kallithea Files · scripts/generate-ini.py

Files @ 9f976d75b04c

Branch filter:

Location: kallithea/scripts/generate-ini.py - annotation

9f976d75b04c 1.5 KiB text/x-python Show Source Show as Raw Download as Raw

mads

auth: restore anonymous repository access

Dominik Ruf found that aa25ef34ebab introduced a regression in anonymous access
to repositories ... if that is enabled.

The refactoring was too strict when it missed that not all repo permission
checks require a logged in user. Read access can be granted to the default user
... but not write or admin.

Instead of the commands used in aa25ef34ebab, the following commands are used
to consistently also allow the default user in all decorators where we only need
repo read access:

# Introduce explicit allow_default_user=True - that was the default before aa25ef34ebab
sed -i 's/@LoginRequired()/@LoginRequired(allow_default_user=True)/g' `hg mani`
sed -i 's/@LoginRequired(\(..*\))/@LoginRequired(\1, allow_default_user=True)/g' `hg mani`
# The primary case: Replace @NotAnonymous with removal of allow_default_user=True
perl -0pi -e 's/\@LoginRequired\((?:(.*), )?allow_default_user=True\)\n\s*\@NotAnonymous\(\)/\@LoginRequired(\1)/g' `hg mani`
# If there is a global permission check, no anonymous is ever allowed
perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@HasPermission)/\@LoginRequired()\1/g' `hg mani`
# Repo access for write or admin also assume no default user
perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@HasRepoPermissionLevelDecorator\('"'(write|admin)'"'\))/\@LoginRequired()\1/g' `hg mani`

06d5c043e989
06d5c043e989
213085032127
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
e3cce237d77c
e3cce237d77c
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
fc6b1b0e1096
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
94f6b23e52d0
06d5c043e989
665dfa112f2c
06d5c043e989
06d5c043e989
06d5c043e989
06d5c043e989
665dfa112f2c
06d5c043e989
06d5c043e989
d06039dc4ca2
06d5c043e989
94f6b23e52d0
94f6b23e52d0
06d5c043e989
06d5c043e989
06d5c043e989

#!/usr/bin/env python2
"""
Based on kallithea/lib/paster_commands/template.ini.mako, generate
  development.ini
  kallithea/tests/test.ini
"""

import re

from kallithea.lib import inifile

# files to be generated from the mako template
ini_files = [
    ('development.ini',
        {
            '[server:main]': {
                'host': '0.0.0.0',
            },
            '[app:main]': {
                'initial_repo_scan': 'true',
                'debug': 'true',
                'app_instance_uuid': 'development-not-secret',
                'beaker.session.secret': 'development-not-secret',
            },
            '[handler_console]': {
                'formatter': 'color_formatter',
            },
            '[handler_console_sql]': {
                'formatter': 'color_formatter_sql',
            },
        },
    ),
]


def main():
    # make sure all mako lines starting with '#' (the '##' comments) are marked up as <text>
    makofile = inifile.template_file
    print 'reading:', makofile
    mako_org = open(makofile).read()
    mako_no_text_markup = re.sub(r'</?%text>', '', mako_org)
    mako_marked_up = re.sub(r'\n(##.*)', r'\n<%text>\1</%text>', mako_no_text_markup, flags=re.MULTILINE)
    if mako_marked_up != mako_org:
        print 'writing:', makofile
        open(makofile, 'w').write(mako_marked_up)

    # create ini files
    for fn, settings in ini_files:
        print 'updating:', fn
        inifile.create(fn, None, settings)


if __name__ == '__main__':
    main()