Changeset 64

Timestamp:

2009年02月24日 12时10分58秒 (3 years ago)

Author:

jiangx

Message:

Fixed #15: Repository admin has readonly access rights for role managemant and logs interface.

Location:

trunk/pysvnmanager

Files:

• controllers/authz.py (modified) (1 diff)
• controllers/logs.py (modified) (3 diffs)
• controllers/repos.py (modified) (1 diff)
• controllers/role.py (modified) (6 diffs)
• templates/logs/view.mako (modified) (1 diff)
• templates/role/index.mako (modified) (4 diffs)

trunk/pysvnmanager/controllers/authz.py

@@ -182 +182 @@
         try:
             if isAddRepos:
-                if not self.is_super_user:
-                    raise Exception("Access denied.")
+                assert self.is_super_user
                 repos = self.authz.add_repos(reposname)
             else:
                 repos = self.authz.get_repos(reposname)
                 if not repos:
-                    if not self.is_super_user:
-                        raise Exception("Access denied.")
+                    assert self.is_super_user
                     log.warning("Repos '%s' not exists. Create authz config automatically." % reposname)
                     repos = self.authz.add_repos(reposname)

trunk/pysvnmanager/controllers/logs.py

@@ -34 +34 @@
         # Default logs per page is 10
         self.rcslog.log_per_page = cfg.log_per_page
+        self.is_super_user = self.authz.is_super_user(self.login_as)
+        self.own_reposlist = set(self.authz.get_manageable_repos_list(self.login_as))
     
     def __before__(self, action):
         super(LogsController, self).__before__(action)
-        if not self.authz.is_super_user(self.login_as):
+        if not self.own_reposlist and not self.is_super_user:
             return redirect_to(h.url_for(controller='security', action='failed'))
     
@@ -161 +163 @@
         c.contents = self.rcslog.cat(id)
         c.log = self.rcslog.get_logs(id, id)[0]
-        if self.rcslog.head == id:
+        if self.rcslog.head != id and self.is_super_user:
             c.rollback_enabled = True
         else:
@@ -168 +170 @@
     
     def rollback(self, id):
+        assert self.is_super_user
         log_message = _("Rollback successfully to revision: %s") % id
         try:

trunk/pysvnmanager/controllers/repos.py

@@ -60 +60 @@
 
     def validate_repos(self, reposname):
-        if reposname not in self.own_reposlist and not self.is_super_user:
-            raise Exception("Access denied.")
+        assert reposname in self.own_reposlist or self.is_super_user
 
     def init_repos_list(self):

trunk/pysvnmanager/controllers/role.py

@@ -35 +35 @@
         self.userlist = map(lambda x:x.uname, self.authz.userlist)
         self.grouplist = map(lambda x:x.uname, self.authz.grouplist)
+        self.is_super_user = self.authz.is_super_user(self.login_as)
+        self.own_reposlist = self.authz.get_manageable_repos_list(self.login_as)
 
     def __before__(self, action):
         super(RoleController, self).__before__(action)
-        if not self.authz.is_super_user(self.login_as):
+        if not self.own_reposlist and not self.is_super_user:
             return redirect_to(h.url_for(controller='security', action='failed'))
 
@@ -46 +48 @@
         c.userlist = self.userlist
         c.grouplist = self.grouplist
+        c.is_super_user = self.is_super_user
         return render('/role/index.mako')
     
@@ -102 +105 @@
         
     def save_group(self):
+        assert self.is_super_user
         d = request.params
         member_list = []
@@ -133 +137 @@
     
     def delete_group(self):
+        assert self.is_super_user
         d = request.params
         rolename = d.get('role')
@@ -154 +159 @@
         
     def save_alias(self):
+        assert self.is_super_user
         d = request.params
         aliasname = d.get('aliasname')
@@ -175 +181 @@
     
     def delete_alias(self):
+        assert self.is_super_user
         d = request.params
         aliasname = d.get('aliasname')

trunk/pysvnmanager/templates/logs/view.mako

@@ -14 +14 @@
 
 <form name="main_form" action="${h.url_for(action='rollback')}" onsubmit="return confirm('${_("Rollback to this revision, are you sure?")}');">
-% if not c.rollback_enabled:
+% if c.rollback_enabled:
   <input type="submit" name="submit" value='${_("Rollback to this revision")}'>
   &nbsp;&nbsp;&nbsp;&nbsp;

trunk/pysvnmanager/templates/role/index.mako

@@ -602 +602 @@
 function enable_save_btn()
 {
+% if c.is_super_user:
         document.main_form.save_btn.disabled = false;
+% else:
+    ;
+% endif 
 }
 
@@ -612 +616 @@
 function enable_delete_btn()
 {
+% if c.is_super_user:
         document.main_form.delete_btn.disabled = false;
+% else:
+    ;
+% endif 
 }
 
@@ -632 +640 @@
 ${_("Select a role name:")}
     ${h.select("role_list", "", role_list_opts, onChange='role_changed()')}
-<a href="#" onclick='new_group()'>[+${_("New Group")}]</a>
-<a href="#" onclick='new_alias()'>[+${_("New Alias")}]</a>
+% if c.is_super_user:
+    <a href="#" onclick='new_group()'>[+${_("New Group")}]</a>
+    <a href="#" onclick='new_alias()'>[+${_("New Alias")}]</a>
+% endif
 </div>
 
@@ -706 +716 @@
 <div id='action_box' style="position:relative;" class=gainlayout>
         <input type="hidden" name="rolename">
-    <input type="button" name="save_btn"   value='${_("Save")}' onClick="do_save(this.form)">
-    <input type="button" name="delete_btn" value='${_("Delete")}' onClick="do_delete(this.form)">
-    <input type="button" name="cancel_btn" value='${_("Cancel")}' onClick="role_changed()">
+    <input type="button" name="save_btn"   value='${_("Save")}'  onClick="do_save(this.form)" ${c.is_super_user or "DISABLED"}>
+    <input type="button" name="delete_btn" value='${_("Delete")}' onClick="do_delete(this.form)" ${c.is_super_user or "DISABLED"}>
+    <input type="button" name="cancel_btn" value='${_("Cancel")}' onClick="role_changed()" ${c.is_super_user or "DISABLED"}>
 </div>
 <!-- end: action_box -->