Mailinglist Archive: opensuse-buildservice (245 mails)

< Previous Next >
[opensuse-buildservice] [PATCH] [RFC] model changes to cut DbProject for "access" flag (hidden projects)
  • From: dl9pf@xxxxxx
  • Date: Thu, 28 Oct 2010 13:13:52 +0200
  • Message-id: <1288264432-20966-2-git-send-email-dl9pf@xxxxxx>
From: Jan-Simon Möller <jsmoeller@xxxxxxxxxxxxxxxxxxx>

---
src/api/app/controllers/application_controller.rb | 10 ++++++++++
src/api/app/controllers/public_controller.rb | 3 ++-
src/api/app/controllers/source_controller.rb | 5 +++--
src/api/app/controllers/status_controller.rb | 5 +++--
src/api/app/models/db_project.rb | 11 +++++++++++
src/api/app/models/user.rb | 6 ++++++
6 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/src/api/app/controllers/application_controller.rb
b/src/api/app/controllers/application_controller.rb
index 5045c35..b9257e6 100644
--- a/src/api/app/controllers/application_controller.rb
+++ b/src/api/app/controllers/application_controller.rb
@@ -31,6 +31,8 @@ class ApplicationController < ActionController::Base
before_filter :extract_user, :except => :register
before_filter :setup_backend, :add_api_version, :restrict_admin_pages
before_filter :shutup_rails
+ # we might have to move this down to the sub-controllers
+ before_filter :set_current_user

#contains current authentification method, one of (:ichain, :basic)
attr_accessor :auth_method
@@ -59,6 +61,10 @@ class ApplicationController < ActionController::Base
end
hide_action :start_test_backend

+ def set_current_user
+ User.current = @http_user
+ end
+
protected
def restrict_admin_pages
if params[:controller] =~ /^active_rbac/ or params[:controller] =~
/^admin/
@@ -373,6 +379,10 @@ class ApplicationController < ActionController::Base
render_error :message => "error saving package: #{exception.message}",
:errorcode => "package_save_error", :status => 400
when DbProject::SaveError
render_error :message => "error saving project: #{exception.message}",
:errorcode => "project_save_error", :status => 400
+ when DbProject::PrjAccessError
+ logger.error "PrjAccessError: #{exception.message}"
+ # do something with it.
+ return
when ActionController::RoutingError, ActiveRecord::RecordNotFound
render_error :message => exception.message, :status => 404, :errorcode
=> "not_found"
when ActionController::UnknownAction
diff --git a/src/api/app/controllers/public_controller.rb
b/src/api/app/controllers/public_controller.rb
index 5c36210..be4c80d 100644
--- a/src/api/app/controllers/public_controller.rb
+++ b/src/api/app/controllers/public_controller.rb
@@ -1,6 +1,7 @@
class PublicController < ApplicationController
include PublicHelper
- skip_before_filter :extract_user
+ # we need to fall back to anonymous automagically instead of skipping
+ #skip_before_filter :extract_user

def index
redirect_to :controller => 'main'
diff --git a/src/api/app/controllers/source_controller.rb
b/src/api/app/controllers/source_controller.rb
index 026fa09..cc7453c 100644
--- a/src/api/app/controllers/source_controller.rb
+++ b/src/api/app/controllers/source_controller.rb
@@ -3,8 +3,9 @@ require "rexml/document"
class SourceController < ApplicationController
validate_action :index => :directory, :packagelist => :directory, :filelist
=> :directory
validate_action :project_meta => :project, :package_meta => :package,
:pattern_meta => :pattern
-
- skip_before_filter :extract_user, :only => [:file, :project_meta]
+
+ # is this still needed ?? would prohibit user extraction for usage in
DbProject
+ #skip_before_filter :extract_user, :only => [:file, :project_meta]

def index
# ACL(index): projects with flag 'access' are not listed
diff --git a/src/api/app/controllers/status_controller.rb
b/src/api/app/controllers/status_controller.rb
index a4cb31c..2aa38e2 100644
--- a/src/api/app/controllers/status_controller.rb
+++ b/src/api/app/controllers/status_controller.rb
@@ -1,8 +1,9 @@
require 'project_status_helper'

class StatusController < ApplicationController
-
- skip_before_filter :extract_user, :only => [ :history, :project ]
+
+ # do we really need this ?? we should fall-back to anonymous user and don't
have to skip.
+ #skip_before_filter :extract_user, :only => [ :history, :project ]

def messages
# ACL(messages) this displays the status messages the Admin can enter for
users.
diff --git a/src/api/app/models/db_project.rb b/src/api/app/models/db_project.rb
index 74af947..73cbd6c 100644
--- a/src/api/app/models/db_project.rb
+++ b/src/api/app/models/db_project.rb
@@ -4,6 +4,7 @@ class DbProject < ActiveRecord::Base
include FlagHelper

class CycleError < Exception; end
+ class PrjAccessError < Exception; end

has_many :project_user_role_relationships, :dependent => :destroy
has_many :project_group_role_relationships, :dependent => :destroy
@@ -27,6 +28,16 @@ class DbProject < ActiveRecord::Base
def download_name
self.name.gsub(/:/, ':/')
end
+
+ def before_validation
+ @http_user = User.current || User.find_by_login( "_nobody_" )
+ if name
+ project=DbProject.find_by_name name
+ if project and project.disabled_for?('access', nil, nil) and not
@http_user.can_access?(project)
+ raise PrjAccessError.new "unknown project '#{project.name}'"
+ end
+ end
+ end

class << self

diff --git a/src/api/app/models/user.rb b/src/api/app/models/user.rb
index 8ac4bcd..a02b793 100644
--- a/src/api/app/models/user.rb
+++ b/src/api/app/models/user.rb
@@ -15,6 +15,12 @@ class User < ActiveRecord::Base
has_many :status_messages
has_many :messages

+ def self.current
+ Thread.current[:user]
+ end
+ def self.current=(user)
+ Thread.current[:user] = user
+ end

def encrypt_password
if errors.count == 0 and @new_password and not password.nil?
--
1.7.3.1

--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References