Show More
| @@ -1,128 +1,132 b'' | |||
|
|
1 | 1 | # -*- coding: utf-8 -*- |
|
|
2 | 2 | |
|
|
3 | 3 | # Copyright (C) 2011-2019 RhodeCode GmbH |
|
|
4 | 4 | # |
|
|
5 | 5 | # This program is free software: you can redistribute it and/or modify |
|
|
6 | 6 | # it under the terms of the GNU Affero General Public License, version 3 |
|
|
7 | 7 | # (only), as published by the Free Software Foundation. |
|
|
8 | 8 | # |
|
|
9 | 9 | # This program is distributed in the hope that it will be useful, |
|
|
10 | 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
11 | 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
12 | 12 | # GNU General Public License for more details. |
|
|
13 | 13 | # |
|
|
14 | 14 | # You should have received a copy of the GNU Affero General Public License |
|
|
15 | 15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
|
16 | 16 | # |
|
|
17 | 17 | # This program is dual-licensed. If you wish to learn more about the |
|
|
18 | 18 | # RhodeCode Enterprise Edition, including its added features, Support services, |
|
|
19 | 19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ |
|
|
20 | 20 | |
|
|
21 | 21 | import logging |
|
|
22 | 22 | |
|
|
23 | 23 | from pyramid.httpexceptions import HTTPFound |
|
|
24 | 24 | from pyramid.view import view_config |
|
|
25 | 25 | |
|
|
26 | 26 | from rhodecode.apps._base import RepoAppView |
|
|
27 | 27 | from rhodecode.lib import helpers as h |
|
|
28 | 28 | from rhodecode.lib import audit_logger |
|
|
29 | 29 | from rhodecode.lib.auth import ( |
|
|
30 | 30 | LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired) |
|
|
31 | 31 | from rhodecode.model.db import User |
|
|
32 | 32 | from rhodecode.model.forms import RepoPermsForm |
|
|
33 | 33 | from rhodecode.model.meta import Session |
|
|
34 | 34 | from rhodecode.model.permission import PermissionModel |
|
|
35 | 35 | from rhodecode.model.repo import RepoModel |
|
|
36 | 36 | |
|
|
37 | 37 | log = logging.getLogger(__name__) |
|
|
38 | 38 | |
|
|
39 | 39 | |
|
|
40 | 40 | class RepoSettingsPermissionsView(RepoAppView): |
|
|
41 | 41 | |
|
|
42 | 42 | def load_default_context(self): |
|
|
43 | 43 | c = self._get_local_tmpl_context() |
|
|
44 | 44 | return c |
|
|
45 | 45 | |
|
|
46 | 46 | @LoginRequired() |
|
|
47 | 47 | @HasRepoPermissionAnyDecorator('repository.admin') |
|
|
48 | 48 | @view_config( |
|
|
49 | 49 | route_name='edit_repo_perms', request_method='GET', |
|
|
50 | 50 | renderer='rhodecode:templates/admin/repos/repo_edit.mako') |
|
|
51 | 51 | def edit_permissions(self): |
|
|
52 | 52 | _ = self.request.translate |
|
|
53 | 53 | c = self.load_default_context() |
|
|
54 | 54 | c.active = 'permissions' |
|
|
55 | 55 | if self.request.GET.get('branch_permissions'): |
|
|
56 | 56 | h.flash(_('Explicitly add user or user group with write+ ' |
|
|
57 | 57 | 'permission to modify their branch permissions.'), |
|
|
58 | 58 | category='notice') |
|
|
59 | 59 | return self._get_template_context(c) |
|
|
60 | 60 | |
|
|
61 | 61 | @LoginRequired() |
|
|
62 | 62 | @HasRepoPermissionAnyDecorator('repository.admin') |
|
|
63 | 63 | @CSRFRequired() |
|
|
64 | 64 | @view_config( |
|
|
65 | 65 | route_name='edit_repo_perms', request_method='POST', |
|
|
66 | 66 | renderer='rhodecode:templates/admin/repos/repo_edit.mako') |
|
|
67 | 67 | def edit_permissions_update(self): |
|
|
68 | 68 | _ = self.request.translate |
|
|
69 | 69 | c = self.load_default_context() |
|
|
70 | 70 | c.active = 'permissions' |
|
|
71 | 71 | data = self.request.POST |
|
|
72 | 72 | # store private flag outside of HTML to verify if we can modify |
|
|
73 | 73 | # default user permissions, prevents submission of FAKE post data |
|
|
74 | 74 | # into the form for private repos |
|
|
75 | 75 | data['repo_private'] = self.db_repo.private |
|
|
76 | 76 | form = RepoPermsForm(self.request.translate)().to_python(data) |
|
|
77 | 77 | changes = RepoModel().update_permissions( |
|
|
78 | 78 | self.db_repo_name, form['perm_additions'], form['perm_updates'], |
|
|
79 | 79 | form['perm_deletions']) |
|
|
80 | 80 | |
|
|
81 | 81 | action_data = { |
|
|
82 | 82 | 'added': changes['added'], |
|
|
83 | 83 | 'updated': changes['updated'], |
|
|
84 | 84 | 'deleted': changes['deleted'], |
|
|
85 | 85 | } |
|
|
86 | 86 | audit_logger.store_web( |
|
|
87 | 87 | 'repo.edit.permissions', action_data=action_data, |
|
|
88 | 88 | user=self._rhodecode_user, repo=self.db_repo) |
|
|
89 | 89 | |
|
|
90 | 90 | Session().commit() |
|
|
91 | 91 | h.flash(_('Repository access permissions updated'), category='success') |
|
|
92 | 92 | |
|
|
93 | 93 | affected_user_ids = None |
|
|
94 | 94 | if changes.get('default_user_changed', False): |
|
|
95 | 95 | # if we change the default user, we need to flush everyone permissions |
|
|
96 | 96 | affected_user_ids = [x.user_id for x in User.get_all()] |
|
|
97 | 97 | PermissionModel().flush_user_permission_caches( |
|
|
98 | 98 | changes, affected_user_ids=affected_user_ids) |
|
|
99 | 99 | |
|
|
100 | 100 | raise HTTPFound( |
|
|
101 | 101 | h.route_path('edit_repo_perms', repo_name=self.db_repo_name)) |
|
|
102 | 102 | |
|
|
103 | 103 | @LoginRequired() |
|
|
104 | 104 | @HasRepoPermissionAnyDecorator('repository.admin') |
|
|
105 | 105 | @CSRFRequired() |
|
|
106 | 106 | @view_config( |
|
|
107 | 107 | route_name='edit_repo_perms_set_private', request_method='POST', |
|
|
108 | 108 | renderer='json_ext') |
|
|
109 | 109 | def edit_permissions_set_private_repo(self): |
|
|
110 | 110 | _ = self.request.translate |
|
|
111 | 111 | self.load_default_context() |
|
|
112 | 112 | |
|
|
113 | 113 | try: |
|
|
114 | 114 | RepoModel().update( |
|
|
115 | 115 | self.db_repo, **{'repo_private': True, 'repo_name': self.db_repo_name}) |
|
|
116 | 116 | Session().commit() |
|
|
117 | 117 | |
|
|
118 | 118 | h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name), |
|
|
119 | 119 | category='success') |
|
|
120 | 120 | except Exception: |
|
|
121 | 121 | log.exception("Exception during update of repository") |
|
|
122 | 122 | h.flash(_('Error occurred during update of repository {}').format( |
|
|
123 | 123 | self.db_repo_name), category='error') |
|
|
124 | 124 | |
|
|
125 | # NOTE(dan): we change repo private mode we need to notify all USERS | |
|
|
126 | affected_user_ids = [x.user_id for x in User.get_all()] | |
|
|
127 | PermissionModel().trigger_permission_flush(affected_user_ids) | |
|
|
128 | ||
|
|
125 | 129 | return { |
|
|
126 | 130 | 'redirect_url': h.route_path('edit_repo_perms', repo_name=self.db_repo_name), |
|
|
127 | 131 | 'private': True |
|
|
128 | 132 | } |
General Comments 0
You need to be logged in to leave comments.
Login now