def check_permissions(self):
repo_name = get_repo_slug(request)
try:
user_perms = set([self.user_perms['repositories'][repo_name]])
except KeyError:
return False
if self.required_perms.issubset(user_perms):
return True
return False
def check_permissions(self):
repo_name = get_repo_slug(request)
try:
user_perms = set([self.user_perms['repositories'][repo_name]])
except KeyError:
return False
if self.required_perms.issubset(user_perms):
return True
return False
def __before__(self):
"""
__before__ is called before controller methods and after __call__
"""
c.kallithea_version = __version__
rc_config = Setting.get_app_settings()
# Visual options
c.visual = AttributeDict({})
## DB stored
c.visual.show_public_icon = str2bool(rc_config.get('show_public_icon'))
c.visual.show_private_icon = str2bool(rc_config.get('show_private_icon'))
c.visual.stylify_metatags = str2bool(rc_config.get('stylify_metatags'))
c.visual.dashboard_items = safe_int(rc_config.get('dashboard_items', 100))
c.visual.admin_grid_items = safe_int(rc_config.get('admin_grid_items', 100))
c.visual.repository_fields = str2bool(rc_config.get('repository_fields'))
c.visual.show_version = str2bool(rc_config.get('show_version'))
c.visual.use_gravatar = str2bool(rc_config.get('use_gravatar'))
c.visual.gravatar_url = rc_config.get('gravatar_url')
c.ga_code = rc_config.get('ga_code')
# TODO: replace undocumented backwards compatibility hack with db upgrade and rename ga_code
if c.ga_code and '<' not in c.ga_code:
c.ga_code = '''<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', '%s']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>''' % c.ga_code
c.site_name = rc_config.get('title')
c.clone_uri_tmpl = rc_config.get('clone_uri_tmpl')
## INI stored
c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))
c.visual.allow_custom_hooks_settings = str2bool(config.get('allow_custom_hooks_settings', True))
c.instance_id = config.get('instance_id')
c.issues_url = config.get('bugtracker', url('issues_url'))
# END CONFIG VARS
c.repo_name = get_repo_slug(request) # can be empty
c.backends = BACKENDS.keys()
c.unread_notifications = NotificationModel() \
.get_unread_cnt_for_user(c.authuser.user_id)
self.cut_off_limit = safe_int(config.get('cut_off_limit'))
c.my_pr_count = PullRequestModel().get_pullrequest_cnt_for_user(c.authuser.user_id)
self.sa = meta.Session
self.scm_model = ScmModel(self.sa)
def _before(self, *args, **kwargs):
"""
_before is called before controller methods and after __call__
"""
c.kallithea_version = __version__
rc_config = Setting.get_app_settings()
# Visual options
c.visual = AttributeDict({})
## DB stored
c.visual.show_public_icon = str2bool(rc_config.get('show_public_icon'))
c.visual.show_private_icon = str2bool(rc_config.get('show_private_icon'))
c.visual.stylify_metatags = str2bool(rc_config.get('stylify_metatags'))
c.visual.page_size = safe_int(rc_config.get('dashboard_items', 100))
c.visual.admin_grid_items = safe_int(rc_config.get('admin_grid_items', 100))
c.visual.repository_fields = str2bool(rc_config.get('repository_fields'))
c.visual.show_version = str2bool(rc_config.get('show_version'))
c.visual.use_gravatar = str2bool(rc_config.get('use_gravatar'))
c.visual.gravatar_url = rc_config.get('gravatar_url')
c.ga_code = rc_config.get('ga_code')
# TODO: replace undocumented backwards compatibility hack with db upgrade and rename ga_code
if c.ga_code and '<' not in c.ga_code:
c.ga_code = '''<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', '%s']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>''' % c.ga_code
c.site_name = rc_config.get('title')
c.clone_uri_tmpl = rc_config.get('clone_uri_tmpl')
## INI stored
c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))
c.visual.allow_custom_hooks_settings = str2bool(config.get('allow_custom_hooks_settings', True))
c.instance_id = config.get('instance_id')
c.issues_url = config.get('bugtracker', url('issues_url'))
# END CONFIG VARS
c.repo_name = get_repo_slug(request) # can be empty
c.backends = BACKENDS.keys()
c.unread_notifications = NotificationModel() \
.get_unread_cnt_for_user(request.authuser.user_id)
self.cut_off_limit = safe_int(config.get('cut_off_limit'))
c.my_pr_count = PullRequest.query(reviewer_id=request.authuser.user_id, include_closed=False).count()
self.scm_model = ScmModel()
def check_permissions(self):
if not self.repo_name:
self.repo_name = get_repo_slug(request)
try:
self._user_perms = set(
[self.user_perms['repositories'][self.repo_name]])
except KeyError:
return False
if self.required_perms.intersection(self._user_perms):
return True
return False
def check_permissions(self):
if not self.repo_name:
self.repo_name = get_repo_slug(request)
try:
self._user_perms = set(
[self.user_perms['repositories'][self.repo_name]]
)
except KeyError:
return False
if self.required_perms.intersection(self._user_perms):
return True
return False
def check_permissions(self, user):
repo_name = get_repo_slug(request)
return user.has_repository_permission_level(repo_name, self.required_perm)
def check_permissions(self, user):
repo_name = get_repo_slug(request)
return user.has_repository_permission_level(repo_name,
self.required_perm)
def _before(self, *args, **kwargs):
"""
_before is called before controller methods and after __call__
"""
if request.needs_csrf_check:
# CSRF protection: Whenever a request has ambient authority (whether
# through a session cookie or its origin IP address), it must include
# the correct token, unless the HTTP method is GET or HEAD (and thus
# guaranteed to be side effect free. In practice, the only situation
# where we allow side effects without ambient authority is when the
# authority comes from an API key; and that is handled above.
from kallithea.lib import helpers as h
token = request.POST.get(h.session_csrf_secret_name)
if not token or token != h.session_csrf_secret_token():
log.error('CSRF check failed')
raise webob.exc.HTTPForbidden()
c.kallithea_version = __version__
rc_config = Setting.get_app_settings()
# Visual options
c.visual = AttributeDict({})
## DB stored
c.visual.show_public_icon = str2bool(rc_config.get('show_public_icon'))
c.visual.show_private_icon = str2bool(
rc_config.get('show_private_icon'))
c.visual.stylify_metalabels = str2bool(
rc_config.get('stylify_metalabels'))
c.visual.page_size = safe_int(rc_config.get('dashboard_items', 100))
c.visual.admin_grid_items = safe_int(
rc_config.get('admin_grid_items', 100))
c.visual.repository_fields = str2bool(
rc_config.get('repository_fields'))
c.visual.show_version = str2bool(rc_config.get('show_version'))
c.visual.use_gravatar = str2bool(rc_config.get('use_gravatar'))
c.visual.gravatar_url = rc_config.get('gravatar_url')
c.ga_code = rc_config.get('ga_code')
# TODO: replace undocumented backwards compatibility hack with db upgrade and rename ga_code
if c.ga_code and '<' not in c.ga_code:
c.ga_code = '''<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', '%s']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>''' % c.ga_code
c.site_name = rc_config.get('title')
c.clone_uri_tmpl = rc_config.get(
'clone_uri_tmpl') or Repository.DEFAULT_CLONE_URI
c.clone_ssh_tmpl = rc_config.get(
'clone_ssh_tmpl') or Repository.DEFAULT_CLONE_SSH
## INI stored
c.visual.allow_repo_location_change = str2bool(
config.get('allow_repo_location_change', True))
c.visual.allow_custom_hooks_settings = str2bool(
config.get('allow_custom_hooks_settings', True))
c.ssh_enabled = str2bool(config.get('ssh_enabled', False))
c.instance_id = config.get('instance_id')
c.issues_url = config.get('bugtracker', url('issues_url'))
# END CONFIG VARS
c.repo_name = get_repo_slug(request) # can be empty
c.backends = list(BACKENDS)
self.cut_off_limit = safe_int(config.get('cut_off_limit'))
c.my_pr_count = PullRequest.query(reviewer_id=request.authuser.user_id,
include_closed=False).count()
self.scm_model = ScmModel()