##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
auth-token: fix way we generate entries inside the list of whitelist names....
marcink -
r1950:0694aced default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,369 +1,369 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2016-2017 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import re
22 22 import logging
23 23 import formencode
24 24 from pyramid.interfaces import IRoutesMapper
25 25
26 26 from pyramid.view import view_config
27 27 from pyramid.httpexceptions import HTTPFound
28 28 from pyramid.renderers import render
29 29 from pyramid.response import Response
30 30
31 31 from rhodecode.apps._base import BaseAppView
32 32
33 33 from rhodecode.lib import helpers as h
34 34 from rhodecode.lib.auth import (
35 35 LoginRequired, HasPermissionAllDecorator, CSRFRequired)
36 36 from rhodecode.lib.utils2 import aslist
37 37 from rhodecode.model.db import User, UserIpMap
38 38 from rhodecode.model.forms import (
39 39 ApplicationPermissionsForm, ObjectPermissionsForm, UserPermissionsForm)
40 40 from rhodecode.model.meta import Session
41 41 from rhodecode.model.permission import PermissionModel
42 42 from rhodecode.model.settings import SettingsModel
43 43
44 44
45 45 log = logging.getLogger(__name__)
46 46
47 47
48 48 class AdminPermissionsView(BaseAppView):
49 49 def load_default_context(self):
50 50 c = self._get_local_tmpl_context()
51 51
52 52 self._register_global_c(c)
53 53 PermissionModel().set_global_permission_choices(
54 54 c, gettext_translator=self.request.translate)
55 55 return c
56 56
57 57 @LoginRequired()
58 58 @HasPermissionAllDecorator('hg.admin')
59 59 @view_config(
60 60 route_name='admin_permissions_application', request_method='GET',
61 61 renderer='rhodecode:templates/admin/permissions/permissions.mako')
62 62 def permissions_application(self):
63 63 c = self.load_default_context()
64 64 c.active = 'application'
65 65
66 66 c.user = User.get_default_user(refresh=True)
67 67
68 68 app_settings = SettingsModel().get_all_settings()
69 69 defaults = {
70 70 'anonymous': c.user.active,
71 71 'default_register_message': app_settings.get(
72 72 'rhodecode_register_message')
73 73 }
74 74 defaults.update(c.user.get_default_perms())
75 75
76 76 data = render('rhodecode:templates/admin/permissions/permissions.mako',
77 77 self._get_template_context(c), self.request)
78 78 html = formencode.htmlfill.render(
79 79 data,
80 80 defaults=defaults,
81 81 encoding="UTF-8",
82 82 force_defaults=False
83 83 )
84 84 return Response(html)
85 85
86 86 @LoginRequired()
87 87 @HasPermissionAllDecorator('hg.admin')
88 88 @CSRFRequired()
89 89 @view_config(
90 90 route_name='admin_permissions_application_update', request_method='POST',
91 91 renderer='rhodecode:templates/admin/permissions/permissions.mako')
92 92 def permissions_application_update(self):
93 93 _ = self.request.translate
94 94 c = self.load_default_context()
95 95 c.active = 'application'
96 96
97 97 _form = ApplicationPermissionsForm(
98 98 [x[0] for x in c.register_choices],
99 99 [x[0] for x in c.password_reset_choices],
100 100 [x[0] for x in c.extern_activate_choices])()
101 101
102 102 try:
103 103 form_result = _form.to_python(dict(self.request.POST))
104 104 form_result.update({'perm_user_name': User.DEFAULT_USER})
105 105 PermissionModel().update_application_permissions(form_result)
106 106
107 107 settings = [
108 108 ('register_message', 'default_register_message'),
109 109 ]
110 110 for setting, form_key in settings:
111 111 sett = SettingsModel().create_or_update_setting(
112 112 setting, form_result[form_key])
113 113 Session().add(sett)
114 114
115 115 Session().commit()
116 116 h.flash(_('Application permissions updated successfully'),
117 117 category='success')
118 118
119 119 except formencode.Invalid as errors:
120 120 defaults = errors.value
121 121
122 122 data = render(
123 123 'rhodecode:templates/admin/permissions/permissions.mako',
124 124 self._get_template_context(c), self.request)
125 125 html = formencode.htmlfill.render(
126 126 data,
127 127 defaults=defaults,
128 128 errors=errors.error_dict or {},
129 129 prefix_error=False,
130 130 encoding="UTF-8",
131 131 force_defaults=False
132 132 )
133 133 return Response(html)
134 134
135 135 except Exception:
136 136 log.exception("Exception during update of permissions")
137 137 h.flash(_('Error occurred during update of permissions'),
138 138 category='error')
139 139
140 140 raise HTTPFound(h.route_path('admin_permissions_application'))
141 141
142 142 @LoginRequired()
143 143 @HasPermissionAllDecorator('hg.admin')
144 144 @view_config(
145 145 route_name='admin_permissions_object', request_method='GET',
146 146 renderer='rhodecode:templates/admin/permissions/permissions.mako')
147 147 def permissions_objects(self):
148 148 c = self.load_default_context()
149 149 c.active = 'objects'
150 150
151 151 c.user = User.get_default_user(refresh=True)
152 152 defaults = {}
153 153 defaults.update(c.user.get_default_perms())
154 154
155 155 data = render(
156 156 'rhodecode:templates/admin/permissions/permissions.mako',
157 157 self._get_template_context(c), self.request)
158 158 html = formencode.htmlfill.render(
159 159 data,
160 160 defaults=defaults,
161 161 encoding="UTF-8",
162 162 force_defaults=False
163 163 )
164 164 return Response(html)
165 165
166 166 @LoginRequired()
167 167 @HasPermissionAllDecorator('hg.admin')
168 168 @CSRFRequired()
169 169 @view_config(
170 170 route_name='admin_permissions_object_update', request_method='POST',
171 171 renderer='rhodecode:templates/admin/permissions/permissions.mako')
172 172 def permissions_objects_update(self):
173 173 _ = self.request.translate
174 174 c = self.load_default_context()
175 175 c.active = 'objects'
176 176
177 177 _form = ObjectPermissionsForm(
178 178 [x[0] for x in c.repo_perms_choices],
179 179 [x[0] for x in c.group_perms_choices],
180 180 [x[0] for x in c.user_group_perms_choices])()
181 181
182 182 try:
183 183 form_result = _form.to_python(dict(self.request.POST))
184 184 form_result.update({'perm_user_name': User.DEFAULT_USER})
185 185 PermissionModel().update_object_permissions(form_result)
186 186
187 187 Session().commit()
188 188 h.flash(_('Object permissions updated successfully'),
189 189 category='success')
190 190
191 191 except formencode.Invalid as errors:
192 192 defaults = errors.value
193 193
194 194 data = render(
195 195 'rhodecode:templates/admin/permissions/permissions.mako',
196 196 self._get_template_context(c), self.request)
197 197 html = formencode.htmlfill.render(
198 198 data,
199 199 defaults=defaults,
200 200 errors=errors.error_dict or {},
201 201 prefix_error=False,
202 202 encoding="UTF-8",
203 203 force_defaults=False
204 204 )
205 205 return Response(html)
206 206 except Exception:
207 207 log.exception("Exception during update of permissions")
208 208 h.flash(_('Error occurred during update of permissions'),
209 209 category='error')
210 210
211 211 raise HTTPFound(h.route_path('admin_permissions_object'))
212 212
213 213 @LoginRequired()
214 214 @HasPermissionAllDecorator('hg.admin')
215 215 @view_config(
216 216 route_name='admin_permissions_global', request_method='GET',
217 217 renderer='rhodecode:templates/admin/permissions/permissions.mako')
218 218 def permissions_global(self):
219 219 c = self.load_default_context()
220 220 c.active = 'global'
221 221
222 222 c.user = User.get_default_user(refresh=True)
223 223 defaults = {}
224 224 defaults.update(c.user.get_default_perms())
225 225
226 226 data = render(
227 227 'rhodecode:templates/admin/permissions/permissions.mako',
228 228 self._get_template_context(c), self.request)
229 229 html = formencode.htmlfill.render(
230 230 data,
231 231 defaults=defaults,
232 232 encoding="UTF-8",
233 233 force_defaults=False
234 234 )
235 235 return Response(html)
236 236
237 237 @LoginRequired()
238 238 @HasPermissionAllDecorator('hg.admin')
239 239 @CSRFRequired()
240 240 @view_config(
241 241 route_name='admin_permissions_global_update', request_method='POST',
242 242 renderer='rhodecode:templates/admin/permissions/permissions.mako')
243 243 def permissions_global_update(self):
244 244 _ = self.request.translate
245 245 c = self.load_default_context()
246 246 c.active = 'global'
247 247
248 248 _form = UserPermissionsForm(
249 249 [x[0] for x in c.repo_create_choices],
250 250 [x[0] for x in c.repo_create_on_write_choices],
251 251 [x[0] for x in c.repo_group_create_choices],
252 252 [x[0] for x in c.user_group_create_choices],
253 253 [x[0] for x in c.fork_choices],
254 254 [x[0] for x in c.inherit_default_permission_choices])()
255 255
256 256 try:
257 257 form_result = _form.to_python(dict(self.request.POST))
258 258 form_result.update({'perm_user_name': User.DEFAULT_USER})
259 259 PermissionModel().update_user_permissions(form_result)
260 260
261 261 Session().commit()
262 262 h.flash(_('Global permissions updated successfully'),
263 263 category='success')
264 264
265 265 except formencode.Invalid as errors:
266 266 defaults = errors.value
267 267
268 268 data = render(
269 269 'rhodecode:templates/admin/permissions/permissions.mako',
270 270 self._get_template_context(c), self.request)
271 271 html = formencode.htmlfill.render(
272 272 data,
273 273 defaults=defaults,
274 274 errors=errors.error_dict or {},
275 275 prefix_error=False,
276 276 encoding="UTF-8",
277 277 force_defaults=False
278 278 )
279 279 return Response(html)
280 280 except Exception:
281 281 log.exception("Exception during update of permissions")
282 282 h.flash(_('Error occurred during update of permissions'),
283 283 category='error')
284 284
285 285 raise HTTPFound(h.route_path('admin_permissions_global'))
286 286
287 287 @LoginRequired()
288 288 @HasPermissionAllDecorator('hg.admin')
289 289 @view_config(
290 290 route_name='admin_permissions_ips', request_method='GET',
291 291 renderer='rhodecode:templates/admin/permissions/permissions.mako')
292 292 def permissions_ips(self):
293 293 c = self.load_default_context()
294 294 c.active = 'ips'
295 295
296 296 c.user = User.get_default_user(refresh=True)
297 297 c.user_ip_map = (
298 298 UserIpMap.query().filter(UserIpMap.user == c.user).all())
299 299
300 300 return self._get_template_context(c)
301 301
302 302 @LoginRequired()
303 303 @HasPermissionAllDecorator('hg.admin')
304 304 @view_config(
305 305 route_name='admin_permissions_overview', request_method='GET',
306 306 renderer='rhodecode:templates/admin/permissions/permissions.mako')
307 307 def permissions_overview(self):
308 308 c = self.load_default_context()
309 309 c.active = 'perms'
310 310
311 311 c.user = User.get_default_user(refresh=True)
312 312 c.perm_user = c.user.AuthUser
313 313 return self._get_template_context(c)
314 314
315 315 @LoginRequired()
316 316 @HasPermissionAllDecorator('hg.admin')
317 317 @view_config(
318 318 route_name='admin_permissions_auth_token_access', request_method='GET',
319 319 renderer='rhodecode:templates/admin/permissions/permissions.mako')
320 320 def auth_token_access(self):
321 321 from rhodecode import CONFIG
322 322
323 323 c = self.load_default_context()
324 324 c.active = 'auth_token_access'
325 325
326 326 c.user = User.get_default_user(refresh=True)
327 327 c.perm_user = c.user.AuthUser
328 328
329 329 mapper = self.request.registry.queryUtility(IRoutesMapper)
330 330 c.view_data = []
331 331
332 332 _argument_prog = re.compile('\{(.*?)\}|:\((.*)\)')
333 333 introspector = self.request.registry.introspector
334 334
335 335 view_intr = {}
336 336 for view_data in introspector.get_category('views'):
337 337 intr = view_data['introspectable']
338 338
339 339 if 'route_name' in intr and intr['attr']:
340 view_intr[intr['route_name']] = '{}.{}'.format(
340 view_intr[intr['route_name']] = '{}:{}'.format(
341 341 str(intr['derived_callable'].func_name), intr['attr']
342 342 )
343 343
344 344 c.whitelist_key = 'api_access_controllers_whitelist'
345 345 c.whitelist_file = CONFIG.get('__file__')
346 346 whitelist_views = aslist(
347 347 CONFIG.get(c.whitelist_key), sep=',')
348 348
349 349 for route_info in mapper.get_routes():
350 350 if not route_info.name.startswith('__'):
351 351 routepath = route_info.pattern
352 352
353 353 def replace(matchobj):
354 354 if matchobj.group(1):
355 355 return "{%s}" % matchobj.group(1).split(':')[0]
356 356 else:
357 357 return "{%s}" % matchobj.group(2)
358 358
359 359 routepath = _argument_prog.sub(replace, routepath)
360 360
361 361 if not routepath.startswith('/'):
362 362 routepath = '/' + routepath
363 363
364 364 view_fqn = view_intr.get(route_info.name, 'NOT AVAILABLE')
365 365 active = view_fqn in whitelist_views
366 366 c.view_data.append((route_info.name, view_fqn, routepath, active))
367 367
368 368 c.whitelist_views = whitelist_views
369 369 return self._get_template_context(c)
General Comments 0
You need to be logged in to leave comments. Login now