Fix bug in view repo as anonymous user, and clean code

2025-08-31 22:54:11 +00:00 · 2012-05-05 19:52:36 +08:00
parent 5143d5d370
commit 0da0fa73a5
1 changed files with 16 additions and 14 deletions
--- a/views.py
+++ b/views.py
@@ -9,6 +9,7 @@ from django.views.decorators.csrf import csrf_protect
 from auth.forms import AuthenticationForm, PasswordResetForm, SetPasswordForm, PasswordChangeForm
 from auth.tokens import default_token_generator

+from pysearpc import SearpcError
 from seaserv import cclient, ccnet_rpc, get_groups, get_users, get_repos, \
    get_repo, get_commits, get_branches, \
    seafserv_threaded_rpc, seafserv_rpc, get_binding_peerids, get_ccnetuser
@@ -161,33 +162,36 @@ def validate_emailuser(email):
    
    return False

-@login_required
 def repo(request, repo_id):
-    # if user is not staff and not owner and not fetch this repo
+    # get repo web access property, if no repo access property in db, then
+    # assume repo ap is 'own'
+    repo_ap = seafserv_threaded_rpc.repo_query_access_property(repo_id)
+    if repo_ap == None:
+        repo_ap = 'own'
+        
+    # if repo is 'own' and user is not staff and is not owner
    # and not shared this repo, then goto 404 page..
-    if not validate_owner(request, repo_id) and not check_shared_repo(request, repo_id) \
-            and not request.user.is_staff:
+    if cmp(repo_ap, 'own') == 0 and not validate_owner(request, repo_id) \
+            and not check_shared_repo(request, repo_id) and not request.user.is_staff:
        raise Http404

    repo = get_repo(repo_id)
-
+    if repo == None:
+        raise Http404
+    
    recent_commits = get_commits(repo_id, 0, 3)

-    token = ""
    is_owner = False
-    repo_ap = ""
-    
    if request.user.is_authenticated():
        if validate_owner(request, repo_id):
            is_owner = True
-            token = seafserv_threaded_rpc.get_repo_token(repo_id)
-        repo_ap = seafserv_threaded_rpc.repo_query_access_property(repo_id)
-        repo_size = seafserv_threaded_rpc.server_repo_size(repo_id)
+
+    repo_size = seafserv_threaded_rpc.server_repo_size(repo_id)

    dirs = []
    if not repo.props.encrypted:
        if not request.GET.get('root_id'):
-            # ..use HEAD commit's root id
+            # use HEAD commit's root id
            commit = seafserv_rpc.get_commit(repo.props.head_cmmt_id)
            root_id = commit.props.root_id
        else:
@@ -209,7 +213,6 @@ def repo(request, repo_id):
            "is_owner": is_owner,
            "repo_ap": repo_ap,
            "repo_size": repo_size,
-            "token": token,
            "dirs": dirs,
            }, context_instance=RequestContext(request))

@@ -371,7 +374,6 @@ def repo_list_dir(request, repo_id):
            },
            context_instance=RequestContext(request))

-@login_required
 def repo_operation_file(request, op, repo_id, obj_id):
    if repo_id:
        # any person visit private repo, go to 404 page