def AvailableRepoGroupChoices(top_perms, repo_group_perm_level, extras=()):
"""Return group_id,string tuples with choices for all the repo groups where
the user has the necessary permissions.
Top level is -1.
"""
groups = RepoGroup.query().all()
if HasPermissionAny('hg.admin')('available repo groups'):
groups.append(None)
else:
groups = list(RepoGroupList(groups, perm_level=repo_group_perm_level))
if top_perms and HasPermissionAny(*top_perms)('available repo groups'):
groups.append(None)
for extra in extras:
if not any(rg == extra for rg in groups):
groups.append(extra)
return RepoGroup.groups_choices(groups=groups)
def __load_defaults(self):
if HasPermissionAny('hg.create.write_on_repogroup.true')():
repo_group_perm_level = 'write'
else:
repo_group_perm_level = 'admin'
c.repo_groups = AvailableRepoGroupChoices(['hg.create.repository'],
repo_group_perm_level)
c.landing_revs_choices, c.landing_revs = ScmModel(
).get_repo_landing_revs()
c.can_update = Ui.get_by_key('hooks', Ui.HOOK_UPDATE).ui_active
def create_repository(self):
"""GET /_admin/create_repository: Form to create a new item"""
new_repo = request.GET.get('repo', '')
parent_group = request.GET.get('parent_group')
if not HasPermissionAny('hg.admin', 'hg.create.repository')():
#you're not super admin nor have global create permissions,
#but maybe you have at least write permission to a parent group ?
_gr = RepoGroup.get(parent_group)
gr_name = _gr.group_name if _gr else None
# create repositories with write permission on group is set to true
create_on_write = HasPermissionAny(
'hg.create.write_on_repogroup.true')()
group_admin = HasRepoGroupPermissionAny('group.admin')(
group_name=gr_name)
group_write = HasRepoGroupPermissionAny('group.write')(
group_name=gr_name)
if not (group_admin or (group_write and create_on_write)):
raise HTTPForbidden
acl_groups = RepoGroupList(RepoGroup.query().all(),
perm_set=['group.write', 'group.admin'])
c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
choices, c.landing_revs = ScmModel().get_repo_landing_revs()
c.new_repo = repo_name_slug(new_repo)
## apply the defaults from defaults page
defaults = Setting.get_default_repo_settings(strip_prefix=True)
if parent_group:
defaults.update({'repo_group': parent_group})
return htmlfill.render(render('admin/repos/repo_add.html'),
defaults=defaults,
errors={},
prefix_error=False,
encoding="UTF-8",
force_defaults=False)
def __load_defaults(self, repo=None):
top_perms = ['hg.create.repository']
if HasPermissionAny('hg.create.write_on_repogroup.true')():
repo_group_perm_level = 'write'
else:
repo_group_perm_level = 'admin'
extras = [] if repo is None else [repo.group]
c.repo_groups = AvailableRepoGroupChoices(top_perms,
repo_group_perm_level,
extras)
c.landing_revs_choices, c.landing_revs = ScmModel(
).get_repo_landing_revs(repo)
def validate_python(self, value, state):
gr = RepoGroup.get(value)
gr_name = gr.group_name if gr is not None else None # None means ROOT location
# create repositories with write permission on group is set to true
create_on_write = HasPermissionAny(
'hg.create.write_on_repogroup.true')()
group_admin = HasRepoGroupPermissionLevel('admin')(
gr_name, 'can write into group validator')
group_write = HasRepoGroupPermissionLevel('write')(
gr_name, 'can write into group validator')
forbidden = not (group_admin or (group_write and create_on_write))
can_create_repos = HasPermissionAny('hg.admin',
'hg.create.repository')
gid = (old_data['repo_group'].get('group_id') if
(old_data and 'repo_group' in old_data) else None)
value_changed = gid != value
new = not old_data
# do check if we changed the value, there's a case that someone got
# revoked write permissions to a repository, he still created, we
# don't need to check permission if he didn't change the value of
# groups in form box
if value_changed or new:
#parent group need to be existing
if gr and forbidden:
msg = self.message('permission_denied', state)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(repo_type=msg))
## check if we can write to root location !
elif gr is None and not can_create_repos():
msg = self.message('permission_denied_root', state)
raise formencode.Invalid(msg,
value,
state,
error_dict=dict(repo_type=msg))
def new(self):
if HasPermissionAny('hg.admin')('group create'):
# we're global admin, we're ok and we can create TOP level groups
pass
else:
# we pass in parent group into creation form, thus we know
# what would be the group, we can check perms here !
group_id = safe_int(request.GET.get('parent_group'))
group = RepoGroup.get(group_id) if group_id else None
group_name = group.group_name if group else None
if HasRepoGroupPermissionLevel('admin')(group_name, 'group create'):
pass
else:
raise HTTPForbidden()
self.__load_defaults()
return render('admin/repo_groups/repo_group_add.html')
def update(self, group_name):
c.repo_group = RepoGroup.guess_instance(group_name)
self.__load_defaults(extras=[c.repo_group.parent_group],
exclude=[c.repo_group])
# TODO: kill allow_empty_group - it is only used for redundant form validation!
if HasPermissionAny('hg.admin')('group edit'):
#we're global admin, we're ok and we can create TOP level groups
allow_empty_group = True
elif not c.repo_group.parent_group:
allow_empty_group = True
else:
allow_empty_group = False
repo_group_form = RepoGroupForm(
edit=True,
old_data=c.repo_group.get_dict(),
repo_groups=c.repo_groups,
can_create_in_root=allow_empty_group,
)()
try:
form_result = repo_group_form.to_python(dict(request.POST))
new_gr = RepoGroupModel().update(group_name, form_result)
Session().commit()
h.flash(_('Updated repository group %s') \
% form_result['group_name'], category='success')
# we now have new name !
group_name = new_gr.group_name
#TODO: in future action_logger(, '', '', '')
except formencode.Invalid as errors:
c.active = 'settings'
return htmlfill.render(
render('admin/repo_groups/repo_group_edit.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8",
force_defaults=False)
except Exception:
log.error(traceback.format_exc())
h.flash(_('Error occurred during update of repository group %s') \
% request.POST.get('group_name'), category='error')
raise HTTPFound(location=url('edit_repo_group', group_name=group_name))