kallithea Changeset - b10adac1ab7c

Changeset - b10adac1ab7c

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Mads Kiilerich (mads) - 6 years ago 2020-03-06 16:58:47
mads@kiilerich.com

auth: make it explicit that _check_permission only use the less strict pull checking for actual pull actions

1 file changed with 6 insertions and 6 deletions:

kallithea/lib/base.py

0 comments (0 inline, 0 general)

kallithea/lib/base.py

➞

Show inline comments

@@ @@ -278,11 +278,8 @@ class BaseVCSController(object): @@
     def _check_permission(self, action, authuser, repo_name):
         """
         Checks permissions using action (push/pull) user and repository
         name
         :param action: 'push' or 'pull' action
         :param user: `User` instance
         :param action: 'push' or 'pull'
         :param user: `AuthUser` instance
         :param repo_name: repository name
         """
         if action == 'push':
@@ @@ -291,7 +288,7 @@ class BaseVCSController(object): @@
                                                                   repo_name):
                 return False
-        else:
+        elif action == 'pull':
             #any other action need at least read permission
             if not HasPermissionAnyMiddleware('repository.read',
                                               'repository.write',
@@ @@ -299,6 +296,9 @@ class BaseVCSController(object): @@
                                                                   repo_name):
                 return False
         else:
             assert False, action
         return True
     def _get_ip_addr(self, environ):

0 comments (0 inline, 0 general)