rhodecode-enterprise-ce Commit - r4188:11fc38a7

1

# -*- coding: utf-8 -*-

1

# -*- coding: utf-8 -*-

2

3

4

#

4

#

5

# This program is free software: you can redistribute it and/or modify

5

# This program is free software: you can redistribute it and/or modify

6

# it under the terms of the GNU Affero General Public License, version 3

6

# it under the terms of the GNU Affero General Public License, version 3

7

# (only), as published by the Free Software Foundation.

7

# (only), as published by the Free Software Foundation.

8

#

8

#

9

# This program is distributed in the hope that it will be useful,

9

# This program is distributed in the hope that it will be useful,

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12

# GNU General Public License for more details.

12

# GNU General Public License for more details.

13

#

13

#

14

# You should have received a copy of the GNU Affero General Public License

14

# You should have received a copy of the GNU Affero General Public License

15

# along with this program. If not, see <http://www.gnu.org/licenses/>.

15

# along with this program. If not, see <http://www.gnu.org/licenses/>.

16

#

16

#

17

# This program is dual-licensed. If you wish to learn more about the

17

# This program is dual-licensed. If you wish to learn more about the

18

# RhodeCode Enterprise Edition, including its added features, Support services,

18

# RhodeCode Enterprise Edition, including its added features, Support services,

19

# and proprietary license terms, please see https://rhodecode.com/licenses/

19

# and proprietary license terms, please see https://rhodecode.com/licenses/

20

21

import logging

21

import logging

22

23

from pyramid.httpexceptions import HTTPFound

23

from pyramid.httpexceptions import HTTPFound

24

from pyramid.view import view_config

24

from pyramid.view import view_config

25

26

from rhodecode.apps._base import RepoAppView

26

from rhodecode.apps._base import RepoAppView

27

from rhodecode.lib import helpers as h

27

from rhodecode.lib import helpers as h

28

from rhodecode.lib import audit_logger

28

from rhodecode.lib import audit_logger

29

from rhodecode.lib.auth import (

29

from rhodecode.lib.auth import (

30

LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)

30

LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)

31

from rhodecode.model.db import User

31

from rhodecode.model.db import User

32

from rhodecode.model.forms import RepoPermsForm

32

from rhodecode.model.forms import RepoPermsForm

33

from rhodecode.model.meta import Session

33

from rhodecode.model.meta import Session

34

from rhodecode.model.permission import PermissionModel

34

from rhodecode.model.permission import PermissionModel

35

from rhodecode.model.repo import RepoModel

35

from rhodecode.model.repo import RepoModel

36

37

log = logging.getLogger(__name__)

37

log = logging.getLogger(__name__)

38

39

40

class RepoSettingsPermissionsView(RepoAppView):

40

class RepoSettingsPermissionsView(RepoAppView):

41

42

def load_default_context(self):

42

def load_default_context(self):

43

c = self._get_local_tmpl_context()

43

c = self._get_local_tmpl_context()

44

return c

44

return c

45

46

@LoginRequired()

46

@LoginRequired()

47

@HasRepoPermissionAnyDecorator('repository.admin')

47

@HasRepoPermissionAnyDecorator('repository.admin')

48

@view_config(

48

@view_config(

49

route_name='edit_repo_perms', request_method='GET',

49

route_name='edit_repo_perms', request_method='GET',

50

renderer='rhodecode:templates/admin/repos/repo_edit.mako')

50

renderer='rhodecode:templates/admin/repos/repo_edit.mako')

51

def edit_permissions(self):

51

def edit_permissions(self):

52

_ = self.request.translate

52

_ = self.request.translate

53

c = self.load_default_context()

53

c = self.load_default_context()

54

c.active = 'permissions'

54

c.active = 'permissions'

55

if self.request.GET.get('branch_permissions'):

55

if self.request.GET.get('branch_permissions'):

56

h.flash(_('Explicitly add user or user group with write+ '

56

h.flash(_('Explicitly add user or user group with write+ '

57

'permission to modify their branch permissions.'),

57

'permission to modify their branch permissions.'),

58

category='notice')

58

category='notice')

59

return self._get_template_context(c)

59

return self._get_template_context(c)

60

61

@LoginRequired()

61

@LoginRequired()

62

@HasRepoPermissionAnyDecorator('repository.admin')

62

@HasRepoPermissionAnyDecorator('repository.admin')

63

@CSRFRequired()

63

@CSRFRequired()

64

@view_config(

64

@view_config(

65

route_name='edit_repo_perms', request_method='POST',

65

route_name='edit_repo_perms', request_method='POST',

66

renderer='rhodecode:templates/admin/repos/repo_edit.mako')

66

renderer='rhodecode:templates/admin/repos/repo_edit.mako')

67

def edit_permissions_update(self):

67

def edit_permissions_update(self):

68

_ = self.request.translate

68

_ = self.request.translate

69

c = self.load_default_context()

69

c = self.load_default_context()

70

c.active = 'permissions'

70

c.active = 'permissions'

71

data = self.request.POST

71

data = self.request.POST

72

# store private flag outside of HTML to verify if we can modify

72

# store private flag outside of HTML to verify if we can modify

73

# default user permissions, prevents submission of FAKE post data

73

# default user permissions, prevents submission of FAKE post data

74

# into the form for private repos

74

# into the form for private repos

75

data['repo_private'] = self.db_repo.private

75

data['repo_private'] = self.db_repo.private

76

form = RepoPermsForm(self.request.translate)().to_python(data)

76

form = RepoPermsForm(self.request.translate)().to_python(data)

77

changes = RepoModel().update_permissions(

77

changes = RepoModel().update_permissions(

78

self.db_repo_name, form['perm_additions'], form['perm_updates'],

78

self.db_repo_name, form['perm_additions'], form['perm_updates'],

79

form['perm_deletions'])

79

form['perm_deletions'])

80

81

action_data = {

81

action_data = {

82

'added': changes['added'],

82

'added': changes['added'],

83

'updated': changes['updated'],

83

'updated': changes['updated'],

84

'deleted': changes['deleted'],

84

'deleted': changes['deleted'],

85

}

85

}

86

audit_logger.store_web(

86

audit_logger.store_web(

87

'repo.edit.permissions', action_data=action_data,

87

'repo.edit.permissions', action_data=action_data,

88

user=self._rhodecode_user, repo=self.db_repo)

88

user=self._rhodecode_user, repo=self.db_repo)

89

90

Session().commit()

90

Session().commit()

91

h.flash(_('Repository access permissions updated'), category='success')

91

h.flash(_('Repository access permissions updated'), category='success')

92

93

affected_user_ids = None

93

affected_user_ids = None

94

if changes.get('default_user_changed', False):

94

if changes.get('default_user_changed', False):

95

# if we change the default user, we need to flush everyone permissions

95

# if we change the default user, we need to flush everyone permissions

96

affected_user_ids = [x.user_id for x in User.get_all()]

96

affected_user_ids = [x.user_id for x in User.get_all()]

97

PermissionModel().flush_user_permission_caches(

97

PermissionModel().flush_user_permission_caches(

98

changes, affected_user_ids=affected_user_ids)

98

changes, affected_user_ids=affected_user_ids)

99

100

raise HTTPFound(

100

raise HTTPFound(

101

h.route_path('edit_repo_perms', repo_name=self.db_repo_name))

101

h.route_path('edit_repo_perms', repo_name=self.db_repo_name))

102

103

@LoginRequired()

103

@LoginRequired()

104

@HasRepoPermissionAnyDecorator('repository.admin')

104

@HasRepoPermissionAnyDecorator('repository.admin')

105

@CSRFRequired()

105

@CSRFRequired()

106

@view_config(

106

@view_config(

107

route_name='edit_repo_perms_set_private', request_method='POST',

107

route_name='edit_repo_perms_set_private', request_method='POST',

108

renderer='json_ext')

108

renderer='json_ext')

109

def edit_permissions_set_private_repo(self):

109

def edit_permissions_set_private_repo(self):

110

_ = self.request.translate

110

_ = self.request.translate

111

self.load_default_context()

111

self.load_default_context()

112

113

try:

113

try:

114

RepoModel().update(

114

RepoModel().update(

115

self.db_repo, **{'repo_private': True, 'repo_name': self.db_repo_name})

115

self.db_repo, **{'repo_private': True, 'repo_name': self.db_repo_name})

116

Session().commit()

116

Session().commit()

117

118

h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name),

118

h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name),

119

category='success')

119

category='success')

120

except Exception:

120

except Exception:

121

log.exception("Exception during update of repository")

121

log.exception("Exception during update of repository")

122

h.flash(_('Error occurred during update of repository {}').format(

122

h.flash(_('Error occurred during update of repository {}').format(

123

self.db_repo_name), category='error')

123

self.db_repo_name), category='error')

124

125

# NOTE(dan): we change repo private mode we need to notify all USERS

126

affected_user_ids = [x.user_id for x in User.get_all()]

127

PermissionModel().trigger_permission_flush(affected_user_ids)

128

125

return {

129

return {

126

'redirect_url': h.route_path('edit_repo_perms', repo_name=self.db_repo_name),

130

'redirect_url': h.route_path('edit_repo_perms', repo_name=self.db_repo_name),

127

'private': True

131

'private': True

128

}

132

}

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
             from rhodecode.apps._base import RepoAppView
             from rhodecode.lib import helpers as h
             from rhodecode.lib import audit_logger
             from rhodecode.lib.auth import (
                 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
             from rhodecode.model.db import User
             from rhodecode.model.forms import RepoPermsForm
             from rhodecode.model.meta import Session
             from rhodecode.model.permission import PermissionModel
             from rhodecode.model.repo import RepoModel
             log = logging.getLogger(__name__)
             class RepoSettingsPermissionsView(RepoAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     return c
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator('repository.admin')
                 @view_config(
                     route_name='edit_repo_perms', request_method='GET',
                     renderer='rhodecode:templates/admin/repos/repo_edit.mako')
                 def edit_permissions(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'permissions'
                     if self.request.GET.get('branch_permissions'):
                         h.flash(_('Explicitly add user or user group with write+ '
                                   'permission to modify their branch permissions.'),
                                 category='notice')
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator('repository.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_repo_perms', request_method='POST',
                     renderer='rhodecode:templates/admin/repos/repo_edit.mako')
                 def edit_permissions_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'permissions'
                     data = self.request.POST
                     # store private flag outside of HTML to verify if we can modify
                     # default user permissions, prevents submission of FAKE post data
                     # into the form for private repos
                     data['repo_private'] = self.db_repo.private
                     form = RepoPermsForm(self.request.translate)().to_python(data)
                     changes = RepoModel().update_permissions(
                         self.db_repo_name, form['perm_additions'], form['perm_updates'],
                         form['perm_deletions'])
                     action_data = {
                         'added': changes['added'],
                         'updated': changes['updated'],
                         'deleted': changes['deleted'],
                     }
                     audit_logger.store_web(
                         'repo.edit.permissions', action_data=action_data,
                         user=self._rhodecode_user, repo=self.db_repo)
                     Session().commit()
                     h.flash(_('Repository access permissions updated'), category='success')
                     affected_user_ids = None
                     if changes.get('default_user_changed', False):
                         # if we change the default user, we need to flush everyone permissions
                         affected_user_ids = [x.user_id for x in User.get_all()]
                     PermissionModel().flush_user_permission_caches(
                         changes, affected_user_ids=affected_user_ids)
                     raise HTTPFound(
                         h.route_path('edit_repo_perms', repo_name=self.db_repo_name))
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator('repository.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_repo_perms_set_private', request_method='POST',
                     renderer='json_ext')
                 def edit_permissions_set_private_repo(self):
                     _ = self.request.translate
                     self.load_default_context()
                     try:
                         RepoModel().update(
                             self.db_repo, **{'repo_private': True, 'repo_name': self.db_repo_name})
                         Session().commit()
                         h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name),
                                 category='success')
                     except Exception:
                         log.exception("Exception during update of repository")
                         h.flash(_('Error occurred during update of repository {}').format(
                             self.db_repo_name), category='error')
+                    # NOTE(dan): we change repo private mode we need to notify all USERS
+                    affected_user_ids = [x.user_id for x in User.get_all()]
+                    PermissionModel().trigger_permission_flush(affected_user_ids)
                     return {
                         'redirect_url': h.route_path('edit_repo_perms', repo_name=self.db_repo_name),
                         'private': True
                     }