From 489c900cfd99d5ccf1dbc90ffd6f02dfe1cb5345 Mon Sep 17 00:00:00 2001 From: yackob03 Date: Tue, 21 Jan 2014 19:23:26 -0500 Subject: [PATCH] Fix the problem where a user's admin priviledges can be revoked with defaults. --- data/model.py | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/data/model.py b/data/model.py index a45513011..a33f80e4c 100644 --- a/data/model.py +++ b/data/model.py @@ -341,9 +341,11 @@ def list_federated_logins(user): def create_confirm_email_code(user, new_email=None): if new_email: if not validate_email(new_email): - raise InvalidEmailAddressException('Invalid email address: %s' % new_email) + raise InvalidEmailAddressException('Invalid email address: %s' % + new_email) - code = EmailConfirmation.create(user=user, email_confirm=True, new_email=new_email) + code = EmailConfirmation.create(user=user, email_confirm=True, + new_email=new_email) return code @@ -461,7 +463,8 @@ def get_matching_users(username_prefix, robot_namespace=None, def verify_user(username_or_email, password): try: - fetched = User.get((User.username == username_or_email) | (User.email == username_or_email)) + fetched = User.get((User.username == username_or_email) | + (User.email == username_or_email)) except User.DoesNotExist: return None @@ -532,18 +535,24 @@ def get_user_teams_within_org(username, organization): User.username == username) -def get_visible_repository_count(username=None, include_public=True, sort=False, namespace=None): - return get_visible_repository_internal(username=username, include_public=include_public, - sort=sort, namespace=namespace, get_count=True) +def get_visible_repository_count(username=None, include_public=True, + sort=False, namespace=None): + return get_visible_repository_internal(username=username, + include_public=include_public, + sort=sort, namespace=namespace, + get_count=True) -def get_visible_repositories(username=None, include_public=True, page=None, limit=None, - sort=False, namespace=None): - return get_visible_repository_internal(username=username, include_public=include_public, page=page, - limit=limit, sort=sort, namespace=namespace, get_count=False) +def get_visible_repositories(username=None, include_public=True, page=None, + limit=None, sort=False, namespace=None): + return get_visible_repository_internal(username=username, + include_public=include_public, + page=page, limit=limit, sort=sort, + namespace=namespace, get_count=False) -def get_visible_repository_internal(username=None, include_public=True, limit=None, page=None, - sort=False, namespace=None, get_count=False): +def get_visible_repository_internal(username=None, include_public=True, + limit=None, page=None, sort=False, + namespace=None, get_count=False): if not username and not include_public: return [] @@ -842,6 +851,10 @@ def create_repository(namespace, name, creating_user, visibility='private'): PermissionPrototype.delegate_team >> None)) def create_user_permission(user, repo, role): + # The creating user always gets admin anyway + if user.username == creating_user.username: + return + RepositoryPermission.create(user=user, repository=repo, role=role) __apply_default_permissions(repo, user_protos, 'username',