You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by tv...@apache.org on 2013/12/05 23:17:16 UTC

[9/9] git commit: [#6941] Check commit activity access against original tool if possible.

[#6941] Check commit activity access against original tool if possible.

Signed-off-by: Tim Van Steenburgh <tv...@gmail.com>


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/0aedbc9f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/0aedbc9f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/0aedbc9f

Branch: refs/heads/tv/6941
Commit: 0aedbc9f4c084b954f6ff6fcf458321d02cda75d
Parents: 83bb21c
Author: Tim Van Steenburgh <tv...@gmail.com>
Authored: Thu Dec 5 22:16:30 2013 +0000
Committer: Tim Van Steenburgh <tv...@gmail.com>
Committed: Thu Dec 5 22:16:30 2013 +0000

----------------------------------------------------------------------
 Allura/allura/model/discuss.py  |  2 +-
 Allura/allura/model/repo.py     | 19 ++++++++++++++++++-
 Allura/allura/model/timeline.py |  4 ++--
 3 files changed, 21 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/0aedbc9f/Allura/allura/model/discuss.py
----------------------------------------------------------------------
diff --git a/Allura/allura/model/discuss.py b/Allura/allura/model/discuss.py
index df55ac9..7b4f306 100644
--- a/Allura/allura/model/discuss.py
+++ b/Allura/allura/model/discuss.py
@@ -476,7 +476,7 @@ class Post(Message, VersionedArtifact, ActivityObject):
     def activity_name(self):
         return 'a comment'
 
-    def has_activity_access(self, perm, user):
+    def has_activity_access(self, perm, user, activity):
         """Return True if user has perm access to this object, otherwise
         return False.
 

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/0aedbc9f/Allura/allura/model/repo.py
----------------------------------------------------------------------
diff --git a/Allura/allura/model/repo.py b/Allura/allura/model/repo.py
index 1ff6641..4a5d1ef 100644
--- a/Allura/allura/model/repo.py
+++ b/Allura/allura/model/repo.py
@@ -37,8 +37,10 @@ from ming.orm import mapper, session
 
 from allura.lib import utils
 from allura.lib import helpers as h
+from allura.lib.security import has_access
 
 from .auth import User
+from .project import AppConfig, Project
 from .session import main_doc_session, project_doc_session
 from .session import repository_orm_session
 from .timeline import ActivityObject
@@ -174,10 +176,25 @@ class Commit(RepoObject, ActivityObject):
     def activity_name(self):
         return self.shorthand_id()
 
-    def has_activity_access(self, perm, user):
+    @property
+    def activity_extras(self):
+        d = ActivityObject.activity_extras.fget(self)
+        d.update(summary=self.summary)
+        if self.repo:
+            d.update(app_config_id=self.repo.app.config._id)
+        return d
+
+    def has_activity_access(self, perm, user, activity):
         """Commits have no ACLs and are therefore always viewable by any user.
 
         """
+        app_config_id = activity.obj.activity_extras.get('app_config_id')
+        if app_config_id:
+            app_config = AppConfig.query.get(_id=app_config_id)
+            if app_config:
+                project = Project.query.get(_id=app_config.project_id)
+                app = app_config.load()(project, app_config)
+                return has_access(app, perm, user, project)
         return True
 
     def set_context(self, repo):

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/0aedbc9f/Allura/allura/model/timeline.py
----------------------------------------------------------------------
diff --git a/Allura/allura/model/timeline.py b/Allura/allura/model/timeline.py
index a80e5ba..b45118e 100644
--- a/Allura/allura/model/timeline.py
+++ b/Allura/allura/model/timeline.py
@@ -51,7 +51,7 @@ class ActivityObject(base.ActivityObjectBase):
         """
         return "%s:%s" % (self.__class__.__name__, self._id)
 
-    def has_activity_access(self, perm, user):
+    def has_activity_access(self, perm, user, activity):
         """Return True if user has perm access to this object, otherwise
         return False.
         """
@@ -74,5 +74,5 @@ def perm_check(user):
         except bson.errors.InvalidId:
             pass
         obj = cls.query.get(_id=_id)
-        return obj and obj.has_activity_access('read', user)
+        return obj and obj.has_activity_access('read', user, activity)
     return _perm_check