From: Jan-Simon Möller
---
src/api/app/controllers/application_controller.rb | 10 ++++++++++
src/api/app/controllers/public_controller.rb | 3 ++-
src/api/app/controllers/source_controller.rb | 5 +++--
src/api/app/controllers/status_controller.rb | 5 +++--
src/api/app/models/db_project.rb | 11 +++++++++++
src/api/app/models/user.rb | 6 ++++++
6 files changed, 35 insertions(+), 5 deletions(-)
diff --git a/src/api/app/controllers/application_controller.rb b/src/api/app/controllers/application_controller.rb
index 5045c35..b9257e6 100644
--- a/src/api/app/controllers/application_controller.rb
+++ b/src/api/app/controllers/application_controller.rb
@@ -31,6 +31,8 @@ class ApplicationController < ActionController::Base
before_filter :extract_user, :except => :register
before_filter :setup_backend, :add_api_version, :restrict_admin_pages
before_filter :shutup_rails
+ # we might have to move this down to the sub-controllers
+ before_filter :set_current_user
#contains current authentification method, one of (:ichain, :basic)
attr_accessor :auth_method
@@ -59,6 +61,10 @@ class ApplicationController < ActionController::Base
end
hide_action :start_test_backend
+ def set_current_user
+ User.current = @http_user
+ end
+
protected
def restrict_admin_pages
if params[:controller] =~ /^active_rbac/ or params[:controller] =~ /^admin/
@@ -373,6 +379,10 @@ class ApplicationController < ActionController::Base
render_error :message => "error saving package: #{exception.message}", :errorcode => "package_save_error", :status => 400
when DbProject::SaveError
render_error :message => "error saving project: #{exception.message}", :errorcode => "project_save_error", :status => 400
+ when DbProject::PrjAccessError
+ logger.error "PrjAccessError: #{exception.message}"
+ # do something with it.
+ return
when ActionController::RoutingError, ActiveRecord::RecordNotFound
render_error :message => exception.message, :status => 404, :errorcode => "not_found"
when ActionController::UnknownAction
diff --git a/src/api/app/controllers/public_controller.rb b/src/api/app/controllers/public_controller.rb
index 5c36210..be4c80d 100644
--- a/src/api/app/controllers/public_controller.rb
+++ b/src/api/app/controllers/public_controller.rb
@@ -1,6 +1,7 @@
class PublicController < ApplicationController
include PublicHelper
- skip_before_filter :extract_user
+ # we need to fall back to anonymous automagically instead of skipping
+ #skip_before_filter :extract_user
def index
redirect_to :controller => 'main'
diff --git a/src/api/app/controllers/source_controller.rb b/src/api/app/controllers/source_controller.rb
index 026fa09..cc7453c 100644
--- a/src/api/app/controllers/source_controller.rb
+++ b/src/api/app/controllers/source_controller.rb
@@ -3,8 +3,9 @@ require "rexml/document"
class SourceController < ApplicationController
validate_action :index => :directory, :packagelist => :directory, :filelist => :directory
validate_action :project_meta => :project, :package_meta => :package, :pattern_meta => :pattern
-
- skip_before_filter :extract_user, :only => [:file, :project_meta]
+
+ # is this still needed ?? would prohibit user extraction for usage in DbProject
+ #skip_before_filter :extract_user, :only => [:file, :project_meta]
def index
# ACL(index): projects with flag 'access' are not listed
diff --git a/src/api/app/controllers/status_controller.rb b/src/api/app/controllers/status_controller.rb
index a4cb31c..2aa38e2 100644
--- a/src/api/app/controllers/status_controller.rb
+++ b/src/api/app/controllers/status_controller.rb
@@ -1,8 +1,9 @@
require 'project_status_helper'
class StatusController < ApplicationController
-
- skip_before_filter :extract_user, :only => [ :history, :project ]
+
+ # do we really need this ?? we should fall-back to anonymous user and don't have to skip.
+ #skip_before_filter :extract_user, :only => [ :history, :project ]
def messages
# ACL(messages) this displays the status messages the Admin can enter for users.
diff --git a/src/api/app/models/db_project.rb b/src/api/app/models/db_project.rb
index 74af947..73cbd6c 100644
--- a/src/api/app/models/db_project.rb
+++ b/src/api/app/models/db_project.rb
@@ -4,6 +4,7 @@ class DbProject < ActiveRecord::Base
include FlagHelper
class CycleError < Exception; end
+ class PrjAccessError < Exception; end
has_many :project_user_role_relationships, :dependent => :destroy
has_many :project_group_role_relationships, :dependent => :destroy
@@ -27,6 +28,16 @@ class DbProject < ActiveRecord::Base
def download_name
self.name.gsub(/:/, ':/')
end
+
+ def before_validation
+ @http_user = User.current || User.find_by_login( "_nobody_" )
+ if name
+ project=DbProject.find_by_name name
+ if project and project.disabled_for?('access', nil, nil) and not @http_user.can_access?(project)
+ raise PrjAccessError.new "unknown project '#{project.name}'"
+ end
+ end
+ end
class << self
diff --git a/src/api/app/models/user.rb b/src/api/app/models/user.rb
index 8ac4bcd..a02b793 100644
--- a/src/api/app/models/user.rb
+++ b/src/api/app/models/user.rb
@@ -15,6 +15,12 @@ class User < ActiveRecord::Base
has_many :status_messages
has_many :messages
+ def self.current
+ Thread.current[:user]
+ end
+ def self.current=(user)
+ Thread.current[:user] = user
+ end
def encrypt_password
if errors.count == 0 and @new_password and not password.nil?
--
1.7.3.1
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-buildservice+help@opensuse.org