repo_permissions.py
134 lines
| 5.2 KiB
| text/x-python
|
PythonLexer
r1734 | # -*- coding: utf-8 -*- | |||
r3363 | # Copyright (C) 2011-2019 RhodeCode GmbH | |||
r1734 | # | |||
# This program is free software: you can redistribute it and/or modify | ||||
# it under the terms of the GNU Affero General Public License, version 3 | ||||
# (only), as published by the Free Software Foundation. | ||||
# | ||||
# This program is distributed in the hope that it will be useful, | ||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
# GNU General Public License for more details. | ||||
# | ||||
# You should have received a copy of the GNU Affero General Public License | ||||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | ||||
# | ||||
# This program is dual-licensed. If you wish to learn more about the | ||||
# RhodeCode Enterprise Edition, including its added features, Support services, | ||||
# and proprietary license terms, please see https://rhodecode.com/licenses/ | ||||
import logging | ||||
from pyramid.httpexceptions import HTTPFound | ||||
from pyramid.view import view_config | ||||
r2849 | from rhodecode import events | |||
r1734 | from rhodecode.apps._base import RepoAppView | |||
from rhodecode.lib import helpers as h | ||||
from rhodecode.lib import audit_logger | ||||
from rhodecode.lib.auth import ( | ||||
r2014 | LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired) | |||
r3153 | from rhodecode.lib.utils2 import safe_int | |||
from rhodecode.model.db import UserGroup | ||||
r1734 | from rhodecode.model.forms import RepoPermsForm | |||
from rhodecode.model.meta import Session | ||||
from rhodecode.model.repo import RepoModel | ||||
log = logging.getLogger(__name__) | ||||
class RepoSettingsPermissionsView(RepoAppView): | ||||
def load_default_context(self): | ||||
c = self._get_local_tmpl_context() | ||||
return c | ||||
@LoginRequired() | ||||
@HasRepoPermissionAnyDecorator('repository.admin') | ||||
@view_config( | ||||
route_name='edit_repo_perms', request_method='GET', | ||||
renderer='rhodecode:templates/admin/repos/repo_edit.mako') | ||||
def edit_permissions(self): | ||||
r3438 | _ = self.request.translate | |||
r1734 | c = self.load_default_context() | |||
c.active = 'permissions' | ||||
r3438 | if self.request.GET.get('branch_permissions'): | |||
h.flash(_('Explicitly add user or user group with write+ ' | ||||
'permission to modify their branch permissions.'), | ||||
category='notice') | ||||
r1734 | return self._get_template_context(c) | |||
@LoginRequired() | ||||
r2014 | @HasRepoPermissionAnyDecorator('repository.admin') | |||
r1734 | @CSRFRequired() | |||
@view_config( | ||||
route_name='edit_repo_perms', request_method='POST', | ||||
renderer='rhodecode:templates/admin/repos/repo_edit.mako') | ||||
def edit_permissions_update(self): | ||||
_ = self.request.translate | ||||
c = self.load_default_context() | ||||
c.active = 'permissions' | ||||
data = self.request.POST | ||||
# store private flag outside of HTML to verify if we can modify | ||||
r2014 | # default user permissions, prevents submission of FAKE post data | |||
r1734 | # into the form for private repos | |||
data['repo_private'] = self.db_repo.private | ||||
r2351 | form = RepoPermsForm(self.request.translate)().to_python(data) | |||
r1734 | changes = RepoModel().update_permissions( | |||
self.db_repo_name, form['perm_additions'], form['perm_updates'], | ||||
form['perm_deletions']) | ||||
action_data = { | ||||
'added': changes['added'], | ||||
'updated': changes['updated'], | ||||
'deleted': changes['deleted'], | ||||
} | ||||
r1806 | audit_logger.store_web( | |||
r1734 | 'repo.edit.permissions', action_data=action_data, | |||
user=self._rhodecode_user, repo=self.db_repo) | ||||
Session().commit() | ||||
h.flash(_('Repository permissions updated'), category='success') | ||||
r2849 | affected_user_ids = [] | |||
for change in changes['added'] + changes['updated'] + changes['deleted']: | ||||
if change['type'] == 'user': | ||||
affected_user_ids.append(change['id']) | ||||
r3153 | if change['type'] == 'user_group': | |||
user_group = UserGroup.get(safe_int(change['id'])) | ||||
if user_group: | ||||
group_members_ids = [x.user_id for x in user_group.members] | ||||
affected_user_ids.extend(group_members_ids) | ||||
r2849 | ||||
events.trigger(events.UserPermissionsChange(affected_user_ids)) | ||||
r1734 | raise HTTPFound( | |||
r2014 | h.route_path('edit_repo_perms', repo_name=self.db_repo_name)) | |||
r3809 | ||||
@LoginRequired() | ||||
@HasRepoPermissionAnyDecorator('repository.admin') | ||||
@CSRFRequired() | ||||
@view_config( | ||||
route_name='edit_repo_perms_set_private', request_method='POST', | ||||
renderer='json_ext') | ||||
def edit_permissions_set_private_repo(self): | ||||
_ = self.request.translate | ||||
self.load_default_context() | ||||
try: | ||||
RepoModel().update( | ||||
self.db_repo, **{'repo_private': True, 'repo_name': self.db_repo_name}) | ||||
Session().commit() | ||||
h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name), | ||||
category='success') | ||||
except Exception: | ||||
log.exception("Exception during update of repository") | ||||
h.flash(_('Error occurred during update of repository {}').format( | ||||
self.db_repo_name), category='error') | ||||
return { | ||||
'redirect_url': h.route_path('edit_repo_perms', repo_name=self.db_repo_name), | ||||
'private': True | ||||
} | ||||