patch applied (hackage-server): "Tidy up the user authorisation code" and 2 others

devnull at devnull at
Fri Feb 1 22:22:13 CET 2013

Fri Feb  1 21:09:55 GMT 2013  Duncan Coutts <duncan at>
  * Tidy up the user authorisation code
  Ignore-this: 81f003c21c2edf3ad563faf5a86ec004
  Instead of authorisation functions that take user groups by value,
  take them by reference which reduces the code at call sites considerably.
  Also extend the options for priviledge checking: allow multiple
  alternatives (e.g. either maintainer or trustee) and allow checks
  against particular user ids. This is clearer (and faster) than merging
  multiple groups and passing them by value.
  Finally, add convenience functions in the UserFeature so we don't have
  to call queryGetUserDb at every call site.
     users   <- queryGetUserDb
     pkgms   <- queryState maintainersState (GetPackageMaintainers pkgname)
     trustee <- queryState trusteesState GetTrusteesList
     _ <- guardAuthorised hackageRealm users (Group.union trustee pkgms)
    guardAuthorised_ [InGroup (maintainerGroup pkgname), InGroup trusteeGroup]

    M ./Distribution/Server.hs -2 +3
    M ./Distribution/Server/Features.hs +2
    M ./Distribution/Server/Features/BuildReports.hs -15 +13
    M ./Distribution/Server/Features/Documentation.hs -1 +1
    M ./Distribution/Server/Features/Html.hs -7 +6
    M ./Distribution/Server/Features/Mirror.hs -10 +4
    M ./Distribution/Server/Features/PackageCandidates.hs -4 +4
    M ./Distribution/Server/Features/PreferredVersions.hs -3 +3
    M ./Distribution/Server/Features/Tags.hs -6 +7
    M ./Distribution/Server/Features/Upload.hs -31 +22
    M ./Distribution/Server/Features/Users.hs -59 +48
    M ./Distribution/Server/Framework.hs -1 +1
    M ./Distribution/Server/Framework/Auth.hs -10 +27

Fri Feb  1 21:15:08 GMT 2013  Duncan Coutts <duncan at>
  * Add some framework support for Aeson and Text types
  Ignore-this: ce22d992495c260e09c4c241c58d37e1
  We should use Text more generally, rather than String.
  And similarly, we should switch from the json package to aeson.
  It's faster and has better generic support. 

    M ./Distribution/Server/Framework/MemSize.hs +5
    M ./Distribution/Server/Framework/RequestContentTypes.hs -6 +15
    M ./Distribution/Server/Framework/ResponseContentTypes.hs +5
    M ./hackage-server.cabal -4 +7

Fri Feb  1 21:18:51 GMT 2013  Duncan Coutts <duncan at>
  * Add a feature to store and manage extra info about user accounts
  Ignore-this: d97feb7ba0ba4a03a7370da3f396e38d
  In particular the real name for human users, and contact email addresses.
  To help admins, distinguish real human user accounts from ones for bots etc
  and store private notes for the admins.
  Extend the import client to set this info from the old hackage info.

    A ./Distribution/Client/UserAddressesDb.hs
    M ./Distribution/Server/Features.hs +7
    M ./Distribution/Server/Features/Html.hs -8 +14
    A ./Distribution/Server/Features/UserDetails.hs
    M ./ImportClient.hs -14 +58

More information about the cabal-devel mailing list