def AvailableRepoGroupChoices(top_perms, repo_group_perm_level, extras=()): """Return group_id,string tuples with choices for all the repo groups where the user has the necessary permissions. Top level is -1. """ groups = RepoGroup.query().all() if HasPermissionAny('hg.admin')('available repo groups'): groups.append(None) else: groups = list(RepoGroupList(groups, perm_level=repo_group_perm_level)) if top_perms and HasPermissionAny(*top_perms)('available repo groups'): groups.append(None) for extra in extras: if not any(rg == extra for rg in groups): groups.append(extra) return RepoGroup.groups_choices(groups=groups)
def __load_defaults(self): if HasPermissionAny('hg.create.write_on_repogroup.true')(): repo_group_perm_level = 'write' else: repo_group_perm_level = 'admin' c.repo_groups = AvailableRepoGroupChoices(['hg.create.repository'], repo_group_perm_level) c.landing_revs_choices, c.landing_revs = ScmModel( ).get_repo_landing_revs() c.can_update = Ui.get_by_key('hooks', Ui.HOOK_UPDATE).ui_active
def create_repository(self): """GET /_admin/create_repository: Form to create a new item""" new_repo = request.GET.get('repo', '') parent_group = request.GET.get('parent_group') if not HasPermissionAny('hg.admin', 'hg.create.repository')(): #you're not super admin nor have global create permissions, #but maybe you have at least write permission to a parent group ? _gr = RepoGroup.get(parent_group) gr_name = _gr.group_name if _gr else None # create repositories with write permission on group is set to true create_on_write = HasPermissionAny( 'hg.create.write_on_repogroup.true')() group_admin = HasRepoGroupPermissionAny('group.admin')( group_name=gr_name) group_write = HasRepoGroupPermissionAny('group.write')( group_name=gr_name) if not (group_admin or (group_write and create_on_write)): raise HTTPForbidden acl_groups = RepoGroupList(RepoGroup.query().all(), perm_set=['group.write', 'group.admin']) c.repo_groups = RepoGroup.groups_choices(groups=acl_groups) c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups) choices, c.landing_revs = ScmModel().get_repo_landing_revs() c.new_repo = repo_name_slug(new_repo) ## apply the defaults from defaults page defaults = Setting.get_default_repo_settings(strip_prefix=True) if parent_group: defaults.update({'repo_group': parent_group}) return htmlfill.render(render('admin/repos/repo_add.html'), defaults=defaults, errors={}, prefix_error=False, encoding="UTF-8", force_defaults=False)
def __load_defaults(self, repo=None): top_perms = ['hg.create.repository'] if HasPermissionAny('hg.create.write_on_repogroup.true')(): repo_group_perm_level = 'write' else: repo_group_perm_level = 'admin' extras = [] if repo is None else [repo.group] c.repo_groups = AvailableRepoGroupChoices(top_perms, repo_group_perm_level, extras) c.landing_revs_choices, c.landing_revs = ScmModel( ).get_repo_landing_revs(repo)
def validate_python(self, value, state): gr = RepoGroup.get(value) gr_name = gr.group_name if gr is not None else None # None means ROOT location # create repositories with write permission on group is set to true create_on_write = HasPermissionAny( 'hg.create.write_on_repogroup.true')() group_admin = HasRepoGroupPermissionLevel('admin')( gr_name, 'can write into group validator') group_write = HasRepoGroupPermissionLevel('write')( gr_name, 'can write into group validator') forbidden = not (group_admin or (group_write and create_on_write)) can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository') gid = (old_data['repo_group'].get('group_id') if (old_data and 'repo_group' in old_data) else None) value_changed = gid != value new = not old_data # do check if we changed the value, there's a case that someone got # revoked write permissions to a repository, he still created, we # don't need to check permission if he didn't change the value of # groups in form box if value_changed or new: #parent group need to be existing if gr and forbidden: msg = self.message('permission_denied', state) raise formencode.Invalid(msg, value, state, error_dict=dict(repo_type=msg)) ## check if we can write to root location ! elif gr is None and not can_create_repos(): msg = self.message('permission_denied_root', state) raise formencode.Invalid(msg, value, state, error_dict=dict(repo_type=msg))
def new(self): if HasPermissionAny('hg.admin')('group create'): # we're global admin, we're ok and we can create TOP level groups pass else: # we pass in parent group into creation form, thus we know # what would be the group, we can check perms here ! group_id = safe_int(request.GET.get('parent_group')) group = RepoGroup.get(group_id) if group_id else None group_name = group.group_name if group else None if HasRepoGroupPermissionLevel('admin')(group_name, 'group create'): pass else: raise HTTPForbidden() self.__load_defaults() return render('admin/repo_groups/repo_group_add.html')
def update(self, group_name): c.repo_group = RepoGroup.guess_instance(group_name) self.__load_defaults(extras=[c.repo_group.parent_group], exclude=[c.repo_group]) # TODO: kill allow_empty_group - it is only used for redundant form validation! if HasPermissionAny('hg.admin')('group edit'): #we're global admin, we're ok and we can create TOP level groups allow_empty_group = True elif not c.repo_group.parent_group: allow_empty_group = True else: allow_empty_group = False repo_group_form = RepoGroupForm( edit=True, old_data=c.repo_group.get_dict(), repo_groups=c.repo_groups, can_create_in_root=allow_empty_group, )() try: form_result = repo_group_form.to_python(dict(request.POST)) new_gr = RepoGroupModel().update(group_name, form_result) Session().commit() h.flash(_('Updated repository group %s') \ % form_result['group_name'], category='success') # we now have new name ! group_name = new_gr.group_name #TODO: in future action_logger(, '', '', '') except formencode.Invalid as errors: c.active = 'settings' return htmlfill.render( render('admin/repo_groups/repo_group_edit.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8", force_defaults=False) except Exception: log.error(traceback.format_exc()) h.flash(_('Error occurred during update of repository group %s') \ % request.POST.get('group_name'), category='error') raise HTTPFound(location=url('edit_repo_group', group_name=group_name))