kallithea Changeset - 959a9fa7d1a1

Changeset - 959a9fa7d1a1

Parent rev.

Child rev.

[Not reviewed]

default

0 9 0

Mads Kiilerich - 11 years ago 2015-03-27 16:25:27
madski@unity3d.com

controllers: remove old auth_token checks - it was only partial CSRF protection

9 files changed with 38 insertions and 73 deletions:

kallithea/controllers/admin/repos.py

kallithea/controllers/journal.py

kallithea/lib/helpers.py

kallithea/public/js/base.js

kallithea/templates/admin/repos/repo_edit_advanced.html

kallithea/templates/base/base.html

kallithea/templates/data_table/_dt_elements.html

kallithea/templates/summary/summary.html

kallithea/tests/functional/test_journal.py

0 comments (0 inline, 0 general)

kallithea/controllers/admin/repos.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 kallithea.controllers.admin.repos
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Repositories controller for Kallithea
 This file was forked by the Kallithea project in July 2014.
 Original author and date, and relevant copyright and licensing information is below:
 :created_on: Apr 7, 2010
 :author: marcink
 :copyright: (c) 2013 RhodeCode GmbH, and others.
 :license: GPLv3, see LICENSE.md for more details.
 """
 import logging
 import traceback
 import formencode
 from formencode import htmlfill
 from webob.exc import HTTPInternalServerError, HTTPForbidden, HTTPNotFound
 from pylons import request, tmpl_context as c, url
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 from sqlalchemy.sql.expression import func
 from kallithea.lib import helpers as h
 from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasRepoPermissionAllDecorator, NotAnonymous,HasPermissionAny, \
     HasRepoGroupPermissionAny, HasRepoPermissionAnyDecorator
 from kallithea.lib.base import BaseRepoController, render
 from kallithea.lib.utils import action_logger, repo_name_slug, jsonify
 from kallithea.lib.helpers import get_token
 from kallithea.lib.vcs import RepositoryError
 from kallithea.model.meta import Session
 from kallithea.model.db import User, Repository, UserFollowing, RepoGroup,\
     Setting, RepositoryField
 from kallithea.model.forms import RepoForm, RepoFieldForm, RepoPermsForm
 from kallithea.model.scm import ScmModel, RepoGroupList, RepoList
 from kallithea.model.repo import RepoModel
 from kallithea.lib.compat import json
 from kallithea.lib.exceptions import AttachedForksError
 from kallithea.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
 class ReposController(BaseRepoController):
     """
     REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('repo', 'repos')
     @LoginRequired()
     def __before__(self):
         super(ReposController, self).__before__()
     def _load_repo(self, repo_name):
         repo_obj = Repository.get_by_repo_name(repo_name)
         if repo_obj is None:
             h.not_mapped_error(repo_name)
             return redirect(url('repos'))
         return repo_obj
     def __load_defaults(self, repo=None):
         acl_groups = RepoGroupList(RepoGroup.query().all(),
                                perm_set=['group.write', 'group.admin'])
         c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         # in case someone no longer have a group.write access to a repository
         # pre fill the list with this entry, we don't care if this is the same
         # but it will allow saving repo data properly.
         repo_group = None
         if repo:
             repo_group = repo.group
         if repo_group and unicode(repo_group.group_id) not in c.repo_groups_choices:
@@ @@ -471,113 +470,107 @@ class ReposController(BaseRepoController @@
         try:
             Session().delete(field)
             Session().commit()
         except Exception, e:
             log.error(traceback.format_exc())
             msg = _('An error occurred during removal of field')
             h.flash(msg, category='error')
         return redirect(url('edit_repo_fields', repo_name=repo_name))
     @HasRepoPermissionAllDecorator('repository.admin')
     def edit_advanced(self, repo_name):
         """GET /repo_name/settings: Form to edit an existing item"""
         # url('edit_repo', repo_name=ID)
         c.repo_info = self._load_repo(repo_name)
         c.default_user_id = User.get_default_user().user_id
         c.in_public_journal = UserFollowing.query()\
             .filter(UserFollowing.user_id == c.default_user_id)\
             .filter(UserFollowing.follows_repository == c.repo_info).scalar()
         _repos = Repository.query().order_by(Repository.repo_name).all()
         read_access_repos = RepoList(_repos)
         c.repos_list = [(None, _('-- Not a fork --'))]
         c.repos_list += [(x.repo_id, x.repo_name)
                          for x in read_access_repos
                          if x.repo_id != c.repo_info.repo_id]
         defaults = {
             'id_fork_of': c.repo_info.fork.repo_id if c.repo_info.fork else ''
+        }
         c.active = 'advanced'
         if request.POST:
             return redirect(url('repo_edit_advanced'))
         return htmlfill.render(
             render('admin/repos/repo_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False)
     @HasRepoPermissionAllDecorator('repository.admin')
     def edit_advanced_journal(self, repo_name):
         """
         Sets this repository to be visible in public journal,
         in other words asking default user to follow this repo
         :param repo_name:
         """
         cur_token = request.POST.get('auth_token')
         token = get_token()
         if cur_token == token:
             try:
                 repo_id = Repository.get_by_repo_name(repo_name).repo_id
                 user_id = User.get_default_user().user_id
                 self.scm_model.toggle_following_repo(repo_id, user_id)
                 h.flash(_('Updated repository visibility in public journal'),
                         category='success')
                 Session().commit()
             except Exception:
                 h.flash(_('An error occurred during setting this'
                           ' repository in public journal'),
                         category='error')
         else:
             h.flash(_('Token mismatch'), category='error')
         try:
             repo_id = Repository.get_by_repo_name(repo_name).repo_id
             user_id = User.get_default_user().user_id
             self.scm_model.toggle_following_repo(repo_id, user_id)
             h.flash(_('Updated repository visibility in public journal'),
                     category='success')
             Session().commit()
         except Exception:
             h.flash(_('An error occurred during setting this'
                       ' repository in public journal'),
                     category='error')
         return redirect(url('edit_repo_advanced', repo_name=repo_name))
     @HasRepoPermissionAllDecorator('repository.admin')
     def edit_advanced_fork(self, repo_name):
         """
         Mark given repository as a fork of another
         :param repo_name:
         """
         try:
             fork_id = request.POST.get('id_fork_of')
             repo = ScmModel().mark_as_fork(repo_name, fork_id,
                                            self.authuser.username)
             fork = repo.fork.repo_name if repo.fork else _('Nothing')
             Session().commit()
             h.flash(_('Marked repo %s as fork of %s') % (repo_name, fork),
                     category='success')
         except RepositoryError, e:
             log.error(traceback.format_exc())
             h.flash(str(e), category='error')
         except Exception, e:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during this operation'),
                     category='error')
         return redirect(url('edit_repo_advanced', repo_name=repo_name))
     @HasRepoPermissionAllDecorator('repository.admin')
     def edit_advanced_locking(self, repo_name):
         """
         Unlock repository when it is locked !
         :param repo_name:
         """
         try:
             repo = Repository.get_by_repo_name(repo_name)
             if request.POST.get('set_lock'):
                 Repository.lock(repo, c.authuser.user_id)
                 h.flash(_('Locked repository'), category='success')
             elif request.POST.get('set_unlock'):
                 Repository.unlock(repo)
                 h.flash(_('Unlocked repository'), category='success')
         except Exception, e:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during unlocking'),
                     category='error')
         return redirect(url('edit_repo_advanced', repo_name=repo_name))

kallithea/controllers/journal.py

➞

Show inline comments

@@ @@ -259,121 +259,116 @@ class JournalController(BaseController): @@
             row = {
                 "menu": quick_menu(repo.repo_name),
                 "raw_name": repo.repo_name.lower(),
                 "name": repo_lnk(repo.repo_name, repo.repo_type,
                                  repo.repo_state, repo.private, repo.fork),
                 "last_changeset": last_rev(repo.repo_name, cs_cache),
                 "last_rev_raw": cs_cache.get('revision'),
                 "action": toogle_follow(repo.repo_id)
+            }
             watched_repos_data.append(row)
         c.watched_data = json.dumps({
             "totalRecords": len(c.following),
             "startIndex": 0,
             "sort": "name",
             "dir": "asc",
             "records": watched_repos_data
         })
         return render('journal/journal.html')
     @LoginRequired(api_access=True)
     @NotAnonymous()
     def journal_atom(self):
         """
         Produce an atom-1.0 feed via feedgenerator module
         """
         following = self.sa.query(UserFollowing)\
             .filter(UserFollowing.user_id == self.authuser.user_id)\
             .options(joinedload(UserFollowing.follows_repository))\
             .all()
         return self._atom_feed(following, public=False)
     @LoginRequired(api_access=True)
     @NotAnonymous()
     def journal_rss(self):
         """
         Produce an rss feed via feedgenerator module
         """
         following = self.sa.query(UserFollowing)\
             .filter(UserFollowing.user_id == self.authuser.user_id)\
             .options(joinedload(UserFollowing.follows_repository))\
             .all()
         return self._rss_feed(following, public=False)
     @LoginRequired()
     @NotAnonymous()
     def toggle_following(self):
         cur_token = request.POST.get('auth_token')
         token = h.get_token()
         if cur_token == token:
         user_id = request.POST.get('follows_user_id')
         if user_id:
             try:
                 self.scm_model.toggle_following_user(user_id,
                                             self.authuser.user_id)
                 Session.commit()
                 return 'ok'
             except Exception:
                 log.error(traceback.format_exc())
                 raise HTTPBadRequest()
             user_id = request.POST.get('follows_user_id')
             if user_id:
                 try:
                     self.scm_model.toggle_following_user(user_id,
                                                 self.authuser.user_id)
                     Session.commit()
                     return 'ok'
                 except Exception:
                     log.error(traceback.format_exc())
                     raise HTTPBadRequest()
         repo_id = request.POST.get('follows_repo_id')
         if repo_id:
             try:
                 self.scm_model.toggle_following_repo(repo_id,
                                             self.authuser.user_id)
                 Session.commit()
                 return 'ok'
             except Exception:
                 log.error(traceback.format_exc())
                 raise HTTPBadRequest()
             repo_id = request.POST.get('follows_repo_id')
             if repo_id:
                 try:
                     self.scm_model.toggle_following_repo(repo_id,
                                                 self.authuser.user_id)
                     Session.commit()
                     return 'ok'
                 except Exception:
                     log.error(traceback.format_exc())
                     raise HTTPBadRequest()
         log.debug('token mismatch %s vs %s' % (cur_token, token))
         raise HTTPBadRequest()
     @LoginRequired()
     def public_journal(self):
         # Return a rendered template
         p = safe_int(request.GET.get('page', 1), 1)
         c.following = self.sa.query(UserFollowing)\
             .filter(UserFollowing.user_id == self.authuser.user_id)\
             .options(joinedload(UserFollowing.follows_repository))\
             .all()
         journal = self._get_journal_data(c.following)
         c.journal_pager = Page(journal, page=p, items_per_page=20)
         c.journal_day_aggreagate = self._get_daily_aggregate(c.journal_pager)
         if request.environ.get('HTTP_X_PARTIAL_XHR'):
             return render('journal/journal_data.html')
         return render('journal/public_journal.html')
     @LoginRequired(api_access=True)
     def public_journal_atom(self):
         """
         Produce an atom-1.0 feed via feedgenerator module
         """
         c.following = self.sa.query(UserFollowing)\
             .filter(UserFollowing.user_id == self.authuser.user_id)\
             .options(joinedload(UserFollowing.follows_repository))\
             .all()
         return self._atom_feed(c.following)
     @LoginRequired(api_access=True)
     def public_journal_rss(self):
         """
         Produce an rss2 feed via feedgenerator module
         """
         c.following = self.sa.query(UserFollowing)\
             .filter(UserFollowing.user_id == self.authuser.user_id)\
             .options(joinedload(UserFollowing.follows_repository))\
             .all()
         return self._rss_feed(c.following)

kallithea/lib/helpers.py

➞

Show inline comments

@@ @@ -89,113 +89,96 @@ def canonical_hostname(): @@
         parts = url('home', qualified=True).split('://', 1)
         return parts[1].split('/', 1)[0]
 def html_escape(text, html_escape_table=None):
     """Produce entities within text."""
     if not html_escape_table:
         html_escape_table = {
             "&": "&amp;",
             '"': "&quot;",
             "'": "&apos;",
             ">": "&gt;",
             "<": "&lt;",
+        }
     return "".join(html_escape_table.get(c, c) for c in text)
 def shorter(text, size=20):
     postfix = '...'
     if len(text) > size:
         return text[:size - len(postfix)] + postfix
     return text
 def _reset(name, value=None, id=NotGiven, type="reset", **attrs):
     """
     Reset button
     """
     _set_input_attrs(attrs, type, name, value)
     _set_id_attr(attrs, id, name)
     convert_boolean_attrs(attrs, ["disabled"])
     return HTML.input(**attrs)
 reset = _reset
 safeid = _make_safe_id_component
 def FID(raw_id, path):
     """
     Creates a unique ID for filenode based on it's hash of path and revision
     it's safe to use in urls
     :param raw_id:
     :param path:
     """
     return 'C-%s-%s' % (short_id(raw_id), md5(safe_str(path)).hexdigest()[:12])
 def get_token():
     """Return the current authentication token, creating one if one doesn't
     already exist.
     """
     token_key = "_authentication_token"
     from pylons import session
     if not token_key in session:
         try:
             token = hashlib.sha1(str(random.getrandbits(128))).hexdigest()
         except AttributeError:  # Python < 2.4
             token = hashlib.sha1(str(random.randrange(2 ** 128))).hexdigest()
         session[token_key] = token
         if hasattr(session, 'save'):
             session.save()
     return session[token_key]
 class _GetError(object):
     """Get error from form_errors, and represent it as span wrapped error
     message
     :param field_name: field to fetch errors for
     :param form_errors: form errors dict
     """
     def __call__(self, field_name, form_errors):
         tmpl = """<span class="error_msg">%s</span>"""
         if form_errors and field_name in form_errors:
             return literal(tmpl % form_errors.get(field_name))
 get_error = _GetError()
 class _ToolTip(object):
     def __call__(self, tooltip_title, trim_at=50):
         """
         Special function just to wrap our text into nice formatted
         autowrapped text
         :param tooltip_title:
         """
         tooltip_title = escape(tooltip_title)
         tooltip_title = tooltip_title.replace('<', '&lt;').replace('>', '&gt;')
         return tooltip_title
 tooltip = _ToolTip()
 class _FilesBreadCrumbs(object):
     def __call__(self, repo_name, rev, paths):
         if isinstance(paths, str):
             paths = safe_unicode(paths)
         url_l = [link_to(repo_name, url('files_home',
                                         repo_name=repo_name,
                                         revision=rev, f_path=''),
                          class_='ypjax-link')]
         paths_l = paths.split('/')
         for cnt, p in enumerate(paths_l):
             if p != '':
                 url_l.append(link_to(p,
                                      url('files_home',
                                          repo_name=repo_name,
                                          revision=rev,
                                          f_path='/'.join(paths_l[:cnt + 1])

kallithea/public/js/base.js

➞

Show inline comments

@@ @@ -413,110 +413,106 @@ var show_more_event = function(){ @@
     $('.show_more').click(function(e){
         var el = e.currentTarget;
         $('#' + el.id.substring(1)).hide();
         $(el.parentNode).show();
     });
 };
 /**
  * activate .lazy-cs mouseover for showing changeset tooltip
  */
 var show_changeset_tooltip = function(){
     $('.lazy-cs').mouseover(function(e){
         var $target = $(e.currentTarget);
         var rid = $target.attr('raw_id');
         var repo_name = $target.attr('repo_name');
         if(rid && !$target.hasClass('tooltip')){
             _show_tooltip(e, _TM['loading ...']);
             var url = pyroutes.url('changeset_info', {"repo_name": repo_name, "revision": rid});
             ajaxGET(url, function(json){
                     $target.addClass('tooltip')
                     _show_tooltip(e, json['message']);
                     _activate_tooltip($target);
                 });
+        }
     });
 };
 var _onSuccessFollow = function(target){
     var $target = $(target);
     var $f_cnt = $('#current_followers_count');
     if($target.hasClass('follow')){
         $target.attr('class', 'following');
         $target.attr('title', _TM['Stop following this repository']);
         if($f_cnt.html()){
             var cnt = Number($f_cnt.html())+1;
             $f_cnt.html(cnt);
+        }
+    }
     else{
         $target.attr('class', 'follow');
         $target.attr('title', _TM['Start following this repository']);
         if($f_cnt.html()){
             var cnt = Number($f_cnt.html())-1;
             $f_cnt.html(cnt);
+        }
+    }
+}
-var toggleFollowingRepo = function(target, follows_repo_id, token, user_id){
 var toggleFollowingRepo = function(target, follows_repo_id){
     var args = 'follows_repo_id=' + follows_repo_id;
     args += '&amp;auth_token=' + token;
     if(user_id != undefined){
         args +="&amp;user_id=" + user_id;
+    }
     $.post(TOGGLE_FOLLOW_URL, args, function(data){
             _onSuccessFollow(target);
         });
     return false;
 };
 var showRepoSize = function(target, repo_name, token){
     var args = 'auth_token=' + token;
 var showRepoSize = function(target, repo_name){
     var args = '';
     if(!$("#" + target).hasClass('loaded')){
         $("#" + target).html(_TM['Loading ...']);
         var url = pyroutes.url('repo_size', {"repo_name":repo_name});
         $.post(url, args, function(data) {
             $("#" + target).html(data);
             $("#" + target).addClass('loaded');
         });
+    }
     return false;
 };
 /**
  * tooltips
  */
 var tooltip_activate = function(){
     $(document).ready(_init_tooltip);
 };
 var _activate_tooltip = function($tt){
     $tt.mouseover(_show_tooltip);
     $tt.mousemove(_move_tooltip);
     $tt.mouseout(_close_tooltip);
 };
 var _init_tooltip = function(){
     var $tipBox = $('#tip-box');
     if(!$tipBox.length){
         $tipBox = $('<div id="tip-box"></div>')
         $(document.body).append($tipBox);
+    }
     $tipBox.hide();
     $tipBox.css('position', 'absolute');
     $tipBox.css('max-width', '600px');
     _activate_tooltip($('.tooltip'));
 };
 var _show_tooltip = function(e, tipText){
     e.stopImmediatePropagation();
     var el = e.currentTarget;
     if(tipText){
         // just use it
     } else if(el.tagName.toLowerCase() === 'img'){
         tipText = el.alt ? el.alt : '';
     } else {

kallithea/templates/admin/repos/repo_edit_advanced.html

➞

Show inline comments

 <h3>${_('Parent')}</h3>
 ${h.form(url('edit_repo_advanced_fork', repo_name=c.repo_info.repo_name), method='put')}
 <div class="form">
        ${h.select('id_fork_of','',c.repos_list,class_="medium")}
        ${h.submit('set_as_fork_%s' % c.repo_info.repo_name,_('Set'),class_="btn btn-small")}
        <div class="field" style="border:none;color:#888">
        <ul>
             <li>${_('''Manually set this repository as a fork of another from the list.''')}</li>
        </ul>
        </div>
 </div>
 ${h.end_form()}
 <script>
     $(document).ready(function(){
         $("#id_fork_of").select2({
             'dropdownAutoWidth': true
         });
     })
 </script>
 <h3>${_('Public Journal Visibility')}</h3>
 ${h.form(url('edit_repo_advanced_journal', repo_name=c.repo_info.repo_name), method='put')}
 <div class="form">
   ${h.hidden('auth_token',str(h.get_token()))}
   <div class="field">
   %if c.in_public_journal:
     <button class="btn btn-small" type="submit">
         <i class="icon-minus"></i>
         ${_('Remove from public journal')}
     </button>
   %else:
     <button class="btn btn-small" type="submit">
         <i class="icon-plus"></i>
         ${_('Add to Public Journal')}
     </button>
   %endif
   </div>
  <div class="field" style="border:none;color:#888">
  <ul>
       <li>${_('All actions done in this repository will be visible to everyone in the public journal.')}</li>
  </ul>
  </div>
 </div>
 ${h.end_form()}
 <h3>${_('Change Locking')}</h3>
 ${h.form(url('edit_repo_advanced_locking', repo_name=c.repo_info.repo_name), method='put')}
 <div class="form">
       %if c.repo_info.locked[0]:
         ${h.hidden('set_unlock', '1')}
         <button class="btn btn-small" type="submit"
                 onclick="return confirm('${_('Confirm to unlock repository.')}');">
             <i class="icon-lock-open-alt"></i>
             ${_('Unlock Repository')}
         </button>
        ${'Locked by %s on %s' % (h.person_by_id(c.repo_info.locked[0]),h.fmt_date(h.time_to_datetime(c.repo_info.locked[1])))}
       %else:
         ${h.hidden('set_lock', '1')}
         <button class="btn btn-small" type="submit"
                 onclick="return confirm('${_('Confirm to lock repository.')}');">
             <i class="icon-lock"></i>
             ${_('Lock Repository')}
         </button>
         ${_('Repository is not locked')}
       %endif
    <div class="field" style="border:none;color:#888">
    <ul>
         <li>${_('Force locking on the repository. Works only when anonymous access is disabled. Triggering a pull locks the repository.  The user who is pulling locks the repository; only the user who pulled and locked it can unlock it by doing a push.')}
         </li>
    </ul>
    </div>
 </div>

kallithea/templates/base/base.html

➞

Show inline comments

@@ @@ -131,97 +131,97 @@ @@
         ${h.link_to(_(u'Repositories'),h.url('home'))}
         &raquo;
         ${h.repo_link(c.db_repo.groups_and_repo)}
       </div>
       -->
       <ul id="context-pages" class="horizontal-list">
         <li ${is_current('summary')}><a href="${h.url('summary_home', repo_name=c.repo_name)}"><i class="icon-doc-text"></i> ${_('Summary')}</a></li>
         %if rev:
         <li ${is_current('changelog')}><a href="${h.url('changelog_file_home', repo_name=c.repo_name, revision=rev, f_path='')}"><i class="icon-clock"></i> ${_('Changelog')}</a></li>
         %else:
         <li ${is_current('changelog')}><a href="${h.url('changelog_home', repo_name=c.repo_name)}"><i class="icon-clock"></i> ${_('Changelog')}</a></li>
         %endif
         <li ${is_current('files')}><a href="${h.url('files_home', repo_name=c.repo_name, revision=rev or 'tip')}"><i class="icon-doc-inv"></i> ${_('Files')}</a></li>
         <li ${is_current('switch-to')}>
           <a href="#" id="branch_tag_switcher_2" class="dropdown"><i class="icon-exchange"></i> ${_('Switch To')}</a>
           <ul id="switch_to_list_2" class="switch_to submenu">
             <li><a href="#">${_('Loading...')}</a></li>
           </ul>
         </li>
         <li ${is_current('options')}>
              %if h.HasRepoPermissionAll('repository.admin')(c.repo_name):
                <a href="${h.url('edit_repo',repo_name=c.repo_name)}" class="dropdown"><i class="icon-wrench"></i> ${_('Options')}</a>
              %else:
                <a href="#" class="dropdown"><i class="icon-wrench"></i> ${_('Options')}</a>
              %endif
           <ul>
              %if h.HasRepoPermissionAll('repository.admin')(c.repo_name):
                    <li><a href="${h.url('edit_repo',repo_name=c.repo_name)}"><i class="icon-gear"></i> ${_('Settings')}</a></li>
              %endif
               %if c.db_repo.fork:
                <li><a href="${h.url('compare_url',repo_name=c.db_repo.fork.repo_name,org_ref_type=c.db_repo.landing_rev[0],org_ref_name=c.db_repo.landing_rev[1], other_repo=c.repo_name,other_ref_type='branch' if request.GET.get('branch') else c.db_repo.landing_rev[0],other_ref_name=request.GET.get('branch') or c.db_repo.landing_rev[1], merge=1)}">
                    <i class="icon-git-compare"></i> ${_('Compare Fork')}</a></li>
               %endif
               <li><a href="${h.url('compare_home',repo_name=c.repo_name)}"><i class="icon-git-compare"></i> ${_('Compare')}</a></li>
               <li><a href="${h.url('search_repo',repo_name=c.repo_name)}"><i class="icon-search"></i> ${_('Search')}</a></li>
               %if h.HasRepoPermissionAny('repository.write','repository.admin')(c.repo_name) and c.db_repo.enable_locking:
                 %if c.db_repo.locked[0]:
                   <li><a href="${h.url('toggle_locking', repo_name=c.repo_name)}"><i class="icon-lock"></i> ${_('Unlock')}</a></li>
                 %else:
                   <li><a href="${h.url('toggle_locking', repo_name=c.repo_name)}"><i class="icon-lock-open-alt"></i> ${_('Lock')}</li>
                 %endif
               %endif
               ## TODO: this check feels wrong, it would be better to have a check for permissions
               ## also it feels like a job for the controller
               %if c.authuser.username != 'default':
                   <li>
-                   <a class="${follow_class()}" onclick="javascript:toggleFollowingRepo(this,${c.db_repo.repo_id},'${str(h.get_token())}');">
                    <a class="${follow_class()}" onclick="javascript:toggleFollowingRepo(this,${c.db_repo.repo_id});">
                     <span class="show-follow"><i class="icon-heart-empty"></i> ${_('Follow')}</span>
                     <span class="show-following"><i class="icon-heart"></i> ${_('Unfollow')}</span>
                   </a>
                   </li>
                   <li><a href="${h.url('repo_fork_home',repo_name=c.repo_name)}"><i class="icon-git-pull-request"></i> ${_('Fork')}</a></li>
                   <li><a href="${h.url('pullrequest_home',repo_name=c.repo_name)}"><i class="icon-git-pull-request"></i> ${_('Create Pull Request')}</a></li>
               %endif
              </ul>
         </li>
         <li ${is_current('showpullrequest')}>
           <a href="${h.url('pullrequest_show_all',repo_name=c.repo_name)}" title="${_('Show Pull Requests for %s') % c.repo_name}"> <i class="icon-git-pull-request"></i> ${_('Pull Requests')}
             %if c.repository_pull_requests:
               <span>${c.repository_pull_requests}</span>
             %endif
           </a>
         </li>
       </ul>
   </div>
   <script type="text/javascript">
       YUE.on('branch_tag_switcher_2','mouseover',function(){
          var $branch_tag_switcher_2 = $('#branch_tag_switcher_2');
          var loaded = $branch_tag_switcher_2.hasClass('loaded');
          if(!loaded){
              $branch_tag_switcher_2.addClass('loaded');
              asynchtml("${h.url('branch_tag_switcher',repo_name=c.repo_name)}", $('#switch_to_list_2'));
+         }
          return false;
       });
   </script>
   <!--- END CONTEXT BAR -->
 </%def>
 <%def name="menu(current=None)">
   <%
   def is_current(selected):
       if selected == current:
           return h.literal('class="current"')
   %>
   <ul id="quick" class="horizontal-list">
     <!-- repo switcher -->
     <li ${is_current('repositories')}>
       <input id="repo_switcher" name="repo_switcher" type="hidden">
     </li>
     ##ROOT MENU
     %if c.authuser.username != 'default':
       <li ${is_current('journal')}>

kallithea/templates/data_table/_dt_elements.html

➞

Show inline comments

@@ @@ -167,51 +167,51 @@ @@
      ${h.submit('edit_%s' % user_group_name,_('edit'),class_="action_button", id_="submit_user_group_edit")}
     </a>
  </div>
  <div style="float:left" class="grid_delete">
     ${h.form(h.url('users_group', id=user_group_id),method='delete')}
       <i class="icon-minus-circled" style="color:#FF4444"></i>
       ${h.submit('remove_',_('delete'),id="remove_group_%s" % user_group_id, class_="action_button",
       onclick="return confirm('"+_('Confirm to delete this user group: %s') % user_group_name+"');")}
     ${h.end_form()}
  </div>
 </%def>
 <%def name="repo_group_actions(repo_group_id, repo_group_name, gr_count)">
  <div style="float:left" class="grid_edit">
     <a href="${h.url('edit_repo_group',group_name=repo_group_name)}" title="${_('Edit')}">
     <i class="icon-pencil"></i>
      ${h.submit('edit_%s' % repo_group_name, _('edit'),class_="action_button")}
     </a>
  </div>
  <div style="float:left" class="grid_delete">
     ${h.form(h.url('repos_group', group_name=repo_group_name),method='delete')}
         <i class="icon-minus-circled" style="color:#FF4444"></i>
         ${h.submit('remove_%s' % repo_group_name,_('delete'),class_="action_button",
         onclick="return confirm('"+ungettext('Confirm to delete this group: %s with %s repository','Confirm to delete this group: %s with %s repositories',gr_count) % (repo_group_name, gr_count)+"');")}
     ${h.end_form()}
  </div>
 </%def>
 <%def name="user_name(user_id, username)">
     ${h.link_to(username,h.url('edit_user', id=user_id))}
 </%def>
 <%def name="repo_group_name(repo_group_name, children_groups)">
   <div style="white-space: nowrap">
   <a href="${h.url('repos_group_home',group_name=repo_group_name)}">
     <i class="icon-folder" title="${_('Repository group')}"></i> ${h.literal(' &raquo; '.join(children_groups))}</a>
   </div>
 </%def>
 <%def name="user_group_name(user_group_id, user_group_name)">
   <div style="white-space: nowrap">
   <a href="${h.url('edit_users_group', id=user_group_id)}">
     <i class="icon-users" title="${_('User group')}"></i> ${user_group_name}</a>
   </div>
 </%def>
 <%def name="toggle_follow(repo_id)">
   <span id="follow_toggle_${repo_id}" class="following" title="${_('Stop following this repository')}"
-        onclick="javascript:toggleFollowingRepo(this, ${repo_id},'${str(h.get_token())}')">
         onclick="javascript:toggleFollowingRepo(this, ${repo_id})">
   </span>
 </%def>

kallithea/templates/summary/summary.html

➞

Show inline comments

@@ @@ -112,97 +112,97 @@ summary = lambda n:{False:'summary-short @@
                   <label>${_('Download')}:</label>
               </div>
               <div class="input ${summary(c.show_stats)}">
                 %if len(c.db_repo_scm_instance.revisions) == 0:
                   ${_('There are no downloads yet')}
                 %elif not c.enable_downloads:
                   ${_('Downloads are disabled for this repository')}
                     %if h.HasPermissionAll('hg.admin')('enable downloads on from summary'):
                         ${h.link_to(_('Enable'),h.url('edit_repo',repo_name=c.repo_name, anchor='repo_enable_downloads'),class_="btn btn-mini")}
                     %endif
                 %else:
                     <span id="${'zip_link'}">
                         <a class="btn btn-small" href="${h.url('files_archive_home',repo_name=c.db_repo.repo_name,fname='tip.zip')}"><i class="icon-file-zip"></i> ${_('Download as zip')}</a>
                     </span>
                     ${h.hidden('download_options')}
                     <span style="vertical-align: bottom">
                       <input id="archive_subrepos" type="checkbox" name="subrepos" />
                       <label for="archive_subrepos" class="tooltip" title="${h.tooltip(_('Check this to download archive with subrepos'))}" >${_('with subrepos')}</label>
                     </span>
                 %endif
               </div>
             </div>
         </div>
         <div id="summary-menu-stats">
           <ul>
             <li>
                <a title="${_('Owner')} ${c.db_repo.user.email}">
                 <i class="icon-user"></i> ${c.db_repo.user.username}
                   <div class="gravatar" style="float: right; margin: 0px 0px 0px 0px" title="${c.db_repo.user.name} ${c.db_repo.user.lastname}">
                     ${h.gravatar(c.db_repo.user.email, size=18)}
                   </div>
               </a>
             </li>
             <li>
                <a title="${_('Followers')}" href="${h.url('repo_followers_home',repo_name=c.repo_name)}">
                 <i class="icon-heart"></i> ${_('Followers')}
                 <span class="stats-bullet" id="current_followers_count">${c.repository_followers}</span>
               </a>
             </li>
             <li>
               <a title="${_('Forks')}" href="${h.url('repo_forks_home',repo_name=c.repo_name)}">
                 <i class="icon-fork"></i> ${_('Forks')}
                 <span class="stats-bullet">${c.repository_forks}</span>
               </a>
             </li>
             %if c.authuser.username != 'default':
             <li class="repo_size">
-              <a href="#" onclick="javascript:showRepoSize('repo_size_2','${c.db_repo.repo_name}','${str(h.get_token())}')"><i class="icon-ruler"></i> ${_('Repository Size')}</a>
               <a href="#" onclick="javascript:showRepoSize('repo_size_2','${c.db_repo.repo_name}')"><i class="icon-ruler"></i> ${_('Repository Size')}</a>
               <span  class="stats-bullet" id="repo_size_2"></span>
             </li>
             %endif
             <li>
             %if c.authuser.username != 'default':
               <a href="${h.url('atom_feed_home',repo_name=c.db_repo.repo_name,api_key=c.authuser.api_key)}"><i class="icon-rss-squared"></i> ${_('Feed')}</a>
             %else:
               <a href="${h.url('atom_feed_home',repo_name=c.db_repo.repo_name)}"><i class="icon-rss-squared"></i> ${_('Feed')}</a>
             %endif
             </li>
             %if c.show_stats:
             <li>
               <a title="${_('Statistics')}" href="${h.url('repo_stats_home',repo_name=c.repo_name)}">
                 <i class="icon-graph"></i> ${_('Statistics')}
               </a>
             </li>
             %endif
           </ul>
         </div>
     </div>
 </div>
 <div class="box">
     <div class="title">
         <div class="breadcrumbs">
         %if c.repo_changesets:
             ${h.link_to(_('Latest Changes'),h.url('changelog_home',repo_name=c.repo_name))}
         %else:
             ${_('Quick Start')}
          %endif
         </div>
     </div>
     <div class="table">
         <div id="shortlog_data">
             <%include file='../changelog/changelog_summary_data.html'/>
         </div>
     </div>
 </div>
 %if c.readme_data:
 <div id="readme" class="anchor">
 <div class="box" style="background-color: #FAFAFA">
     <div class="title" title="${_('Readme file from revision %s:%s') % (c.db_repo.landing_rev[0], c.db_repo.landing_rev[1])}">
         <div class="breadcrumbs">
             <a href="${h.url('files_home',repo_name=c.repo_name,revision='tip',f_path=c.readme_file)}">${c.readme_file}</a>

kallithea/tests/functional/test_journal.py

➞

Show inline comments

 from kallithea.tests import *
 import datetime
 class TestJournalController(TestController):
     def test_index(self):
         self.log_user()
         response = self.app.get(url(controller='journal', action='index'))
         response.mustcontain("""<div class="journal_day">%s</div>""" % datetime.date.today())
     def test_stop_following_repository(self):
         session = self.log_user()
 #        usr = Session().query(User).filter(User.username == 'test_admin').one()
 #        repo = Session().query(Repository).filter(Repository.repo_name == HG_REPO).one()
+#
 #        followings = Session().query(UserFollowing)\
 #            .filter(UserFollowing.user == usr)\
 #            .filter(UserFollowing.follows_repository == repo).all()
+#
 #        assert len(followings) == 1, 'Not following any repository'
+#
 #        response = self.app.post(url(controller='journal',
 #                                     action='toggle_following'),
 #                                     {'auth_token':get_token(session),
 #                                      'follows_repo_id':repo.repo_id})
 #                                     {'follows_repo_id':repo.repo_id})
     def test_start_following_repository(self):
         self.log_user()
         response = self.app.get(url(controller='journal', action='index'),)
     def test_public_journal_atom(self):
         self.log_user()
         response = self.app.get(url(controller='journal', action='public_journal_atom'),)
     def test_public_journal_rss(self):
         self.log_user()
         response = self.app.get(url(controller='journal', action='public_journal_rss'),)

0 comments (0 inline, 0 general)