permissions: flush all user permissions in case of default user permission changes....
dan -
r4187:0268c0ee stable
Not Reviewed
Show More
Add another comment
TODOs: 0 unresolved 0 Resolved
COMMENTS: 0 General 0 Inline
@@ -28,6 +28,7
28 from rhodecode.lib import audit_logger
28 from rhodecode.lib import audit_logger
29 from rhodecode.lib.auth import (
29 from rhodecode.lib.auth import (
30 LoginRequired, HasRepoGroupPermissionAnyDecorator, CSRFRequired)
30 LoginRequired, HasRepoGroupPermissionAnyDecorator, CSRFRequired)
31 from rhodecode.model.db import User
31 from rhodecode.model.permission import PermissionModel
32 from rhodecode.model.permission import PermissionModel
32 from rhodecode.model.repo_group import RepoGroupModel
33 from rhodecode.model.repo_group import RepoGroupModel
33 from rhodecode.model.forms import RepoGroupPermsForm
34 from rhodecode.model.forms import RepoGroupPermsForm
@@ -96,7 +97,13
96
97
97 Session().commit()
98 Session().commit()
98 h.flash(_('Repository Group permissions updated'), category='success')
99 h.flash(_('Repository Group permissions updated'), category='success')
99 PermissionModel().flush_user_permission_caches(changes)
100
101 affected_user_ids = None
102 if changes.get('default_user_changed', False):
103 # if we change the default user, we need to flush everyone permissions
104 affected_user_ids = [x.user_id for x in User.get_all()]
105 PermissionModel().flush_user_permission_caches(
106 changes, affected_user_ids=affected_user_ids)
100
107
101 raise HTTPFound(
108 raise HTTPFound(
102 h.route_path('edit_repo_group_perms',
109 h.route_path('edit_repo_group_perms',
@@ -28,6 +28,7
28 from rhodecode.lib import audit_logger
28 from rhodecode.lib import audit_logger
29 from rhodecode.lib.auth import (
29 from rhodecode.lib.auth import (
30 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
30 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
31 from rhodecode.model.db import User
31 from rhodecode.model.forms import RepoPermsForm
32 from rhodecode.model.forms import RepoPermsForm
32 from rhodecode.model.meta import Session
33 from rhodecode.model.meta import Session
33 from rhodecode.model.permission import PermissionModel
34 from rhodecode.model.permission import PermissionModel
@@ -89,7 +90,12
89 Session().commit()
90 Session().commit()
90 h.flash(_('Repository access permissions updated'), category='success')
91 h.flash(_('Repository access permissions updated'), category='success')
91
92
92 PermissionModel().flush_user_permission_caches(changes)
93 affected_user_ids = None
94 if changes.get('default_user_changed', False):
95 # if we change the default user, we need to flush everyone permissions
96 affected_user_ids = [x.user_id for x in User.get_all()]
97 PermissionModel().flush_user_permission_caches(
98 changes, affected_user_ids=affected_user_ids)
93
99
94 raise HTTPFound(
100 raise HTTPFound(
95 h.route_path('edit_repo_perms', repo_name=self.db_repo_name))
101 h.route_path('edit_repo_perms', repo_name=self.db_repo_name))
@@ -619,13 +619,26
619 changes = {
619 changes = {
620 'added': [],
620 'added': [],
621 'updated': [],
621 'updated': [],
622 'deleted': []
622 'deleted': [],
623 'default_user_changed': None
623 }
624 }
625
626 repo = self._get_repo(repo)
627
624 # update permissions
628 # update permissions
625 for member_id, perm, member_type in perm_updates:
629 for member_id, perm, member_type in perm_updates:
626 member_id = int(member_id)
630 member_id = int(member_id)
627 if member_type == 'user':
631 if member_type == 'user':
628 member_name = User.get(member_id).username
632 member_name = User.get(member_id).username
633 if member_name == User.DEFAULT_USER:
634 # NOTE(dan): detect if we changed permissions for default user
635 perm_obj = self.sa.query(UserRepoToPerm) \
636 .filter(UserRepoToPerm.user_id == member_id) \
637 .filter(UserRepoToPerm.repository == repo) \
638 .scalar()
639 if perm_obj and perm_obj.permission.permission_name != perm:
640 changes['default_user_changed'] = True
641
629 # this updates also current one if found
642 # this updates also current one if found
630 self.grant_user_permission(
643 self.grant_user_permission(
631 repo=repo, user=member_id, perm=perm)
644 repo=repo, user=member_id, perm=perm)
@@ -353,7 +353,8
353 changes = {
353 changes = {
354 'added': [],
354 'added': [],
355 'updated': [],
355 'updated': [],
356 'deleted': []
356 'deleted': [],
357 'default_user_changed': None
357 }
358 }
358
359
359 def _set_perm_user(obj, user, perm):
360 def _set_perm_user(obj, user, perm):
@@ -430,6 +431,15
430 member_id = int(member_id)
431 member_id = int(member_id)
431 if member_type == 'user':
432 if member_type == 'user':
432 member_name = User.get(member_id).username
433 member_name = User.get(member_id).username
434 if isinstance(obj, RepoGroup) and obj == repo_group and member_name == User.DEFAULT_USER:
435 # NOTE(dan): detect if we changed permissions for default user
436 perm_obj = self.sa.query(UserRepoGroupToPerm) \
437 .filter(UserRepoGroupToPerm.user_id == member_id) \
438 .filter(UserRepoGroupToPerm.group == repo_group) \
439 .scalar()
440 if perm_obj and perm_obj.permission.permission_name != perm:
441 changes['default_user_changed'] = True
442
433 # this updates also current one if found
443 # this updates also current one if found
434 _set_perm_user(obj, user=member_id, perm=perm)
444 _set_perm_user(obj, user=member_id, perm=perm)
435 elif member_type == 'user_group':
445 elif member_type == 'user_group':
Comments 0
You need to be logged in to leave comments. Login now