kallithea Changeset - e27ff6a90076

Changeset - e27ff6a90076

Parent rev.

Child rev.

[Not reviewed]

stable

0 1 0

Mads Kiilerich (mads) - 3 years ago 2023-05-07 18:19:38
mads@kiilerich.com

auth: always consider the repo group owner an admin when computing it's permissions

When computing repo group permissions in repository_group_permissions(), always
give admin permissions to the group owner.

That is similar to how repository_permissions() gives admin permissions to the
repo owner.

The extra computation shouldn't cause any extra database hits or make the
computation more complex or expensive, so that should be fine for stable.

Note: This will leave behind some (automaticly added) explicit permissions. I
consider this a very minor glitch, not worth addressing.

1 file changed with 4 insertions and 1 deletions:

kallithea/lib/auth.py

0 comments (0 inline, 0 general)

kallithea/lib/auth.py

➞

Show inline comments

@@ @@ -241,49 +241,52 @@ class AuthUser(object): @@
             for perm in user_repo_perms:
                 bump_permission(repository_permissions,
                     perm.repository.repo_name,
                     perm.permission.permission_name)
         return repository_permissions
     @LazyProperty
     def repository_group_permissions(self):
         log.debug('Getting repository group permissions for %s', self)
         repository_group_permissions = {}
         default_repo_groups_perms = db.Permission.get_default_group_perms(kallithea.DEFAULT_USER_ID)
         if self.is_admin:
             for perm in default_repo_groups_perms:
                 rg_k = perm.group.group_name
                 p = 'group.admin'
                 repository_group_permissions[rg_k] = p
         else:
             # defaults for repository groups taken from default user permission
             # on given group
             for perm in default_repo_groups_perms:
                 rg_k = perm.group.group_name
                 p = perm.permission.permission_name
                 if perm.group.owner_id == self.user_id:
                     p = 'group.admin'
                 else:
                     p = perm.permission.permission_name
                 repository_group_permissions[rg_k] = p
             # user group for repo groups permissions
             user_repo_group_perms_from_users_groups = \
                 meta.Session().query(db.UserGroupRepoGroupToPerm) \
                 .join((db.UserGroup, db.UserGroupRepoGroupToPerm.users_group_id ==
                        db.UserGroup.users_group_id)) \
                 .filter(db.UserGroup.users_group_active == True) \
                 .join((db.UserGroupMember, db.UserGroupRepoGroupToPerm.users_group_id
                        == db.UserGroupMember.users_group_id)) \
                 .filter(db.UserGroupMember.user_id == self.user_id) \
                 .options(joinedload(db.UserGroupRepoGroupToPerm.permission)) \
                 .all()
             for perm in user_repo_group_perms_from_users_groups:
                 bump_permission(repository_group_permissions,
                     perm.group.group_name,
                     perm.permission.permission_name)
             # user explicit permissions for repository groups
             user_repo_groups_perms = db.Permission.get_default_group_perms(self.user_id)
             for perm in user_repo_groups_perms:
                 bump_permission(repository_group_permissions,
                     perm.group.group_name,
                     perm.permission.permission_name)

0 comments (0 inline, 0 general)