##// END OF EJS Templates
repo-permission: properly flush caches on set private mode.
dan -
r4188:11fc38a7 stable
parent child Browse files
Show More
@@ -1,128 +1,132 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2011-2019 RhodeCode GmbH
3 # Copyright (C) 2011-2019 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import logging
21 import logging
22
22
23 from pyramid.httpexceptions import HTTPFound
23 from pyramid.httpexceptions import HTTPFound
24 from pyramid.view import view_config
24 from pyramid.view import view_config
25
25
26 from rhodecode.apps._base import RepoAppView
26 from rhodecode.apps._base import RepoAppView
27 from rhodecode.lib import helpers as h
27 from rhodecode.lib import helpers as h
28 from rhodecode.lib import audit_logger
28 from rhodecode.lib import audit_logger
29 from rhodecode.lib.auth import (
29 from rhodecode.lib.auth import (
30 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
30 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
31 from rhodecode.model.db import User
31 from rhodecode.model.db import User
32 from rhodecode.model.forms import RepoPermsForm
32 from rhodecode.model.forms import RepoPermsForm
33 from rhodecode.model.meta import Session
33 from rhodecode.model.meta import Session
34 from rhodecode.model.permission import PermissionModel
34 from rhodecode.model.permission import PermissionModel
35 from rhodecode.model.repo import RepoModel
35 from rhodecode.model.repo import RepoModel
36
36
37 log = logging.getLogger(__name__)
37 log = logging.getLogger(__name__)
38
38
39
39
40 class RepoSettingsPermissionsView(RepoAppView):
40 class RepoSettingsPermissionsView(RepoAppView):
41
41
42 def load_default_context(self):
42 def load_default_context(self):
43 c = self._get_local_tmpl_context()
43 c = self._get_local_tmpl_context()
44 return c
44 return c
45
45
46 @LoginRequired()
46 @LoginRequired()
47 @HasRepoPermissionAnyDecorator('repository.admin')
47 @HasRepoPermissionAnyDecorator('repository.admin')
48 @view_config(
48 @view_config(
49 route_name='edit_repo_perms', request_method='GET',
49 route_name='edit_repo_perms', request_method='GET',
50 renderer='rhodecode:templates/admin/repos/repo_edit.mako')
50 renderer='rhodecode:templates/admin/repos/repo_edit.mako')
51 def edit_permissions(self):
51 def edit_permissions(self):
52 _ = self.request.translate
52 _ = self.request.translate
53 c = self.load_default_context()
53 c = self.load_default_context()
54 c.active = 'permissions'
54 c.active = 'permissions'
55 if self.request.GET.get('branch_permissions'):
55 if self.request.GET.get('branch_permissions'):
56 h.flash(_('Explicitly add user or user group with write+ '
56 h.flash(_('Explicitly add user or user group with write+ '
57 'permission to modify their branch permissions.'),
57 'permission to modify their branch permissions.'),
58 category='notice')
58 category='notice')
59 return self._get_template_context(c)
59 return self._get_template_context(c)
60
60
61 @LoginRequired()
61 @LoginRequired()
62 @HasRepoPermissionAnyDecorator('repository.admin')
62 @HasRepoPermissionAnyDecorator('repository.admin')
63 @CSRFRequired()
63 @CSRFRequired()
64 @view_config(
64 @view_config(
65 route_name='edit_repo_perms', request_method='POST',
65 route_name='edit_repo_perms', request_method='POST',
66 renderer='rhodecode:templates/admin/repos/repo_edit.mako')
66 renderer='rhodecode:templates/admin/repos/repo_edit.mako')
67 def edit_permissions_update(self):
67 def edit_permissions_update(self):
68 _ = self.request.translate
68 _ = self.request.translate
69 c = self.load_default_context()
69 c = self.load_default_context()
70 c.active = 'permissions'
70 c.active = 'permissions'
71 data = self.request.POST
71 data = self.request.POST
72 # store private flag outside of HTML to verify if we can modify
72 # store private flag outside of HTML to verify if we can modify
73 # default user permissions, prevents submission of FAKE post data
73 # default user permissions, prevents submission of FAKE post data
74 # into the form for private repos
74 # into the form for private repos
75 data['repo_private'] = self.db_repo.private
75 data['repo_private'] = self.db_repo.private
76 form = RepoPermsForm(self.request.translate)().to_python(data)
76 form = RepoPermsForm(self.request.translate)().to_python(data)
77 changes = RepoModel().update_permissions(
77 changes = RepoModel().update_permissions(
78 self.db_repo_name, form['perm_additions'], form['perm_updates'],
78 self.db_repo_name, form['perm_additions'], form['perm_updates'],
79 form['perm_deletions'])
79 form['perm_deletions'])
80
80
81 action_data = {
81 action_data = {
82 'added': changes['added'],
82 'added': changes['added'],
83 'updated': changes['updated'],
83 'updated': changes['updated'],
84 'deleted': changes['deleted'],
84 'deleted': changes['deleted'],
85 }
85 }
86 audit_logger.store_web(
86 audit_logger.store_web(
87 'repo.edit.permissions', action_data=action_data,
87 'repo.edit.permissions', action_data=action_data,
88 user=self._rhodecode_user, repo=self.db_repo)
88 user=self._rhodecode_user, repo=self.db_repo)
89
89
90 Session().commit()
90 Session().commit()
91 h.flash(_('Repository access permissions updated'), category='success')
91 h.flash(_('Repository access permissions updated'), category='success')
92
92
93 affected_user_ids = None
93 affected_user_ids = None
94 if changes.get('default_user_changed', False):
94 if changes.get('default_user_changed', False):
95 # if we change the default user, we need to flush everyone permissions
95 # if we change the default user, we need to flush everyone permissions
96 affected_user_ids = [x.user_id for x in User.get_all()]
96 affected_user_ids = [x.user_id for x in User.get_all()]
97 PermissionModel().flush_user_permission_caches(
97 PermissionModel().flush_user_permission_caches(
98 changes, affected_user_ids=affected_user_ids)
98 changes, affected_user_ids=affected_user_ids)
99
99
100 raise HTTPFound(
100 raise HTTPFound(
101 h.route_path('edit_repo_perms', repo_name=self.db_repo_name))
101 h.route_path('edit_repo_perms', repo_name=self.db_repo_name))
102
102
103 @LoginRequired()
103 @LoginRequired()
104 @HasRepoPermissionAnyDecorator('repository.admin')
104 @HasRepoPermissionAnyDecorator('repository.admin')
105 @CSRFRequired()
105 @CSRFRequired()
106 @view_config(
106 @view_config(
107 route_name='edit_repo_perms_set_private', request_method='POST',
107 route_name='edit_repo_perms_set_private', request_method='POST',
108 renderer='json_ext')
108 renderer='json_ext')
109 def edit_permissions_set_private_repo(self):
109 def edit_permissions_set_private_repo(self):
110 _ = self.request.translate
110 _ = self.request.translate
111 self.load_default_context()
111 self.load_default_context()
112
112
113 try:
113 try:
114 RepoModel().update(
114 RepoModel().update(
115 self.db_repo, **{'repo_private': True, 'repo_name': self.db_repo_name})
115 self.db_repo, **{'repo_private': True, 'repo_name': self.db_repo_name})
116 Session().commit()
116 Session().commit()
117
117
118 h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name),
118 h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name),
119 category='success')
119 category='success')
120 except Exception:
120 except Exception:
121 log.exception("Exception during update of repository")
121 log.exception("Exception during update of repository")
122 h.flash(_('Error occurred during update of repository {}').format(
122 h.flash(_('Error occurred during update of repository {}').format(
123 self.db_repo_name), category='error')
123 self.db_repo_name), category='error')
124
124
125 # NOTE(dan): we change repo private mode we need to notify all USERS
126 affected_user_ids = [x.user_id for x in User.get_all()]
127 PermissionModel().trigger_permission_flush(affected_user_ids)
128
125 return {
129 return {
126 'redirect_url': h.route_path('edit_repo_perms', repo_name=self.db_repo_name),
130 'redirect_url': h.route_path('edit_repo_perms', repo_name=self.db_repo_name),
127 'private': True
131 'private': True
128 }
132 }
General Comments 0
You need to be logged in to leave comments. Login now