def test_remove_group(self):
sg1 = fixture.create_repo_group(u'deleteme')
self.__delete_group(sg1.group_id)
assert RepoGroup.get(sg1.group_id) == None
assert not self.__check_path('deteteme')
sg1 = fixture.create_repo_group(u'deleteme', parent_group_id=self.g1.group_id)
self.__delete_group(sg1.group_id)
assert RepoGroup.get(sg1.group_id) == None
assert not self.__check_path('test1', 'deteteme')
def test_remove_group(self):
sg1 = fixture.create_repo_group('deleteme')
self.__delete_group(sg1.group_id)
assert RepoGroup.get(sg1.group_id) is None
assert not self.__check_path('deteteme')
sg1 = fixture.create_repo_group('deleteme', parent_group_id=self.g1.group_id)
self.__delete_group(sg1.group_id)
assert RepoGroup.get(sg1.group_id) is None
assert not self.__check_path('test1', 'deteteme')
def test_remove_group(self):
sg1 = fixture.create_repo_group(u'deleteme')
self.__delete_group(sg1.group_id)
self.assertEqual(RepoGroup.get(sg1.group_id), None)
self.assertFalse(self.__check_path('deteteme'))
sg1 = fixture.create_repo_group(u'deleteme', group_parent_id=self.g1.group_id)
self.__delete_group(sg1.group_id)
self.assertEqual(RepoGroup.get(sg1.group_id), None)
self.assertFalse(self.__check_path('test1', 'deteteme'))
def test_remove_group(self):
sg1 = fixture.create_repo_group('deleteme')
self.__delete_group(sg1.group_id)
self.assertEqual(RepoGroup.get(sg1.group_id), None)
self.assertFalse(self.__check_path('deteteme'))
sg1 = fixture.create_repo_group('deleteme', group_parent_id=self.g1.group_id)
self.__delete_group(sg1.group_id)
self.assertEqual(RepoGroup.get(sg1.group_id), None)
self.assertFalse(self.__check_path('test1', 'deteteme'))
def validate_python(self, value, state):
gr = RepoGroup.get(value)
gr_name = gr.group_name if gr is not None else None # None means ROOT location
# create repositories with write permission on group is set to true
create_on_write = HasPermissionAny('hg.create.write_on_repogroup.true')()
group_admin = HasRepoGroupPermissionAny('group.admin')(gr_name,
'can write into group validator')
group_write = HasRepoGroupPermissionAny('group.write')(gr_name,
'can write into group validator')
forbidden = not (group_admin or (group_write and create_on_write))
can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository')
gid = (old_data['repo_group'].get('group_id')
if (old_data and 'repo_group' in old_data) else None)
value_changed = gid != value
new = not old_data
# do check if we changed the value, there's a case that someone got
# revoked write permissions to a repository, he still created, we
# don't need to check permission if he didn't change the value of
# groups in form box
if value_changed or new:
#parent group need to be existing
if gr and forbidden:
msg = M(self, 'permission_denied', state)
raise formencode.Invalid(msg, value, state,
error_dict=dict(repo_type=msg)
)
## check if we can write to root location !
elif gr is None and not can_create_repos():
msg = M(self, 'permission_denied_root', state)
raise formencode.Invalid(msg, value, state,
error_dict=dict(repo_type=msg)
)
def update(self, repo, **kwargs):
try:
cur_repo = self._get_repo(repo)
org_repo_name = cur_repo.repo_name
if 'user' in kwargs:
cur_repo.user = User.get_by_username(kwargs['user'])
if 'repo_group' in kwargs:
cur_repo.group = RepoGroup.get(kwargs['repo_group'])
log.debug('Updating repo %s with params:%s' % (cur_repo, kwargs))
for strip, k in [
(1, 'repo_enable_downloads'),
(1, 'repo_description'),
(1, 'repo_enable_locking'),
(1, 'repo_landing_rev'),
(1, 'repo_private'),
(1, 'repo_enable_statistics'),
(0, 'clone_uri'),
]:
if k in kwargs:
val = kwargs[k]
if strip:
k = remove_prefix(k, 'repo_')
if k == 'clone_uri':
from kallithea.model.validators import Missing
_change = kwargs.get('clone_uri_change')
if _change == Missing:
# we don't change the value, so use original one
val = cur_repo.clone_uri
setattr(cur_repo, k, val)
new_name = cur_repo.get_new_name(kwargs['repo_name'])
cur_repo.repo_name = new_name
#if private flag is set, reset default permission to NONE
if kwargs.get('repo_private'):
EMPTY_PERM = 'repository.none'
RepoModel().grant_user_permission(repo=cur_repo,
user='******',
perm=EMPTY_PERM)
#handle extra fields
for field in filter(lambda k: k.startswith(RepositoryField.PREFIX),
kwargs):
k = RepositoryField.un_prefix_key(field)
ex_field = RepositoryField.get_by_key_name(key=k,
repo=cur_repo)
if ex_field:
ex_field.field_value = kwargs[field]
self.sa.add(ex_field)
self.sa.add(cur_repo)
if org_repo_name != new_name:
# rename repository
self._rename_filesystem_repo(old=org_repo_name, new=new_name)
return cur_repo
except Exception:
log.error(traceback.format_exc())
raise
def update(self, repo, **kwargs):
try:
cur_repo = self._get_repo(repo)
org_repo_name = cur_repo.repo_name
if 'user' in kwargs:
cur_repo.user = User.get_by_username(kwargs['user'])
if 'repo_group' in kwargs:
cur_repo.group = RepoGroup.get(kwargs['repo_group'])
log.debug('Updating repo %s with params:%s' % (cur_repo, kwargs))
for strip, k in [(1, 'repo_enable_downloads'),
(1, 'repo_description'),
(1, 'repo_enable_locking'),
(1, 'repo_landing_rev'),
(1, 'repo_private'),
(1, 'repo_enable_statistics'),
(0, 'clone_uri'),]:
if k in kwargs:
val = kwargs[k]
if strip:
k = remove_prefix(k, 'repo_')
if k == 'clone_uri':
from kallithea.model.validators import Missing
_change = kwargs.get('clone_uri_change')
if _change == Missing:
# we don't change the value, so use original one
val = cur_repo.clone_uri
setattr(cur_repo, k, val)
new_name = cur_repo.get_new_name(kwargs['repo_name'])
cur_repo.repo_name = new_name
#if private flag is set, reset default permission to NONE
if kwargs.get('repo_private'):
EMPTY_PERM = 'repository.none'
RepoModel().grant_user_permission(
repo=cur_repo, user='******', perm=EMPTY_PERM
)
#handle extra fields
for field in filter(lambda k: k.startswith(RepositoryField.PREFIX),
kwargs):
k = RepositoryField.un_prefix_key(field)
ex_field = RepositoryField.get_by_key_name(key=k, repo=cur_repo)
if ex_field:
ex_field.field_value = kwargs[field]
self.sa.add(ex_field)
self.sa.add(cur_repo)
if org_repo_name != new_name:
# rename repository
self._rename_filesystem_repo(old=org_repo_name, new=new_name)
return cur_repo
except Exception:
log.error(traceback.format_exc())
raise
def update(self, repo, **kwargs):
try:
cur_repo = Repository.guess_instance(repo)
org_repo_name = cur_repo.repo_name
if 'owner' in kwargs:
cur_repo.owner = User.get_by_username(kwargs['owner'])
if 'repo_group' in kwargs:
assert kwargs[
'repo_group'] != u'-1', kwargs # RepoForm should have converted to None
cur_repo.group = RepoGroup.get(kwargs['repo_group'])
cur_repo.repo_name = cur_repo.get_new_name(cur_repo.just_name)
log.debug('Updating repo %s with params:%s', cur_repo, kwargs)
for k in [
'repo_enable_downloads',
'repo_description',
'repo_enable_locking',
'repo_landing_rev',
'repo_private',
'repo_enable_statistics',
]:
if k in kwargs:
setattr(cur_repo, remove_prefix(k, 'repo_'), kwargs[k])
clone_uri = kwargs.get('clone_uri')
if clone_uri is not None and clone_uri != cur_repo.clone_uri_hidden:
cur_repo.clone_uri = clone_uri
if 'repo_name' in kwargs:
cur_repo.repo_name = cur_repo.get_new_name(kwargs['repo_name'])
#if private flag is set, reset default permission to NONE
if kwargs.get('repo_private'):
EMPTY_PERM = 'repository.none'
RepoModel().grant_user_permission(repo=cur_repo,
user='******',
perm=EMPTY_PERM)
#handle extra fields
for field in filter(lambda k: k.startswith(RepositoryField.PREFIX),
kwargs):
k = RepositoryField.un_prefix_key(field)
ex_field = RepositoryField.get_by_key_name(key=k,
repo=cur_repo)
if ex_field:
ex_field.field_value = kwargs[field]
if org_repo_name != cur_repo.repo_name:
# rename repository
self._rename_filesystem_repo(old=org_repo_name,
new=cur_repo.repo_name)
return cur_repo
except Exception:
log.error(traceback.format_exc())
raise
def update(self, repo, **kwargs):
try:
cur_repo = self._get_repo(repo)
org_repo_name = cur_repo.repo_name
if 'user' in kwargs:
cur_repo.user = User.get_by_username(kwargs['user'])
if 'repo_group' in kwargs:
cur_repo.group = RepoGroup.get(kwargs['repo_group'])
log.debug('Updating repo %s with params:%s', cur_repo, kwargs)
for k in ['repo_enable_downloads',
'repo_description',
'repo_enable_locking',
'repo_landing_rev',
'repo_private',
'repo_enable_statistics',
]:
if k in kwargs:
setattr(cur_repo, remove_prefix(k, 'repo_'), kwargs[k])
clone_uri = kwargs.get('clone_uri')
if clone_uri is not None and clone_uri != cur_repo.clone_uri_hidden:
cur_repo.clone_uri = clone_uri
new_name = cur_repo.get_new_name(kwargs['repo_name'])
cur_repo.repo_name = new_name
#if private flag is set, reset default permission to NONE
if kwargs.get('repo_private'):
EMPTY_PERM = 'repository.none'
RepoModel().grant_user_permission(
repo=cur_repo, user='******', perm=EMPTY_PERM
)
#handle extra fields
for field in filter(lambda k: k.startswith(RepositoryField.PREFIX),
kwargs):
k = RepositoryField.un_prefix_key(field)
ex_field = RepositoryField.get_by_key_name(key=k, repo=cur_repo)
if ex_field:
ex_field.field_value = kwargs[field]
self.sa.add(ex_field)
self.sa.add(cur_repo)
if org_repo_name != new_name:
# rename repository
self._rename_filesystem_repo(old=org_repo_name, new=new_name)
return cur_repo
except Exception:
log.error(traceback.format_exc())
raise
def update(self, repo_group, kwargs):
try:
repo_group = RepoGroup.guess_instance(repo_group)
old_path = repo_group.full_path
# change properties
if 'group_description' in kwargs:
repo_group.group_description = kwargs['group_description']
if 'parent_group_id' in kwargs:
repo_group.parent_group_id = kwargs['parent_group_id']
if 'enable_locking' in kwargs:
repo_group.enable_locking = kwargs['enable_locking']
if 'parent_group_id' in kwargs:
assert kwargs['parent_group_id'] != u'-1', kwargs # RepoGroupForm should have converted to None
repo_group.parent_group = RepoGroup.get(kwargs['parent_group_id'])
if 'group_name' in kwargs:
repo_group.group_name = repo_group.get_new_name(kwargs['group_name'])
new_path = repo_group.full_path
Session().add(repo_group)
# iterate over all members of this groups and do fixes
# set locking if given
# if obj is a repoGroup also fix the name of the group according
# to the parent
# if obj is a Repo fix it's name
# this can be potentially heavy operation
for obj in repo_group.recursive_groups_and_repos():
#set the value from it's parent
obj.enable_locking = repo_group.enable_locking
if isinstance(obj, RepoGroup):
new_name = obj.get_new_name(obj.name)
log.debug('Fixing group %s to new name %s' \
% (obj.group_name, new_name))
obj.group_name = new_name
elif isinstance(obj, Repository):
# we need to get all repositories from this new group and
# rename them accordingly to new group path
new_name = obj.get_new_name(obj.just_name)
log.debug('Fixing repo %s to new name %s' \
% (obj.repo_name, new_name))
obj.repo_name = new_name
self._rename_group(old_path, new_path)
return repo_group
except Exception:
log.error(traceback.format_exc())
raise
def validate_python(self, value, state):
# TODO WRITE VALIDATIONS
group_name = value.get('group_name')
group_parent_id = value.get('group_parent_id')
# slugify repo group just in case :)
slug = repo_name_slug(group_name)
# check for parent of self
parent_of_self = lambda: (old_data['group_id'] == int(
group_parent_id) if group_parent_id else False)
if edit and parent_of_self():
msg = M(self, 'group_parent_id', state)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(group_parent_id=msg))
old_gname = None
if edit:
old_gname = RepoGroup.get(old_data.get('group_id')).group_name
if old_gname != group_name or not edit:
# check group
gr = RepoGroup.query()\
.filter(RepoGroup.group_name == slug)\
.filter(RepoGroup.group_parent_id == group_parent_id)\
.scalar()
if gr:
msg = M(self, 'group_exists', state, group_name=slug)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(group_name=msg))
# check for same repo
repo = Repository.query()\
.filter(Repository.repo_name == slug)\
.scalar()
if repo:
msg = M(self, 'repo_exists', state, group_name=slug)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(group_name=msg))
def validate_python(self, value, state):
gr = RepoGroup.get(value)
gr_name = gr.group_name if gr is not None else None # None means ROOT location
if can_create_in_root and gr is None:
#we can create in root, we're fine no validations required
return
forbidden_in_root = gr is None and not can_create_in_root
val = HasRepoGroupPermissionAny('group.admin')
forbidden = not val(gr_name, 'can create group validator')
if forbidden_in_root or forbidden:
msg = M(self, 'permission_denied', state)
raise formencode.Invalid(msg, value, state,
error_dict=dict(group_parent_id=msg)
)
def validate_python(self, value, state):
# TODO WRITE VALIDATIONS
group_name = value.get('group_name')
group_parent_id = value.get('group_parent_id')
# slugify repo group just in case :)
slug = repo_name_slug(group_name)
# check for parent of self
parent_of_self = lambda: (
old_data['group_id'] == group_parent_id
if group_parent_id else False
)
if edit and parent_of_self():
msg = M(self, 'group_parent_id', state)
raise formencode.Invalid(msg, value, state,
error_dict=dict(group_parent_id=msg)
)
old_gname = None
if edit:
old_gname = RepoGroup.get(old_data.get('group_id')).group_name
if old_gname != group_name or not edit:
# check group
gr = RepoGroup.query() \
.filter(RepoGroup.group_name == slug) \
.filter(RepoGroup.group_parent_id == group_parent_id) \
.scalar()
if gr is not None:
msg = M(self, 'group_exists', state, group_name=slug)
raise formencode.Invalid(msg, value, state,
error_dict=dict(group_name=msg)
)
# check for same repo
repo = Repository.query() \
.filter(Repository.repo_name == slug) \
.scalar()
if repo is not None:
msg = M(self, 'repo_exists', state, group_name=slug)
raise formencode.Invalid(msg, value, state,
error_dict=dict(group_name=msg)
)
def update(self, repo_group, form_data):
try:
repo_group = self._get_repo_group(repo_group)
old_path = repo_group.full_path
# change properties
repo_group.group_description = form_data['group_description']
repo_group.group_parent_id = form_data['group_parent_id']
repo_group.enable_locking = form_data['enable_locking']
repo_group.parent_group = RepoGroup.get(
form_data['group_parent_id'])
repo_group.group_name = repo_group.get_new_name(
form_data['group_name'])
new_path = repo_group.full_path
self.sa.add(repo_group)
# iterate over all members of this groups and do fixes
# set locking if given
# if obj is a repoGroup also fix the name of the group according
# to the parent
# if obj is a Repo fix it's name
# this can be potentially heavy operation
for obj in repo_group.recursive_groups_and_repos():
#set the value from it's parent
obj.enable_locking = repo_group.enable_locking
if isinstance(obj, RepoGroup):
new_name = obj.get_new_name(obj.name)
log.debug('Fixing group %s to new name %s' \
% (obj.group_name, new_name))
obj.group_name = new_name
elif isinstance(obj, Repository):
# we need to get all repositories from this new group and
# rename them accordingly to new group path
new_name = obj.get_new_name(obj.just_name)
log.debug('Fixing repo %s to new name %s' \
% (obj.repo_name, new_name))
obj.repo_name = new_name
self.sa.add(obj)
self._rename_group(old_path, new_path)
return repo_group
except Exception:
log.error(traceback.format_exc())
raise
def new(self):
if HasPermissionAny('hg.admin')('group create'):
#we're global admin, we're ok and we can create TOP level groups
pass
else:
# we pass in parent group into creation form, thus we know
# what would be the group, we can check perms here !
group_id = safe_int(request.GET.get('parent_group'))
group = RepoGroup.get(group_id) if group_id else None
group_name = group.group_name if group else None
if HasRepoGroupPermissionLevel('admin')(group_name, 'group create'):
pass
else:
raise HTTPForbidden()
self.__load_defaults()
return render('admin/repo_groups/repo_group_add.html')
def validate_python(self, value, state):
gr = RepoGroup.get(value)
gr_name = gr.group_name if gr is not None else None # None means ROOT location
if can_create_in_root and gr is None:
#we can create in root, we're fine no validations required
return
forbidden_in_root = gr is None and not can_create_in_root
forbidden = not HasRepoGroupPermissionLevel('admin')(
gr_name, 'can create group validator')
if forbidden_in_root or forbidden:
msg = self.message('permission_denied', state)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(parent_group_id=msg))
def new(self):
if HasPermissionAny('hg.admin')('group create'):
# we're global admin, we're ok and we can create TOP level groups
pass
else:
# we pass in parent group into creation form, thus we know
# what would be the group, we can check perms here !
group_id = safe_int(request.GET.get('parent_group'))
group = RepoGroup.get(group_id) if group_id else None
group_name = group.group_name if group else None
if HasRepoGroupPermissionLevel('admin')(group_name, 'group create'):
pass
else:
raise HTTPForbidden()
self.__load_defaults()
return render('admin/repo_groups/repo_group_add.html')
def _validate_python(self, value, state):
# TODO WRITE VALIDATIONS
group_name = value.get('group_name')
parent_group_id = value.get('parent_group_id')
# slugify repo group just in case :)
slug = repo_name_slug(group_name)
# check for parent of self
if edit and parent_group_id and old_data[
'group_id'] == parent_group_id:
msg = self.message('parent_group_id', state)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(parent_group_id=msg))
old_gname = None
if edit:
old_gname = RepoGroup.get(old_data.get('group_id')).group_name
if old_gname != group_name or not edit:
# check group
gr = RepoGroup.query() \
.filter(func.lower(RepoGroup.group_name) == func.lower(slug)) \
.filter(RepoGroup.parent_group_id == parent_group_id) \
.scalar()
if gr is not None:
msg = self.message('group_exists', state, group_name=slug)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(group_name=msg))
# check for same repo
repo = Repository.query() \
.filter(func.lower(Repository.repo_name) == func.lower(slug)) \
.scalar()
if repo is not None:
msg = self.message('repo_exists', state, group_name=slug)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(group_name=msg))
def update(self, repo_group, form_data):
try:
repo_group = self._get_repo_group(repo_group)
old_path = repo_group.full_path
# change properties
repo_group.group_description = form_data['group_description']
repo_group.group_parent_id = form_data['group_parent_id']
repo_group.enable_locking = form_data['enable_locking']
repo_group.parent_group = RepoGroup.get(form_data['group_parent_id'])
repo_group.group_name = repo_group.get_new_name(form_data['group_name'])
new_path = repo_group.full_path
self.sa.add(repo_group)
# iterate over all members of this groups and do fixes
# set locking if given
# if obj is a repoGroup also fix the name of the group according
# to the parent
# if obj is a Repo fix it's name
# this can be potentially heavy operation
for obj in repo_group.recursive_groups_and_repos():
#set the value from it's parent
obj.enable_locking = repo_group.enable_locking
if isinstance(obj, RepoGroup):
new_name = obj.get_new_name(obj.name)
log.debug('Fixing group %s to new name %s' \
% (obj.group_name, new_name))
obj.group_name = new_name
elif isinstance(obj, Repository):
# we need to get all repositories from this new group and
# rename them accordingly to new group path
new_name = obj.get_new_name(obj.just_name)
log.debug('Fixing repo %s to new name %s' \
% (obj.repo_name, new_name))
obj.repo_name = new_name
self.sa.add(obj)
self._rename_group(old_path, new_path)
return repo_group
except Exception:
log.error(traceback.format_exc())
raise
def new(self):
"""GET /repo_groups/new: Form to create a new item"""
# url('new_repos_group')
if HasPermissionAll('hg.admin')('group create'):
#we're global admin, we're ok and we can create TOP level groups
pass
else:
# we pass in parent group into creation form, thus we know
# what would be the group, we can check perms here !
group_id = safe_int(request.GET.get('parent_group'))
group = RepoGroup.get(group_id) if group_id else None
group_name = group.group_name if group else None
if HasRepoGroupPermissionAll('group.admin')(group_name, 'group create'):
pass
else:
return abort(403)
self.__load_defaults()
return render('admin/repo_groups/repo_group_add.html')
def _to_python(self, value, state):
repo_name = repo_name_slug(value.get('repo_name', ''))
repo_group = value.get('repo_group')
if repo_group:
gr = RepoGroup.get(repo_group)
group_path = gr.full_path
group_name = gr.group_name
# value needs to be aware of group name in order to check
# db key This is an actual just the name to store in the
# database
repo_name_full = group_path + RepoGroup.url_sep() + repo_name
else:
group_name = group_path = ''
repo_name_full = repo_name
value['repo_name'] = repo_name
value['repo_name_full'] = repo_name_full
value['group_path'] = group_path
value['group_name'] = group_name
return value
def new(self):
"""GET /repo_groups/new: Form to create a new item"""
# url('new_repos_group')
if HasPermissionAll('hg.admin')('group create'):
#we're global admin, we're ok and we can create TOP level groups
pass
else:
# we pass in parent group into creation form, thus we know
# what would be the group, we can check perms here !
group_id = safe_int(request.GET.get('parent_group'))
group = RepoGroup.get(group_id) if group_id else None
group_name = group.group_name if group else None
if HasRepoGroupPermissionAll('group.admin')(group_name,
'group create'):
pass
else:
return abort(403)
self.__load_defaults()
return render('admin/repo_groups/repo_group_add.html')
def _to_python(self, value, state):
repo_name = repo_name_slug(value.get('repo_name', ''))
repo_group = value.get('repo_group')
if repo_group:
gr = RepoGroup.get(repo_group)
group_path = gr.full_path
group_name = gr.group_name
# value needs to be aware of group name in order to check
# db key This is an actual just the name to store in the
# database
repo_name_full = group_path + RepoGroup.url_sep() + repo_name
else:
group_name = group_path = ''
repo_name_full = repo_name
value['repo_name'] = repo_name
value['repo_name_full'] = repo_name_full
value['group_path'] = group_path
value['group_name'] = group_name
return value
def create_repository(self):
self.__load_defaults()
if not c.repo_groups:
raise HTTPForbidden
parent_group = request.GET.get('parent_group')
## apply the defaults from defaults page
defaults = Setting.get_default_repo_settings(strip_prefix=True)
if parent_group:
prg = RepoGroup.get(parent_group)
if prg is None or not any(rgc[0] == prg.group_id
for rgc in c.repo_groups):
raise HTTPForbidden
defaults.update({'repo_group': parent_group})
return htmlfill.render(render('admin/repos/repo_add.html'),
defaults=defaults,
errors={},
prefix_error=False,
encoding="UTF-8",
force_defaults=False)
def create_repository(self):
self.__load_defaults()
if not c.repo_groups:
raise HTTPForbidden
parent_group = request.GET.get('parent_group')
## apply the defaults from defaults page
defaults = Setting.get_default_repo_settings(strip_prefix=True)
if parent_group:
prg = RepoGroup.get(parent_group)
if prg is None or not any(rgc[0] == prg.group_id
for rgc in c.repo_groups):
raise HTTPForbidden
defaults.update({'repo_group': parent_group})
return htmlfill.render(
render('admin/repos/repo_add.html'),
defaults=defaults,
errors={},
prefix_error=False,
encoding="UTF-8",
force_defaults=False)
def create_repository(self):
"""GET /_admin/create_repository: Form to create a new item"""
new_repo = request.GET.get('repo', '')
parent_group = request.GET.get('parent_group')
if not HasPermissionAny('hg.admin', 'hg.create.repository')():
#you're not super admin nor have global create permissions,
#but maybe you have at least write permission to a parent group ?
_gr = RepoGroup.get(parent_group)
gr_name = _gr.group_name if _gr else None
# create repositories with write permission on group is set to true
create_on_write = HasPermissionAny(
'hg.create.write_on_repogroup.true')()
group_admin = HasRepoGroupPermissionAny('group.admin')(
group_name=gr_name)
group_write = HasRepoGroupPermissionAny('group.write')(
group_name=gr_name)
if not (group_admin or (group_write and create_on_write)):
raise HTTPForbidden
acl_groups = RepoGroupList(RepoGroup.query().all(),
perm_set=['group.write', 'group.admin'])
c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
choices, c.landing_revs = ScmModel().get_repo_landing_revs()
c.new_repo = repo_name_slug(new_repo)
## apply the defaults from defaults page
defaults = Setting.get_default_repo_settings(strip_prefix=True)
if parent_group:
defaults.update({'repo_group': parent_group})
return htmlfill.render(render('admin/repos/repo_add.html'),
defaults=defaults,
errors={},
prefix_error=False,
encoding="UTF-8",
force_defaults=False)
def validate_python(self, value, state):
gr = RepoGroup.get(value)
gr_name = gr.group_name if gr is not None else None # None means ROOT location
# create repositories with write permission on group is set to true
create_on_write = HasPermissionAny(
'hg.create.write_on_repogroup.true')()
group_admin = HasRepoGroupPermissionLevel('admin')(
gr_name, 'can write into group validator')
group_write = HasRepoGroupPermissionLevel('write')(
gr_name, 'can write into group validator')
forbidden = not (group_admin or (group_write and create_on_write))
can_create_repos = HasPermissionAny('hg.admin',
'hg.create.repository')
gid = (old_data['repo_group'].get('group_id') if
(old_data and 'repo_group' in old_data) else None)
value_changed = gid != value
new = not old_data
# do check if we changed the value, there's a case that someone got
# revoked write permissions to a repository, he still created, we
# don't need to check permission if he didn't change the value of
# groups in form box
if value_changed or new:
#parent group need to be existing
if gr and forbidden:
msg = self.message('permission_denied', state)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(repo_type=msg))
## check if we can write to root location !
elif gr is None and not can_create_repos():
msg = self.message('permission_denied_root', state)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(repo_type=msg))
def create_repository(self):
"""GET /_admin/create_repository: Form to create a new item"""
new_repo = request.GET.get('repo', '')
parent_group = request.GET.get('parent_group')
if not HasPermissionAny('hg.admin', 'hg.create.repository')():
#you're not super admin nor have global create permissions,
#but maybe you have at least write permission to a parent group ?
_gr = RepoGroup.get(parent_group)
gr_name = _gr.group_name if _gr else None
# create repositories with write permission on group is set to true
create_on_write = HasPermissionAny('hg.create.write_on_repogroup.true')()
group_admin = HasRepoGroupPermissionAny('group.admin')(group_name=gr_name)
group_write = HasRepoGroupPermissionAny('group.write')(group_name=gr_name)
if not (group_admin or (group_write and create_on_write)):
raise HTTPForbidden
acl_groups = RepoGroupList(RepoGroup.query().all(),
perm_set=['group.write', 'group.admin'])
c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
choices, c.landing_revs = ScmModel().get_repo_landing_revs()
c.new_repo = repo_name_slug(new_repo)
## apply the defaults from defaults page
defaults = Setting.get_default_repo_settings(strip_prefix=True)
if parent_group:
defaults.update({'repo_group': parent_group})
return htmlfill.render(
render('admin/repos/repo_add.html'),
defaults=defaults,
errors={},
prefix_error=False,
encoding="UTF-8",
force_defaults=False)
