aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarcin Kuzminski <marcin@python-works.com>2013-03-11 17:59:38 +0100
committerMarcin Kuzminski <marcin@python-works.com>2013-03-11 17:59:38 +0100
commita6b33ab7a88ea7acffd5d612ebbacc053f54edfb (patch)
tree32a3b8d78da4e82c131f5a1620197ebcab83c5e9
parent5e140bc72ea08af6eff70c0946c15f1578d44be5 (diff)
Pass in old groups data to CanWriteToGroup validator for later skipping group checks.
This will be a part of refactoring done to do user permissions changes without messing with main repo form data --HG-- extra : source : af96fb19b53ab2b7146e27640647217b43ddb58a
-rw-r--r--rhodecode/controllers/admin/repos.py6
-rw-r--r--rhodecode/controllers/settings.py6
-rw-r--r--rhodecode/model/forms.py4
-rw-r--r--rhodecode/model/validators.py58
4 files changed, 62 insertions, 12 deletions
diff --git a/rhodecode/controllers/admin/repos.py b/rhodecode/controllers/admin/repos.py
index ac9372e0..bc681ff9 100644
--- a/rhodecode/controllers/admin/repos.py
+++ b/rhodecode/controllers/admin/repos.py
@@ -231,8 +231,10 @@ class ReposController(BaseController):
#override the choices with extracted revisions !
choices, c.landing_revs = ScmModel().get_repo_landing_revs(repo_name)
c.landing_revs_choices = choices
-
- _form = RepoForm(edit=True, old_data={'repo_name': repo_name},
+ repo = Repository.get_by_repo_name(repo_name)
+ _form = RepoForm(edit=True, old_data={'repo_name': repo_name,
+ 'repo_group': repo.group.get_dict() \
+ if repo.group else {}},
repo_groups=c.repo_groups_choices,
landing_revs=c.landing_revs_choices)()
try:
diff --git a/rhodecode/controllers/settings.py b/rhodecode/controllers/settings.py
index 3e850481..ca509ab5 100644
--- a/rhodecode/controllers/settings.py
+++ b/rhodecode/controllers/settings.py
@@ -107,9 +107,11 @@ class SettingsController(BaseRepoController):
#override the choices with extracted revisions !
choices, c.landing_revs = ScmModel().get_repo_landing_revs(repo_name)
c.landing_revs_choices = choices
-
+ repo = Repository.get_by_repo_name(repo_name)
_form = RepoSettingsForm(edit=True,
- old_data={'repo_name': repo_name},
+ old_data={'repo_name': repo_name,
+ 'repo_group': repo.group.get_dict() \
+ if repo.group else {}},
repo_groups=c.repo_groups_choices,
landing_revs=c.landing_revs_choices)()
try:
diff --git a/rhodecode/model/forms.py b/rhodecode/model/forms.py
index d7c9d38f..75eda30f 100644
--- a/rhodecode/model/forms.py
+++ b/rhodecode/model/forms.py
@@ -176,7 +176,7 @@ def RepoForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
filter_extra_fields = False
repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
v.SlugifyName())
- repo_group = All(v.CanWriteGroup(),
+ repo_group = All(v.CanWriteGroup(old_data),
v.OneOf(repo_groups, hideList=True))
repo_type = v.OneOf(supported_backends)
repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
@@ -205,7 +205,7 @@ def RepoSettingsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()
filter_extra_fields = False
repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
v.SlugifyName())
- repo_group = All(v.CanWriteGroup(),
+ repo_group = All(v.CanWriteGroup(old_data),
v.OneOf(repo_groups, hideList=True))
repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
repo_private = v.StringBoolean(if_missing=False)
diff --git a/rhodecode/model/validators.py b/rhodecode/model/validators.py
index 91e432b1..18825bb6 100644
--- a/rhodecode/model/validators.py
+++ b/rhodecode/model/validators.py
@@ -16,11 +16,12 @@ from formencode.validators import (
from rhodecode.lib.compat import OrderedSet
from rhodecode.lib import ipaddr
from rhodecode.lib.utils import repo_name_slug
+from rhodecode.lib.utils2 import safe_int
from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\
ChangesetStatus
from rhodecode.lib.exceptions import LdapImportError
from rhodecode.config.routing import ADMIN_PREFIX
-from rhodecode.lib.auth import HasReposGroupPermissionAny
+from rhodecode.lib.auth import HasReposGroupPermissionAny, HasPermissionAny
# silence warnings and pylint
UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \
@@ -472,7 +473,7 @@ def ValidForkType(old_data={}):
return _validator
-def CanWriteGroup():
+def CanWriteGroup(old_data=None):
class _validator(formencode.validators.FancyValidator):
messages = {
'permission_denied': _(u"You don't have permissions "
@@ -481,13 +482,58 @@ def CanWriteGroup():
def validate_python(self, value, state):
gr = RepoGroup.get(value)
- if not HasReposGroupPermissionAny(
- 'group.write', 'group.admin'
- )(gr.group_name, 'get group of repo form'):
+ gr_name = gr.group_name if gr else None # None means ROOT location
+ val = HasReposGroupPermissionAny('group.write', 'group.admin')
+ can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository')
+ forbidden = not val(gr_name, 'can write into group validator')
+ value_changed = old_data['repo_group'].get('group_id') != safe_int(value)
+ if value_changed: # do check if we changed the value
+ #parent group need to be existing
+ if gr and forbidden:
+ msg = M(self, 'permission_denied', state)
+ raise formencode.Invalid(msg, value, state,
+ error_dict=dict(repo_type=msg)
+ )
+ ## check if we can write to root location !
+ elif gr is None and can_create_repos() is False:
+ msg = M(self, 'permission_denied_root', state)
+ raise formencode.Invalid(msg, value, state,
+ error_dict=dict(repo_type=msg)
+ )
+
+ return _validator
+
+
+def CanCreateGroup(can_create_in_root=False):
+ class _validator(formencode.validators.FancyValidator):
+ messages = {
+ 'permission_denied': _(u"You don't have permissions "
+ "to create a group in this location")
+ }
+
+ def to_python(self, value, state):
+ #root location
+ if value in [-1, "-1"]:
+ return None
+ return value
+
+ def validate_python(self, value, state):
+ gr = RepoGroup.get(value)
+ gr_name = gr.group_name if gr else None # None means ROOT location
+
+ if can_create_in_root and gr is None:
+ #we can create in root, we're fine no validations required
+ return
+
+ forbidden_in_root = gr is None and can_create_in_root is False
+ val = HasReposGroupPermissionAny('group.admin')
+ forbidden = not val(gr_name, 'can create group validator')
+ if forbidden_in_root or forbidden:
msg = M(self, 'permission_denied', state)
raise formencode.Invalid(msg, value, state,
- error_dict=dict(repo_type=msg)
+ error_dict=dict(group_parent_id=msg)
)
+
return _validator