def edit_form(self, gist_id, format='html'): """GET /admin/gists/gist_id/edit: Form to edit an existing item""" # url('edit_gist', gist_id=ID) self._add_gist_to_context(gist_id) owner = c.gist.gist_owner == c.rhodecode_user.user_id if not (h.HasPermissionAny('hg.admin')() or owner): raise HTTPForbidden() try: c.file_last_commit, c.files = GistModel().get_gist_files(gist_id) except VCSError: log.exception("Exception in gist edit") raise HTTPNotFound() if c.gist.gist_expires == -1: expiry = _('never') else: # this cannot use timeago, since it's used in select2 as a value expiry = h.age(h.time_to_datetime(c.gist.gist_expires)) self.__load_defaults(extra_values=('0', _('%(expiry)s - current value') % { 'expiry': expiry })) return render('admin/gists/edit.html')
def delete_comment(self, repo_name, comment_id): co = ChangesetComment.get(comment_id) owner = lambda: co.author.user_id == c.rhodecode_user.user_id if h.HasPermissionAny('hg.admin', 'repository.admin')() or owner: ChangesetCommentsModel().delete(comment=co) Session.commit() return True else: raise HTTPForbidden()
def _has_permissions(self, notification): def is_owner(): user_id = c.rhodecode_user.user_id for user_notification in notification.notifications_to_users: if user_notification.user.user_id == user_id: return True return False return h.HasPermissionAny('hg.admin')() or is_owner()
def delete_comment(self, repo_name, comment_id): comment = ChangesetComment.get(comment_id) owner = (comment.author.user_id == c.rhodecode_user.user_id) is_repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name) if h.HasPermissionAny('hg.admin')() or is_repo_admin or owner: ChangesetCommentsModel().delete(comment=comment) Session().commit() return True else: raise HTTPForbidden()
def delete_comment(self, repo_name, comment_id): co = ChangesetComment.get(comment_id) if co.pull_request.is_closed(): #don't allow deleting comments on closed pull request raise HTTPForbidden() owner = co.author.user_id == c.rhodecode_user.user_id if h.HasPermissionAny('hg.admin', 'repository.admin')() or owner: ChangesetCommentsModel().delete(comment=co) Session().commit() return True else: raise HTTPForbidden()
def update(self, repo_name, pull_request_id): pull_request = PullRequest.get_or_404(pull_request_id) if pull_request.is_closed(): raise HTTPForbidden() #only owner or admin can update it owner = pull_request.author.user_id == c.rhodecode_user.user_id if h.HasPermissionAny('hg.admin', 'repository.admin')() or owner: reviewers_ids = map(int, filter(lambda v: v not in [None, ''], request.POST.get('reviewers_ids', '').split(','))) PullRequestModel().update_reviewers(pull_request_id, reviewers_ids) Session().commit() return True raise HTTPForbidden()
def delete(self, gist_id): """DELETE /admin/gists/gist_id: Delete an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="DELETE" /> # Or using helpers: # h.form(url('gist', gist_id=ID), # method='delete') # url('gist', gist_id=ID) gist = GistModel().get_gist(gist_id) owner = gist.gist_owner == c.rhodecode_user.user_id if h.HasPermissionAny('hg.admin')() or owner: GistModel().delete(gist) Session().commit() h.flash(_('Deleted gist %s') % gist.gist_access_id, category='success') else: raise HTTPForbidden() return redirect(url('gists'))
def update(self, notification_id): """PUT /_admin/notifications/id: Update an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="PUT" /> # Or using helpers: # h.form(url('notification', notification_id=ID), # method='put') # url('notification', notification_id=ID) try: no = Notification.get(notification_id) owner = all(un.user.user_id == c.rhodecode_user.user_id for un in no.notifications_to_users) if h.HasPermissionAny('hg.admin')() or owner: NotificationModel().mark_read(c.rhodecode_user.user_id, no) Session().commit() return 'ok' except Exception: Session().rollback() log.error(traceback.format_exc()) return 'fail'
def _delete_comment(self, comment_id): comment_id = safe_int(comment_id) co = ChangesetComment.get_or_404(comment_id) if co.pull_request.is_closed(): # don't allow deleting comments on closed pull request raise HTTPForbidden() is_owner = co.author.user_id == c.rhodecode_user.user_id is_repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name) if h.HasPermissionAny('hg.admin')() or is_repo_admin or is_owner: old_calculated_status = co.pull_request.calculated_review_status() ChangesetCommentsModel().delete(comment=co) Session().commit() calculated_status = co.pull_request.calculated_review_status() if old_calculated_status != calculated_status: PullRequestModel()._trigger_pull_request_hook( co.pull_request, c.rhodecode_user, 'review_status_change') return True else: raise HTTPForbidden()
def delete(self, notification_id): """DELETE /_admin/notifications/id: Delete an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="DELETE" /> # Or using helpers: # h.form(url('notification', notification_id=ID), # method='delete') # url('notification', notification_id=ID) try: no = Notification.get(notification_id) owner = lambda: (no.notifications_to_users.user.user_id == c. rhodecode_user.user_id) if h.HasPermissionAny('hg.admin', 'repository.admin')() or owner: NotificationModel().delete(c.rhodecode_user.user_id, no) Session.commit() return 'ok' except Exception: Session.rollback() log.error(traceback.format_exc()) return 'fail'
def edit(self, gist_id): self._add_gist_to_context(gist_id) owner = c.gist.gist_owner == c.rhodecode_user.user_id if not (h.HasPermissionAny('hg.admin')() or owner): raise HTTPForbidden() rpost = request.POST nodes = {} _file_data = zip(rpost.getall('org_files'), rpost.getall('files'), rpost.getall('mimetypes'), rpost.getall('contents')) for org_filename, filename, mimetype, content in _file_data: nodes[org_filename] = { 'org_filename': org_filename, 'filename': filename, 'content': content, 'lexer': mimetype, } try: GistModel().update(gist=c.gist, description=rpost['description'], owner=c.gist.owner, gist_mapping=nodes, gist_type=c.gist.gist_type, lifetime=rpost['lifetime'], gist_acl_level=rpost['acl_level']) Session().commit() h.flash(_('Successfully updated gist content'), category='success') except NodeNotChangedError: # raised if nothing was changed in repo itself. We anyway then # store only DB stuff for gist Session().commit() h.flash(_('Successfully updated gist data'), category='success') except Exception: log.exception("Exception in gist edit") h.flash(_('Error occurred during update of gist %s') % gist_id, category='error') return redirect(url('gist', gist_id=gist_id))
def show(self, notification_id, format='html'): """GET /_admin/notifications/id: Show a specific item""" # url('notification', notification_id=ID) c.user = self.rhodecode_user no = Notification.get(notification_id) owner = lambda: (no.notifications_to_users.user.user_id == c.user. user_id) if no and (h.HasPermissionAny('hg.admin', 'repository.admin')() or owner): unotification = NotificationModel()\ .get_user_notification(c.user.user_id, no) # if this association to user is not valid, we don't want to show # this message if unotification: if unotification.read is False: unotification.mark_as_read() Session.commit() c.notification = no return render('admin/notifications/show_notification.html') return redirect(url('notifications'))