' from kallithea.controllers.api import JS' | |||||
36 | from kallithea.lib.auth import ( |
|
36 | from kallithea.lib.auth import ( | |
37 | PasswordGenerator, AuthUser, HasPermissionAnyDecorator, |
|
37 | PasswordGenerator, AuthUser, HasPermissionAnyDecorator, | |
38 | HasPermissionAnyDecorator, HasPermissionAny, HasRepoPermissionLevel, |
|
38 | HasPermissionAnyDecorator, HasPermissionAny, HasRepoPermissionLevel, | |
39 |
HasRepoGroupPermissionLevel, HasUserGroupPermission |
|
39 | HasRepoGroupPermissionLevel, HasUserGroupPermissionLevel) | |
40 | from kallithea.lib.utils import map_groups, repo2db_mapper |
|
40 | from kallithea.lib.utils import map_groups, repo2db_mapper | |
41 | from kallithea.lib.utils2 import ( |
|
41 | from kallithea.lib.utils2 import ( | |
42 | str2bool, time_to_datetime, safe_int, Optional, OAttr) |
|
42 | str2bool, time_to_datetime, safe_int, Optional, OAttr) | |
@@ -820,10 +820,7 b' class ApiController(JSONRPCController):' | |||||
820 | """ |
|
820 | """ | |
821 | user_group = get_user_group_or_error(usergroupid) |
|
821 | user_group = get_user_group_or_error(usergroupid) | |
822 | if not HasPermissionAny('hg.admin')(): |
|
822 | if not HasPermissionAny('hg.admin')(): | |
823 | # check if we have at least read permission for this user group ! |
|
823 | if not HasUserGroupPermissionLevel('read')(user_group.users_group_name): | |
824 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) |
|
|||
825 | if not HasUserGroupPermissionAny(*_perms)( |
|
|||
826 | user_group_name=user_group.users_group_name): |
|
|||
827 | raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) |
|
824 | raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) | |
828 |
|
825 | |||
829 | data = user_group.get_api_data() |
|
826 | data = user_group.get_api_data() | |
@@ -845,9 +842,7 b' class ApiController(JSONRPCController):' | |||||
845 | """ |
|
842 | """ | |
846 |
|
843 | |||
847 | result = [] |
|
844 | result = [] | |
848 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) |
|
845 | for user_group in UserGroupList(UserGroup.query().all(), perm_level='read'): | |
849 | for user_group in UserGroupList(UserGroup.query().all(), |
|
|||
850 | perm_set=_perms): |
|
|||
851 | result.append(user_group.get_api_data()) |
|
846 | result.append(user_group.get_api_data()) | |
852 | return result |
|
847 | return result | |
853 |
|
848 | |||
@@ -949,10 +944,7 b' class ApiController(JSONRPCController):' | |||||
949 | """ |
|
944 | """ | |
950 | user_group = get_user_group_or_error(usergroupid) |
|
945 | user_group = get_user_group_or_error(usergroupid) | |
951 | if not HasPermissionAny('hg.admin')(): |
|
946 | if not HasPermissionAny('hg.admin')(): | |
952 | # check if we have admin permission for this user group ! |
|
947 | if not HasUserGroupPermissionLevel('admin')(user_group.users_group_name): | |
953 | _perms = ('usergroup.admin',) |
|
|||
954 | if not HasUserGroupPermissionAny(*_perms)( |
|
|||
955 | user_group_name=user_group.users_group_name): |
|
|||
956 | raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) |
|
948 | raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) | |
957 |
|
949 | |||
958 | if not isinstance(owner, Optional): |
|
950 | if not isinstance(owner, Optional): | |
@@ -1006,10 +998,7 b' class ApiController(JSONRPCController):' | |||||
1006 | """ |
|
998 | """ | |
1007 | user_group = get_user_group_or_error(usergroupid) |
|
999 | user_group = get_user_group_or_error(usergroupid) | |
1008 | if not HasPermissionAny('hg.admin')(): |
|
1000 | if not HasPermissionAny('hg.admin')(): | |
1009 | # check if we have admin permission for this user group ! |
|
1001 | if not HasUserGroupPermissionLevel('admin')(user_group.users_group_name): | |
1010 | _perms = ('usergroup.admin',) |
|
|||
1011 | if not HasUserGroupPermissionAny(*_perms)( |
|
|||
1012 | user_group_name=user_group.users_group_name): |
|
|||
1013 | raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) |
|
1002 | raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) | |
1014 |
|
1003 | |||
1015 | try: |
|
1004 | try: | |
@@ -1065,10 +1054,7 b' class ApiController(JSONRPCController):' | |||||
1065 | user = get_user_or_error(userid) |
|
1054 | user = get_user_or_error(userid) | |
1066 | user_group = get_user_group_or_error(usergroupid) |
|
1055 | user_group = get_user_group_or_error(usergroupid) | |
1067 | if not HasPermissionAny('hg.admin')(): |
|
1056 | if not HasPermissionAny('hg.admin')(): | |
1068 | # check if we have admin permission for this user group ! |
|
1057 | if not HasUserGroupPermissionLevel('admin')(user_group.users_group_name): | |
1069 | _perms = ('usergroup.admin',) |
|
|||
1070 | if not HasUserGroupPermissionAny(*_perms)( |
|
|||
1071 | user_group_name=user_group.users_group_name): |
|
|||
1072 | raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) |
|
1058 | raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) | |
1073 |
|
1059 | |||
1074 | try: |
|
1060 | try: | |
@@ -1117,10 +1103,7 b' class ApiController(JSONRPCController):' | |||||
1117 | user = get_user_or_error(userid) |
|
1103 | user = get_user_or_error(userid) | |
1118 | user_group = get_user_group_or_error(usergroupid) |
|
1104 | user_group = get_user_group_or_error(usergroupid) | |
1119 | if not HasPermissionAny('hg.admin')(): |
|
1105 | if not HasPermissionAny('hg.admin')(): | |
1120 | # check if we have admin permission for this user group ! |
|
1106 | if not HasUserGroupPermissionLevel('admin')(user_group.users_group_name): | |
1121 | _perms = ('usergroup.admin',) |
|
|||
1122 | if not HasUserGroupPermissionAny(*_perms)( |
|
|||
1123 | user_group_name=user_group.users_group_name): |
|
|||
1124 | raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) |
|
1107 | raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) | |
1125 |
|
1108 | |||
1126 | try: |
|
1109 | try: | |
@@ -1812,10 +1795,7 b' class ApiController(JSONRPCController):' | |||||
1812 | if not HasRepoPermissionLevel('admin')(repo.repo_name): |
|
1795 | if not HasRepoPermissionLevel('admin')(repo.repo_name): | |
1813 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) |
|
1796 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) | |
1814 |
|
1797 | |||
1815 | # check if we have at least read permission for this user group ! |
|
1798 | if not HasUserGroupPermissionLevel('read')(user_group.users_group_name): | |
1816 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) |
|
|||
1817 | if not HasUserGroupPermissionAny(*_perms)( |
|
|||
1818 | user_group_name=user_group.users_group_name): |
|
|||
1819 | raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) |
|
1799 | raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) | |
1820 |
|
1800 | |||
1821 | try: |
|
1801 | try: | |
@@ -1865,10 +1845,7 b' class ApiController(JSONRPCController):' | |||||
1865 | if not HasRepoPermissionLevel('admin')(repo.repo_name): |
|
1845 | if not HasRepoPermissionLevel('admin')(repo.repo_name): | |
1866 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) |
|
1846 | raise JSONRPCError('repository `%s` does not exist' % (repoid,)) | |
1867 |
|
1847 | |||
1868 | # check if we have at least read permission for this user group ! |
|
1848 | if not HasUserGroupPermissionLevel('read')(user_group.users_group_name): | |
1869 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) |
|
|||
1870 | if not HasUserGroupPermissionAny(*_perms)( |
|
|||
1871 | user_group_name=user_group.users_group_name): |
|
|||
1872 | raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) |
|
1849 | raise JSONRPCError('user group `%s` does not exist' % (usergroupid,)) | |
1873 |
|
1850 | |||
1874 | try: |
|
1851 | try: | |
@@ -2245,10 +2222,7 b' class ApiController(JSONRPCController):' | |||||
2245 | raise JSONRPCError( |
|
2222 | raise JSONRPCError( | |
2246 | 'repository group `%s` does not exist' % (repogroupid,)) |
|
2223 | 'repository group `%s` does not exist' % (repogroupid,)) | |
2247 |
|
2224 | |||
2248 | # check if we have at least read permission for this user group ! |
|
2225 | if not HasUserGroupPermissionLevel('read')(user_group.users_group_name): | |
2249 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) |
|
|||
2250 | if not HasUserGroupPermissionAny(*_perms)( |
|
|||
2251 | user_group_name=user_group.users_group_name): |
|
|||
2252 | raise JSONRPCError( |
|
2226 | raise JSONRPCError( | |
2253 | 'user group `%s` does not exist' % (usergroupid,)) |
|
2227 | 'user group `%s` does not exist' % (usergroupid,)) | |
2254 |
|
2228 | |||
@@ -2318,10 +2292,7 b' class ApiController(JSONRPCController):' | |||||
2318 | raise JSONRPCError( |
|
2292 | raise JSONRPCError( | |
2319 | 'repository group `%s` does not exist' % (repogroupid,)) |
|
2293 | 'repository group `%s` does not exist' % (repogroupid,)) | |
2320 |
|
2294 | |||
2321 | # check if we have at least read permission for this user group ! |
|
2295 | if not HasUserGroupPermissionLevel('read')(user_group.users_group_name): | |
2322 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) |
|
|||
2323 | if not HasUserGroupPermissionAny(*_perms)( |
|
|||
2324 | user_group_name=user_group.users_group_name): |
|
|||
2325 | raise JSONRPCError( |
|
2296 | raise JSONRPCError( | |
2326 | 'user group `%s` does not exist' % (usergroupid,)) |
|
2297 | 'user group `%s` does not exist' % (usergroupid,)) | |
2327 |
|
2298 |
@@ -561,6 +561,18 b' class AuthUser(object):' | |||||
561 | self.username, level, repo_group_name, purpose, ok, actual_perm) |
|
561 | self.username, level, repo_group_name, purpose, ok, actual_perm) | |
562 | return ok |
|
562 | return ok | |
563 |
|
563 | |||
|
564 | def has_user_group_permission_level(self, user_group_name, level, purpose=None): | |||
|
565 | required_perms = { | |||
|
566 | 'read': ['usergroup.read', 'usergroup.write', 'usergroup.admin'], | |||
|
567 | 'write': ['usergroup.write', 'usergroup.admin'], | |||
|
568 | 'admin': ['usergroup.admin'], | |||
|
569 | }[level] | |||
|
570 | actual_perm = self.permissions['user_groups'].get(user_group_name) | |||
|
571 | ok = actual_perm in required_perms | |||
|
572 | log.debug('Checking if user %r can %r user group %r (%s): %s (has %r)', | |||
|
573 | self.username, level, user_group_name, purpose, ok, actual_perm) | |||
|
574 | return ok | |||
|
575 | ||||
564 | @property |
|
576 | @property | |
565 | def api_keys(self): |
|
577 | def api_keys(self): | |
566 | return self._get_api_keys() |
|
578 | return self._get_api_keys() | |
@@ -882,7 +894,7 b' class HasRepoGroupPermissionLevelDecorat' | |||||
882 | return user.has_repository_group_permission_level(repo_group_name, level) |
|
894 | return user.has_repository_group_permission_level(repo_group_name, level) | |
883 |
|
895 | |||
884 |
|
896 | |||
885 |
class HasUserGroupPermission |
|
897 | class HasUserGroupPermissionLevelDecorator(_PermsDecorator): | |
886 | """ |
|
898 | """ | |
887 | Checks for access permission for any of given predicates for specific |
|
899 | Checks for access permission for any of given predicates for specific | |
888 | user group. In order to fulfill the request any of predicates must be meet |
|
900 | user group. In order to fulfill the request any of predicates must be meet | |
@@ -890,10 +902,8 b' class HasUserGroupPermissionAnyDecorator' | |||||
890 |
|
902 | |||
891 | def check_permissions(self, user): |
|
903 | def check_permissions(self, user): | |
892 | user_group_name = get_user_group_slug(request) |
|
904 | user_group_name = get_user_group_slug(request) | |
893 | try: |
|
905 | (level,) = self.required_perms | |
894 | return user.permissions['user_groups'][user_group_name] in self.required_perms |
|
906 | return user.has_user_group_permission_level(user_group_name, level) | |
895 | except KeyError: |
|
|||
896 | return False |
|
|||
897 |
|
907 | |||
898 |
|
908 | |||
899 | #============================================================================== |
|
909 | #============================================================================== | |
@@ -942,17 +952,11 b' class HasRepoGroupPermissionLevel(_Perms' | |||||
942 | return request.user.has_repository_group_permission_level(group_name, level, purpose) |
|
952 | return request.user.has_repository_group_permission_level(group_name, level, purpose) | |
943 |
|
953 | |||
944 |
|
954 | |||
945 |
class HasUserGroupPermission |
|
955 | class HasUserGroupPermissionLevel(_PermsFunction): | |
946 |
|
956 | |||
947 | def __call__(self, user_group_name, purpose=None): |
|
957 | def __call__(self, user_group_name, purpose=None): | |
948 | try: |
|
958 | (level,) = self.required_perms | |
949 | ok = request.user.permissions['user_groups'][user_group_name] in self.required_perms |
|
959 | return request.user.has_user_group_permission_level(user_group_name, level, purpose) | |
950 | except KeyError: |
|
|||
951 | ok = False |
|
|||
952 |
|
||||
953 | log.debug('Check %s %s for user group %s (%s): %s' % |
|
|||
954 | (request.user.username, self.required_perms, user_group_name, purpose, ok)) |
|
|||
955 | return ok |
|
|||
956 |
|
960 | |||
957 |
|
961 | |||
958 | #============================================================================== |
|
962 | #============================================================================== |
@@ -47,7 +47,7 b' from kallithea.model.db import Repositor' | |||||
47 | Statistics, UserGroup, Ui, RepoGroup, RepositoryField |
|
47 | Statistics, UserGroup, Ui, RepoGroup, RepositoryField | |
48 |
|
48 | |||
49 | from kallithea.lib import helpers as h |
|
49 | from kallithea.lib import helpers as h | |
50 |
from kallithea.lib.auth import HasRepoPermissionLevel, HasUserGroupPermission |
|
50 | from kallithea.lib.auth import HasRepoPermissionLevel, HasUserGroupPermissionLevel | |
51 | from kallithea.lib.exceptions import AttachedForksError |
|
51 | from kallithea.lib.exceptions import AttachedForksError | |
52 | from kallithea.model.scm import UserGroupList |
|
52 | from kallithea.model.scm import UserGroupList | |
53 |
|
53 | |||
@@ -144,9 +144,7 b' class RepoModel(BaseModel):' | |||||
144 | .order_by(UserGroup.users_group_name) \ |
|
144 | .order_by(UserGroup.users_group_name) \ | |
145 | .options(subqueryload(UserGroup.members)) \ |
|
145 | .options(subqueryload(UserGroup.members)) \ | |
146 | .all() |
|
146 | .all() | |
147 |
user_groups = UserGroupList(user_groups, perm_ |
|
147 | user_groups = UserGroupList(user_groups, perm_level='read') | |
148 | 'usergroup.write', |
|
|||
149 | 'usergroup.admin']) |
|
|||
150 | return json.dumps([ |
|
148 | return json.dumps([ | |
151 | { |
|
149 | { | |
152 | 'id': gr.users_group_id, |
|
150 | 'id': gr.users_group_id, | |
@@ -468,11 +466,8 b' class RepoModel(BaseModel):' | |||||
468 | repo=repo, user=member, perm=perm |
|
466 | repo=repo, user=member, perm=perm | |
469 | ) |
|
467 | ) | |
470 | else: |
|
468 | else: | |
471 | #check if we have permissions to alter this usergroup |
|
469 | #check if we have permissions to alter this usergroup's access | |
472 | req_perms = ( |
|
470 | if not check_perms or HasUserGroupPermissionLevel('read')(member): | |
473 | 'usergroup.read', 'usergroup.write', 'usergroup.admin') |
|
|||
474 | if not check_perms or HasUserGroupPermissionAny(*req_perms)( |
|
|||
475 | member): |
|
|||
476 | self.grant_user_group_permission( |
|
471 | self.grant_user_group_permission( | |
477 | repo=repo, group_name=member, perm=perm |
|
472 | repo=repo, group_name=member, perm=perm | |
478 | ) |
|
473 | ) | |
@@ -483,11 +478,8 b' class RepoModel(BaseModel):' | |||||
483 | repo=repo, user=member, perm=perm |
|
478 | repo=repo, user=member, perm=perm | |
484 | ) |
|
479 | ) | |
485 | else: |
|
480 | else: | |
486 | #check if we have permissions to alter this usergroup |
|
481 | #check if we have permissions to alter this usergroup's access | |
487 | req_perms = ( |
|
482 | if not check_perms or HasUserGroupPermissionLevel('read')(member): | |
488 | 'usergroup.read', 'usergroup.write', 'usergroup.admin') |
|
|||
489 | if not check_perms or HasUserGroupPermissionAny(*req_perms)( |
|
|||
490 | member): |
|
|||
491 | self.grant_user_group_permission( |
|
483 | self.grant_user_group_permission( | |
492 | repo=repo, group_name=member, perm=perm |
|
484 | repo=repo, group_name=member, perm=perm | |
493 | ) |
|
485 | ) |
@@ -187,7 +187,7 b' class RepoGroupModel(BaseModel):' | |||||
187 | perms_updates=None, recursive=None, |
|
187 | perms_updates=None, recursive=None, | |
188 | check_perms=True): |
|
188 | check_perms=True): | |
189 | from kallithea.model.repo import RepoModel |
|
189 | from kallithea.model.repo import RepoModel | |
190 |
from kallithea.lib.auth import HasUserGroupPermission |
|
190 | from kallithea.lib.auth import HasUserGroupPermissionLevel | |
191 |
|
191 | |||
192 | if not perms_new: |
|
192 | if not perms_new: | |
193 | perms_new = [] |
|
193 | perms_new = [] | |
@@ -255,18 +255,16 b' class RepoGroupModel(BaseModel):' | |||||
255 | _set_perm_user(obj, user=member, perm=perm) |
|
255 | _set_perm_user(obj, user=member, perm=perm) | |
256 | ## set for user group |
|
256 | ## set for user group | |
257 | else: |
|
257 | else: | |
258 | #check if we have permissions to alter this usergroup |
|
258 | #check if we have permissions to alter this usergroup's access | |
259 | req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') |
|
259 | if not check_perms or HasUserGroupPermissionLevel('read')(member): | |
260 | if not check_perms or HasUserGroupPermissionAny(*req_perms)(member): |
|
|||
261 | _set_perm_group(obj, users_group=member, perm=perm) |
|
260 | _set_perm_group(obj, users_group=member, perm=perm) | |
262 | # set new permissions |
|
261 | # set new permissions | |
263 | for member, perm, member_type in perms_new: |
|
262 | for member, perm, member_type in perms_new: | |
264 | if member_type == 'user': |
|
263 | if member_type == 'user': | |
265 | _set_perm_user(obj, user=member, perm=perm) |
|
264 | _set_perm_user(obj, user=member, perm=perm) | |
266 | else: |
|
265 | else: | |
267 | #check if we have permissions to alter this usergroup |
|
266 | #check if we have permissions to alter this usergroup's access | |
268 | req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') |
|
267 | if not check_perms or HasUserGroupPermissionLevel('read')(member): | |
269 | if not check_perms or HasUserGroupPermissionAny(*req_perms)(member): |
|
|||
270 | _set_perm_group(obj, users_group=member, perm=perm) |
|
268 | _set_perm_group(obj, users_group=member, perm=perm) | |
271 | updates.append(obj) |
|
269 | updates.append(obj) | |
272 | # if it's not recursive call for all,repos,groups |
|
270 | # if it's not recursive call for all,repos,groups |
@@ -50,7 +50,7 b' from kallithea.lib import helpers as h' | |||||
50 | from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \ |
|
50 | from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \ | |
51 | _set_extras |
|
51 | _set_extras | |
52 | from kallithea.lib.auth import HasRepoPermissionLevel, HasRepoGroupPermissionLevel, \ |
|
52 | from kallithea.lib.auth import HasRepoPermissionLevel, HasRepoGroupPermissionLevel, \ | |
53 |
HasUserGroupPermission |
|
53 | HasUserGroupPermissionLevel, HasPermissionAny, HasPermissionAny | |
54 | from kallithea.lib.utils import get_filesystem_repos, make_ui, \ |
|
54 | from kallithea.lib.utils import get_filesystem_repos, make_ui, \ | |
55 | action_logger |
|
55 | action_logger | |
56 | from kallithea.model.base import BaseModel |
|
56 | from kallithea.model.base import BaseModel | |
@@ -132,13 +132,10 b' class RepoGroupList(_PermCheckIterator):' | |||||
132 |
|
132 | |||
133 | class UserGroupList(_PermCheckIterator): |
|
133 | class UserGroupList(_PermCheckIterator): | |
134 |
|
134 | |||
135 |
def __init__(self, db_user_group_list, perm_ |
|
135 | def __init__(self, db_user_group_list, perm_level, extra_kwargs=None): | |
136 | if not perm_set: |
|
|||
137 | perm_set = ['usergroup.read', 'usergroup.write', 'usergroup.admin'] |
|
|||
138 |
|
||||
139 | super(UserGroupList, self).__init__(obj_list=db_user_group_list, |
|
136 | super(UserGroupList, self).__init__(obj_list=db_user_group_list, | |
140 |
obj_attr='users_group_name', perm_set= |
|
137 | obj_attr='users_group_name', perm_set=[perm_level], | |
141 |
perm_checker=HasUserGroupPermission |
|
138 | perm_checker=HasUserGroupPermissionLevel, | |
142 | extra_kwargs=extra_kwargs) |
|
139 | extra_kwargs=extra_kwargs) | |
143 |
|
140 | |||
144 |
|
141 |
@@ -57,7 +57,7 b' class UserGroupModel(BaseModel):' | |||||
57 |
|
57 | |||
58 | def _update_permissions(self, user_group, perms_new=None, |
|
58 | def _update_permissions(self, user_group, perms_new=None, | |
59 | perms_updates=None): |
|
59 | perms_updates=None): | |
60 |
from kallithea.lib.auth import HasUserGroupPermission |
|
60 | from kallithea.lib.auth import HasUserGroupPermissionLevel | |
61 | if not perms_new: |
|
61 | if not perms_new: | |
62 | perms_new = [] |
|
62 | perms_new = [] | |
63 | if not perms_updates: |
|
63 | if not perms_updates: | |
@@ -71,9 +71,8 b' class UserGroupModel(BaseModel):' | |||||
71 | user_group=user_group, user=member, perm=perm |
|
71 | user_group=user_group, user=member, perm=perm | |
72 | ) |
|
72 | ) | |
73 | else: |
|
73 | else: | |
74 | #check if we have permissions to alter this usergroup |
|
74 | #check if we have permissions to alter this usergroup's access | |
75 |
if HasUserGroupPermission |
|
75 | if HasUserGroupPermissionLevel('read')(member): | |
76 | 'usergroup.admin')(member): |
|
|||
77 | self.grant_user_group_permission( |
|
76 | self.grant_user_group_permission( | |
78 | target_user_group=user_group, user_group=member, perm=perm |
|
77 | target_user_group=user_group, user_group=member, perm=perm | |
79 | ) |
|
78 | ) | |
@@ -84,9 +83,8 b' class UserGroupModel(BaseModel):' | |||||
84 | user_group=user_group, user=member, perm=perm |
|
83 | user_group=user_group, user=member, perm=perm | |
85 | ) |
|
84 | ) | |
86 | else: |
|
85 | else: | |
87 | #check if we have permissions to alter this usergroup |
|
86 | #check if we have permissions to alter this usergroup's access | |
88 |
if HasUserGroupPermission |
|
87 | if HasUserGroupPermissionLevel('read')(member): | |
89 | 'usergroup.admin')(member): |
|
|||
90 | self.grant_user_group_permission( |
|
88 | self.grant_user_group_permission( | |
91 | target_user_group=user_group, user_group=member, perm=perm |
|
89 | target_user_group=user_group, user_group=member, perm=perm | |
92 | ) |
|
90 | ) |
General Comments 0
You need to be logged in to leave comments.
Login now