opensourceprojects.eu / osp-allura / Diff of /Allura/allura/controllers/auth.py

Diff of /Allura/allura/controllers/auth.py [061ddb] .. [782ed5]

Switch to unified view


...
        if c.app is None or not getattr(c.app, 'repo'):
            return 'Cannot find repo at %s' % repo_path
        allura.tasks.repo_tasks.refresh.post()
        return '%r refresh queued.\n' % c.app.repo


    def _auth_repos(self, user):
        def _unix_group_name(neighborhood, shortname):
            'shameless copied from sfx_api.py'
            path = neighborhood.url_prefix + shortname[len(neighborhood.shortname_prefix):]
            parts = [ p for p in path.split('/') if p ]
            if len(parts) == 2 and parts[0] == 'p':
                parts = parts[1:]
            return '.'.join(reversed(parts))

        repos = []
        for p in user.my_projects():
            for app in p.app_configs:
                if not app.tool_name.lower() in ('git', 'hg', 'svn'):
                    continue
                if not has_access(app, 'write', user, p):
                    continue
                repos.append('/%s/%s/%s' % (
                    app.tool_name.lower(),
                    _unix_group_name(p.neighborhood, p.shortname),
                    app.options['mount_point']))
        repos.sort()
        return repos


    @expose('json:')
    def repo_permissions(self, repo_path=None, username=None, **kw):
        """Expects repo_path to be a filesystem path like
            <tool>/<project>.<neighborhood>/reponame[.git]
        unless the <neighborhood> is 'p', in which case it is
            <tool>/<project>/reponame[.git]

        Returns JSON describing this user's permissions on that repo.
        """
        disallow = dict(allow_read=False, allow_write=False, allow_create=False)



        # Find the user
        user = M.User.by_username(username)
        if not user:
            response.status=404
            return dict(disallow, error='unknown user')
        if not repo_path:
            return dict(allow_write=self._auth_repos(user))

        parts = [p for p in repo_path.split(os.path.sep) if p]
        # strip the tool name
        parts = parts[1:]
        if '.' in parts[0]:
            project, neighborhood = parts[0].split('.')
...
            (p._id, p) for p in M.Project.query.find(dict(
                    _id={'$in': [mb.project_id for mb in mailboxes ]})).ming_cursor)
        app_index = dict(
            (ac._id, ac) for ac in M.AppConfig.query.find(dict(
                    _id={'$in': [ mb.app_config_id for mb in mailboxes ] })).ming_cursor)

        for mb in mailboxes:
            project = projects.get(mb.project_id, None)
            app_config = app_index.get(mb.app_config_id, None)
            if project is None:
                mb.m.delete()
...
                    v = int(v)
                c.user.set_pref(k, v)
        if 'email_format' in preferences:
            c.user.set_pref('email_format', preferences['email_format'])
        redirect('.')

    @h.vardec
    @expose()
    @require_post()
    @validate(F.subscription_form, error_handler=index)
    def update_subscriptions(self, subscriptions=None, **kw):
...
        if tok is None:
            tok = M.ApiToken(user_id=c.user._id)
        else:
            tok.secret_key = h.cryptographic_nonce()
        redirect(request.referer)

    @expose()
    @require_post()
    def del_api_token(self):
        tok = M.ApiToken.query.get(user_id=c.user._id)
        if tok is None: return
        tok.delete()
        redirect(request.referer)

    @expose()
    @require_post()
    def revoke_oauth(self, _id=None):
        tok = M.OAuthAccessToken.query.get(_id=bson.ObjectId(_id))
        if tok is None:

	a/Allura/allura/controllers/auth.py		b/Allura/allura/controllers/auth.py
	...		...
204	if c.app is None or not getattr(c.app, 'repo'):	204	if c.app is None or not getattr(c.app, 'repo'):
205	return 'Cannot find repo at %s' % repo_path	205	return 'Cannot find repo at %s' % repo_path
206	allura.tasks.repo_tasks.refresh.post()	206	allura.tasks.repo_tasks.refresh.post()
207	return '%r refresh queued.\n' % c.app.repo	207	return '%r refresh queued.\n' % c.app.repo
208		208
		209
		210	def _auth_repos(self, user):
		211	def _unix_group_name(neighborhood, shortname):
		212	'shameless copied from sfx_api.py'
		213	path = neighborhood.url_prefix + shortname[len(neighborhood.shortname_prefix):]
		214	parts = [ p for p in path.split('/') if p ]
		215	if len(parts) == 2 and parts[0] == 'p':
		216	parts = parts[1:]
		217	return '.'.join(reversed(parts))
		218
		219	repos = []
		220	for p in user.my_projects():
		221	for app in p.app_configs:
		222	if not app.tool_name.lower() in ('git', 'hg', 'svn'):
		223	continue
		224	if not has_access(app, 'write', user, p):
		225	continue
		226	repos.append('/%s/%s/%s' % (
		227	app.tool_name.lower(),
		228	_unix_group_name(p.neighborhood, p.shortname),
		229	app.options['mount_point']))
		230	repos.sort()
		231	return repos
		232
		233
209	@expose('json:')	234	@expose('json:')
210	def repo_permissions(self, repo_path=None, username=None, **kw):	235	def repo_permissions(self, repo_path=None, username=None, **kw):
211	"""Expects repo_path to be a filesystem path like	236	"""Expects repo_path to be a filesystem path like
212	<tool>/<project>.<neighborhood>/reponame[.git]	237	<tool>/<project>.<neighborhood>/reponame[.git]
213	unless the <neighborhood> is 'p', in which case it is	238	unless the <neighborhood> is 'p', in which case it is
214	<tool>/<project>/reponame[.git]	239	<tool>/<project>/reponame[.git]
215		240
216	Returns JSON describing this user's permissions on that repo.	241	Returns JSON describing this user's permissions on that repo.
217	"""	242	"""
218	disallow = dict(allow_read=False, allow_write=False, allow_create=False)	243	disallow = dict(allow_read=False, allow_write=False, allow_create=False)
219	if not repo_path:
220	response.status=400
221	return dict(disallow, error='no path specified')
222	# Find the user	244	# Find the user
223	user = M.User.by_username(username)	245	user = M.User.by_username(username)
224	if not user:	246	if not user:
225	response.status=404	247	response.status=404
226	return dict(disallow, error='unknown user')	248	return dict(disallow, error='unknown user')
		249	if not repo_path:
		250	return dict(allow_write=self._auth_repos(user))
		251
227	parts = [p for p in repo_path.split(os.path.sep) if p]	252	parts = [p for p in repo_path.split(os.path.sep) if p]
228	# strip the tool name	253	# strip the tool name
229	parts = parts[1:]	254	parts = parts[1:]
230	if '.' in parts[0]:	255	if '.' in parts[0]:
231	project, neighborhood = parts[0].split('.')	256	project, neighborhood = parts[0].split('.')
	...		...
265	(p._id, p) for p in M.Project.query.find(dict(	290	(p._id, p) for p in M.Project.query.find(dict(
266	_id={'$in': [mb.project_id for mb in mailboxes ]})).ming_cursor)	291	_id={'$in': [mb.project_id for mb in mailboxes ]})).ming_cursor)
267	app_index = dict(	292	app_index = dict(
268	(ac._id, ac) for ac in M.AppConfig.query.find(dict(	293	(ac._id, ac) for ac in M.AppConfig.query.find(dict(
269	_id={'$in': [ mb.app_config_id for mb in mailboxes ] })).ming_cursor)	294	_id={'$in': [ mb.app_config_id for mb in mailboxes ] })).ming_cursor)
270		295
271	for mb in mailboxes:	296	for mb in mailboxes:
272	project = projects.get(mb.project_id, None)	297	project = projects.get(mb.project_id, None)
273	app_config = app_index.get(mb.app_config_id, None)	298	app_config = app_index.get(mb.app_config_id, None)
274	if project is None:	299	if project is None:
275	mb.m.delete()	300	mb.m.delete()
	...		...
336	v = int(v)	361	v = int(v)
337	c.user.set_pref(k, v)	362	c.user.set_pref(k, v)
338	if 'email_format' in preferences:	363	if 'email_format' in preferences:
339	c.user.set_pref('email_format', preferences['email_format'])	364	c.user.set_pref('email_format', preferences['email_format'])
340	redirect('.')	365	redirect('.')
341		366
342	@h.vardec	367	@h.vardec
343	@expose()	368	@expose()
344	@require_post()	369	@require_post()
345	@validate(F.subscription_form, error_handler=index)	370	@validate(F.subscription_form, error_handler=index)
346	def update_subscriptions(self, subscriptions=None, **kw):	371	def update_subscriptions(self, subscriptions=None, **kw):
	...		...
356	if tok is None:	381	if tok is None:
357	tok = M.ApiToken(user_id=c.user._id)	382	tok = M.ApiToken(user_id=c.user._id)
358	else:	383	else:
359	tok.secret_key = h.cryptographic_nonce()	384	tok.secret_key = h.cryptographic_nonce()
360	redirect(request.referer)	385	redirect(request.referer)
361		386
362	@expose()	387	@expose()
363	@require_post()	388	@require_post()
364	def del_api_token(self):	389	def del_api_token(self):
365	tok = M.ApiToken.query.get(user_id=c.user._id)	390	tok = M.ApiToken.query.get(user_id=c.user._id)
366	if tok is None: return	391	if tok is None: return
367	tok.delete()	392	tok.delete()
368	redirect(request.referer)	393	redirect(request.referer)
369		394
370	@expose()	395	@expose()
371	@require_post()	396	@require_post()
372	def revoke_oauth(self, _id=None):	397	def revoke_oauth(self, _id=None):
373	tok = M.OAuthAccessToken.query.get(_id=bson.ObjectId(_id))	398	tok = M.OAuthAccessToken.query.get(_id=bson.ObjectId(_id))
374	if tok is None:	399	if tok is None: