M git-srht-keys => git-srht-keys +3 -5
@@ 103,6 103,7 @@ def shell():
from srht.database import DbSession
db = DbSession(cfg("sr.ht", "connection-string"))
from gitsrht.types import User, Repository, RepoVisibility
+ from gitsrht.access import has_access, UserAccess
db.init()
user = User.query.filter(User.id == user_id).first()
@@ 129,14 130,11 @@ def shell():
if not repo:
sys.exit(128)
- # TODO: ACLs
if cmd[0] == "git-receive-pack":
- # needs write access
- if user.id != repo.owner_id:
+ if not has_access(repo, UserAccess.write, user):
sys.exit(128)
else:
- # needs read access
- if repo.visibility == RepoVisibility.private and user.id != repo.owner_id:
+ if not has_access(repo, UserAccess.read, user):
sys.exit(128)
log("Executing {}", _cmd)
M gitsrht/access.py => gitsrht/access.py +7 -3
@@ 21,7 21,9 @@ def get_repo(owner_name, repo_name):
# TODO: organizations
return None, None
-def get_access(repo):
+def get_access(repo, user=None):
+ if not user:
+ user = current_user
# TODO: ACLs
if not repo:
return UserAccess.none
@@ 35,8 37,10 @@ def get_access(repo):
return UserAccess.none
return UserAccess.read
-def has_access(repo, access):
- return access in get_access(repo)
+def has_access(repo, access, user=None):
+ if not user:
+ user = current_user
+ return access in get_access(repo, user)
def check_access(owner_name, repo_name, access):
owner, repo = get_repo(owner_name, repo_name)