def edit_form(self, gist_id, format='html'):
"""GET /admin/gists/gist_id/edit: Form to edit an existing item"""
# url('edit_gist', gist_id=ID)
self._add_gist_to_context(gist_id)
owner = c.gist.gist_owner == c.rhodecode_user.user_id
if not (h.HasPermissionAny('hg.admin')() or owner):
raise HTTPForbidden()
try:
c.file_last_commit, c.files = GistModel().get_gist_files(gist_id)
except VCSError:
log.exception("Exception in gist edit")
raise HTTPNotFound()
if c.gist.gist_expires == -1:
expiry = _('never')
else:
# this cannot use timeago, since it's used in select2 as a value
expiry = h.age(h.time_to_datetime(c.gist.gist_expires))
self.__load_defaults(extra_values=('0',
_('%(expiry)s - current value') % {
'expiry': expiry
}))
return render('admin/gists/edit.html')
def delete_comment(self, repo_name, comment_id):
co = ChangesetComment.get(comment_id)
owner = lambda: co.author.user_id == c.rhodecode_user.user_id
if h.HasPermissionAny('hg.admin', 'repository.admin')() or owner:
ChangesetCommentsModel().delete(comment=co)
Session.commit()
return True
else:
raise HTTPForbidden()
def _has_permissions(self, notification):
def is_owner():
user_id = c.rhodecode_user.user_id
for user_notification in notification.notifications_to_users:
if user_notification.user.user_id == user_id:
return True
return False
return h.HasPermissionAny('hg.admin')() or is_owner()
def delete_comment(self, repo_name, comment_id):
comment = ChangesetComment.get(comment_id)
owner = (comment.author.user_id == c.rhodecode_user.user_id)
is_repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name)
if h.HasPermissionAny('hg.admin')() or is_repo_admin or owner:
ChangesetCommentsModel().delete(comment=comment)
Session().commit()
return True
else:
raise HTTPForbidden()
def delete_comment(self, repo_name, comment_id):
co = ChangesetComment.get(comment_id)
if co.pull_request.is_closed():
#don't allow deleting comments on closed pull request
raise HTTPForbidden()
owner = co.author.user_id == c.rhodecode_user.user_id
if h.HasPermissionAny('hg.admin', 'repository.admin')() or owner:
ChangesetCommentsModel().delete(comment=co)
Session().commit()
return True
else:
raise HTTPForbidden()
def update(self, repo_name, pull_request_id):
pull_request = PullRequest.get_or_404(pull_request_id)
if pull_request.is_closed():
raise HTTPForbidden()
#only owner or admin can update it
owner = pull_request.author.user_id == c.rhodecode_user.user_id
if h.HasPermissionAny('hg.admin', 'repository.admin')() or owner:
reviewers_ids = map(int, filter(lambda v: v not in [None, ''],
request.POST.get('reviewers_ids', '').split(',')))
PullRequestModel().update_reviewers(pull_request_id, reviewers_ids)
Session().commit()
return True
raise HTTPForbidden()
def delete(self, gist_id):
"""DELETE /admin/gists/gist_id: Delete an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="DELETE" />
# Or using helpers:
# h.form(url('gist', gist_id=ID),
# method='delete')
# url('gist', gist_id=ID)
gist = GistModel().get_gist(gist_id)
owner = gist.gist_owner == c.rhodecode_user.user_id
if h.HasPermissionAny('hg.admin')() or owner:
GistModel().delete(gist)
Session().commit()
h.flash(_('Deleted gist %s') % gist.gist_access_id,
category='success')
else:
raise HTTPForbidden()
return redirect(url('gists'))
def update(self, notification_id):
"""PUT /_admin/notifications/id: Update an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="PUT" />
# Or using helpers:
# h.form(url('notification', notification_id=ID),
# method='put')
# url('notification', notification_id=ID)
try:
no = Notification.get(notification_id)
owner = all(un.user.user_id == c.rhodecode_user.user_id
for un in no.notifications_to_users)
if h.HasPermissionAny('hg.admin')() or owner:
NotificationModel().mark_read(c.rhodecode_user.user_id, no)
Session().commit()
return 'ok'
except Exception:
Session().rollback()
log.error(traceback.format_exc())
return 'fail'
def _delete_comment(self, comment_id):
comment_id = safe_int(comment_id)
co = ChangesetComment.get_or_404(comment_id)
if co.pull_request.is_closed():
# don't allow deleting comments on closed pull request
raise HTTPForbidden()
is_owner = co.author.user_id == c.rhodecode_user.user_id
is_repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name)
if h.HasPermissionAny('hg.admin')() or is_repo_admin or is_owner:
old_calculated_status = co.pull_request.calculated_review_status()
ChangesetCommentsModel().delete(comment=co)
Session().commit()
calculated_status = co.pull_request.calculated_review_status()
if old_calculated_status != calculated_status:
PullRequestModel()._trigger_pull_request_hook(
co.pull_request, c.rhodecode_user, 'review_status_change')
return True
else:
raise HTTPForbidden()
def delete(self, notification_id):
"""DELETE /_admin/notifications/id: Delete an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="DELETE" />
# Or using helpers:
# h.form(url('notification', notification_id=ID),
# method='delete')
# url('notification', notification_id=ID)
try:
no = Notification.get(notification_id)
owner = lambda: (no.notifications_to_users.user.user_id == c.
rhodecode_user.user_id)
if h.HasPermissionAny('hg.admin', 'repository.admin')() or owner:
NotificationModel().delete(c.rhodecode_user.user_id, no)
Session.commit()
return 'ok'
except Exception:
Session.rollback()
log.error(traceback.format_exc())
return 'fail'
def edit(self, gist_id):
self._add_gist_to_context(gist_id)
owner = c.gist.gist_owner == c.rhodecode_user.user_id
if not (h.HasPermissionAny('hg.admin')() or owner):
raise HTTPForbidden()
rpost = request.POST
nodes = {}
_file_data = zip(rpost.getall('org_files'), rpost.getall('files'),
rpost.getall('mimetypes'), rpost.getall('contents'))
for org_filename, filename, mimetype, content in _file_data:
nodes[org_filename] = {
'org_filename': org_filename,
'filename': filename,
'content': content,
'lexer': mimetype,
}
try:
GistModel().update(gist=c.gist,
description=rpost['description'],
owner=c.gist.owner,
gist_mapping=nodes,
gist_type=c.gist.gist_type,
lifetime=rpost['lifetime'],
gist_acl_level=rpost['acl_level'])
Session().commit()
h.flash(_('Successfully updated gist content'), category='success')
except NodeNotChangedError:
# raised if nothing was changed in repo itself. We anyway then
# store only DB stuff for gist
Session().commit()
h.flash(_('Successfully updated gist data'), category='success')
except Exception:
log.exception("Exception in gist edit")
h.flash(_('Error occurred during update of gist %s') % gist_id,
category='error')
return redirect(url('gist', gist_id=gist_id))
def show(self, notification_id, format='html'):
"""GET /_admin/notifications/id: Show a specific item"""
# url('notification', notification_id=ID)
c.user = self.rhodecode_user
no = Notification.get(notification_id)
owner = lambda: (no.notifications_to_users.user.user_id == c.user.
user_id)
if no and (h.HasPermissionAny('hg.admin', 'repository.admin')()
or owner):
unotification = NotificationModel()\
.get_user_notification(c.user.user_id, no)
# if this association to user is not valid, we don't want to show
# this message
if unotification:
if unotification.read is False:
unotification.mark_as_read()
Session.commit()
c.notification = no
return render('admin/notifications/show_notification.html')
return redirect(url('notifications'))
