By using this site, you agree to have cookies stored on your device, strictly for functional purposes, such as storing your session and preferences.

Dismiss

Access control for state change

roundabout,
created on Tuesday, 23 April 2024, 17:00:09 (1713891609), received on Wednesday, 31 July 2024, 06:54:46 (1722408886)
Author identity: vlad <vlad.muntoiu@gmail.com>

9e5dba164a0c9fbf78fbe4d7e454a35eb618c2bf

app.py

@@ -1,4 +1,4 @@

                                
                                
                                
                            
                                
                                    
                                        
                                        __version__ = "0.1.2"
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                        __version__ = "0.2.0"
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            import os
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            import shutil
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        

@@ -49,7 +49,6 @@ db = SQLAlchemy(app)

                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            bcrypt = Bcrypt(app)
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            migrate = Migrate(app, db)
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                        from models import *
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            from misc_utils import *
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            import git_http
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        

@@ -59,6 +58,8 @@ from celery import Celery, Task

                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            import celery_integration
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            import pathlib
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                        from models import *
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                        
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            babel = Babel(app)
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        

@@ -853,6 +854,9 @@ def repository_forum_thread(username, repository, post_id):

                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                        remote=f"http{'s' if config.suggest_https else ''}://{config.BASE_DOMAIN}/git/{username}/{repository}",
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                        is_favourite=get_favourite(flask.session.get("username"), username, repository),
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                        parent=Post.query.filter_by(repo=repo_data, number=post_id).first(),
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                    has_permission=not ((not get_permission_level(flask.session.get("username"), username,
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                                                             repository)) and db.session.get(Post,
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                                                                                             f"/{username}/{repository}/{post_id}").owner.username != flask.session.get("username")),
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                )
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        

@@ -863,9 +867,7 @@ def repository_forum_change_state(username, repository, post_id):

                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                if not os.path.exists(server_repo_location):
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                    app.logger.error(f"Cannot load {server_repo_location}")
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                    flask.abort(404)
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            if not (get_visibility(username, repository) or get_permission_level(
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                    flask.session.get("username"), username,
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                    repository) is not None):
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            if (not get_permission_level(flask.session.get("username"), username, repository)) and db.session.get(Post, f"/{username}/{repository}/{post_id}").owner.username != flask.session.get("username"):
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                    flask.abort(403)
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                app.logger.info(f"Loading {server_repo_location}")
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                            
                                

git_http.py

@@ -1,7 +1,8 @@

                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            import uuid
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            from models import *
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                        from app import app, git_command, get_permission_level, get_visibility, db, bcrypt
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                        from app import app, db, bcrypt
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                        from misc_utils import *
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            import os
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            import shutil
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            import config
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                            
                                

models.py

@@ -141,7 +141,6 @@ with (app.app_context()):

                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                        celery_tasks.send_notification.apply_async(args=[user_notification.id])
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                        
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                class Repo(db.Model):
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                    route = db.Column(db.String(98), unique=True, nullable=False, primary_key=True)
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                    owner_name = db.Column(db.String(32), db.ForeignKey("user.username"), nullable=False)
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                            
                                

templates/repository/repo-forum-thread.html

@@ -16,17 +16,19 @@

                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                        <div class="flexible-space"></div>
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                            
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                    <form action="{{ parent.number }}/change-state" method="post">
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                        {% if parent.state == 0 %}
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                            <button type="submit" name="new-state" value="1" style="background: var(--color-done); color: var(--color-done-text);">
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                                {% trans %}done{% endtrans %}
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                            </button>
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                        {% elif parent.state == 1 %}
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                            <button type="submit" name="new-state" value="0" style="background: var(--color-pending); color: var(--color-pending-text);">
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                                {% trans %}active{% endtrans %}
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                            </button>
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                        {% endif %}
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                    </form>
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                    {% if has_permission %}
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                        <form action="{{ parent.number }}/change-state" method="post">
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                            {% if parent.state == 0 %}
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                                <button type="submit" name="new-state" value="1" style="background: var(--color-done); color: var(--color-done-text);">
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                                    {% trans %}done{% endtrans %}
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                                </button>
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                            {% elif parent.state == 1 %}
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                                <button type="submit" name="new-state" value="0" style="background: var(--color-pending); color: var(--color-pending-text);">
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                                    {% trans %}active{% endtrans %}
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                                </button>
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                            {% endif %}
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                        </form>
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                                    {% endif %}
                                        
                                        
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                    {% else %}
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                        <a href="." class="button icon-button">
                                        
                                        
                                            
                                            
                                            
                                            
                                        
                                    
                                
                                
                                
                            
                                
                                    
                                        
                                            
                                                            <iconify-icon icon="mdi:arrow-left"></iconify-icon>