Add support for access control on repositories.

 






 

 


  Review Request #1890
  —
  Created Nov. 2, 2010 and submitted

 


















 

  

   Information

  





 
 

  chipx86
 









 
 

  Review Board
 









 
 

  master
 









 
 

  
 









 
 

  
 






 




 

  

   Reviewers

  





 
 

  reviewboard
 









 
 

  
 






 








 





  


 
 

  
Add support for access control on repositories.

This provides the ability to lock down a repository and make it private so that
only those users who are explicitly granted access (directly or through
an invite-only review group) can view review requests on the repository.

This ties into the existing is_accessible_by checks to guarantee the new logic
will work in the API and the UI.

Access is determined per-repository, rather than by a path within a repository.
Any user with access to a repository likely has access to the entire thing.
This may not always be true, in that some advanced repository setups may have
ACLs that work on a per-path basis. However, for now we are not supporting
this. It can be added later if there is need for it, possibly through an
extension that augments the access determination to check the ACLs on the
repository.

 








  


 
 

  
Passes the unit tests and works in the UI.

 







 









 





  








 









 






  

 








 














 



 

  

   




chipx86




   

   

  

 



 

  


   

   

    
 Review request changed

    
   


  

  

  









  

   

    Change Summary:
   

   

    
Fixes for the admin UI, and specifically only allow for invite-only groups in the Repository review group list (as public ones would defeat the purpose).

   

  








  

   

    Diff:
   

   

    
 Revision 2 (+199 -3)
Show changes
 
    reviewboard/reviews/models.py 
    reviewboard/reviews/tests.py 
    reviewboard/scmtools/admin.py 
    reviewboard/scmtools/forms.py 
    reviewboard/scmtools/models.py 
    reviewboard/scmtools/evolutions/__init__.py 
    reviewboard/scmtools/evolutions/repository_access_control.py 
 

   

  












  

 
















 





 

  

   




david




   

   







  

 



 

  


   

   

    
 
david


    
   


  

  

  



    




  1. 
 
    
  
    
   
    
  
    
 
    

 
    
  


    
 
    
 
      

  

 
    


    

 
    

    2. 

















  2. 
 
    
  
  
    
  
 
    
  
    
   
    
    
     
    
      
       reviewboard/reviews/models.py
       


        (Diff revision 2)


       
      
     
    
        
    
     
     
    

     
     
    

     
     
    

     
     
    

     
     
    

     
     
    

     
     
    

     
     
    

     
     
    

     
     
    

        
   
    
  
    
 
    

   
    
    
    





    
    Hmm. While this function is good, I'm really starting to think we should we should also have a special QuerySet type returned by our manager that has an accessible_by() filter.
    
  
    
 
    

 
    
  


    
 
    
 
      

  


    1. 
 
 
      
 
      
  
 
      
 
      
  
      Yep, that's my next task with all this.
      
 
      

      2. 


 
    


    

 
    

    3. 






  3. 
 
    
  
  
    
  
 
    
  
    
   
    
    
     
    
      
       reviewboard/reviews/tests.py
       


        (Diff revision 2)


       
      
     
    
        
    
     
     
    

     
     
    

        
   
    
  
    
 
    

   
    
    
    





    
    This line is too long. A couple more below, too.
    
  
    
 
    

 
    
  


    
 
    
 
      

  


    1. 
 
 
      
 
      
  
 
      
 
      
  
      Yep. Can't do anything about that. If you try to break it up, the unit tests will stlil only get the first line. Better to have the details in the output and break the 80 column rule in these cases, I think.
      
 
      

      2. 


 
    


    

 
    

    4. 




  4. 
 
    
  
    
   
    
  
    
 
    

 
    
  


    
 
    
 
      

  

 
    


    

 
    

    5.