From ea2e29266688eea89a9791e188e7fc894b4acfa5 Mon Sep 17 00:00:00 2001 From: Clement Verna Date: Jan 11 2018 09:06:04 +0000 Subject: Add decorator to check admin permission. This commit adds a new decorator that check if a user has admin permission to the project. Introduce the decorator in the ui/issues.py module. Signed-off-by: Clement Verna --- diff --git a/pagure/lib/decorators.py b/pagure/lib/decorators.py index e992d33..5878c27 100644 --- a/pagure/lib/decorators.py +++ b/pagure/lib/decorators.py @@ -25,3 +25,18 @@ def has_issue_tracker(function): return function(*args, **kwargs) return check_issue_tracker + + +def is_repo_admin(function): + """ + Decorator that checks if the current user is the admin of + the project. + If not active returns a 403 page + """ + @wraps(function) + def check_repo_admin(*args, **kwargs): + if not flask.g.repo_admin: + flask.abort(403, 'You are not allowed to change the \ + settings for this project') + return function(*args, **kwargs) + return check_repo_admin diff --git a/pagure/ui/issues.py b/pagure/ui/issues.py index 9390436..6fc6e32 100644 --- a/pagure/ui/issues.py +++ b/pagure/ui/issues.py @@ -31,7 +31,7 @@ import pagure.doc_utils import pagure.exceptions import pagure.lib import pagure.lib.mimetype -from pagure.lib.decorators import has_issue_tracker +from pagure.lib.decorators import has_issue_tracker, is_repo_admin import pagure.forms from pagure.config import config as pagure_config from pagure.ui import UI_NS @@ -379,17 +379,13 @@ def update_issue(repo, issueid, username=None, namespace=None): '/fork////tag//edit', methods=('GET', 'POST')) @login_required +@is_repo_admin @has_issue_tracker def edit_tag(repo, tag, username=None, namespace=None): """ Edit the specified tag associated with the issues of a project. """ repo = flask.g.repo - if not flask.g.repo_admin: - flask.abort( - 403, - 'You are not allowed to edit tags associated with the issues of \ - this project') tags = pagure.lib.get_tags_of_project(flask.g.session, repo) if not tags: @@ -449,6 +445,7 @@ def edit_tag(repo, tag, username=None, namespace=None): @UI_NS.route('//update/tags', methods=['POST']) @UI_NS.route('///update/tags', methods=['POST']) @login_required +@is_repo_admin @has_issue_tracker def update_tags(repo, username=None, namespace=None): """ Update the tags of a project. @@ -456,11 +453,6 @@ def update_tags(repo, username=None, namespace=None): repo = flask.g.repo - if not flask.g.repo_admin: - flask.abort( - 403, - 'You are not allowed to change the settings for this project') - form = pagure.forms.ConfirmationForm() error = False @@ -540,18 +532,13 @@ def update_tags(repo, username=None, namespace=None): @UI_NS.route('/fork///droptag/', methods=['POST']) @UI_NS.route('/fork////droptag/', methods=['POST']) @login_required +@is_repo_admin @has_issue_tracker def remove_tag(repo, username=None, namespace=None): """ Remove the specified tag, associated with the issues, from the project. """ repo = flask.g.repo - if not flask.g.repo_admin: - flask.abort( - 403, - 'You are not allowed to remove tags associated with the issues \ - of this project') - form = pagure.forms.DeleteIssueTagForm() if form.validate_on_submit(): tags = form.tag.data @@ -1499,13 +1486,10 @@ def edit_comment_issue( @UI_NS.route( '/fork////issues/reports', methods=['POST']) @login_required +@is_repo_admin def save_reports(repo, username=None, namespace=None): """ Marked for watching or Unwatching """ - if not flask.g.repo_admin: - flask.abort( - 403, - 'You are not allowed to create reports for this project') return_point = flask.url_for( 'ui_ns.view_issues', repo=repo, username=username, namespace=namespace)