For unauthorized users, show only `open` git repos.
For unauthorized users, show only `open` git repos.
diff --git a/pygit/views.py b/pygit/views.py
index 6e88fa5..d3a88bc 100644
--- a/pygit/views.py
+++ b/pygit/views.py
@@ -3,17 +3,29 @@
import sys
from os.path import dirname,join
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, HttpResponseForbidden
from django.core.urlresolvers import reverse
from django.core.cache import cache
from django.views.decorators.cache import cache_page
+from models import GitRepo
import pygit
from chart import Chart
sys.path.append(dirname(dirname(__file__)))
from mgmt.utils import render_it
+def if_can_view(func):
+ def wrapper(request,rid,*args,**kwargs)
+ r = GitRepo.objects.git(pk=rid)
+ if r.open or request.user.is_authorized():
+ return func(request,rid,*args,**kwargs)
+ else:
+ return HttpResponseForbidden("<h1>You are not allowed to view this page!</h1>")
+ wrapper.__name__ = func.__name__
+ wrapper.__doc__ = func.__doc__
+ return wrapper
+
class Repo(object):
pass
@@ -24,8 +36,13 @@ def repo_rid(rid):
return r
def all_repos(request):
+ if request.user.is_authorized():
+ rs = GitRepo.objects.all()
+ else:
+ rs = GitRepo.objects.filter(open=True)
+ repos = [(r.id,r.name) for r in rs]
return render_it('repos.html',
- {'repos': pygit.repos()},
+ {'repos': repos},
request)
def cached_stats(rid,branch,cid):
@@ -37,6 +54,7 @@ def cached_stats(rid,branch,cid):
cache.set('git_stats_%s' % cid, r, 60*60)
return r
+@if_can_view
def one_repo(request,rid,branch='master'):
if not branch:
branch = 'master'