rhodecode-enterprise-ce Files · rhodecode/apps/admin/views/user_groups.py

authentication: introduce a group sync flag for plugins....

authentication: introduce a group sync flag for plugins. - we'll skip any syncing on plugins which simply don't get any group information - we let plugins define if they wish to sync groups - prevent from odd cases in which someone sets user groups as syncing, and using regular plugin. In this case memebership of that group would be wiped, and it's generaly bad behaviour.

marcink - - Load All Authors

File last commit:

r2487:fcee5614 default


                r2495:4f076134

default

Download file

             user_groups.py
        
                    247 lines
            
             | 9.3 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / rhodecode / apps / admin / views / user_groups.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        marcink
    
user-groups: moved the display of user group into a pyramid view

              r1980
            
      # -*- coding: utf-8 -*-

        marcink
    
release: update copyright year to 2018

              r2487
            
      # Copyright (C) 2016-2018 RhodeCode GmbH

        marcink
    
user-groups: moved the display of user group into a pyramid view

              r1980
            
      #

      # This program is free software: you can redistribute it and/or modify

      # it under the terms of the GNU Affero General Public License, version 3

      # (only), as published by the Free Software Foundation.

      #

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      #

      # You should have received a copy of the GNU Affero General Public License

      # along with this program.  If not, see <http://www.gnu.org/licenses/>.

      #

      # This program is dual-licensed. If you wish to learn more about the

      # RhodeCode Enterprise Edition, including its added features, Support services,

      # and proprietary license terms, please see https://rhodecode.com/licenses/

      import logging

        marcink
    
user-groups: rewrote the app to pyramid...

              r2068
            
      import formencode

      import formencode.htmlfill

        marcink
    
user-groups: moved the display of user group into a pyramid view

              r1980
            
      from pyramid.httpexceptions import HTTPFound

      from pyramid.view import view_config

        marcink
    
user-groups: rewrote the app to pyramid...

              r2068
            
      from pyramid.response import Response

      from pyramid.renderers import render

        marcink
    
user-groups: moved the display of user group into a pyramid view

              r1980
            
      from rhodecode.apps._base import BaseAppView, DataGridAppView

      from rhodecode.lib.auth import (

        marcink
    
user-groups: rewrote the app to pyramid...

              r2068
            
          LoginRequired, NotAnonymous, CSRFRequired, HasPermissionAnyDecorator)

      from rhodecode.lib import helpers as h, audit_logger

        marcink
    
repositories: rewrote whole admin section to pyramid....

              r2014
            
      from rhodecode.lib.utils2 import safe_unicode

        marcink
    
user-groups: rewrote the app to pyramid...

              r2068
            
      from rhodecode.model.forms import UserGroupForm

      from rhodecode.model.permission import PermissionModel

      from rhodecode.model.scm import UserGroupList

        marcink
    
users/user_groups: ported permission summary pages into pyramid....

              r1998
            
      from rhodecode.model.db import (

        marcink
    
user-groups: rewrote the app to pyramid...

              r2068
            
          or_, count, User, UserGroup, UserGroupMember)

        marcink
    
user-groups: moved the display of user group into a pyramid view

              r1980
            
      from rhodecode.model.meta import Session

        marcink
    
user-groups: rewrote the app to pyramid...

              r2068
            
      from rhodecode.model.user_group import UserGroupModel

        marcink
    
user-groups: moved the display of user group into a pyramid view

              r1980
            
      log = logging.getLogger(__name__)

      class AdminUserGroupsView(BaseAppView, DataGridAppView):

          def load_default_context(self):

              c = self._get_local_tmpl_context()

        marcink
    
user-groups: rewrote the app to pyramid...

              r2068
            
              PermissionModel().set_global_permission_choices(

                  c, gettext_translator=self.request.translate)

        marcink
    
user-groups: moved the display of user group into a pyramid view

              r1980
            
              return c

          # permission check in data loading of

          # `user_groups_list_data` via UserGroupList

        marcink
    
auth: added @LoginRequired() decorators for user/user_group views....

              r2001
            
          @LoginRequired()

        marcink
    
user-groups: moved the display of user group into a pyramid view

              r1980
            
          @NotAnonymous()

          @view_config(

              route_name='user_groups', request_method='GET',

              renderer='rhodecode:templates/admin/user_groups/user_groups.mako')

          def user_groups_list(self):

              c = self.load_default_context()

              return self._get_template_context(c)

          # permission check inside

        marcink
    
auth: added @LoginRequired() decorators for user/user_group views....

              r2001
            
          @LoginRequired()

        marcink
    
user-groups: moved the display of user group into a pyramid view

              r1980
            
          @NotAnonymous()

          @view_config(

              route_name='user_groups_data', request_method='GET',

              renderer='json_ext', xhr=True)

          def user_groups_list_data(self):

        marcink
    
views: load template context for XHR views....

              r2308
            
              self.load_default_context()

        marcink
    
user-groups: moved the display of user group into a pyramid view

              r1980
            
              column_map = {

                  'active': 'users_group_active',

                  'description': 'user_group_description',

                  'members': 'members_total',

                  'owner': 'user_username',

                  'sync': 'group_data'

              }

              draw, start, limit = self._extract_chunk(self.request)

              search_q, order_by, order_dir = self._extract_ordering(

                  self.request, column_map=column_map)

        marcink
    
user-groups: use request partial renderer and not the pylons one.

              r2109
            
              _render = self.request.get_partial_renderer(

        marcink
    
partial-renderer: use package resource format for templates....

              r2313
            
                  'rhodecode:templates/data_table/_dt_elements.mako')

        marcink
    
user-groups: moved the display of user group into a pyramid view

              r1980
            
              def user_group_name(user_group_id, user_group_name):

                  return _render("user_group_name", user_group_id, user_group_name)

              def user_group_actions(user_group_id, user_group_name):

                  return _render("user_group_actions", user_group_id, user_group_name)

              def user_profile(username):

                  return _render('user_profile', username)

        marcink
    
user-group-admin: use a proper auth filter....

              r1986
            
              auth_user_group_list = UserGroupList(

                  UserGroup.query().all(), perm_set=['usergroup.admin'])

        marcink
    
db: prevent empty IN queries that generally are performance problem, and triggers sql warnings.

              r2176
            
              allowed_ids = [-1]

        marcink
    
user-group-admin: use a proper auth filter....

              r1986
            
              for user_group in auth_user_group_list:

                      allowed_ids.append(user_group.users_group_id)

              user_groups_data_total_count = UserGroup.query()\

                  .filter(UserGroup.users_group_id.in_(allowed_ids))\

                  .count()

        marcink
    
user-groups: moved the display of user group into a pyramid view

              r1980
            
              member_count = count(UserGroupMember.user_id)

              base_q = Session.query(

                  UserGroup.users_group_name,

                  UserGroup.user_group_description,

                  UserGroup.users_group_active,

                  UserGroup.users_group_id,

                  UserGroup.group_data,

                  User,

                  member_count.label('member_count')

              ) \

        marcink
    
user-group-admin: use a proper auth filter....

              r1986
            
              .filter(UserGroup.users_group_id.in_(allowed_ids)) \

        marcink
    
user-groups: moved the display of user group into a pyramid view

              r1980
            
              .outerjoin(UserGroupMember) \

              .join(User, User.user_id == UserGroup.user_id) \

              .group_by(UserGroup, User)

              if search_q:

                  like_expression = u'%{}%'.format(safe_unicode(search_q))

                  base_q = base_q.filter(or_(

                      UserGroup.users_group_name.ilike(like_expression),

                  ))

              user_groups_data_total_filtered_count = base_q.count()

              if order_by == 'members_total':

                  sort_col = member_count

              elif order_by == 'user_username':

                  sort_col = User.username

              else:

                  sort_col = getattr(UserGroup, order_by, None)

              if isinstance(sort_col, count) or sort_col:

                  if order_dir == 'asc':

                      sort_col = sort_col.asc()

                  else:

                      sort_col = sort_col.desc()

              base_q = base_q.order_by(sort_col)

              base_q = base_q.offset(start).limit(limit)

              # authenticated access to user groups

        marcink
    
user-group-admin: use a proper auth filter....

              r1986
            
              auth_user_group_list = base_q.all()

        marcink
    
user-groups: moved the display of user group into a pyramid view

              r1980
            
              user_groups_data = []

              for user_gr in auth_user_group_list:

                  user_groups_data.append({

                      "users_group_name": user_group_name(

                          user_gr.users_group_id, h.escape(user_gr.users_group_name)),

                      "name_raw": h.escape(user_gr.users_group_name),

                      "description": h.escape(user_gr.user_group_description),

                      "members": user_gr.member_count,

                      # NOTE(marcink): because of advanced query we

                      # need to load it like that

                      "sync": UserGroup._load_group_data(

                          user_gr.group_data).get('extern_type'),

                      "active": h.bool2icon(user_gr.users_group_active),

                      "owner": user_profile(user_gr.User.username),

                      "action": user_group_actions(

                          user_gr.users_group_id, user_gr.users_group_name)

                  })

              data = ({

                  'draw': draw,

                  'data': user_groups_data,

                  'recordsTotal': user_groups_data_total_count,

                  'recordsFiltered': user_groups_data_total_filtered_count,

              })

              return data

          @LoginRequired()

        marcink
    
user-groups: rewrote the app to pyramid...

              r2068
            
          @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')

        marcink
    
user-groups: moved the display of user group into a pyramid view

              r1980
            
          @view_config(

        marcink
    
user-groups: rewrote the app to pyramid...

              r2068
            
              route_name='user_groups_new', request_method='GET',

              renderer='rhodecode:templates/admin/user_groups/user_group_add.mako')

          def user_groups_new(self):

        marcink
    
users/user_groups: ported permission summary pages into pyramid....

              r1998
            
              c = self.load_default_context()

              return self._get_template_context(c)

          @LoginRequired()

        marcink
    
user-groups: rewrote the app to pyramid...

              r2068
            
          @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')

          @CSRFRequired()

        marcink
    
users/user_groups: ported permission summary pages into pyramid....

              r1998
            
          @view_config(

        marcink
    
user-groups: rewrote the app to pyramid...

              r2068
            
              route_name='user_groups_create', request_method='POST',

              renderer='rhodecode:templates/admin/user_groups/user_group_add.mako')

          def user_groups_create(self):

              _ = self.request.translate

              c = self.load_default_context()

        marcink
    
pylons: remove pylons as dependency...

              r2351
            
              users_group_form = UserGroupForm(self.request.translate)()

        marcink
    
user-groups: rewrote the app to pyramid...

              r2068
            
              user_group_name = self.request.POST.get('users_group_name')

              try:

                  form_result = users_group_form.to_python(dict(self.request.POST))

                  user_group = UserGroupModel().create(

                      name=form_result['users_group_name'],

                      description=form_result['user_group_description'],

                      owner=self._rhodecode_user.user_id,

                      active=form_result['users_group_active'])

                  Session().flush()

                  creation_data = user_group.get_api_data()

                  user_group_name = form_result['users_group_name']

                  audit_logger.store_web(

                      'user_group.create', action_data={'data': creation_data},

                      user=self._rhodecode_user)

        marcink
    
users/user_groups: ported permission summary pages into pyramid....

              r1998
            
        marcink
    
user-groups: rewrote the app to pyramid...

              r2068
            
                  user_group_link = h.link_to(

                      h.escape(user_group_name),

                      h.route_path(

                          'edit_user_group', user_group_id=user_group.users_group_id))

                  h.flash(h.literal(_('Created user group %(user_group_link)s')

                                    % {'user_group_link': user_group_link}),

                          category='success')

                  Session().commit()

                  user_group_id = user_group.users_group_id

              except formencode.Invalid as errors:

        marcink
    
users/user_groups: ported permission summary pages into pyramid....

              r1998
            
        marcink
    
user-groups: rewrote the app to pyramid...

              r2068
            
                  data = render(

                      'rhodecode:templates/admin/user_groups/user_group_add.mako',

                      self._get_template_context(c), self.request)

                  html = formencode.htmlfill.render(

                      data,

                      defaults=errors.value,

                      errors=errors.error_dict or {},

                      prefix_error=False,

                      encoding="UTF-8",

                      force_defaults=False

                  )

                  return Response(html)

              except Exception:

                  log.exception("Exception creating user group")

                  h.flash(_('Error occurred during creation of user group %s') \

                          % user_group_name, category='error')

                  raise HTTPFound(h.route_path('user_groups_new'))

              raise HTTPFound(

                  h.route_path('edit_user_group', user_group_id=user_group_id))

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

marcink user-groups: moved the display of user group into a pyramid view	r1980	# -- coding: utf-8 --

marcink release: update copyright year to 2018	r2487	# Copyright (C) 2016-2018 RhodeCode GmbH
marcink user-groups: moved the display of user group into a pyramid view	r1980	#
		# This program is free software: you can redistribute it and/or modify
		# it under the terms of the GNU Affero General Public License, version 3
		# (only), as published by the Free Software Foundation.
		#
		# This program is distributed in the hope that it will be useful,
		# but WITHOUT ANY WARRANTY; without even the implied warranty of
		# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		# GNU General Public License for more details.
		#
		# You should have received a copy of the GNU Affero General Public License
		# along with this program. If not, see <http://www.gnu.org/licenses/>.
		#
		# This program is dual-licensed. If you wish to learn more about the
		# RhodeCode Enterprise Edition, including its added features, Support services,
		# and proprietary license terms, please see https://rhodecode.com/licenses/

		import logging

marcink user-groups: rewrote the app to pyramid...	r2068	import formencode
		import formencode.htmlfill

marcink user-groups: moved the display of user group into a pyramid view	r1980	from pyramid.httpexceptions import HTTPFound
		from pyramid.view import view_config
marcink user-groups: rewrote the app to pyramid...	r2068	from pyramid.response import Response
		from pyramid.renderers import render
marcink user-groups: moved the display of user group into a pyramid view	r1980
		from rhodecode.apps._base import BaseAppView, DataGridAppView
		from rhodecode.lib.auth import (
marcink user-groups: rewrote the app to pyramid...	r2068	LoginRequired, NotAnonymous, CSRFRequired, HasPermissionAnyDecorator)
		from rhodecode.lib import helpers as h, audit_logger
marcink repositories: rewrote whole admin section to pyramid....	r2014	from rhodecode.lib.utils2 import safe_unicode
marcink user-groups: rewrote the app to pyramid...	r2068
		from rhodecode.model.forms import UserGroupForm
		from rhodecode.model.permission import PermissionModel
		from rhodecode.model.scm import UserGroupList
marcink users/user_groups: ported permission summary pages into pyramid....	r1998	from rhodecode.model.db import (
marcink user-groups: rewrote the app to pyramid...	r2068	or_, count, User, UserGroup, UserGroupMember)
marcink user-groups: moved the display of user group into a pyramid view	r1980	from rhodecode.model.meta import Session
marcink user-groups: rewrote the app to pyramid...	r2068	from rhodecode.model.user_group import UserGroupModel
marcink user-groups: moved the display of user group into a pyramid view	r1980
		log = logging.getLogger(__name__)


		class AdminUserGroupsView(BaseAppView, DataGridAppView):

		def load_default_context(self):
		c = self._get_local_tmpl_context()
marcink user-groups: rewrote the app to pyramid...	r2068
		PermissionModel().set_global_permission_choices(
		c, gettext_translator=self.request.translate)

marcink user-groups: moved the display of user group into a pyramid view	r1980	return c

		# permission check in data loading of
		# `user_groups_list_data` via UserGroupList
marcink auth: added @LoginRequired() decorators for user/user_group views....	r2001	@LoginRequired()
marcink user-groups: moved the display of user group into a pyramid view	r1980	@NotAnonymous()
		@view_config(
		route_name='user_groups', request_method='GET',
		renderer='rhodecode:templates/admin/user_groups/user_groups.mako')
		def user_groups_list(self):
		c = self.load_default_context()
		return self._get_template_context(c)

		# permission check inside
marcink auth: added @LoginRequired() decorators for user/user_group views....	r2001	@LoginRequired()
marcink user-groups: moved the display of user group into a pyramid view	r1980	@NotAnonymous()
		@view_config(
		route_name='user_groups_data', request_method='GET',
		renderer='json_ext', xhr=True)
		def user_groups_list_data(self):
marcink views: load template context for XHR views....	r2308	self.load_default_context()
marcink user-groups: moved the display of user group into a pyramid view	r1980	column_map = {
		'active': 'users_group_active',
		'description': 'user_group_description',
		'members': 'members_total',
		'owner': 'user_username',
		'sync': 'group_data'
		}
		draw, start, limit = self._extract_chunk(self.request)
		search_q, order_by, order_dir = self._extract_ordering(
		self.request, column_map=column_map)

marcink user-groups: use request partial renderer and not the pylons one.	r2109	_render = self.request.get_partial_renderer(
marcink partial-renderer: use package resource format for templates....	r2313	'rhodecode:templates/data_table/_dt_elements.mako')
marcink user-groups: moved the display of user group into a pyramid view	r1980
		def user_group_name(user_group_id, user_group_name):
		return _render("user_group_name", user_group_id, user_group_name)

		def user_group_actions(user_group_id, user_group_name):
		return _render("user_group_actions", user_group_id, user_group_name)

		def user_profile(username):
		return _render('user_profile', username)

marcink user-group-admin: use a proper auth filter....	r1986	auth_user_group_list = UserGroupList(
		UserGroup.query().all(), perm_set=['usergroup.admin'])

marcink db: prevent empty IN queries that generally are performance problem, and triggers sql warnings.	r2176	allowed_ids = [-1]
marcink user-group-admin: use a proper auth filter....	r1986	for user_group in auth_user_group_list:
		allowed_ids.append(user_group.users_group_id)

		user_groups_data_total_count = UserGroup.query()\
		.filter(UserGroup.users_group_id.in_(allowed_ids))\
		.count()
marcink user-groups: moved the display of user group into a pyramid view	r1980
		member_count = count(UserGroupMember.user_id)
		base_q = Session.query(
		UserGroup.users_group_name,
		UserGroup.user_group_description,
		UserGroup.users_group_active,
		UserGroup.users_group_id,
		UserGroup.group_data,
		User,
		member_count.label('member_count')
		) \
marcink user-group-admin: use a proper auth filter....	r1986	.filter(UserGroup.users_group_id.in_(allowed_ids)) \
marcink user-groups: moved the display of user group into a pyramid view	r1980	.outerjoin(UserGroupMember) \
		.join(User, User.user_id == UserGroup.user_id) \
		.group_by(UserGroup, User)

		if search_q:
		like_expression = u'%{}%'.format(safe_unicode(search_q))
		base_q = base_q.filter(or_(
		UserGroup.users_group_name.ilike(like_expression),
		))

		user_groups_data_total_filtered_count = base_q.count()

		if order_by == 'members_total':
		sort_col = member_count
		elif order_by == 'user_username':
		sort_col = User.username
		else:
		sort_col = getattr(UserGroup, order_by, None)

		if isinstance(sort_col, count) or sort_col:
		if order_dir == 'asc':
		sort_col = sort_col.asc()
		else:
		sort_col = sort_col.desc()

		base_q = base_q.order_by(sort_col)
		base_q = base_q.offset(start).limit(limit)

		# authenticated access to user groups
marcink user-group-admin: use a proper auth filter....	r1986	auth_user_group_list = base_q.all()
marcink user-groups: moved the display of user group into a pyramid view	r1980
		user_groups_data = []
		for user_gr in auth_user_group_list:
		user_groups_data.append({
		"users_group_name": user_group_name(
		user_gr.users_group_id, h.escape(user_gr.users_group_name)),
		"name_raw": h.escape(user_gr.users_group_name),
		"description": h.escape(user_gr.user_group_description),
		"members": user_gr.member_count,
		# NOTE(marcink): because of advanced query we
		# need to load it like that
		"sync": UserGroup._load_group_data(
		user_gr.group_data).get('extern_type'),
		"active": h.bool2icon(user_gr.users_group_active),
		"owner": user_profile(user_gr.User.username),
		"action": user_group_actions(
		user_gr.users_group_id, user_gr.users_group_name)
		})

		data = ({
		'draw': draw,
		'data': user_groups_data,
		'recordsTotal': user_groups_data_total_count,
		'recordsFiltered': user_groups_data_total_filtered_count,
		})

		return data

		@LoginRequired()
marcink user-groups: rewrote the app to pyramid...	r2068	@HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')
marcink user-groups: moved the display of user group into a pyramid view	r1980	@view_config(
marcink user-groups: rewrote the app to pyramid...	r2068	route_name='user_groups_new', request_method='GET',
		renderer='rhodecode:templates/admin/user_groups/user_group_add.mako')
		def user_groups_new(self):
marcink users/user_groups: ported permission summary pages into pyramid....	r1998	c = self.load_default_context()
		return self._get_template_context(c)

		@LoginRequired()
marcink user-groups: rewrote the app to pyramid...	r2068	@HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')
		@CSRFRequired()
marcink users/user_groups: ported permission summary pages into pyramid....	r1998	@view_config(
marcink user-groups: rewrote the app to pyramid...	r2068	route_name='user_groups_create', request_method='POST',
		renderer='rhodecode:templates/admin/user_groups/user_group_add.mako')
		def user_groups_create(self):
		_ = self.request.translate
		c = self.load_default_context()
marcink pylons: remove pylons as dependency...	r2351	users_group_form = UserGroupForm(self.request.translate)()
marcink user-groups: rewrote the app to pyramid...	r2068
		user_group_name = self.request.POST.get('users_group_name')
		try:
		form_result = users_group_form.to_python(dict(self.request.POST))
		user_group = UserGroupModel().create(
		name=form_result['users_group_name'],
		description=form_result['user_group_description'],
		owner=self._rhodecode_user.user_id,
		active=form_result['users_group_active'])
		Session().flush()
		creation_data = user_group.get_api_data()
		user_group_name = form_result['users_group_name']

		audit_logger.store_web(
		'user_group.create', action_data={'data': creation_data},
		user=self._rhodecode_user)
marcink users/user_groups: ported permission summary pages into pyramid....	r1998
marcink user-groups: rewrote the app to pyramid...	r2068	user_group_link = h.link_to(
		h.escape(user_group_name),
		h.route_path(
		'edit_user_group', user_group_id=user_group.users_group_id))
		h.flash(h.literal(_('Created user group %(user_group_link)s')
		% {'user_group_link': user_group_link}),
		category='success')
		Session().commit()
		user_group_id = user_group.users_group_id
		except formencode.Invalid as errors:
marcink users/user_groups: ported permission summary pages into pyramid....	r1998
marcink user-groups: rewrote the app to pyramid...	r2068	data = render(
		'rhodecode:templates/admin/user_groups/user_group_add.mako',
		self._get_template_context(c), self.request)
		html = formencode.htmlfill.render(
		data,
		defaults=errors.value,
		errors=errors.error_dict or {},
		prefix_error=False,
		encoding="UTF-8",
		force_defaults=False
		)
		return Response(html)

		except Exception:
		log.exception("Exception creating user group")
		h.flash(_('Error occurred during creation of user group %s') \
		% user_group_name, category='error')
		raise HTTPFound(h.route_path('user_groups_new'))

		raise HTTPFound(
		h.route_path('edit_user_group', user_group_id=user_group_id))