rhodecode-enterprise-ce Files · rhodecode/apps/repository/views/repo_permissions.py

repo-permissions: add set/un-set of private repository from permissions page....

repo-permissions: add set/un-set of private repository from permissions page. - this adds consistent 1way of controlling all permissiosn from permissions page - properly flushses caches on this change - adds better UX

dan - - Load All Authors

File last commit:

r4189:021154b4 stable


                r4189:021154b4

stable

Download file

             repo_permissions.py
        
                    135 lines
            
             | 5.3 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / rhodecode / apps / repository / views / repo_permissions.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        marcink
    
repo-permissions: moved permissions into pyramid....

              r1734
            
      # -*- coding: utf-8 -*-

        marcink
    
docs: updated copyrights to 2019

              r3363
            
      # Copyright (C) 2011-2019 RhodeCode GmbH

        marcink
    
repo-permissions: moved permissions into pyramid....

              r1734
            
      #

      # This program is free software: you can redistribute it and/or modify

      # it under the terms of the GNU Affero General Public License, version 3

      # (only), as published by the Free Software Foundation.

      #

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      #

      # You should have received a copy of the GNU Affero General Public License

      # along with this program.  If not, see <http://www.gnu.org/licenses/>.

      #

      # This program is dual-licensed. If you wish to learn more about the

      # RhodeCode Enterprise Edition, including its added features, Support services,

      # and proprietary license terms, please see https://rhodecode.com/licenses/

      import logging

      from pyramid.httpexceptions import HTTPFound

      from pyramid.view import view_config

      from rhodecode.apps._base import RepoAppView

      from rhodecode.lib import helpers as h

      from rhodecode.lib import audit_logger

      from rhodecode.lib.auth import (

        marcink
    
repositories: rewrote whole admin section to pyramid....

              r2014
            
          LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)

        dan
    
repo-permissions: add set/un-set of private repository from permissions page....

              r4189
            
      from rhodecode.lib.utils2 import str2bool

        dan
    
permissions: flush all user permissions in case of default user permission changes....

              r4187
            
      from rhodecode.model.db import User

        marcink
    
repo-permissions: moved permissions into pyramid....

              r1734
            
      from rhodecode.model.forms import RepoPermsForm

      from rhodecode.model.meta import Session

        marcink
    
permissions: properly flush user cache permissions in more cases of permission changes....

              r3824
            
      from rhodecode.model.permission import PermissionModel

        marcink
    
repo-permissions: moved permissions into pyramid....

              r1734
            
      from rhodecode.model.repo import RepoModel

      log = logging.getLogger(__name__)

      class RepoSettingsPermissionsView(RepoAppView):

          def load_default_context(self):

              c = self._get_local_tmpl_context()

              return c

          @LoginRequired()

          @HasRepoPermissionAnyDecorator('repository.admin')

          @view_config(

              route_name='edit_repo_perms', request_method='GET',

              renderer='rhodecode:templates/admin/repos/repo_edit.mako')

          def edit_permissions(self):

        marcink
    
branch-permissions: add flash info when redirected from branch permissions page to indicate required action

              r3438
            
              _ = self.request.translate

        marcink
    
repo-permissions: moved permissions into pyramid....

              r1734
            
              c = self.load_default_context()

              c.active = 'permissions'

        marcink
    
branch-permissions: add flash info when redirected from branch permissions page to indicate required action

              r3438
            
              if self.request.GET.get('branch_permissions'):

                  h.flash(_('Explicitly add user or user group with write+ '

                            'permission to modify their branch permissions.'),

                          category='notice')

        marcink
    
repo-permissions: moved permissions into pyramid....

              r1734
            
              return self._get_template_context(c)

          @LoginRequired()

        marcink
    
repositories: rewrote whole admin section to pyramid....

              r2014
            
          @HasRepoPermissionAnyDecorator('repository.admin')

        marcink
    
repo-permissions: moved permissions into pyramid....

              r1734
            
          @CSRFRequired()

          @view_config(

              route_name='edit_repo_perms', request_method='POST',

              renderer='rhodecode:templates/admin/repos/repo_edit.mako')

          def edit_permissions_update(self):

              _ = self.request.translate

              c = self.load_default_context()

              c.active = 'permissions'

              data = self.request.POST

              # store private flag outside of HTML to verify if we can modify

        marcink
    
repositories: rewrote whole admin section to pyramid....

              r2014
            
              # default user permissions, prevents submission of FAKE post data

        marcink
    
repo-permissions: moved permissions into pyramid....

              r1734
            
              # into the form for private repos

              data['repo_private'] = self.db_repo.private

        marcink
    
pylons: remove pylons as dependency...

              r2351
            
              form = RepoPermsForm(self.request.translate)().to_python(data)

        marcink
    
repo-permissions: moved permissions into pyramid....

              r1734
            
              changes = RepoModel().update_permissions(

                  self.db_repo_name, form['perm_additions'], form['perm_updates'],

                  form['perm_deletions'])

              action_data = {

                  'added': changes['added'],

                  'updated': changes['updated'],

                  'deleted': changes['deleted'],

              }

        marcink
    
audit-logs: use specific web/api calls....

              r1806
            
              audit_logger.store_web(

        marcink
    
repo-permissions: moved permissions into pyramid....

              r1734
            
                  'repo.edit.permissions', action_data=action_data,

                  user=self._rhodecode_user, repo=self.db_repo)

              Session().commit()

        marcink
    
permissions: rename repository permissions to mention those are access permissions....

              r3985
            
              h.flash(_('Repository access permissions updated'), category='success')

        marcink
    
repo-permissions: moved permissions into pyramid....

              r1734
            
        dan
    
permissions: flush all user permissions in case of default user permission changes....

              r4187
            
              affected_user_ids = None

              if changes.get('default_user_changed', False):

                  # if we change the default user, we need to flush everyone permissions

                  affected_user_ids = [x.user_id for x in User.get_all()]

              PermissionModel().flush_user_permission_caches(

                  changes, affected_user_ids=affected_user_ids)

        marcink
    
events: add event to catch permission changed so we can flush affected users permission caches

              r2849
            
        marcink
    
repo-permissions: moved permissions into pyramid....

              r1734
            
              raise HTTPFound(

        marcink
    
repositories: rewrote whole admin section to pyramid....

              r2014
            
                  h.route_path('edit_repo_perms', repo_name=self.db_repo_name))

        ergo
    
repository-permissions: enable shortcut to set private mode in permission page.

              r3809
            
          @LoginRequired()

          @HasRepoPermissionAnyDecorator('repository.admin')

          @CSRFRequired()

          @view_config(

              route_name='edit_repo_perms_set_private', request_method='POST',

              renderer='json_ext')

          def edit_permissions_set_private_repo(self):

              _ = self.request.translate

              self.load_default_context()

        dan
    
repo-permissions: add set/un-set of private repository from permissions page....

              r4189
            
              private_flag = str2bool(self.request.POST.get('private'))

        ergo
    
repository-permissions: enable shortcut to set private mode in permission page.

              r3809
            
              try:

                  RepoModel().update(

        dan
    
repo-permissions: add set/un-set of private repository from permissions page....

              r4189
            
                      self.db_repo, **{'repo_private': private_flag, 'repo_name': self.db_repo_name})

        ergo
    
repository-permissions: enable shortcut to set private mode in permission page.

              r3809
            
                  Session().commit()

                  h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name),

                          category='success')

              except Exception:

                  log.exception("Exception during update of repository")

                  h.flash(_('Error occurred during update of repository {}').format(

                      self.db_repo_name), category='error')

        dan
    
repo-permission: properly flush caches on set private mode.

              r4188
            
              # NOTE(dan): we change repo private mode we need to notify all USERS

              affected_user_ids = [x.user_id for x in User.get_all()]

              PermissionModel().trigger_permission_flush(affected_user_ids)

        ergo
    
repository-permissions: enable shortcut to set private mode in permission page.

              r3809
            
              return {

                  'redirect_url': h.route_path('edit_repo_perms', repo_name=self.db_repo_name),

        dan
    
repo-permissions: add set/un-set of private repository from permissions page....

              r4189
            
                  'private': private_flag

        ergo
    
repository-permissions: enable shortcut to set private mode in permission page.

              r3809
            
              }

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

marcink repo-permissions: moved permissions into pyramid....	r1734	# -- coding: utf-8 --

marcink docs: updated copyrights to 2019	r3363	# Copyright (C) 2011-2019 RhodeCode GmbH
marcink repo-permissions: moved permissions into pyramid....	r1734	#
		# This program is free software: you can redistribute it and/or modify
		# it under the terms of the GNU Affero General Public License, version 3
		# (only), as published by the Free Software Foundation.
		#
		# This program is distributed in the hope that it will be useful,
		# but WITHOUT ANY WARRANTY; without even the implied warranty of
		# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		# GNU General Public License for more details.
		#
		# You should have received a copy of the GNU Affero General Public License
		# along with this program. If not, see <http://www.gnu.org/licenses/>.
		#
		# This program is dual-licensed. If you wish to learn more about the
		# RhodeCode Enterprise Edition, including its added features, Support services,
		# and proprietary license terms, please see https://rhodecode.com/licenses/

		import logging

		from pyramid.httpexceptions import HTTPFound
		from pyramid.view import view_config

		from rhodecode.apps._base import RepoAppView
		from rhodecode.lib import helpers as h
		from rhodecode.lib import audit_logger
		from rhodecode.lib.auth import (
marcink repositories: rewrote whole admin section to pyramid....	r2014	LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
dan repo-permissions: add set/un-set of private repository from permissions page....	r4189	from rhodecode.lib.utils2 import str2bool
dan permissions: flush all user permissions in case of default user permission changes....	r4187	from rhodecode.model.db import User
marcink repo-permissions: moved permissions into pyramid....	r1734	from rhodecode.model.forms import RepoPermsForm
		from rhodecode.model.meta import Session
marcink permissions: properly flush user cache permissions in more cases of permission changes....	r3824	from rhodecode.model.permission import PermissionModel
marcink repo-permissions: moved permissions into pyramid....	r1734	from rhodecode.model.repo import RepoModel

		log = logging.getLogger(__name__)


		class RepoSettingsPermissionsView(RepoAppView):

		def load_default_context(self):
		c = self._get_local_tmpl_context()
		return c

		@LoginRequired()
		@HasRepoPermissionAnyDecorator('repository.admin')
		@view_config(
		route_name='edit_repo_perms', request_method='GET',
		renderer='rhodecode:templates/admin/repos/repo_edit.mako')
		def edit_permissions(self):
marcink branch-permissions: add flash info when redirected from branch permissions page to indicate required action	r3438	_ = self.request.translate
marcink repo-permissions: moved permissions into pyramid....	r1734	c = self.load_default_context()
		c.active = 'permissions'
marcink branch-permissions: add flash info when redirected from branch permissions page to indicate required action	r3438	if self.request.GET.get('branch_permissions'):
		h.flash(_('Explicitly add user or user group with write+ '
		'permission to modify their branch permissions.'),
		category='notice')
marcink repo-permissions: moved permissions into pyramid....	r1734	return self._get_template_context(c)

		@LoginRequired()
marcink repositories: rewrote whole admin section to pyramid....	r2014	@HasRepoPermissionAnyDecorator('repository.admin')
marcink repo-permissions: moved permissions into pyramid....	r1734	@CSRFRequired()
		@view_config(
		route_name='edit_repo_perms', request_method='POST',
		renderer='rhodecode:templates/admin/repos/repo_edit.mako')
		def edit_permissions_update(self):
		_ = self.request.translate
		c = self.load_default_context()
		c.active = 'permissions'
		data = self.request.POST
		# store private flag outside of HTML to verify if we can modify
marcink repositories: rewrote whole admin section to pyramid....	r2014	# default user permissions, prevents submission of FAKE post data
marcink repo-permissions: moved permissions into pyramid....	r1734	# into the form for private repos
		data['repo_private'] = self.db_repo.private
marcink pylons: remove pylons as dependency...	r2351	form = RepoPermsForm(self.request.translate)().to_python(data)
marcink repo-permissions: moved permissions into pyramid....	r1734	changes = RepoModel().update_permissions(
		self.db_repo_name, form['perm_additions'], form['perm_updates'],
		form['perm_deletions'])

		action_data = {
		'added': changes['added'],
		'updated': changes['updated'],
		'deleted': changes['deleted'],
		}
marcink audit-logs: use specific web/api calls....	r1806	audit_logger.store_web(
marcink repo-permissions: moved permissions into pyramid....	r1734	'repo.edit.permissions', action_data=action_data,
		user=self._rhodecode_user, repo=self.db_repo)

		Session().commit()
marcink permissions: rename repository permissions to mention those are access permissions....	r3985	h.flash(_('Repository access permissions updated'), category='success')
marcink repo-permissions: moved permissions into pyramid....	r1734
dan permissions: flush all user permissions in case of default user permission changes....	r4187	affected_user_ids = None
		if changes.get('default_user_changed', False):
		# if we change the default user, we need to flush everyone permissions
		affected_user_ids = [x.user_id for x in User.get_all()]
		PermissionModel().flush_user_permission_caches(
		changes, affected_user_ids=affected_user_ids)
marcink events: add event to catch permission changed so we can flush affected users permission caches	r2849
marcink repo-permissions: moved permissions into pyramid....	r1734	raise HTTPFound(
marcink repositories: rewrote whole admin section to pyramid....	r2014	h.route_path('edit_repo_perms', repo_name=self.db_repo_name))
ergo repository-permissions: enable shortcut to set private mode in permission page.	r3809
		@LoginRequired()
		@HasRepoPermissionAnyDecorator('repository.admin')
		@CSRFRequired()
		@view_config(
		route_name='edit_repo_perms_set_private', request_method='POST',
		renderer='json_ext')
		def edit_permissions_set_private_repo(self):
		_ = self.request.translate
		self.load_default_context()

dan repo-permissions: add set/un-set of private repository from permissions page....	r4189	private_flag = str2bool(self.request.POST.get('private'))

ergo repository-permissions: enable shortcut to set private mode in permission page.	r3809	try:
		RepoModel().update(
dan repo-permissions: add set/un-set of private repository from permissions page....	r4189	self.db_repo, **{'repo_private': private_flag, 'repo_name': self.db_repo_name})
ergo repository-permissions: enable shortcut to set private mode in permission page.	r3809	Session().commit()

		h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name),
		category='success')
		except Exception:
		log.exception("Exception during update of repository")
		h.flash(_('Error occurred during update of repository {}').format(
		self.db_repo_name), category='error')

dan repo-permission: properly flush caches on set private mode.	r4188	# NOTE(dan): we change repo private mode we need to notify all USERS
		affected_user_ids = [x.user_id for x in User.get_all()]
		PermissionModel().trigger_permission_flush(affected_user_ids)

ergo repository-permissions: enable shortcut to set private mode in permission page.	r3809	return {
		'redirect_url': h.route_path('edit_repo_perms', repo_name=self.db_repo_name),
dan repo-permissions: add set/un-set of private repository from permissions page....	r4189	'private': private_flag
ergo repository-permissions: enable shortcut to set private mode in permission page.	r3809	}