##// END OF EJS Templates
logging: small updates for logging.
dan -
r3944:11fed513 default
parent child Browse files
Show More
@@ -1,5213 +1,5213 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2019 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 Database Models for RhodeCode Enterprise
23 23 """
24 24
25 25 import re
26 26 import os
27 27 import time
28 28 import string
29 29 import hashlib
30 30 import logging
31 31 import datetime
32 32 import uuid
33 33 import warnings
34 34 import ipaddress
35 35 import functools
36 36 import traceback
37 37 import collections
38 38
39 39 from sqlalchemy import (
40 40 or_, and_, not_, func, TypeDecorator, event,
41 41 Index, Sequence, UniqueConstraint, ForeignKey, CheckConstraint, Column,
42 42 Boolean, String, Unicode, UnicodeText, DateTime, Integer, LargeBinary,
43 43 Text, Float, PickleType)
44 44 from sqlalchemy.sql.expression import true, false, case
45 45 from sqlalchemy.sql.functions import coalesce, count # pragma: no cover
46 46 from sqlalchemy.orm import (
47 47 relationship, joinedload, class_mapper, validates, aliased)
48 48 from sqlalchemy.ext.declarative import declared_attr
49 49 from sqlalchemy.ext.hybrid import hybrid_property
50 50 from sqlalchemy.exc import IntegrityError # pragma: no cover
51 51 from sqlalchemy.dialects.mysql import LONGTEXT
52 52 from zope.cachedescriptors.property import Lazy as LazyProperty
53 53 from pyramid import compat
54 54 from pyramid.threadlocal import get_current_request
55 55 from webhelpers.text import collapse, remove_formatting
56 56
57 57 from rhodecode.translation import _
58 58 from rhodecode.lib.vcs import get_vcs_instance
59 59 from rhodecode.lib.vcs.backends.base import EmptyCommit, Reference
60 60 from rhodecode.lib.utils2 import (
61 61 str2bool, safe_str, get_commit_safe, safe_unicode, sha1_safe,
62 62 time_to_datetime, aslist, Optional, safe_int, get_clone_url, AttributeDict,
63 63 glob2re, StrictAttributeDict, cleaned_uri, datetime_to_time, OrderedDefaultDict)
64 64 from rhodecode.lib.jsonalchemy import MutationObj, MutationList, JsonType, \
65 65 JsonRaw
66 66 from rhodecode.lib.ext_json import json
67 67 from rhodecode.lib.caching_query import FromCache
68 68 from rhodecode.lib.encrypt import AESCipher, validate_and_get_enc_data
69 69 from rhodecode.lib.encrypt2 import Encryptor
70 70 from rhodecode.model.meta import Base, Session
71 71
72 72 URL_SEP = '/'
73 73 log = logging.getLogger(__name__)
74 74
75 75 # =============================================================================
76 76 # BASE CLASSES
77 77 # =============================================================================
78 78
79 79 # this is propagated from .ini file rhodecode.encrypted_values.secret or
80 80 # beaker.session.secret if first is not set.
81 81 # and initialized at environment.py
82 82 ENCRYPTION_KEY = None
83 83
84 84 # used to sort permissions by types, '#' used here is not allowed to be in
85 85 # usernames, and it's very early in sorted string.printable table.
86 86 PERMISSION_TYPE_SORT = {
87 87 'admin': '####',
88 88 'write': '###',
89 89 'read': '##',
90 90 'none': '#',
91 91 }
92 92
93 93
94 94 def display_user_sort(obj):
95 95 """
96 96 Sort function used to sort permissions in .permissions() function of
97 97 Repository, RepoGroup, UserGroup. Also it put the default user in front
98 98 of all other resources
99 99 """
100 100
101 101 if obj.username == User.DEFAULT_USER:
102 102 return '#####'
103 103 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
104 104 return prefix + obj.username
105 105
106 106
107 107 def display_user_group_sort(obj):
108 108 """
109 109 Sort function used to sort permissions in .permissions() function of
110 110 Repository, RepoGroup, UserGroup. Also it put the default user in front
111 111 of all other resources
112 112 """
113 113
114 114 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
115 115 return prefix + obj.users_group_name
116 116
117 117
118 118 def _hash_key(k):
119 119 return sha1_safe(k)
120 120
121 121
122 122 def in_filter_generator(qry, items, limit=500):
123 123 """
124 124 Splits IN() into multiple with OR
125 125 e.g.::
126 126 cnt = Repository.query().filter(
127 127 or_(
128 128 *in_filter_generator(Repository.repo_id, range(100000))
129 129 )).count()
130 130 """
131 131 if not items:
132 132 # empty list will cause empty query which might cause security issues
133 133 # this can lead to hidden unpleasant results
134 134 items = [-1]
135 135
136 136 parts = []
137 137 for chunk in xrange(0, len(items), limit):
138 138 parts.append(
139 139 qry.in_(items[chunk: chunk + limit])
140 140 )
141 141
142 142 return parts
143 143
144 144
145 145 base_table_args = {
146 146 'extend_existing': True,
147 147 'mysql_engine': 'InnoDB',
148 148 'mysql_charset': 'utf8',
149 149 'sqlite_autoincrement': True
150 150 }
151 151
152 152
153 153 class EncryptedTextValue(TypeDecorator):
154 154 """
155 155 Special column for encrypted long text data, use like::
156 156
157 157 value = Column("encrypted_value", EncryptedValue(), nullable=False)
158 158
159 159 This column is intelligent so if value is in unencrypted form it return
160 160 unencrypted form, but on save it always encrypts
161 161 """
162 162 impl = Text
163 163
164 164 def process_bind_param(self, value, dialect):
165 165 """
166 166 Setter for storing value
167 167 """
168 168 import rhodecode
169 169 if not value:
170 170 return value
171 171
172 172 # protect against double encrypting if values is already encrypted
173 173 if value.startswith('enc$aes$') \
174 174 or value.startswith('enc$aes_hmac$') \
175 175 or value.startswith('enc2$'):
176 176 raise ValueError('value needs to be in unencrypted format, '
177 177 'ie. not starting with enc$ or enc2$')
178 178
179 179 algo = rhodecode.CONFIG.get('rhodecode.encrypted_values.algorithm') or 'aes'
180 180 if algo == 'aes':
181 181 return 'enc$aes_hmac$%s' % AESCipher(ENCRYPTION_KEY, hmac=True).encrypt(value)
182 182 elif algo == 'fernet':
183 183 return Encryptor(ENCRYPTION_KEY).encrypt(value)
184 184 else:
185 185 ValueError('Bad encryption algorithm, should be fernet or aes, got: {}'.format(algo))
186 186
187 187 def process_result_value(self, value, dialect):
188 188 """
189 189 Getter for retrieving value
190 190 """
191 191
192 192 import rhodecode
193 193 if not value:
194 194 return value
195 195
196 196 algo = rhodecode.CONFIG.get('rhodecode.encrypted_values.algorithm') or 'aes'
197 197 enc_strict_mode = str2bool(rhodecode.CONFIG.get('rhodecode.encrypted_values.strict') or True)
198 198 if algo == 'aes':
199 199 decrypted_data = validate_and_get_enc_data(value, ENCRYPTION_KEY, enc_strict_mode)
200 200 elif algo == 'fernet':
201 201 return Encryptor(ENCRYPTION_KEY).decrypt(value)
202 202 else:
203 203 ValueError('Bad encryption algorithm, should be fernet or aes, got: {}'.format(algo))
204 204 return decrypted_data
205 205
206 206
207 207 class BaseModel(object):
208 208 """
209 209 Base Model for all classes
210 210 """
211 211
212 212 @classmethod
213 213 def _get_keys(cls):
214 214 """return column names for this model """
215 215 return class_mapper(cls).c.keys()
216 216
217 217 def get_dict(self):
218 218 """
219 219 return dict with keys and values corresponding
220 220 to this model data """
221 221
222 222 d = {}
223 223 for k in self._get_keys():
224 224 d[k] = getattr(self, k)
225 225
226 226 # also use __json__() if present to get additional fields
227 227 _json_attr = getattr(self, '__json__', None)
228 228 if _json_attr:
229 229 # update with attributes from __json__
230 230 if callable(_json_attr):
231 231 _json_attr = _json_attr()
232 232 for k, val in _json_attr.iteritems():
233 233 d[k] = val
234 234 return d
235 235
236 236 def get_appstruct(self):
237 237 """return list with keys and values tuples corresponding
238 238 to this model data """
239 239
240 240 lst = []
241 241 for k in self._get_keys():
242 242 lst.append((k, getattr(self, k),))
243 243 return lst
244 244
245 245 def populate_obj(self, populate_dict):
246 246 """populate model with data from given populate_dict"""
247 247
248 248 for k in self._get_keys():
249 249 if k in populate_dict:
250 250 setattr(self, k, populate_dict[k])
251 251
252 252 @classmethod
253 253 def query(cls):
254 254 return Session().query(cls)
255 255
256 256 @classmethod
257 257 def get(cls, id_):
258 258 if id_:
259 259 return cls.query().get(id_)
260 260
261 261 @classmethod
262 262 def get_or_404(cls, id_):
263 263 from pyramid.httpexceptions import HTTPNotFound
264 264
265 265 try:
266 266 id_ = int(id_)
267 267 except (TypeError, ValueError):
268 268 raise HTTPNotFound()
269 269
270 270 res = cls.query().get(id_)
271 271 if not res:
272 272 raise HTTPNotFound()
273 273 return res
274 274
275 275 @classmethod
276 276 def getAll(cls):
277 277 # deprecated and left for backward compatibility
278 278 return cls.get_all()
279 279
280 280 @classmethod
281 281 def get_all(cls):
282 282 return cls.query().all()
283 283
284 284 @classmethod
285 285 def delete(cls, id_):
286 286 obj = cls.query().get(id_)
287 287 Session().delete(obj)
288 288
289 289 @classmethod
290 290 def identity_cache(cls, session, attr_name, value):
291 291 exist_in_session = []
292 292 for (item_cls, pkey), instance in session.identity_map.items():
293 293 if cls == item_cls and getattr(instance, attr_name) == value:
294 294 exist_in_session.append(instance)
295 295 if exist_in_session:
296 296 if len(exist_in_session) == 1:
297 297 return exist_in_session[0]
298 298 log.exception(
299 299 'multiple objects with attr %s and '
300 300 'value %s found with same name: %r',
301 301 attr_name, value, exist_in_session)
302 302
303 303 def __repr__(self):
304 304 if hasattr(self, '__unicode__'):
305 305 # python repr needs to return str
306 306 try:
307 307 return safe_str(self.__unicode__())
308 308 except UnicodeDecodeError:
309 309 pass
310 310 return '<DB:%s>' % (self.__class__.__name__)
311 311
312 312
313 313 class RhodeCodeSetting(Base, BaseModel):
314 314 __tablename__ = 'rhodecode_settings'
315 315 __table_args__ = (
316 316 UniqueConstraint('app_settings_name'),
317 317 base_table_args
318 318 )
319 319
320 320 SETTINGS_TYPES = {
321 321 'str': safe_str,
322 322 'int': safe_int,
323 323 'unicode': safe_unicode,
324 324 'bool': str2bool,
325 325 'list': functools.partial(aslist, sep=',')
326 326 }
327 327 DEFAULT_UPDATE_URL = 'https://rhodecode.com/api/v1/info/versions'
328 328 GLOBAL_CONF_KEY = 'app_settings'
329 329
330 330 app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
331 331 app_settings_name = Column("app_settings_name", String(255), nullable=True, unique=None, default=None)
332 332 _app_settings_value = Column("app_settings_value", String(4096), nullable=True, unique=None, default=None)
333 333 _app_settings_type = Column("app_settings_type", String(255), nullable=True, unique=None, default=None)
334 334
335 335 def __init__(self, key='', val='', type='unicode'):
336 336 self.app_settings_name = key
337 337 self.app_settings_type = type
338 338 self.app_settings_value = val
339 339
340 340 @validates('_app_settings_value')
341 341 def validate_settings_value(self, key, val):
342 342 assert type(val) == unicode
343 343 return val
344 344
345 345 @hybrid_property
346 346 def app_settings_value(self):
347 347 v = self._app_settings_value
348 348 _type = self.app_settings_type
349 349 if _type:
350 350 _type = self.app_settings_type.split('.')[0]
351 351 # decode the encrypted value
352 352 if 'encrypted' in self.app_settings_type:
353 353 cipher = EncryptedTextValue()
354 354 v = safe_unicode(cipher.process_result_value(v, None))
355 355
356 356 converter = self.SETTINGS_TYPES.get(_type) or \
357 357 self.SETTINGS_TYPES['unicode']
358 358 return converter(v)
359 359
360 360 @app_settings_value.setter
361 361 def app_settings_value(self, val):
362 362 """
363 363 Setter that will always make sure we use unicode in app_settings_value
364 364
365 365 :param val:
366 366 """
367 367 val = safe_unicode(val)
368 368 # encode the encrypted value
369 369 if 'encrypted' in self.app_settings_type:
370 370 cipher = EncryptedTextValue()
371 371 val = safe_unicode(cipher.process_bind_param(val, None))
372 372 self._app_settings_value = val
373 373
374 374 @hybrid_property
375 375 def app_settings_type(self):
376 376 return self._app_settings_type
377 377
378 378 @app_settings_type.setter
379 379 def app_settings_type(self, val):
380 380 if val.split('.')[0] not in self.SETTINGS_TYPES:
381 381 raise Exception('type must be one of %s got %s'
382 382 % (self.SETTINGS_TYPES.keys(), val))
383 383 self._app_settings_type = val
384 384
385 385 @classmethod
386 386 def get_by_prefix(cls, prefix):
387 387 return RhodeCodeSetting.query()\
388 388 .filter(RhodeCodeSetting.app_settings_name.startswith(prefix))\
389 389 .all()
390 390
391 391 def __unicode__(self):
392 392 return u"<%s('%s:%s[%s]')>" % (
393 393 self.__class__.__name__,
394 394 self.app_settings_name, self.app_settings_value,
395 395 self.app_settings_type
396 396 )
397 397
398 398
399 399 class RhodeCodeUi(Base, BaseModel):
400 400 __tablename__ = 'rhodecode_ui'
401 401 __table_args__ = (
402 402 UniqueConstraint('ui_key'),
403 403 base_table_args
404 404 )
405 405
406 406 HOOK_REPO_SIZE = 'changegroup.repo_size'
407 407 # HG
408 408 HOOK_PRE_PULL = 'preoutgoing.pre_pull'
409 409 HOOK_PULL = 'outgoing.pull_logger'
410 410 HOOK_PRE_PUSH = 'prechangegroup.pre_push'
411 411 HOOK_PRETX_PUSH = 'pretxnchangegroup.pre_push'
412 412 HOOK_PUSH = 'changegroup.push_logger'
413 413 HOOK_PUSH_KEY = 'pushkey.key_push'
414 414
415 415 HOOKS_BUILTIN = [
416 416 HOOK_PRE_PULL,
417 417 HOOK_PULL,
418 418 HOOK_PRE_PUSH,
419 419 HOOK_PRETX_PUSH,
420 420 HOOK_PUSH,
421 421 HOOK_PUSH_KEY,
422 422 ]
423 423
424 424 # TODO: johbo: Unify way how hooks are configured for git and hg,
425 425 # git part is currently hardcoded.
426 426
427 427 # SVN PATTERNS
428 428 SVN_BRANCH_ID = 'vcs_svn_branch'
429 429 SVN_TAG_ID = 'vcs_svn_tag'
430 430
431 431 ui_id = Column(
432 432 "ui_id", Integer(), nullable=False, unique=True, default=None,
433 433 primary_key=True)
434 434 ui_section = Column(
435 435 "ui_section", String(255), nullable=True, unique=None, default=None)
436 436 ui_key = Column(
437 437 "ui_key", String(255), nullable=True, unique=None, default=None)
438 438 ui_value = Column(
439 439 "ui_value", String(255), nullable=True, unique=None, default=None)
440 440 ui_active = Column(
441 441 "ui_active", Boolean(), nullable=True, unique=None, default=True)
442 442
443 443 def __repr__(self):
444 444 return '<%s[%s]%s=>%s]>' % (self.__class__.__name__, self.ui_section,
445 445 self.ui_key, self.ui_value)
446 446
447 447
448 448 class RepoRhodeCodeSetting(Base, BaseModel):
449 449 __tablename__ = 'repo_rhodecode_settings'
450 450 __table_args__ = (
451 451 UniqueConstraint(
452 452 'app_settings_name', 'repository_id',
453 453 name='uq_repo_rhodecode_setting_name_repo_id'),
454 454 base_table_args
455 455 )
456 456
457 457 repository_id = Column(
458 458 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
459 459 nullable=False)
460 460 app_settings_id = Column(
461 461 "app_settings_id", Integer(), nullable=False, unique=True,
462 462 default=None, primary_key=True)
463 463 app_settings_name = Column(
464 464 "app_settings_name", String(255), nullable=True, unique=None,
465 465 default=None)
466 466 _app_settings_value = Column(
467 467 "app_settings_value", String(4096), nullable=True, unique=None,
468 468 default=None)
469 469 _app_settings_type = Column(
470 470 "app_settings_type", String(255), nullable=True, unique=None,
471 471 default=None)
472 472
473 473 repository = relationship('Repository')
474 474
475 475 def __init__(self, repository_id, key='', val='', type='unicode'):
476 476 self.repository_id = repository_id
477 477 self.app_settings_name = key
478 478 self.app_settings_type = type
479 479 self.app_settings_value = val
480 480
481 481 @validates('_app_settings_value')
482 482 def validate_settings_value(self, key, val):
483 483 assert type(val) == unicode
484 484 return val
485 485
486 486 @hybrid_property
487 487 def app_settings_value(self):
488 488 v = self._app_settings_value
489 489 type_ = self.app_settings_type
490 490 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
491 491 converter = SETTINGS_TYPES.get(type_) or SETTINGS_TYPES['unicode']
492 492 return converter(v)
493 493
494 494 @app_settings_value.setter
495 495 def app_settings_value(self, val):
496 496 """
497 497 Setter that will always make sure we use unicode in app_settings_value
498 498
499 499 :param val:
500 500 """
501 501 self._app_settings_value = safe_unicode(val)
502 502
503 503 @hybrid_property
504 504 def app_settings_type(self):
505 505 return self._app_settings_type
506 506
507 507 @app_settings_type.setter
508 508 def app_settings_type(self, val):
509 509 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
510 510 if val not in SETTINGS_TYPES:
511 511 raise Exception('type must be one of %s got %s'
512 512 % (SETTINGS_TYPES.keys(), val))
513 513 self._app_settings_type = val
514 514
515 515 def __unicode__(self):
516 516 return u"<%s('%s:%s:%s[%s]')>" % (
517 517 self.__class__.__name__, self.repository.repo_name,
518 518 self.app_settings_name, self.app_settings_value,
519 519 self.app_settings_type
520 520 )
521 521
522 522
523 523 class RepoRhodeCodeUi(Base, BaseModel):
524 524 __tablename__ = 'repo_rhodecode_ui'
525 525 __table_args__ = (
526 526 UniqueConstraint(
527 527 'repository_id', 'ui_section', 'ui_key',
528 528 name='uq_repo_rhodecode_ui_repository_id_section_key'),
529 529 base_table_args
530 530 )
531 531
532 532 repository_id = Column(
533 533 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
534 534 nullable=False)
535 535 ui_id = Column(
536 536 "ui_id", Integer(), nullable=False, unique=True, default=None,
537 537 primary_key=True)
538 538 ui_section = Column(
539 539 "ui_section", String(255), nullable=True, unique=None, default=None)
540 540 ui_key = Column(
541 541 "ui_key", String(255), nullable=True, unique=None, default=None)
542 542 ui_value = Column(
543 543 "ui_value", String(255), nullable=True, unique=None, default=None)
544 544 ui_active = Column(
545 545 "ui_active", Boolean(), nullable=True, unique=None, default=True)
546 546
547 547 repository = relationship('Repository')
548 548
549 549 def __repr__(self):
550 550 return '<%s[%s:%s]%s=>%s]>' % (
551 551 self.__class__.__name__, self.repository.repo_name,
552 552 self.ui_section, self.ui_key, self.ui_value)
553 553
554 554
555 555 class User(Base, BaseModel):
556 556 __tablename__ = 'users'
557 557 __table_args__ = (
558 558 UniqueConstraint('username'), UniqueConstraint('email'),
559 559 Index('u_username_idx', 'username'),
560 560 Index('u_email_idx', 'email'),
561 561 base_table_args
562 562 )
563 563
564 564 DEFAULT_USER = 'default'
565 565 DEFAULT_USER_EMAIL = 'anonymous@rhodecode.org'
566 566 DEFAULT_GRAVATAR_URL = 'https://secure.gravatar.com/avatar/{md5email}?d=identicon&s={size}'
567 567
568 568 user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
569 569 username = Column("username", String(255), nullable=True, unique=None, default=None)
570 570 password = Column("password", String(255), nullable=True, unique=None, default=None)
571 571 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
572 572 admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
573 573 name = Column("firstname", String(255), nullable=True, unique=None, default=None)
574 574 lastname = Column("lastname", String(255), nullable=True, unique=None, default=None)
575 575 _email = Column("email", String(255), nullable=True, unique=None, default=None)
576 576 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
577 577 last_activity = Column('last_activity', DateTime(timezone=False), nullable=True, unique=None, default=None)
578 578
579 579 extern_type = Column("extern_type", String(255), nullable=True, unique=None, default=None)
580 580 extern_name = Column("extern_name", String(255), nullable=True, unique=None, default=None)
581 581 _api_key = Column("api_key", String(255), nullable=True, unique=None, default=None)
582 582 inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
583 583 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
584 584 _user_data = Column("user_data", LargeBinary(), nullable=True) # JSON data
585 585
586 586 user_log = relationship('UserLog')
587 587 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
588 588
589 589 repositories = relationship('Repository')
590 590 repository_groups = relationship('RepoGroup')
591 591 user_groups = relationship('UserGroup')
592 592
593 593 user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
594 594 followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')
595 595
596 596 repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
597 597 repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')
598 598 user_group_to_perm = relationship('UserUserGroupToPerm', primaryjoin='UserUserGroupToPerm.user_id==User.user_id', cascade='all')
599 599
600 600 group_member = relationship('UserGroupMember', cascade='all')
601 601
602 602 notifications = relationship('UserNotification', cascade='all')
603 603 # notifications assigned to this user
604 604 user_created_notifications = relationship('Notification', cascade='all')
605 605 # comments created by this user
606 606 user_comments = relationship('ChangesetComment', cascade='all')
607 607 # user profile extra info
608 608 user_emails = relationship('UserEmailMap', cascade='all')
609 609 user_ip_map = relationship('UserIpMap', cascade='all')
610 610 user_auth_tokens = relationship('UserApiKeys', cascade='all')
611 611 user_ssh_keys = relationship('UserSshKeys', cascade='all')
612 612
613 613 # gists
614 614 user_gists = relationship('Gist', cascade='all')
615 615 # user pull requests
616 616 user_pull_requests = relationship('PullRequest', cascade='all')
617 617 # external identities
618 618 extenal_identities = relationship(
619 619 'ExternalIdentity',
620 620 primaryjoin="User.user_id==ExternalIdentity.local_user_id",
621 621 cascade='all')
622 622 # review rules
623 623 user_review_rules = relationship('RepoReviewRuleUser', cascade='all')
624 624
625 625 def __unicode__(self):
626 626 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
627 627 self.user_id, self.username)
628 628
629 629 @hybrid_property
630 630 def email(self):
631 631 return self._email
632 632
633 633 @email.setter
634 634 def email(self, val):
635 635 self._email = val.lower() if val else None
636 636
637 637 @hybrid_property
638 638 def first_name(self):
639 639 from rhodecode.lib import helpers as h
640 640 if self.name:
641 641 return h.escape(self.name)
642 642 return self.name
643 643
644 644 @hybrid_property
645 645 def last_name(self):
646 646 from rhodecode.lib import helpers as h
647 647 if self.lastname:
648 648 return h.escape(self.lastname)
649 649 return self.lastname
650 650
651 651 @hybrid_property
652 652 def api_key(self):
653 653 """
654 654 Fetch if exist an auth-token with role ALL connected to this user
655 655 """
656 656 user_auth_token = UserApiKeys.query()\
657 657 .filter(UserApiKeys.user_id == self.user_id)\
658 658 .filter(or_(UserApiKeys.expires == -1,
659 659 UserApiKeys.expires >= time.time()))\
660 660 .filter(UserApiKeys.role == UserApiKeys.ROLE_ALL).first()
661 661 if user_auth_token:
662 662 user_auth_token = user_auth_token.api_key
663 663
664 664 return user_auth_token
665 665
666 666 @api_key.setter
667 667 def api_key(self, val):
668 668 # don't allow to set API key this is deprecated for now
669 669 self._api_key = None
670 670
671 671 @property
672 672 def reviewer_pull_requests(self):
673 673 return PullRequestReviewers.query() \
674 674 .options(joinedload(PullRequestReviewers.pull_request)) \
675 675 .filter(PullRequestReviewers.user_id == self.user_id) \
676 676 .all()
677 677
678 678 @property
679 679 def firstname(self):
680 680 # alias for future
681 681 return self.name
682 682
683 683 @property
684 684 def emails(self):
685 685 other = UserEmailMap.query()\
686 686 .filter(UserEmailMap.user == self) \
687 687 .order_by(UserEmailMap.email_id.asc()) \
688 688 .all()
689 689 return [self.email] + [x.email for x in other]
690 690
691 691 @property
692 692 def auth_tokens(self):
693 693 auth_tokens = self.get_auth_tokens()
694 694 return [x.api_key for x in auth_tokens]
695 695
696 696 def get_auth_tokens(self):
697 697 return UserApiKeys.query()\
698 698 .filter(UserApiKeys.user == self)\
699 699 .order_by(UserApiKeys.user_api_key_id.asc())\
700 700 .all()
701 701
702 702 @LazyProperty
703 703 def feed_token(self):
704 704 return self.get_feed_token()
705 705
706 706 def get_feed_token(self, cache=True):
707 707 feed_tokens = UserApiKeys.query()\
708 708 .filter(UserApiKeys.user == self)\
709 709 .filter(UserApiKeys.role == UserApiKeys.ROLE_FEED)
710 710 if cache:
711 711 feed_tokens = feed_tokens.options(
712 712 FromCache("sql_cache_short", "get_user_feed_token_%s" % self.user_id))
713 713
714 714 feed_tokens = feed_tokens.all()
715 715 if feed_tokens:
716 716 return feed_tokens[0].api_key
717 717 return 'NO_FEED_TOKEN_AVAILABLE'
718 718
719 719 @classmethod
720 720 def get(cls, user_id, cache=False):
721 721 if not user_id:
722 722 return
723 723
724 724 user = cls.query()
725 725 if cache:
726 726 user = user.options(
727 727 FromCache("sql_cache_short", "get_users_%s" % user_id))
728 728 return user.get(user_id)
729 729
730 730 @classmethod
731 731 def extra_valid_auth_tokens(cls, user, role=None):
732 732 tokens = UserApiKeys.query().filter(UserApiKeys.user == user)\
733 733 .filter(or_(UserApiKeys.expires == -1,
734 734 UserApiKeys.expires >= time.time()))
735 735 if role:
736 736 tokens = tokens.filter(or_(UserApiKeys.role == role,
737 737 UserApiKeys.role == UserApiKeys.ROLE_ALL))
738 738 return tokens.all()
739 739
740 740 def authenticate_by_token(self, auth_token, roles=None, scope_repo_id=None):
741 741 from rhodecode.lib import auth
742 742
743 743 log.debug('Trying to authenticate user: %s via auth-token, '
744 744 'and roles: %s', self, roles)
745 745
746 746 if not auth_token:
747 747 return False
748 748
749 749 roles = (roles or []) + [UserApiKeys.ROLE_ALL]
750 750 tokens_q = UserApiKeys.query()\
751 751 .filter(UserApiKeys.user_id == self.user_id)\
752 752 .filter(or_(UserApiKeys.expires == -1,
753 753 UserApiKeys.expires >= time.time()))
754 754
755 755 tokens_q = tokens_q.filter(UserApiKeys.role.in_(roles))
756 756
757 757 crypto_backend = auth.crypto_backend()
758 758 enc_token_map = {}
759 759 plain_token_map = {}
760 760 for token in tokens_q:
761 761 if token.api_key.startswith(crypto_backend.ENC_PREF):
762 762 enc_token_map[token.api_key] = token
763 763 else:
764 764 plain_token_map[token.api_key] = token
765 765 log.debug(
766 766 'Found %s plain and %s encrypted user tokens to check for authentication',
767 767 len(plain_token_map), len(enc_token_map))
768 768
769 769 # plain token match comes first
770 770 match = plain_token_map.get(auth_token)
771 771
772 772 # check encrypted tokens now
773 773 if not match:
774 774 for token_hash, token in enc_token_map.items():
775 775 # NOTE(marcink): this is expensive to calculate, but most secure
776 776 if crypto_backend.hash_check(auth_token, token_hash):
777 777 match = token
778 778 break
779 779
780 780 if match:
781 781 log.debug('Found matching token %s', match)
782 782 if match.repo_id:
783 783 log.debug('Found scope, checking for scope match of token %s', match)
784 784 if match.repo_id == scope_repo_id:
785 785 return True
786 786 else:
787 787 log.debug(
788 788 'AUTH_TOKEN: scope mismatch, token has a set repo scope: %s, '
789 789 'and calling scope is:%s, skipping further checks',
790 790 match.repo, scope_repo_id)
791 791 return False
792 792 else:
793 793 return True
794 794
795 795 return False
796 796
797 797 @property
798 798 def ip_addresses(self):
799 799 ret = UserIpMap.query().filter(UserIpMap.user == self).all()
800 800 return [x.ip_addr for x in ret]
801 801
802 802 @property
803 803 def username_and_name(self):
804 804 return '%s (%s %s)' % (self.username, self.first_name, self.last_name)
805 805
806 806 @property
807 807 def username_or_name_or_email(self):
808 808 full_name = self.full_name if self.full_name is not ' ' else None
809 809 return self.username or full_name or self.email
810 810
811 811 @property
812 812 def full_name(self):
813 813 return '%s %s' % (self.first_name, self.last_name)
814 814
815 815 @property
816 816 def full_name_or_username(self):
817 817 return ('%s %s' % (self.first_name, self.last_name)
818 818 if (self.first_name and self.last_name) else self.username)
819 819
820 820 @property
821 821 def full_contact(self):
822 822 return '%s %s <%s>' % (self.first_name, self.last_name, self.email)
823 823
824 824 @property
825 825 def short_contact(self):
826 826 return '%s %s' % (self.first_name, self.last_name)
827 827
828 828 @property
829 829 def is_admin(self):
830 830 return self.admin
831 831
832 832 def AuthUser(self, **kwargs):
833 833 """
834 834 Returns instance of AuthUser for this user
835 835 """
836 836 from rhodecode.lib.auth import AuthUser
837 837 return AuthUser(user_id=self.user_id, username=self.username, **kwargs)
838 838
839 839 @hybrid_property
840 840 def user_data(self):
841 841 if not self._user_data:
842 842 return {}
843 843
844 844 try:
845 845 return json.loads(self._user_data)
846 846 except TypeError:
847 847 return {}
848 848
849 849 @user_data.setter
850 850 def user_data(self, val):
851 851 if not isinstance(val, dict):
852 852 raise Exception('user_data must be dict, got %s' % type(val))
853 853 try:
854 854 self._user_data = json.dumps(val)
855 855 except Exception:
856 856 log.error(traceback.format_exc())
857 857
858 858 @classmethod
859 859 def get_by_username(cls, username, case_insensitive=False,
860 860 cache=False, identity_cache=False):
861 861 session = Session()
862 862
863 863 if case_insensitive:
864 864 q = cls.query().filter(
865 865 func.lower(cls.username) == func.lower(username))
866 866 else:
867 867 q = cls.query().filter(cls.username == username)
868 868
869 869 if cache:
870 870 if identity_cache:
871 871 val = cls.identity_cache(session, 'username', username)
872 872 if val:
873 873 return val
874 874 else:
875 875 cache_key = "get_user_by_name_%s" % _hash_key(username)
876 876 q = q.options(
877 877 FromCache("sql_cache_short", cache_key))
878 878
879 879 return q.scalar()
880 880
881 881 @classmethod
882 882 def get_by_auth_token(cls, auth_token, cache=False):
883 883 q = UserApiKeys.query()\
884 884 .filter(UserApiKeys.api_key == auth_token)\
885 885 .filter(or_(UserApiKeys.expires == -1,
886 886 UserApiKeys.expires >= time.time()))
887 887 if cache:
888 888 q = q.options(
889 889 FromCache("sql_cache_short", "get_auth_token_%s" % auth_token))
890 890
891 891 match = q.first()
892 892 if match:
893 893 return match.user
894 894
895 895 @classmethod
896 896 def get_by_email(cls, email, case_insensitive=False, cache=False):
897 897
898 898 if case_insensitive:
899 899 q = cls.query().filter(func.lower(cls.email) == func.lower(email))
900 900
901 901 else:
902 902 q = cls.query().filter(cls.email == email)
903 903
904 904 email_key = _hash_key(email)
905 905 if cache:
906 906 q = q.options(
907 907 FromCache("sql_cache_short", "get_email_key_%s" % email_key))
908 908
909 909 ret = q.scalar()
910 910 if ret is None:
911 911 q = UserEmailMap.query()
912 912 # try fetching in alternate email map
913 913 if case_insensitive:
914 914 q = q.filter(func.lower(UserEmailMap.email) == func.lower(email))
915 915 else:
916 916 q = q.filter(UserEmailMap.email == email)
917 917 q = q.options(joinedload(UserEmailMap.user))
918 918 if cache:
919 919 q = q.options(
920 920 FromCache("sql_cache_short", "get_email_map_key_%s" % email_key))
921 921 ret = getattr(q.scalar(), 'user', None)
922 922
923 923 return ret
924 924
925 925 @classmethod
926 926 def get_from_cs_author(cls, author):
927 927 """
928 928 Tries to get User objects out of commit author string
929 929
930 930 :param author:
931 931 """
932 932 from rhodecode.lib.helpers import email, author_name
933 933 # Valid email in the attribute passed, see if they're in the system
934 934 _email = email(author)
935 935 if _email:
936 936 user = cls.get_by_email(_email, case_insensitive=True)
937 937 if user:
938 938 return user
939 939 # Maybe we can match by username?
940 940 _author = author_name(author)
941 941 user = cls.get_by_username(_author, case_insensitive=True)
942 942 if user:
943 943 return user
944 944
945 945 def update_userdata(self, **kwargs):
946 946 usr = self
947 947 old = usr.user_data
948 948 old.update(**kwargs)
949 949 usr.user_data = old
950 950 Session().add(usr)
951 log.debug('updated userdata with ', kwargs)
951 log.debug('updated userdata with %s', kwargs)
952 952
953 953 def update_lastlogin(self):
954 954 """Update user lastlogin"""
955 955 self.last_login = datetime.datetime.now()
956 956 Session().add(self)
957 957 log.debug('updated user %s lastlogin', self.username)
958 958
959 959 def update_password(self, new_password):
960 960 from rhodecode.lib.auth import get_crypt_password
961 961
962 962 self.password = get_crypt_password(new_password)
963 963 Session().add(self)
964 964
965 965 @classmethod
966 966 def get_first_super_admin(cls):
967 967 user = User.query()\
968 968 .filter(User.admin == true()) \
969 969 .order_by(User.user_id.asc()) \
970 970 .first()
971 971
972 972 if user is None:
973 973 raise Exception('FATAL: Missing administrative account!')
974 974 return user
975 975
976 976 @classmethod
977 977 def get_all_super_admins(cls, only_active=False):
978 978 """
979 979 Returns all admin accounts sorted by username
980 980 """
981 981 qry = User.query().filter(User.admin == true()).order_by(User.username.asc())
982 982 if only_active:
983 983 qry = qry.filter(User.active == true())
984 984 return qry.all()
985 985
986 986 @classmethod
987 987 def get_default_user(cls, cache=False, refresh=False):
988 988 user = User.get_by_username(User.DEFAULT_USER, cache=cache)
989 989 if user is None:
990 990 raise Exception('FATAL: Missing default account!')
991 991 if refresh:
992 992 # The default user might be based on outdated state which
993 993 # has been loaded from the cache.
994 994 # A call to refresh() ensures that the
995 995 # latest state from the database is used.
996 996 Session().refresh(user)
997 997 return user
998 998
999 999 def _get_default_perms(self, user, suffix=''):
1000 1000 from rhodecode.model.permission import PermissionModel
1001 1001 return PermissionModel().get_default_perms(user.user_perms, suffix)
1002 1002
1003 1003 def get_default_perms(self, suffix=''):
1004 1004 return self._get_default_perms(self, suffix)
1005 1005
1006 1006 def get_api_data(self, include_secrets=False, details='full'):
1007 1007 """
1008 1008 Common function for generating user related data for API
1009 1009
1010 1010 :param include_secrets: By default secrets in the API data will be replaced
1011 1011 by a placeholder value to prevent exposing this data by accident. In case
1012 1012 this data shall be exposed, set this flag to ``True``.
1013 1013
1014 1014 :param details: details can be 'basic|full' basic gives only a subset of
1015 1015 the available user information that includes user_id, name and emails.
1016 1016 """
1017 1017 user = self
1018 1018 user_data = self.user_data
1019 1019 data = {
1020 1020 'user_id': user.user_id,
1021 1021 'username': user.username,
1022 1022 'firstname': user.name,
1023 1023 'lastname': user.lastname,
1024 1024 'email': user.email,
1025 1025 'emails': user.emails,
1026 1026 }
1027 1027 if details == 'basic':
1028 1028 return data
1029 1029
1030 1030 auth_token_length = 40
1031 1031 auth_token_replacement = '*' * auth_token_length
1032 1032
1033 1033 extras = {
1034 1034 'auth_tokens': [auth_token_replacement],
1035 1035 'active': user.active,
1036 1036 'admin': user.admin,
1037 1037 'extern_type': user.extern_type,
1038 1038 'extern_name': user.extern_name,
1039 1039 'last_login': user.last_login,
1040 1040 'last_activity': user.last_activity,
1041 1041 'ip_addresses': user.ip_addresses,
1042 1042 'language': user_data.get('language')
1043 1043 }
1044 1044 data.update(extras)
1045 1045
1046 1046 if include_secrets:
1047 1047 data['auth_tokens'] = user.auth_tokens
1048 1048 return data
1049 1049
1050 1050 def __json__(self):
1051 1051 data = {
1052 1052 'full_name': self.full_name,
1053 1053 'full_name_or_username': self.full_name_or_username,
1054 1054 'short_contact': self.short_contact,
1055 1055 'full_contact': self.full_contact,
1056 1056 }
1057 1057 data.update(self.get_api_data())
1058 1058 return data
1059 1059
1060 1060
1061 1061 class UserApiKeys(Base, BaseModel):
1062 1062 __tablename__ = 'user_api_keys'
1063 1063 __table_args__ = (
1064 1064 Index('uak_api_key_idx', 'api_key', unique=True),
1065 1065 Index('uak_api_key_expires_idx', 'api_key', 'expires'),
1066 1066 base_table_args
1067 1067 )
1068 1068 __mapper_args__ = {}
1069 1069
1070 1070 # ApiKey role
1071 1071 ROLE_ALL = 'token_role_all'
1072 1072 ROLE_HTTP = 'token_role_http'
1073 1073 ROLE_VCS = 'token_role_vcs'
1074 1074 ROLE_API = 'token_role_api'
1075 1075 ROLE_FEED = 'token_role_feed'
1076 1076 ROLE_PASSWORD_RESET = 'token_password_reset'
1077 1077
1078 1078 ROLES = [ROLE_ALL, ROLE_HTTP, ROLE_VCS, ROLE_API, ROLE_FEED]
1079 1079
1080 1080 user_api_key_id = Column("user_api_key_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1081 1081 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1082 1082 api_key = Column("api_key", String(255), nullable=False, unique=True)
1083 1083 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1084 1084 expires = Column('expires', Float(53), nullable=False)
1085 1085 role = Column('role', String(255), nullable=True)
1086 1086 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1087 1087
1088 1088 # scope columns
1089 1089 repo_id = Column(
1090 1090 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
1091 1091 nullable=True, unique=None, default=None)
1092 1092 repo = relationship('Repository', lazy='joined')
1093 1093
1094 1094 repo_group_id = Column(
1095 1095 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
1096 1096 nullable=True, unique=None, default=None)
1097 1097 repo_group = relationship('RepoGroup', lazy='joined')
1098 1098
1099 1099 user = relationship('User', lazy='joined')
1100 1100
1101 1101 def __unicode__(self):
1102 1102 return u"<%s('%s')>" % (self.__class__.__name__, self.role)
1103 1103
1104 1104 def __json__(self):
1105 1105 data = {
1106 1106 'auth_token': self.api_key,
1107 1107 'role': self.role,
1108 1108 'scope': self.scope_humanized,
1109 1109 'expired': self.expired
1110 1110 }
1111 1111 return data
1112 1112
1113 1113 def get_api_data(self, include_secrets=False):
1114 1114 data = self.__json__()
1115 1115 if include_secrets:
1116 1116 return data
1117 1117 else:
1118 1118 data['auth_token'] = self.token_obfuscated
1119 1119 return data
1120 1120
1121 1121 @hybrid_property
1122 1122 def description_safe(self):
1123 1123 from rhodecode.lib import helpers as h
1124 1124 return h.escape(self.description)
1125 1125
1126 1126 @property
1127 1127 def expired(self):
1128 1128 if self.expires == -1:
1129 1129 return False
1130 1130 return time.time() > self.expires
1131 1131
1132 1132 @classmethod
1133 1133 def _get_role_name(cls, role):
1134 1134 return {
1135 1135 cls.ROLE_ALL: _('all'),
1136 1136 cls.ROLE_HTTP: _('http/web interface'),
1137 1137 cls.ROLE_VCS: _('vcs (git/hg/svn protocol)'),
1138 1138 cls.ROLE_API: _('api calls'),
1139 1139 cls.ROLE_FEED: _('feed access'),
1140 1140 }.get(role, role)
1141 1141
1142 1142 @property
1143 1143 def role_humanized(self):
1144 1144 return self._get_role_name(self.role)
1145 1145
1146 1146 def _get_scope(self):
1147 1147 if self.repo:
1148 1148 return 'Repository: {}'.format(self.repo.repo_name)
1149 1149 if self.repo_group:
1150 1150 return 'RepositoryGroup: {} (recursive)'.format(self.repo_group.group_name)
1151 1151 return 'Global'
1152 1152
1153 1153 @property
1154 1154 def scope_humanized(self):
1155 1155 return self._get_scope()
1156 1156
1157 1157 @property
1158 1158 def token_obfuscated(self):
1159 1159 if self.api_key:
1160 1160 return self.api_key[:4] + "****"
1161 1161
1162 1162
1163 1163 class UserEmailMap(Base, BaseModel):
1164 1164 __tablename__ = 'user_email_map'
1165 1165 __table_args__ = (
1166 1166 Index('uem_email_idx', 'email'),
1167 1167 UniqueConstraint('email'),
1168 1168 base_table_args
1169 1169 )
1170 1170 __mapper_args__ = {}
1171 1171
1172 1172 email_id = Column("email_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1173 1173 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1174 1174 _email = Column("email", String(255), nullable=True, unique=False, default=None)
1175 1175 user = relationship('User', lazy='joined')
1176 1176
1177 1177 @validates('_email')
1178 1178 def validate_email(self, key, email):
1179 1179 # check if this email is not main one
1180 1180 main_email = Session().query(User).filter(User.email == email).scalar()
1181 1181 if main_email is not None:
1182 1182 raise AttributeError('email %s is present is user table' % email)
1183 1183 return email
1184 1184
1185 1185 @hybrid_property
1186 1186 def email(self):
1187 1187 return self._email
1188 1188
1189 1189 @email.setter
1190 1190 def email(self, val):
1191 1191 self._email = val.lower() if val else None
1192 1192
1193 1193
1194 1194 class UserIpMap(Base, BaseModel):
1195 1195 __tablename__ = 'user_ip_map'
1196 1196 __table_args__ = (
1197 1197 UniqueConstraint('user_id', 'ip_addr'),
1198 1198 base_table_args
1199 1199 )
1200 1200 __mapper_args__ = {}
1201 1201
1202 1202 ip_id = Column("ip_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1203 1203 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1204 1204 ip_addr = Column("ip_addr", String(255), nullable=True, unique=False, default=None)
1205 1205 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
1206 1206 description = Column("description", String(10000), nullable=True, unique=None, default=None)
1207 1207 user = relationship('User', lazy='joined')
1208 1208
1209 1209 @hybrid_property
1210 1210 def description_safe(self):
1211 1211 from rhodecode.lib import helpers as h
1212 1212 return h.escape(self.description)
1213 1213
1214 1214 @classmethod
1215 1215 def _get_ip_range(cls, ip_addr):
1216 1216 net = ipaddress.ip_network(safe_unicode(ip_addr), strict=False)
1217 1217 return [str(net.network_address), str(net.broadcast_address)]
1218 1218
1219 1219 def __json__(self):
1220 1220 return {
1221 1221 'ip_addr': self.ip_addr,
1222 1222 'ip_range': self._get_ip_range(self.ip_addr),
1223 1223 }
1224 1224
1225 1225 def __unicode__(self):
1226 1226 return u"<%s('user_id:%s=>%s')>" % (self.__class__.__name__,
1227 1227 self.user_id, self.ip_addr)
1228 1228
1229 1229
1230 1230 class UserSshKeys(Base, BaseModel):
1231 1231 __tablename__ = 'user_ssh_keys'
1232 1232 __table_args__ = (
1233 1233 Index('usk_ssh_key_fingerprint_idx', 'ssh_key_fingerprint'),
1234 1234
1235 1235 UniqueConstraint('ssh_key_fingerprint'),
1236 1236
1237 1237 base_table_args
1238 1238 )
1239 1239 __mapper_args__ = {}
1240 1240
1241 1241 ssh_key_id = Column('ssh_key_id', Integer(), nullable=False, unique=True, default=None, primary_key=True)
1242 1242 ssh_key_data = Column('ssh_key_data', String(10240), nullable=False, unique=None, default=None)
1243 1243 ssh_key_fingerprint = Column('ssh_key_fingerprint', String(255), nullable=False, unique=None, default=None)
1244 1244
1245 1245 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1246 1246
1247 1247 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1248 1248 accessed_on = Column('accessed_on', DateTime(timezone=False), nullable=True, default=None)
1249 1249 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1250 1250
1251 1251 user = relationship('User', lazy='joined')
1252 1252
1253 1253 def __json__(self):
1254 1254 data = {
1255 1255 'ssh_fingerprint': self.ssh_key_fingerprint,
1256 1256 'description': self.description,
1257 1257 'created_on': self.created_on
1258 1258 }
1259 1259 return data
1260 1260
1261 1261 def get_api_data(self):
1262 1262 data = self.__json__()
1263 1263 return data
1264 1264
1265 1265
1266 1266 class UserLog(Base, BaseModel):
1267 1267 __tablename__ = 'user_logs'
1268 1268 __table_args__ = (
1269 1269 base_table_args,
1270 1270 )
1271 1271
1272 1272 VERSION_1 = 'v1'
1273 1273 VERSION_2 = 'v2'
1274 1274 VERSIONS = [VERSION_1, VERSION_2]
1275 1275
1276 1276 user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1277 1277 user_id = Column("user_id", Integer(), ForeignKey('users.user_id',ondelete='SET NULL'), nullable=True, unique=None, default=None)
1278 1278 username = Column("username", String(255), nullable=True, unique=None, default=None)
1279 1279 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id', ondelete='SET NULL'), nullable=True, unique=None, default=None)
1280 1280 repository_name = Column("repository_name", String(255), nullable=True, unique=None, default=None)
1281 1281 user_ip = Column("user_ip", String(255), nullable=True, unique=None, default=None)
1282 1282 action = Column("action", Text().with_variant(Text(1200000), 'mysql'), nullable=True, unique=None, default=None)
1283 1283 action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
1284 1284
1285 1285 version = Column("version", String(255), nullable=True, default=VERSION_1)
1286 1286 user_data = Column('user_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=LONGTEXT()))))
1287 1287 action_data = Column('action_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=LONGTEXT()))))
1288 1288
1289 1289 def __unicode__(self):
1290 1290 return u"<%s('id:%s:%s')>" % (
1291 1291 self.__class__.__name__, self.repository_name, self.action)
1292 1292
1293 1293 def __json__(self):
1294 1294 return {
1295 1295 'user_id': self.user_id,
1296 1296 'username': self.username,
1297 1297 'repository_id': self.repository_id,
1298 1298 'repository_name': self.repository_name,
1299 1299 'user_ip': self.user_ip,
1300 1300 'action_date': self.action_date,
1301 1301 'action': self.action,
1302 1302 }
1303 1303
1304 1304 @hybrid_property
1305 1305 def entry_id(self):
1306 1306 return self.user_log_id
1307 1307
1308 1308 @property
1309 1309 def action_as_day(self):
1310 1310 return datetime.date(*self.action_date.timetuple()[:3])
1311 1311
1312 1312 user = relationship('User')
1313 1313 repository = relationship('Repository', cascade='')
1314 1314
1315 1315
1316 1316 class UserGroup(Base, BaseModel):
1317 1317 __tablename__ = 'users_groups'
1318 1318 __table_args__ = (
1319 1319 base_table_args,
1320 1320 )
1321 1321
1322 1322 users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1323 1323 users_group_name = Column("users_group_name", String(255), nullable=False, unique=True, default=None)
1324 1324 user_group_description = Column("user_group_description", String(10000), nullable=True, unique=None, default=None)
1325 1325 users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
1326 1326 inherit_default_permissions = Column("users_group_inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
1327 1327 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
1328 1328 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1329 1329 _group_data = Column("group_data", LargeBinary(), nullable=True) # JSON data
1330 1330
1331 1331 members = relationship('UserGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
1332 1332 users_group_to_perm = relationship('UserGroupToPerm', cascade='all')
1333 1333 users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1334 1334 users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
1335 1335 user_user_group_to_perm = relationship('UserUserGroupToPerm', cascade='all')
1336 1336 user_group_user_group_to_perm = relationship('UserGroupUserGroupToPerm ', primaryjoin="UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id", cascade='all')
1337 1337
1338 1338 user_group_review_rules = relationship('RepoReviewRuleUserGroup', cascade='all')
1339 1339 user = relationship('User', primaryjoin="User.user_id==UserGroup.user_id")
1340 1340
1341 1341 @classmethod
1342 1342 def _load_group_data(cls, column):
1343 1343 if not column:
1344 1344 return {}
1345 1345
1346 1346 try:
1347 1347 return json.loads(column) or {}
1348 1348 except TypeError:
1349 1349 return {}
1350 1350
1351 1351 @hybrid_property
1352 1352 def description_safe(self):
1353 1353 from rhodecode.lib import helpers as h
1354 1354 return h.escape(self.user_group_description)
1355 1355
1356 1356 @hybrid_property
1357 1357 def group_data(self):
1358 1358 return self._load_group_data(self._group_data)
1359 1359
1360 1360 @group_data.expression
1361 1361 def group_data(self, **kwargs):
1362 1362 return self._group_data
1363 1363
1364 1364 @group_data.setter
1365 1365 def group_data(self, val):
1366 1366 try:
1367 1367 self._group_data = json.dumps(val)
1368 1368 except Exception:
1369 1369 log.error(traceback.format_exc())
1370 1370
1371 1371 @classmethod
1372 1372 def _load_sync(cls, group_data):
1373 1373 if group_data:
1374 1374 return group_data.get('extern_type')
1375 1375
1376 1376 @property
1377 1377 def sync(self):
1378 1378 return self._load_sync(self.group_data)
1379 1379
1380 1380 def __unicode__(self):
1381 1381 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
1382 1382 self.users_group_id,
1383 1383 self.users_group_name)
1384 1384
1385 1385 @classmethod
1386 1386 def get_by_group_name(cls, group_name, cache=False,
1387 1387 case_insensitive=False):
1388 1388 if case_insensitive:
1389 1389 q = cls.query().filter(func.lower(cls.users_group_name) ==
1390 1390 func.lower(group_name))
1391 1391
1392 1392 else:
1393 1393 q = cls.query().filter(cls.users_group_name == group_name)
1394 1394 if cache:
1395 1395 q = q.options(
1396 1396 FromCache("sql_cache_short", "get_group_%s" % _hash_key(group_name)))
1397 1397 return q.scalar()
1398 1398
1399 1399 @classmethod
1400 1400 def get(cls, user_group_id, cache=False):
1401 1401 if not user_group_id:
1402 1402 return
1403 1403
1404 1404 user_group = cls.query()
1405 1405 if cache:
1406 1406 user_group = user_group.options(
1407 1407 FromCache("sql_cache_short", "get_users_group_%s" % user_group_id))
1408 1408 return user_group.get(user_group_id)
1409 1409
1410 1410 def permissions(self, with_admins=True, with_owner=True,
1411 1411 expand_from_user_groups=False):
1412 1412 """
1413 1413 Permissions for user groups
1414 1414 """
1415 1415 _admin_perm = 'usergroup.admin'
1416 1416
1417 1417 owner_row = []
1418 1418 if with_owner:
1419 1419 usr = AttributeDict(self.user.get_dict())
1420 1420 usr.owner_row = True
1421 1421 usr.permission = _admin_perm
1422 1422 owner_row.append(usr)
1423 1423
1424 1424 super_admin_ids = []
1425 1425 super_admin_rows = []
1426 1426 if with_admins:
1427 1427 for usr in User.get_all_super_admins():
1428 1428 super_admin_ids.append(usr.user_id)
1429 1429 # if this admin is also owner, don't double the record
1430 1430 if usr.user_id == owner_row[0].user_id:
1431 1431 owner_row[0].admin_row = True
1432 1432 else:
1433 1433 usr = AttributeDict(usr.get_dict())
1434 1434 usr.admin_row = True
1435 1435 usr.permission = _admin_perm
1436 1436 super_admin_rows.append(usr)
1437 1437
1438 1438 q = UserUserGroupToPerm.query().filter(UserUserGroupToPerm.user_group == self)
1439 1439 q = q.options(joinedload(UserUserGroupToPerm.user_group),
1440 1440 joinedload(UserUserGroupToPerm.user),
1441 1441 joinedload(UserUserGroupToPerm.permission),)
1442 1442
1443 1443 # get owners and admins and permissions. We do a trick of re-writing
1444 1444 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1445 1445 # has a global reference and changing one object propagates to all
1446 1446 # others. This means if admin is also an owner admin_row that change
1447 1447 # would propagate to both objects
1448 1448 perm_rows = []
1449 1449 for _usr in q.all():
1450 1450 usr = AttributeDict(_usr.user.get_dict())
1451 1451 # if this user is also owner/admin, mark as duplicate record
1452 1452 if usr.user_id == owner_row[0].user_id or usr.user_id in super_admin_ids:
1453 1453 usr.duplicate_perm = True
1454 1454 usr.permission = _usr.permission.permission_name
1455 1455 perm_rows.append(usr)
1456 1456
1457 1457 # filter the perm rows by 'default' first and then sort them by
1458 1458 # admin,write,read,none permissions sorted again alphabetically in
1459 1459 # each group
1460 1460 perm_rows = sorted(perm_rows, key=display_user_sort)
1461 1461
1462 1462 user_groups_rows = []
1463 1463 if expand_from_user_groups:
1464 1464 for ug in self.permission_user_groups(with_members=True):
1465 1465 for user_data in ug.members:
1466 1466 user_groups_rows.append(user_data)
1467 1467
1468 1468 return super_admin_rows + owner_row + perm_rows + user_groups_rows
1469 1469
1470 1470 def permission_user_groups(self, with_members=False):
1471 1471 q = UserGroupUserGroupToPerm.query()\
1472 1472 .filter(UserGroupUserGroupToPerm.target_user_group == self)
1473 1473 q = q.options(joinedload(UserGroupUserGroupToPerm.user_group),
1474 1474 joinedload(UserGroupUserGroupToPerm.target_user_group),
1475 1475 joinedload(UserGroupUserGroupToPerm.permission),)
1476 1476
1477 1477 perm_rows = []
1478 1478 for _user_group in q.all():
1479 1479 entry = AttributeDict(_user_group.user_group.get_dict())
1480 1480 entry.permission = _user_group.permission.permission_name
1481 1481 if with_members:
1482 1482 entry.members = [x.user.get_dict()
1483 1483 for x in _user_group.user_group.members]
1484 1484 perm_rows.append(entry)
1485 1485
1486 1486 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1487 1487 return perm_rows
1488 1488
1489 1489 def _get_default_perms(self, user_group, suffix=''):
1490 1490 from rhodecode.model.permission import PermissionModel
1491 1491 return PermissionModel().get_default_perms(user_group.users_group_to_perm, suffix)
1492 1492
1493 1493 def get_default_perms(self, suffix=''):
1494 1494 return self._get_default_perms(self, suffix)
1495 1495
1496 1496 def get_api_data(self, with_group_members=True, include_secrets=False):
1497 1497 """
1498 1498 :param include_secrets: See :meth:`User.get_api_data`, this parameter is
1499 1499 basically forwarded.
1500 1500
1501 1501 """
1502 1502 user_group = self
1503 1503 data = {
1504 1504 'users_group_id': user_group.users_group_id,
1505 1505 'group_name': user_group.users_group_name,
1506 1506 'group_description': user_group.user_group_description,
1507 1507 'active': user_group.users_group_active,
1508 1508 'owner': user_group.user.username,
1509 1509 'sync': user_group.sync,
1510 1510 'owner_email': user_group.user.email,
1511 1511 }
1512 1512
1513 1513 if with_group_members:
1514 1514 users = []
1515 1515 for user in user_group.members:
1516 1516 user = user.user
1517 1517 users.append(user.get_api_data(include_secrets=include_secrets))
1518 1518 data['users'] = users
1519 1519
1520 1520 return data
1521 1521
1522 1522
1523 1523 class UserGroupMember(Base, BaseModel):
1524 1524 __tablename__ = 'users_groups_members'
1525 1525 __table_args__ = (
1526 1526 base_table_args,
1527 1527 )
1528 1528
1529 1529 users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1530 1530 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1531 1531 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
1532 1532
1533 1533 user = relationship('User', lazy='joined')
1534 1534 users_group = relationship('UserGroup')
1535 1535
1536 1536 def __init__(self, gr_id='', u_id=''):
1537 1537 self.users_group_id = gr_id
1538 1538 self.user_id = u_id
1539 1539
1540 1540
1541 1541 class RepositoryField(Base, BaseModel):
1542 1542 __tablename__ = 'repositories_fields'
1543 1543 __table_args__ = (
1544 1544 UniqueConstraint('repository_id', 'field_key'), # no-multi field
1545 1545 base_table_args,
1546 1546 )
1547 1547
1548 1548 PREFIX = 'ex_' # prefix used in form to not conflict with already existing fields
1549 1549
1550 1550 repo_field_id = Column("repo_field_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1551 1551 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
1552 1552 field_key = Column("field_key", String(250))
1553 1553 field_label = Column("field_label", String(1024), nullable=False)
1554 1554 field_value = Column("field_value", String(10000), nullable=False)
1555 1555 field_desc = Column("field_desc", String(1024), nullable=False)
1556 1556 field_type = Column("field_type", String(255), nullable=False, unique=None)
1557 1557 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1558 1558
1559 1559 repository = relationship('Repository')
1560 1560
1561 1561 @property
1562 1562 def field_key_prefixed(self):
1563 1563 return 'ex_%s' % self.field_key
1564 1564
1565 1565 @classmethod
1566 1566 def un_prefix_key(cls, key):
1567 1567 if key.startswith(cls.PREFIX):
1568 1568 return key[len(cls.PREFIX):]
1569 1569 return key
1570 1570
1571 1571 @classmethod
1572 1572 def get_by_key_name(cls, key, repo):
1573 1573 row = cls.query()\
1574 1574 .filter(cls.repository == repo)\
1575 1575 .filter(cls.field_key == key).scalar()
1576 1576 return row
1577 1577
1578 1578
1579 1579 class Repository(Base, BaseModel):
1580 1580 __tablename__ = 'repositories'
1581 1581 __table_args__ = (
1582 1582 Index('r_repo_name_idx', 'repo_name', mysql_length=255),
1583 1583 base_table_args,
1584 1584 )
1585 1585 DEFAULT_CLONE_URI = '{scheme}://{user}@{netloc}/{repo}'
1586 1586 DEFAULT_CLONE_URI_ID = '{scheme}://{user}@{netloc}/_{repoid}'
1587 1587 DEFAULT_CLONE_URI_SSH = 'ssh://{sys_user}@{hostname}/{repo}'
1588 1588
1589 1589 STATE_CREATED = 'repo_state_created'
1590 1590 STATE_PENDING = 'repo_state_pending'
1591 1591 STATE_ERROR = 'repo_state_error'
1592 1592
1593 1593 LOCK_AUTOMATIC = 'lock_auto'
1594 1594 LOCK_API = 'lock_api'
1595 1595 LOCK_WEB = 'lock_web'
1596 1596 LOCK_PULL = 'lock_pull'
1597 1597
1598 1598 NAME_SEP = URL_SEP
1599 1599
1600 1600 repo_id = Column(
1601 1601 "repo_id", Integer(), nullable=False, unique=True, default=None,
1602 1602 primary_key=True)
1603 1603 _repo_name = Column(
1604 1604 "repo_name", Text(), nullable=False, default=None)
1605 1605 _repo_name_hash = Column(
1606 1606 "repo_name_hash", String(255), nullable=False, unique=True)
1607 1607 repo_state = Column("repo_state", String(255), nullable=True)
1608 1608
1609 1609 clone_uri = Column(
1610 1610 "clone_uri", EncryptedTextValue(), nullable=True, unique=False,
1611 1611 default=None)
1612 1612 push_uri = Column(
1613 1613 "push_uri", EncryptedTextValue(), nullable=True, unique=False,
1614 1614 default=None)
1615 1615 repo_type = Column(
1616 1616 "repo_type", String(255), nullable=False, unique=False, default=None)
1617 1617 user_id = Column(
1618 1618 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
1619 1619 unique=False, default=None)
1620 1620 private = Column(
1621 1621 "private", Boolean(), nullable=True, unique=None, default=None)
1622 1622 archived = Column(
1623 1623 "archived", Boolean(), nullable=True, unique=None, default=None)
1624 1624 enable_statistics = Column(
1625 1625 "statistics", Boolean(), nullable=True, unique=None, default=True)
1626 1626 enable_downloads = Column(
1627 1627 "downloads", Boolean(), nullable=True, unique=None, default=True)
1628 1628 description = Column(
1629 1629 "description", String(10000), nullable=True, unique=None, default=None)
1630 1630 created_on = Column(
1631 1631 'created_on', DateTime(timezone=False), nullable=True, unique=None,
1632 1632 default=datetime.datetime.now)
1633 1633 updated_on = Column(
1634 1634 'updated_on', DateTime(timezone=False), nullable=True, unique=None,
1635 1635 default=datetime.datetime.now)
1636 1636 _landing_revision = Column(
1637 1637 "landing_revision", String(255), nullable=False, unique=False,
1638 1638 default=None)
1639 1639 enable_locking = Column(
1640 1640 "enable_locking", Boolean(), nullable=False, unique=None,
1641 1641 default=False)
1642 1642 _locked = Column(
1643 1643 "locked", String(255), nullable=True, unique=False, default=None)
1644 1644 _changeset_cache = Column(
1645 1645 "changeset_cache", LargeBinary(), nullable=True) # JSON data
1646 1646
1647 1647 fork_id = Column(
1648 1648 "fork_id", Integer(), ForeignKey('repositories.repo_id'),
1649 1649 nullable=True, unique=False, default=None)
1650 1650 group_id = Column(
1651 1651 "group_id", Integer(), ForeignKey('groups.group_id'), nullable=True,
1652 1652 unique=False, default=None)
1653 1653
1654 1654 user = relationship('User', lazy='joined')
1655 1655 fork = relationship('Repository', remote_side=repo_id, lazy='joined')
1656 1656 group = relationship('RepoGroup', lazy='joined')
1657 1657 repo_to_perm = relationship(
1658 1658 'UserRepoToPerm', cascade='all',
1659 1659 order_by='UserRepoToPerm.repo_to_perm_id')
1660 1660 users_group_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1661 1661 stats = relationship('Statistics', cascade='all', uselist=False)
1662 1662
1663 1663 followers = relationship(
1664 1664 'UserFollowing',
1665 1665 primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id',
1666 1666 cascade='all')
1667 1667 extra_fields = relationship(
1668 1668 'RepositoryField', cascade="all, delete, delete-orphan")
1669 1669 logs = relationship('UserLog')
1670 1670 comments = relationship(
1671 1671 'ChangesetComment', cascade="all, delete, delete-orphan")
1672 1672 pull_requests_source = relationship(
1673 1673 'PullRequest',
1674 1674 primaryjoin='PullRequest.source_repo_id==Repository.repo_id',
1675 1675 cascade="all, delete, delete-orphan")
1676 1676 pull_requests_target = relationship(
1677 1677 'PullRequest',
1678 1678 primaryjoin='PullRequest.target_repo_id==Repository.repo_id',
1679 1679 cascade="all, delete, delete-orphan")
1680 1680 ui = relationship('RepoRhodeCodeUi', cascade="all")
1681 1681 settings = relationship('RepoRhodeCodeSetting', cascade="all")
1682 1682 integrations = relationship('Integration', cascade="all, delete, delete-orphan")
1683 1683
1684 1684 scoped_tokens = relationship('UserApiKeys', cascade="all")
1685 1685
1686 1686 artifacts = relationship('FileStore', cascade="all")
1687 1687
1688 1688 def __unicode__(self):
1689 1689 return u"<%s('%s:%s')>" % (self.__class__.__name__, self.repo_id,
1690 1690 safe_unicode(self.repo_name))
1691 1691
1692 1692 @hybrid_property
1693 1693 def description_safe(self):
1694 1694 from rhodecode.lib import helpers as h
1695 1695 return h.escape(self.description)
1696 1696
1697 1697 @hybrid_property
1698 1698 def landing_rev(self):
1699 1699 # always should return [rev_type, rev]
1700 1700 if self._landing_revision:
1701 1701 _rev_info = self._landing_revision.split(':')
1702 1702 if len(_rev_info) < 2:
1703 1703 _rev_info.insert(0, 'rev')
1704 1704 return [_rev_info[0], _rev_info[1]]
1705 1705 return [None, None]
1706 1706
1707 1707 @landing_rev.setter
1708 1708 def landing_rev(self, val):
1709 1709 if ':' not in val:
1710 1710 raise ValueError('value must be delimited with `:` and consist '
1711 1711 'of <rev_type>:<rev>, got %s instead' % val)
1712 1712 self._landing_revision = val
1713 1713
1714 1714 @hybrid_property
1715 1715 def locked(self):
1716 1716 if self._locked:
1717 1717 user_id, timelocked, reason = self._locked.split(':')
1718 1718 lock_values = int(user_id), timelocked, reason
1719 1719 else:
1720 1720 lock_values = [None, None, None]
1721 1721 return lock_values
1722 1722
1723 1723 @locked.setter
1724 1724 def locked(self, val):
1725 1725 if val and isinstance(val, (list, tuple)):
1726 1726 self._locked = ':'.join(map(str, val))
1727 1727 else:
1728 1728 self._locked = None
1729 1729
1730 1730 @hybrid_property
1731 1731 def changeset_cache(self):
1732 1732 from rhodecode.lib.vcs.backends.base import EmptyCommit
1733 1733 dummy = EmptyCommit().__json__()
1734 1734 if not self._changeset_cache:
1735 1735 dummy['source_repo_id'] = self.repo_id
1736 1736 return json.loads(json.dumps(dummy))
1737 1737
1738 1738 try:
1739 1739 return json.loads(self._changeset_cache)
1740 1740 except TypeError:
1741 1741 return dummy
1742 1742 except Exception:
1743 1743 log.error(traceback.format_exc())
1744 1744 return dummy
1745 1745
1746 1746 @changeset_cache.setter
1747 1747 def changeset_cache(self, val):
1748 1748 try:
1749 1749 self._changeset_cache = json.dumps(val)
1750 1750 except Exception:
1751 1751 log.error(traceback.format_exc())
1752 1752
1753 1753 @hybrid_property
1754 1754 def repo_name(self):
1755 1755 return self._repo_name
1756 1756
1757 1757 @repo_name.setter
1758 1758 def repo_name(self, value):
1759 1759 self._repo_name = value
1760 1760 self._repo_name_hash = hashlib.sha1(safe_str(value)).hexdigest()
1761 1761
1762 1762 @classmethod
1763 1763 def normalize_repo_name(cls, repo_name):
1764 1764 """
1765 1765 Normalizes os specific repo_name to the format internally stored inside
1766 1766 database using URL_SEP
1767 1767
1768 1768 :param cls:
1769 1769 :param repo_name:
1770 1770 """
1771 1771 return cls.NAME_SEP.join(repo_name.split(os.sep))
1772 1772
1773 1773 @classmethod
1774 1774 def get_by_repo_name(cls, repo_name, cache=False, identity_cache=False):
1775 1775 session = Session()
1776 1776 q = session.query(cls).filter(cls.repo_name == repo_name)
1777 1777
1778 1778 if cache:
1779 1779 if identity_cache:
1780 1780 val = cls.identity_cache(session, 'repo_name', repo_name)
1781 1781 if val:
1782 1782 return val
1783 1783 else:
1784 1784 cache_key = "get_repo_by_name_%s" % _hash_key(repo_name)
1785 1785 q = q.options(
1786 1786 FromCache("sql_cache_short", cache_key))
1787 1787
1788 1788 return q.scalar()
1789 1789
1790 1790 @classmethod
1791 1791 def get_by_id_or_repo_name(cls, repoid):
1792 1792 if isinstance(repoid, (int, long)):
1793 1793 try:
1794 1794 repo = cls.get(repoid)
1795 1795 except ValueError:
1796 1796 repo = None
1797 1797 else:
1798 1798 repo = cls.get_by_repo_name(repoid)
1799 1799 return repo
1800 1800
1801 1801 @classmethod
1802 1802 def get_by_full_path(cls, repo_full_path):
1803 1803 repo_name = repo_full_path.split(cls.base_path(), 1)[-1]
1804 1804 repo_name = cls.normalize_repo_name(repo_name)
1805 1805 return cls.get_by_repo_name(repo_name.strip(URL_SEP))
1806 1806
1807 1807 @classmethod
1808 1808 def get_repo_forks(cls, repo_id):
1809 1809 return cls.query().filter(Repository.fork_id == repo_id)
1810 1810
1811 1811 @classmethod
1812 1812 def base_path(cls):
1813 1813 """
1814 1814 Returns base path when all repos are stored
1815 1815
1816 1816 :param cls:
1817 1817 """
1818 1818 q = Session().query(RhodeCodeUi)\
1819 1819 .filter(RhodeCodeUi.ui_key == cls.NAME_SEP)
1820 1820 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1821 1821 return q.one().ui_value
1822 1822
1823 1823 @classmethod
1824 1824 def get_all_repos(cls, user_id=Optional(None), group_id=Optional(None),
1825 1825 case_insensitive=True, archived=False):
1826 1826 q = Repository.query()
1827 1827
1828 1828 if not archived:
1829 1829 q = q.filter(Repository.archived.isnot(true()))
1830 1830
1831 1831 if not isinstance(user_id, Optional):
1832 1832 q = q.filter(Repository.user_id == user_id)
1833 1833
1834 1834 if not isinstance(group_id, Optional):
1835 1835 q = q.filter(Repository.group_id == group_id)
1836 1836
1837 1837 if case_insensitive:
1838 1838 q = q.order_by(func.lower(Repository.repo_name))
1839 1839 else:
1840 1840 q = q.order_by(Repository.repo_name)
1841 1841
1842 1842 return q.all()
1843 1843
1844 1844 @property
1845 1845 def repo_uid(self):
1846 1846 return '_{}'.format(self.repo_id)
1847 1847
1848 1848 @property
1849 1849 def forks(self):
1850 1850 """
1851 1851 Return forks of this repo
1852 1852 """
1853 1853 return Repository.get_repo_forks(self.repo_id)
1854 1854
1855 1855 @property
1856 1856 def parent(self):
1857 1857 """
1858 1858 Returns fork parent
1859 1859 """
1860 1860 return self.fork
1861 1861
1862 1862 @property
1863 1863 def just_name(self):
1864 1864 return self.repo_name.split(self.NAME_SEP)[-1]
1865 1865
1866 1866 @property
1867 1867 def groups_with_parents(self):
1868 1868 groups = []
1869 1869 if self.group is None:
1870 1870 return groups
1871 1871
1872 1872 cur_gr = self.group
1873 1873 groups.insert(0, cur_gr)
1874 1874 while 1:
1875 1875 gr = getattr(cur_gr, 'parent_group', None)
1876 1876 cur_gr = cur_gr.parent_group
1877 1877 if gr is None:
1878 1878 break
1879 1879 groups.insert(0, gr)
1880 1880
1881 1881 return groups
1882 1882
1883 1883 @property
1884 1884 def groups_and_repo(self):
1885 1885 return self.groups_with_parents, self
1886 1886
1887 1887 @LazyProperty
1888 1888 def repo_path(self):
1889 1889 """
1890 1890 Returns base full path for that repository means where it actually
1891 1891 exists on a filesystem
1892 1892 """
1893 1893 q = Session().query(RhodeCodeUi).filter(
1894 1894 RhodeCodeUi.ui_key == self.NAME_SEP)
1895 1895 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1896 1896 return q.one().ui_value
1897 1897
1898 1898 @property
1899 1899 def repo_full_path(self):
1900 1900 p = [self.repo_path]
1901 1901 # we need to split the name by / since this is how we store the
1902 1902 # names in the database, but that eventually needs to be converted
1903 1903 # into a valid system path
1904 1904 p += self.repo_name.split(self.NAME_SEP)
1905 1905 return os.path.join(*map(safe_unicode, p))
1906 1906
1907 1907 @property
1908 1908 def cache_keys(self):
1909 1909 """
1910 1910 Returns associated cache keys for that repo
1911 1911 """
1912 1912 invalidation_namespace = CacheKey.REPO_INVALIDATION_NAMESPACE.format(
1913 1913 repo_id=self.repo_id)
1914 1914 return CacheKey.query()\
1915 1915 .filter(CacheKey.cache_args == invalidation_namespace)\
1916 1916 .order_by(CacheKey.cache_key)\
1917 1917 .all()
1918 1918
1919 1919 @property
1920 1920 def cached_diffs_relative_dir(self):
1921 1921 """
1922 1922 Return a relative to the repository store path of cached diffs
1923 1923 used for safe display for users, who shouldn't know the absolute store
1924 1924 path
1925 1925 """
1926 1926 return os.path.join(
1927 1927 os.path.dirname(self.repo_name),
1928 1928 self.cached_diffs_dir.split(os.path.sep)[-1])
1929 1929
1930 1930 @property
1931 1931 def cached_diffs_dir(self):
1932 1932 path = self.repo_full_path
1933 1933 return os.path.join(
1934 1934 os.path.dirname(path),
1935 1935 '.__shadow_diff_cache_repo_{}'.format(self.repo_id))
1936 1936
1937 1937 def cached_diffs(self):
1938 1938 diff_cache_dir = self.cached_diffs_dir
1939 1939 if os.path.isdir(diff_cache_dir):
1940 1940 return os.listdir(diff_cache_dir)
1941 1941 return []
1942 1942
1943 1943 def shadow_repos(self):
1944 1944 shadow_repos_pattern = '.__shadow_repo_{}'.format(self.repo_id)
1945 1945 return [
1946 1946 x for x in os.listdir(os.path.dirname(self.repo_full_path))
1947 1947 if x.startswith(shadow_repos_pattern)]
1948 1948
1949 1949 def get_new_name(self, repo_name):
1950 1950 """
1951 1951 returns new full repository name based on assigned group and new new
1952 1952
1953 1953 :param group_name:
1954 1954 """
1955 1955 path_prefix = self.group.full_path_splitted if self.group else []
1956 1956 return self.NAME_SEP.join(path_prefix + [repo_name])
1957 1957
1958 1958 @property
1959 1959 def _config(self):
1960 1960 """
1961 1961 Returns db based config object.
1962 1962 """
1963 1963 from rhodecode.lib.utils import make_db_config
1964 1964 return make_db_config(clear_session=False, repo=self)
1965 1965
1966 1966 def permissions(self, with_admins=True, with_owner=True,
1967 1967 expand_from_user_groups=False):
1968 1968 """
1969 1969 Permissions for repositories
1970 1970 """
1971 1971 _admin_perm = 'repository.admin'
1972 1972
1973 1973 owner_row = []
1974 1974 if with_owner:
1975 1975 usr = AttributeDict(self.user.get_dict())
1976 1976 usr.owner_row = True
1977 1977 usr.permission = _admin_perm
1978 1978 usr.permission_id = None
1979 1979 owner_row.append(usr)
1980 1980
1981 1981 super_admin_ids = []
1982 1982 super_admin_rows = []
1983 1983 if with_admins:
1984 1984 for usr in User.get_all_super_admins():
1985 1985 super_admin_ids.append(usr.user_id)
1986 1986 # if this admin is also owner, don't double the record
1987 1987 if usr.user_id == owner_row[0].user_id:
1988 1988 owner_row[0].admin_row = True
1989 1989 else:
1990 1990 usr = AttributeDict(usr.get_dict())
1991 1991 usr.admin_row = True
1992 1992 usr.permission = _admin_perm
1993 1993 usr.permission_id = None
1994 1994 super_admin_rows.append(usr)
1995 1995
1996 1996 q = UserRepoToPerm.query().filter(UserRepoToPerm.repository == self)
1997 1997 q = q.options(joinedload(UserRepoToPerm.repository),
1998 1998 joinedload(UserRepoToPerm.user),
1999 1999 joinedload(UserRepoToPerm.permission),)
2000 2000
2001 2001 # get owners and admins and permissions. We do a trick of re-writing
2002 2002 # objects from sqlalchemy to named-tuples due to sqlalchemy session
2003 2003 # has a global reference and changing one object propagates to all
2004 2004 # others. This means if admin is also an owner admin_row that change
2005 2005 # would propagate to both objects
2006 2006 perm_rows = []
2007 2007 for _usr in q.all():
2008 2008 usr = AttributeDict(_usr.user.get_dict())
2009 2009 # if this user is also owner/admin, mark as duplicate record
2010 2010 if usr.user_id == owner_row[0].user_id or usr.user_id in super_admin_ids:
2011 2011 usr.duplicate_perm = True
2012 2012 # also check if this permission is maybe used by branch_permissions
2013 2013 if _usr.branch_perm_entry:
2014 2014 usr.branch_rules = [x.branch_rule_id for x in _usr.branch_perm_entry]
2015 2015
2016 2016 usr.permission = _usr.permission.permission_name
2017 2017 usr.permission_id = _usr.repo_to_perm_id
2018 2018 perm_rows.append(usr)
2019 2019
2020 2020 # filter the perm rows by 'default' first and then sort them by
2021 2021 # admin,write,read,none permissions sorted again alphabetically in
2022 2022 # each group
2023 2023 perm_rows = sorted(perm_rows, key=display_user_sort)
2024 2024
2025 2025 user_groups_rows = []
2026 2026 if expand_from_user_groups:
2027 2027 for ug in self.permission_user_groups(with_members=True):
2028 2028 for user_data in ug.members:
2029 2029 user_groups_rows.append(user_data)
2030 2030
2031 2031 return super_admin_rows + owner_row + perm_rows + user_groups_rows
2032 2032
2033 2033 def permission_user_groups(self, with_members=True):
2034 2034 q = UserGroupRepoToPerm.query()\
2035 2035 .filter(UserGroupRepoToPerm.repository == self)
2036 2036 q = q.options(joinedload(UserGroupRepoToPerm.repository),
2037 2037 joinedload(UserGroupRepoToPerm.users_group),
2038 2038 joinedload(UserGroupRepoToPerm.permission),)
2039 2039
2040 2040 perm_rows = []
2041 2041 for _user_group in q.all():
2042 2042 entry = AttributeDict(_user_group.users_group.get_dict())
2043 2043 entry.permission = _user_group.permission.permission_name
2044 2044 if with_members:
2045 2045 entry.members = [x.user.get_dict()
2046 2046 for x in _user_group.users_group.members]
2047 2047 perm_rows.append(entry)
2048 2048
2049 2049 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2050 2050 return perm_rows
2051 2051
2052 2052 def get_api_data(self, include_secrets=False):
2053 2053 """
2054 2054 Common function for generating repo api data
2055 2055
2056 2056 :param include_secrets: See :meth:`User.get_api_data`.
2057 2057
2058 2058 """
2059 2059 # TODO: mikhail: Here there is an anti-pattern, we probably need to
2060 2060 # move this methods on models level.
2061 2061 from rhodecode.model.settings import SettingsModel
2062 2062 from rhodecode.model.repo import RepoModel
2063 2063
2064 2064 repo = self
2065 2065 _user_id, _time, _reason = self.locked
2066 2066
2067 2067 data = {
2068 2068 'repo_id': repo.repo_id,
2069 2069 'repo_name': repo.repo_name,
2070 2070 'repo_type': repo.repo_type,
2071 2071 'clone_uri': repo.clone_uri or '',
2072 2072 'push_uri': repo.push_uri or '',
2073 2073 'url': RepoModel().get_url(self),
2074 2074 'private': repo.private,
2075 2075 'created_on': repo.created_on,
2076 2076 'description': repo.description_safe,
2077 2077 'landing_rev': repo.landing_rev,
2078 2078 'owner': repo.user.username,
2079 2079 'fork_of': repo.fork.repo_name if repo.fork else None,
2080 2080 'fork_of_id': repo.fork.repo_id if repo.fork else None,
2081 2081 'enable_statistics': repo.enable_statistics,
2082 2082 'enable_locking': repo.enable_locking,
2083 2083 'enable_downloads': repo.enable_downloads,
2084 2084 'last_changeset': repo.changeset_cache,
2085 2085 'locked_by': User.get(_user_id).get_api_data(
2086 2086 include_secrets=include_secrets) if _user_id else None,
2087 2087 'locked_date': time_to_datetime(_time) if _time else None,
2088 2088 'lock_reason': _reason if _reason else None,
2089 2089 }
2090 2090
2091 2091 # TODO: mikhail: should be per-repo settings here
2092 2092 rc_config = SettingsModel().get_all_settings()
2093 2093 repository_fields = str2bool(
2094 2094 rc_config.get('rhodecode_repository_fields'))
2095 2095 if repository_fields:
2096 2096 for f in self.extra_fields:
2097 2097 data[f.field_key_prefixed] = f.field_value
2098 2098
2099 2099 return data
2100 2100
2101 2101 @classmethod
2102 2102 def lock(cls, repo, user_id, lock_time=None, lock_reason=None):
2103 2103 if not lock_time:
2104 2104 lock_time = time.time()
2105 2105 if not lock_reason:
2106 2106 lock_reason = cls.LOCK_AUTOMATIC
2107 2107 repo.locked = [user_id, lock_time, lock_reason]
2108 2108 Session().add(repo)
2109 2109 Session().commit()
2110 2110
2111 2111 @classmethod
2112 2112 def unlock(cls, repo):
2113 2113 repo.locked = None
2114 2114 Session().add(repo)
2115 2115 Session().commit()
2116 2116
2117 2117 @classmethod
2118 2118 def getlock(cls, repo):
2119 2119 return repo.locked
2120 2120
2121 2121 def is_user_lock(self, user_id):
2122 2122 if self.lock[0]:
2123 2123 lock_user_id = safe_int(self.lock[0])
2124 2124 user_id = safe_int(user_id)
2125 2125 # both are ints, and they are equal
2126 2126 return all([lock_user_id, user_id]) and lock_user_id == user_id
2127 2127
2128 2128 return False
2129 2129
2130 2130 def get_locking_state(self, action, user_id, only_when_enabled=True):
2131 2131 """
2132 2132 Checks locking on this repository, if locking is enabled and lock is
2133 2133 present returns a tuple of make_lock, locked, locked_by.
2134 2134 make_lock can have 3 states None (do nothing) True, make lock
2135 2135 False release lock, This value is later propagated to hooks, which
2136 2136 do the locking. Think about this as signals passed to hooks what to do.
2137 2137
2138 2138 """
2139 2139 # TODO: johbo: This is part of the business logic and should be moved
2140 2140 # into the RepositoryModel.
2141 2141
2142 2142 if action not in ('push', 'pull'):
2143 2143 raise ValueError("Invalid action value: %s" % repr(action))
2144 2144
2145 2145 # defines if locked error should be thrown to user
2146 2146 currently_locked = False
2147 2147 # defines if new lock should be made, tri-state
2148 2148 make_lock = None
2149 2149 repo = self
2150 2150 user = User.get(user_id)
2151 2151
2152 2152 lock_info = repo.locked
2153 2153
2154 2154 if repo and (repo.enable_locking or not only_when_enabled):
2155 2155 if action == 'push':
2156 2156 # check if it's already locked !, if it is compare users
2157 2157 locked_by_user_id = lock_info[0]
2158 2158 if user.user_id == locked_by_user_id:
2159 2159 log.debug(
2160 2160 'Got `push` action from user %s, now unlocking', user)
2161 2161 # unlock if we have push from user who locked
2162 2162 make_lock = False
2163 2163 else:
2164 2164 # we're not the same user who locked, ban with
2165 2165 # code defined in settings (default is 423 HTTP Locked) !
2166 2166 log.debug('Repo %s is currently locked by %s', repo, user)
2167 2167 currently_locked = True
2168 2168 elif action == 'pull':
2169 2169 # [0] user [1] date
2170 2170 if lock_info[0] and lock_info[1]:
2171 2171 log.debug('Repo %s is currently locked by %s', repo, user)
2172 2172 currently_locked = True
2173 2173 else:
2174 2174 log.debug('Setting lock on repo %s by %s', repo, user)
2175 2175 make_lock = True
2176 2176
2177 2177 else:
2178 2178 log.debug('Repository %s do not have locking enabled', repo)
2179 2179
2180 2180 log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s',
2181 2181 make_lock, currently_locked, lock_info)
2182 2182
2183 2183 from rhodecode.lib.auth import HasRepoPermissionAny
2184 2184 perm_check = HasRepoPermissionAny('repository.write', 'repository.admin')
2185 2185 if make_lock and not perm_check(repo_name=repo.repo_name, user=user):
2186 2186 # if we don't have at least write permission we cannot make a lock
2187 2187 log.debug('lock state reset back to FALSE due to lack '
2188 2188 'of at least read permission')
2189 2189 make_lock = False
2190 2190
2191 2191 return make_lock, currently_locked, lock_info
2192 2192
2193 2193 @property
2194 2194 def last_commit_cache_update_diff(self):
2195 2195 return time.time() - (safe_int(self.changeset_cache.get('updated_on')) or 0)
2196 2196
2197 2197 @property
2198 2198 def last_commit_change(self):
2199 2199 from rhodecode.lib.vcs.utils.helpers import parse_datetime
2200 2200 empty_date = datetime.datetime.fromtimestamp(0)
2201 2201 date_latest = self.changeset_cache.get('date', empty_date)
2202 2202 try:
2203 2203 return parse_datetime(date_latest)
2204 2204 except Exception:
2205 2205 return empty_date
2206 2206
2207 2207 @property
2208 2208 def last_db_change(self):
2209 2209 return self.updated_on
2210 2210
2211 2211 @property
2212 2212 def clone_uri_hidden(self):
2213 2213 clone_uri = self.clone_uri
2214 2214 if clone_uri:
2215 2215 import urlobject
2216 2216 url_obj = urlobject.URLObject(cleaned_uri(clone_uri))
2217 2217 if url_obj.password:
2218 2218 clone_uri = url_obj.with_password('*****')
2219 2219 return clone_uri
2220 2220
2221 2221 @property
2222 2222 def push_uri_hidden(self):
2223 2223 push_uri = self.push_uri
2224 2224 if push_uri:
2225 2225 import urlobject
2226 2226 url_obj = urlobject.URLObject(cleaned_uri(push_uri))
2227 2227 if url_obj.password:
2228 2228 push_uri = url_obj.with_password('*****')
2229 2229 return push_uri
2230 2230
2231 2231 def clone_url(self, **override):
2232 2232 from rhodecode.model.settings import SettingsModel
2233 2233
2234 2234 uri_tmpl = None
2235 2235 if 'with_id' in override:
2236 2236 uri_tmpl = self.DEFAULT_CLONE_URI_ID
2237 2237 del override['with_id']
2238 2238
2239 2239 if 'uri_tmpl' in override:
2240 2240 uri_tmpl = override['uri_tmpl']
2241 2241 del override['uri_tmpl']
2242 2242
2243 2243 ssh = False
2244 2244 if 'ssh' in override:
2245 2245 ssh = True
2246 2246 del override['ssh']
2247 2247
2248 2248 # we didn't override our tmpl from **overrides
2249 2249 request = get_current_request()
2250 2250 if not uri_tmpl:
2251 2251 if hasattr(request, 'call_context') and hasattr(request.call_context, 'rc_config'):
2252 2252 rc_config = request.call_context.rc_config
2253 2253 else:
2254 2254 rc_config = SettingsModel().get_all_settings(cache=True)
2255 2255 if ssh:
2256 2256 uri_tmpl = rc_config.get(
2257 2257 'rhodecode_clone_uri_ssh_tmpl') or self.DEFAULT_CLONE_URI_SSH
2258 2258 else:
2259 2259 uri_tmpl = rc_config.get(
2260 2260 'rhodecode_clone_uri_tmpl') or self.DEFAULT_CLONE_URI
2261 2261
2262 2262 return get_clone_url(request=request,
2263 2263 uri_tmpl=uri_tmpl,
2264 2264 repo_name=self.repo_name,
2265 2265 repo_id=self.repo_id, **override)
2266 2266
2267 2267 def set_state(self, state):
2268 2268 self.repo_state = state
2269 2269 Session().add(self)
2270 2270 #==========================================================================
2271 2271 # SCM PROPERTIES
2272 2272 #==========================================================================
2273 2273
2274 2274 def get_commit(self, commit_id=None, commit_idx=None, pre_load=None):
2275 2275 return get_commit_safe(
2276 2276 self.scm_instance(), commit_id, commit_idx, pre_load=pre_load)
2277 2277
2278 2278 def get_changeset(self, rev=None, pre_load=None):
2279 2279 warnings.warn("Use get_commit", DeprecationWarning)
2280 2280 commit_id = None
2281 2281 commit_idx = None
2282 2282 if isinstance(rev, compat.string_types):
2283 2283 commit_id = rev
2284 2284 else:
2285 2285 commit_idx = rev
2286 2286 return self.get_commit(commit_id=commit_id, commit_idx=commit_idx,
2287 2287 pre_load=pre_load)
2288 2288
2289 2289 def get_landing_commit(self):
2290 2290 """
2291 2291 Returns landing commit, or if that doesn't exist returns the tip
2292 2292 """
2293 2293 _rev_type, _rev = self.landing_rev
2294 2294 commit = self.get_commit(_rev)
2295 2295 if isinstance(commit, EmptyCommit):
2296 2296 return self.get_commit()
2297 2297 return commit
2298 2298
2299 2299 def update_commit_cache(self, cs_cache=None, config=None):
2300 2300 """
2301 2301 Update cache of last commit for repository, keys should be::
2302 2302
2303 2303 source_repo_id
2304 2304 short_id
2305 2305 raw_id
2306 2306 revision
2307 2307 parents
2308 2308 message
2309 2309 date
2310 2310 author
2311 2311 updated_on
2312 2312
2313 2313 """
2314 2314 from rhodecode.lib.vcs.backends.base import BaseChangeset
2315 2315 if cs_cache is None:
2316 2316 # use no-cache version here
2317 2317 scm_repo = self.scm_instance(cache=False, config=config)
2318 2318
2319 2319 empty = scm_repo is None or scm_repo.is_empty()
2320 2320 if not empty:
2321 2321 cs_cache = scm_repo.get_commit(
2322 2322 pre_load=["author", "date", "message", "parents", "branch"])
2323 2323 else:
2324 2324 cs_cache = EmptyCommit()
2325 2325
2326 2326 if isinstance(cs_cache, BaseChangeset):
2327 2327 cs_cache = cs_cache.__json__()
2328 2328
2329 2329 def is_outdated(new_cs_cache):
2330 2330 if (new_cs_cache['raw_id'] != self.changeset_cache['raw_id'] or
2331 2331 new_cs_cache['revision'] != self.changeset_cache['revision']):
2332 2332 return True
2333 2333 return False
2334 2334
2335 2335 # check if we have maybe already latest cached revision
2336 2336 if is_outdated(cs_cache) or not self.changeset_cache:
2337 2337 _default = datetime.datetime.utcnow()
2338 2338 last_change = cs_cache.get('date') or _default
2339 2339 # we check if last update is newer than the new value
2340 2340 # if yes, we use the current timestamp instead. Imagine you get
2341 2341 # old commit pushed 1y ago, we'd set last update 1y to ago.
2342 2342 last_change_timestamp = datetime_to_time(last_change)
2343 2343 current_timestamp = datetime_to_time(last_change)
2344 2344 if last_change_timestamp > current_timestamp:
2345 2345 cs_cache['date'] = _default
2346 2346
2347 2347 cs_cache['updated_on'] = time.time()
2348 2348 self.changeset_cache = cs_cache
2349 2349 Session().add(self)
2350 2350 Session().commit()
2351 2351
2352 2352 log.debug('updated repo %s with new commit cache %s',
2353 2353 self.repo_name, cs_cache)
2354 2354 else:
2355 2355 cs_cache = self.changeset_cache
2356 2356 cs_cache['updated_on'] = time.time()
2357 2357 self.changeset_cache = cs_cache
2358 2358 Session().add(self)
2359 2359 Session().commit()
2360 2360
2361 2361 log.debug('Skipping update_commit_cache for repo:`%s` '
2362 2362 'commit already with latest changes', self.repo_name)
2363 2363
2364 2364 @property
2365 2365 def tip(self):
2366 2366 return self.get_commit('tip')
2367 2367
2368 2368 @property
2369 2369 def author(self):
2370 2370 return self.tip.author
2371 2371
2372 2372 @property
2373 2373 def last_change(self):
2374 2374 return self.scm_instance().last_change
2375 2375
2376 2376 def get_comments(self, revisions=None):
2377 2377 """
2378 2378 Returns comments for this repository grouped by revisions
2379 2379
2380 2380 :param revisions: filter query by revisions only
2381 2381 """
2382 2382 cmts = ChangesetComment.query()\
2383 2383 .filter(ChangesetComment.repo == self)
2384 2384 if revisions:
2385 2385 cmts = cmts.filter(ChangesetComment.revision.in_(revisions))
2386 2386 grouped = collections.defaultdict(list)
2387 2387 for cmt in cmts.all():
2388 2388 grouped[cmt.revision].append(cmt)
2389 2389 return grouped
2390 2390
2391 2391 def statuses(self, revisions=None):
2392 2392 """
2393 2393 Returns statuses for this repository
2394 2394
2395 2395 :param revisions: list of revisions to get statuses for
2396 2396 """
2397 2397 statuses = ChangesetStatus.query()\
2398 2398 .filter(ChangesetStatus.repo == self)\
2399 2399 .filter(ChangesetStatus.version == 0)
2400 2400
2401 2401 if revisions:
2402 2402 # Try doing the filtering in chunks to avoid hitting limits
2403 2403 size = 500
2404 2404 status_results = []
2405 2405 for chunk in xrange(0, len(revisions), size):
2406 2406 status_results += statuses.filter(
2407 2407 ChangesetStatus.revision.in_(
2408 2408 revisions[chunk: chunk+size])
2409 2409 ).all()
2410 2410 else:
2411 2411 status_results = statuses.all()
2412 2412
2413 2413 grouped = {}
2414 2414
2415 2415 # maybe we have open new pullrequest without a status?
2416 2416 stat = ChangesetStatus.STATUS_UNDER_REVIEW
2417 2417 status_lbl = ChangesetStatus.get_status_lbl(stat)
2418 2418 for pr in PullRequest.query().filter(PullRequest.source_repo == self).all():
2419 2419 for rev in pr.revisions:
2420 2420 pr_id = pr.pull_request_id
2421 2421 pr_repo = pr.target_repo.repo_name
2422 2422 grouped[rev] = [stat, status_lbl, pr_id, pr_repo]
2423 2423
2424 2424 for stat in status_results:
2425 2425 pr_id = pr_repo = None
2426 2426 if stat.pull_request:
2427 2427 pr_id = stat.pull_request.pull_request_id
2428 2428 pr_repo = stat.pull_request.target_repo.repo_name
2429 2429 grouped[stat.revision] = [str(stat.status), stat.status_lbl,
2430 2430 pr_id, pr_repo]
2431 2431 return grouped
2432 2432
2433 2433 # ==========================================================================
2434 2434 # SCM CACHE INSTANCE
2435 2435 # ==========================================================================
2436 2436
2437 2437 def scm_instance(self, **kwargs):
2438 2438 import rhodecode
2439 2439
2440 2440 # Passing a config will not hit the cache currently only used
2441 2441 # for repo2dbmapper
2442 2442 config = kwargs.pop('config', None)
2443 2443 cache = kwargs.pop('cache', None)
2444 2444 vcs_full_cache = kwargs.pop('vcs_full_cache', None)
2445 2445 if vcs_full_cache is not None:
2446 2446 # allows override global config
2447 2447 full_cache = vcs_full_cache
2448 2448 else:
2449 2449 full_cache = str2bool(rhodecode.CONFIG.get('vcs_full_cache'))
2450 2450 # if cache is NOT defined use default global, else we have a full
2451 2451 # control over cache behaviour
2452 2452 if cache is None and full_cache and not config:
2453 2453 log.debug('Initializing pure cached instance for %s', self.repo_path)
2454 2454 return self._get_instance_cached()
2455 2455
2456 2456 # cache here is sent to the "vcs server"
2457 2457 return self._get_instance(cache=bool(cache), config=config)
2458 2458
2459 2459 def _get_instance_cached(self):
2460 2460 from rhodecode.lib import rc_cache
2461 2461
2462 2462 cache_namespace_uid = 'cache_repo_instance.{}'.format(self.repo_id)
2463 2463 invalidation_namespace = CacheKey.REPO_INVALIDATION_NAMESPACE.format(
2464 2464 repo_id=self.repo_id)
2465 2465 region = rc_cache.get_or_create_region('cache_repo_longterm', cache_namespace_uid)
2466 2466
2467 2467 @region.conditional_cache_on_arguments(namespace=cache_namespace_uid)
2468 2468 def get_instance_cached(repo_id, context_id, _cache_state_uid):
2469 2469 return self._get_instance(repo_state_uid=_cache_state_uid)
2470 2470
2471 2471 # we must use thread scoped cache here,
2472 2472 # because each thread of gevent needs it's own not shared connection and cache
2473 2473 # we also alter `args` so the cache key is individual for every green thread.
2474 2474 inv_context_manager = rc_cache.InvalidationContext(
2475 2475 uid=cache_namespace_uid, invalidation_namespace=invalidation_namespace,
2476 2476 thread_scoped=True)
2477 2477 with inv_context_manager as invalidation_context:
2478 2478 cache_state_uid = invalidation_context.cache_data['cache_state_uid']
2479 2479 args = (self.repo_id, inv_context_manager.cache_key, cache_state_uid)
2480 2480
2481 2481 # re-compute and store cache if we get invalidate signal
2482 2482 if invalidation_context.should_invalidate():
2483 2483 instance = get_instance_cached.refresh(*args)
2484 2484 else:
2485 2485 instance = get_instance_cached(*args)
2486 2486
2487 2487 log.debug('Repo instance fetched in %.4fs', inv_context_manager.compute_time)
2488 2488 return instance
2489 2489
2490 2490 def _get_instance(self, cache=True, config=None, repo_state_uid=None):
2491 2491 log.debug('Initializing %s instance `%s` with cache flag set to: %s',
2492 2492 self.repo_type, self.repo_path, cache)
2493 2493 config = config or self._config
2494 2494 custom_wire = {
2495 2495 'cache': cache, # controls the vcs.remote cache
2496 2496 'repo_state_uid': repo_state_uid
2497 2497 }
2498 2498 repo = get_vcs_instance(
2499 2499 repo_path=safe_str(self.repo_full_path),
2500 2500 config=config,
2501 2501 with_wire=custom_wire,
2502 2502 create=False,
2503 2503 _vcs_alias=self.repo_type)
2504 2504 if repo is not None:
2505 2505 repo.count() # cache rebuild
2506 2506 return repo
2507 2507
2508 2508 def get_shadow_repository_path(self, workspace_id):
2509 2509 from rhodecode.lib.vcs.backends.base import BaseRepository
2510 2510 shadow_repo_path = BaseRepository._get_shadow_repository_path(
2511 2511 self.repo_full_path, self.repo_id, workspace_id)
2512 2512 return shadow_repo_path
2513 2513
2514 2514 def __json__(self):
2515 2515 return {'landing_rev': self.landing_rev}
2516 2516
2517 2517 def get_dict(self):
2518 2518
2519 2519 # Since we transformed `repo_name` to a hybrid property, we need to
2520 2520 # keep compatibility with the code which uses `repo_name` field.
2521 2521
2522 2522 result = super(Repository, self).get_dict()
2523 2523 result['repo_name'] = result.pop('_repo_name', None)
2524 2524 return result
2525 2525
2526 2526
2527 2527 class RepoGroup(Base, BaseModel):
2528 2528 __tablename__ = 'groups'
2529 2529 __table_args__ = (
2530 2530 UniqueConstraint('group_name', 'group_parent_id'),
2531 2531 base_table_args,
2532 2532 )
2533 2533 __mapper_args__ = {'order_by': 'group_name'}
2534 2534
2535 2535 CHOICES_SEPARATOR = '/' # used to generate select2 choices for nested groups
2536 2536
2537 2537 group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2538 2538 _group_name = Column("group_name", String(255), nullable=False, unique=True, default=None)
2539 2539 group_name_hash = Column("repo_group_name_hash", String(1024), nullable=False, unique=False)
2540 2540 group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
2541 2541 group_description = Column("group_description", String(10000), nullable=True, unique=None, default=None)
2542 2542 enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)
2543 2543 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
2544 2544 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
2545 2545 updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
2546 2546 personal = Column('personal', Boolean(), nullable=True, unique=None, default=None)
2547 2547 _changeset_cache = Column(
2548 2548 "changeset_cache", LargeBinary(), nullable=True) # JSON data
2549 2549
2550 2550 repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')
2551 2551 users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
2552 2552 parent_group = relationship('RepoGroup', remote_side=group_id)
2553 2553 user = relationship('User')
2554 2554 integrations = relationship('Integration', cascade="all, delete, delete-orphan")
2555 2555
2556 2556 def __init__(self, group_name='', parent_group=None):
2557 2557 self.group_name = group_name
2558 2558 self.parent_group = parent_group
2559 2559
2560 2560 def __unicode__(self):
2561 2561 return u"<%s('id:%s:%s')>" % (
2562 2562 self.__class__.__name__, self.group_id, self.group_name)
2563 2563
2564 2564 @hybrid_property
2565 2565 def group_name(self):
2566 2566 return self._group_name
2567 2567
2568 2568 @group_name.setter
2569 2569 def group_name(self, value):
2570 2570 self._group_name = value
2571 2571 self.group_name_hash = self.hash_repo_group_name(value)
2572 2572
2573 2573 @hybrid_property
2574 2574 def changeset_cache(self):
2575 2575 from rhodecode.lib.vcs.backends.base import EmptyCommit
2576 2576 dummy = EmptyCommit().__json__()
2577 2577 if not self._changeset_cache:
2578 2578 dummy['source_repo_id'] = ''
2579 2579 return json.loads(json.dumps(dummy))
2580 2580
2581 2581 try:
2582 2582 return json.loads(self._changeset_cache)
2583 2583 except TypeError:
2584 2584 return dummy
2585 2585 except Exception:
2586 2586 log.error(traceback.format_exc())
2587 2587 return dummy
2588 2588
2589 2589 @changeset_cache.setter
2590 2590 def changeset_cache(self, val):
2591 2591 try:
2592 2592 self._changeset_cache = json.dumps(val)
2593 2593 except Exception:
2594 2594 log.error(traceback.format_exc())
2595 2595
2596 2596 @validates('group_parent_id')
2597 2597 def validate_group_parent_id(self, key, val):
2598 2598 """
2599 2599 Check cycle references for a parent group to self
2600 2600 """
2601 2601 if self.group_id and val:
2602 2602 assert val != self.group_id
2603 2603
2604 2604 return val
2605 2605
2606 2606 @hybrid_property
2607 2607 def description_safe(self):
2608 2608 from rhodecode.lib import helpers as h
2609 2609 return h.escape(self.group_description)
2610 2610
2611 2611 @classmethod
2612 2612 def hash_repo_group_name(cls, repo_group_name):
2613 2613 val = remove_formatting(repo_group_name)
2614 2614 val = safe_str(val).lower()
2615 2615 chars = []
2616 2616 for c in val:
2617 2617 if c not in string.ascii_letters:
2618 2618 c = str(ord(c))
2619 2619 chars.append(c)
2620 2620
2621 2621 return ''.join(chars)
2622 2622
2623 2623 @classmethod
2624 2624 def _generate_choice(cls, repo_group):
2625 2625 from webhelpers.html import literal as _literal
2626 2626 _name = lambda k: _literal(cls.CHOICES_SEPARATOR.join(k))
2627 2627 return repo_group.group_id, _name(repo_group.full_path_splitted)
2628 2628
2629 2629 @classmethod
2630 2630 def groups_choices(cls, groups=None, show_empty_group=True):
2631 2631 if not groups:
2632 2632 groups = cls.query().all()
2633 2633
2634 2634 repo_groups = []
2635 2635 if show_empty_group:
2636 2636 repo_groups = [(-1, u'-- %s --' % _('No parent'))]
2637 2637
2638 2638 repo_groups.extend([cls._generate_choice(x) for x in groups])
2639 2639
2640 2640 repo_groups = sorted(
2641 2641 repo_groups, key=lambda t: t[1].split(cls.CHOICES_SEPARATOR)[0])
2642 2642 return repo_groups
2643 2643
2644 2644 @classmethod
2645 2645 def url_sep(cls):
2646 2646 return URL_SEP
2647 2647
2648 2648 @classmethod
2649 2649 def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
2650 2650 if case_insensitive:
2651 2651 gr = cls.query().filter(func.lower(cls.group_name)
2652 2652 == func.lower(group_name))
2653 2653 else:
2654 2654 gr = cls.query().filter(cls.group_name == group_name)
2655 2655 if cache:
2656 2656 name_key = _hash_key(group_name)
2657 2657 gr = gr.options(
2658 2658 FromCache("sql_cache_short", "get_group_%s" % name_key))
2659 2659 return gr.scalar()
2660 2660
2661 2661 @classmethod
2662 2662 def get_user_personal_repo_group(cls, user_id):
2663 2663 user = User.get(user_id)
2664 2664 if user.username == User.DEFAULT_USER:
2665 2665 return None
2666 2666
2667 2667 return cls.query()\
2668 2668 .filter(cls.personal == true()) \
2669 2669 .filter(cls.user == user) \
2670 2670 .order_by(cls.group_id.asc()) \
2671 2671 .first()
2672 2672
2673 2673 @classmethod
2674 2674 def get_all_repo_groups(cls, user_id=Optional(None), group_id=Optional(None),
2675 2675 case_insensitive=True):
2676 2676 q = RepoGroup.query()
2677 2677
2678 2678 if not isinstance(user_id, Optional):
2679 2679 q = q.filter(RepoGroup.user_id == user_id)
2680 2680
2681 2681 if not isinstance(group_id, Optional):
2682 2682 q = q.filter(RepoGroup.group_parent_id == group_id)
2683 2683
2684 2684 if case_insensitive:
2685 2685 q = q.order_by(func.lower(RepoGroup.group_name))
2686 2686 else:
2687 2687 q = q.order_by(RepoGroup.group_name)
2688 2688 return q.all()
2689 2689
2690 2690 @property
2691 2691 def parents(self, parents_recursion_limit = 10):
2692 2692 groups = []
2693 2693 if self.parent_group is None:
2694 2694 return groups
2695 2695 cur_gr = self.parent_group
2696 2696 groups.insert(0, cur_gr)
2697 2697 cnt = 0
2698 2698 while 1:
2699 2699 cnt += 1
2700 2700 gr = getattr(cur_gr, 'parent_group', None)
2701 2701 cur_gr = cur_gr.parent_group
2702 2702 if gr is None:
2703 2703 break
2704 2704 if cnt == parents_recursion_limit:
2705 2705 # this will prevent accidental infinit loops
2706 2706 log.error('more than %s parents found for group %s, stopping '
2707 2707 'recursive parent fetching', parents_recursion_limit, self)
2708 2708 break
2709 2709
2710 2710 groups.insert(0, gr)
2711 2711 return groups
2712 2712
2713 2713 @property
2714 2714 def last_commit_cache_update_diff(self):
2715 2715 return time.time() - (safe_int(self.changeset_cache.get('updated_on')) or 0)
2716 2716
2717 2717 @property
2718 2718 def last_commit_change(self):
2719 2719 from rhodecode.lib.vcs.utils.helpers import parse_datetime
2720 2720 empty_date = datetime.datetime.fromtimestamp(0)
2721 2721 date_latest = self.changeset_cache.get('date', empty_date)
2722 2722 try:
2723 2723 return parse_datetime(date_latest)
2724 2724 except Exception:
2725 2725 return empty_date
2726 2726
2727 2727 @property
2728 2728 def last_db_change(self):
2729 2729 return self.updated_on
2730 2730
2731 2731 @property
2732 2732 def children(self):
2733 2733 return RepoGroup.query().filter(RepoGroup.parent_group == self)
2734 2734
2735 2735 @property
2736 2736 def name(self):
2737 2737 return self.group_name.split(RepoGroup.url_sep())[-1]
2738 2738
2739 2739 @property
2740 2740 def full_path(self):
2741 2741 return self.group_name
2742 2742
2743 2743 @property
2744 2744 def full_path_splitted(self):
2745 2745 return self.group_name.split(RepoGroup.url_sep())
2746 2746
2747 2747 @property
2748 2748 def repositories(self):
2749 2749 return Repository.query()\
2750 2750 .filter(Repository.group == self)\
2751 2751 .order_by(Repository.repo_name)
2752 2752
2753 2753 @property
2754 2754 def repositories_recursive_count(self):
2755 2755 cnt = self.repositories.count()
2756 2756
2757 2757 def children_count(group):
2758 2758 cnt = 0
2759 2759 for child in group.children:
2760 2760 cnt += child.repositories.count()
2761 2761 cnt += children_count(child)
2762 2762 return cnt
2763 2763
2764 2764 return cnt + children_count(self)
2765 2765
2766 2766 def _recursive_objects(self, include_repos=True, include_groups=True):
2767 2767 all_ = []
2768 2768
2769 2769 def _get_members(root_gr):
2770 2770 if include_repos:
2771 2771 for r in root_gr.repositories:
2772 2772 all_.append(r)
2773 2773 childs = root_gr.children.all()
2774 2774 if childs:
2775 2775 for gr in childs:
2776 2776 if include_groups:
2777 2777 all_.append(gr)
2778 2778 _get_members(gr)
2779 2779
2780 2780 root_group = []
2781 2781 if include_groups:
2782 2782 root_group = [self]
2783 2783
2784 2784 _get_members(self)
2785 2785 return root_group + all_
2786 2786
2787 2787 def recursive_groups_and_repos(self):
2788 2788 """
2789 2789 Recursive return all groups, with repositories in those groups
2790 2790 """
2791 2791 return self._recursive_objects()
2792 2792
2793 2793 def recursive_groups(self):
2794 2794 """
2795 2795 Returns all children groups for this group including children of children
2796 2796 """
2797 2797 return self._recursive_objects(include_repos=False)
2798 2798
2799 2799 def recursive_repos(self):
2800 2800 """
2801 2801 Returns all children repositories for this group
2802 2802 """
2803 2803 return self._recursive_objects(include_groups=False)
2804 2804
2805 2805 def get_new_name(self, group_name):
2806 2806 """
2807 2807 returns new full group name based on parent and new name
2808 2808
2809 2809 :param group_name:
2810 2810 """
2811 2811 path_prefix = (self.parent_group.full_path_splitted if
2812 2812 self.parent_group else [])
2813 2813 return RepoGroup.url_sep().join(path_prefix + [group_name])
2814 2814
2815 2815 def update_commit_cache(self, config=None):
2816 2816 """
2817 2817 Update cache of last changeset for newest repository inside this group, keys should be::
2818 2818
2819 2819 source_repo_id
2820 2820 short_id
2821 2821 raw_id
2822 2822 revision
2823 2823 parents
2824 2824 message
2825 2825 date
2826 2826 author
2827 2827
2828 2828 """
2829 2829 from rhodecode.lib.vcs.utils.helpers import parse_datetime
2830 2830
2831 2831 def repo_groups_and_repos():
2832 2832 all_entries = OrderedDefaultDict(list)
2833 2833
2834 2834 def _get_members(root_gr, pos=0):
2835 2835
2836 2836 for repo in root_gr.repositories:
2837 2837 all_entries[root_gr].append(repo)
2838 2838
2839 2839 # fill in all parent positions
2840 2840 for parent_group in root_gr.parents:
2841 2841 all_entries[parent_group].extend(all_entries[root_gr])
2842 2842
2843 2843 children_groups = root_gr.children.all()
2844 2844 if children_groups:
2845 2845 for cnt, gr in enumerate(children_groups, 1):
2846 2846 _get_members(gr, pos=pos+cnt)
2847 2847
2848 2848 _get_members(root_gr=self)
2849 2849 return all_entries
2850 2850
2851 2851 empty_date = datetime.datetime.fromtimestamp(0)
2852 2852 for repo_group, repos in repo_groups_and_repos().items():
2853 2853
2854 2854 latest_repo_cs_cache = {}
2855 2855 for repo in repos:
2856 2856 repo_cs_cache = repo.changeset_cache
2857 2857 date_latest = latest_repo_cs_cache.get('date', empty_date)
2858 2858 date_current = repo_cs_cache.get('date', empty_date)
2859 2859 current_timestamp = datetime_to_time(parse_datetime(date_latest))
2860 2860 if current_timestamp < datetime_to_time(parse_datetime(date_current)):
2861 2861 latest_repo_cs_cache = repo_cs_cache
2862 2862 latest_repo_cs_cache['source_repo_id'] = repo.repo_id
2863 2863
2864 2864 latest_repo_cs_cache['updated_on'] = time.time()
2865 2865 repo_group.changeset_cache = latest_repo_cs_cache
2866 2866 Session().add(repo_group)
2867 2867 Session().commit()
2868 2868
2869 2869 log.debug('updated repo group %s with new commit cache %s',
2870 2870 repo_group.group_name, latest_repo_cs_cache)
2871 2871
2872 2872 def permissions(self, with_admins=True, with_owner=True,
2873 2873 expand_from_user_groups=False):
2874 2874 """
2875 2875 Permissions for repository groups
2876 2876 """
2877 2877 _admin_perm = 'group.admin'
2878 2878
2879 2879 owner_row = []
2880 2880 if with_owner:
2881 2881 usr = AttributeDict(self.user.get_dict())
2882 2882 usr.owner_row = True
2883 2883 usr.permission = _admin_perm
2884 2884 owner_row.append(usr)
2885 2885
2886 2886 super_admin_ids = []
2887 2887 super_admin_rows = []
2888 2888 if with_admins:
2889 2889 for usr in User.get_all_super_admins():
2890 2890 super_admin_ids.append(usr.user_id)
2891 2891 # if this admin is also owner, don't double the record
2892 2892 if usr.user_id == owner_row[0].user_id:
2893 2893 owner_row[0].admin_row = True
2894 2894 else:
2895 2895 usr = AttributeDict(usr.get_dict())
2896 2896 usr.admin_row = True
2897 2897 usr.permission = _admin_perm
2898 2898 super_admin_rows.append(usr)
2899 2899
2900 2900 q = UserRepoGroupToPerm.query().filter(UserRepoGroupToPerm.group == self)
2901 2901 q = q.options(joinedload(UserRepoGroupToPerm.group),
2902 2902 joinedload(UserRepoGroupToPerm.user),
2903 2903 joinedload(UserRepoGroupToPerm.permission),)
2904 2904
2905 2905 # get owners and admins and permissions. We do a trick of re-writing
2906 2906 # objects from sqlalchemy to named-tuples due to sqlalchemy session
2907 2907 # has a global reference and changing one object propagates to all
2908 2908 # others. This means if admin is also an owner admin_row that change
2909 2909 # would propagate to both objects
2910 2910 perm_rows = []
2911 2911 for _usr in q.all():
2912 2912 usr = AttributeDict(_usr.user.get_dict())
2913 2913 # if this user is also owner/admin, mark as duplicate record
2914 2914 if usr.user_id == owner_row[0].user_id or usr.user_id in super_admin_ids:
2915 2915 usr.duplicate_perm = True
2916 2916 usr.permission = _usr.permission.permission_name
2917 2917 perm_rows.append(usr)
2918 2918
2919 2919 # filter the perm rows by 'default' first and then sort them by
2920 2920 # admin,write,read,none permissions sorted again alphabetically in
2921 2921 # each group
2922 2922 perm_rows = sorted(perm_rows, key=display_user_sort)
2923 2923
2924 2924 user_groups_rows = []
2925 2925 if expand_from_user_groups:
2926 2926 for ug in self.permission_user_groups(with_members=True):
2927 2927 for user_data in ug.members:
2928 2928 user_groups_rows.append(user_data)
2929 2929
2930 2930 return super_admin_rows + owner_row + perm_rows + user_groups_rows
2931 2931
2932 2932 def permission_user_groups(self, with_members=False):
2933 2933 q = UserGroupRepoGroupToPerm.query()\
2934 2934 .filter(UserGroupRepoGroupToPerm.group == self)
2935 2935 q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
2936 2936 joinedload(UserGroupRepoGroupToPerm.users_group),
2937 2937 joinedload(UserGroupRepoGroupToPerm.permission),)
2938 2938
2939 2939 perm_rows = []
2940 2940 for _user_group in q.all():
2941 2941 entry = AttributeDict(_user_group.users_group.get_dict())
2942 2942 entry.permission = _user_group.permission.permission_name
2943 2943 if with_members:
2944 2944 entry.members = [x.user.get_dict()
2945 2945 for x in _user_group.users_group.members]
2946 2946 perm_rows.append(entry)
2947 2947
2948 2948 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2949 2949 return perm_rows
2950 2950
2951 2951 def get_api_data(self):
2952 2952 """
2953 2953 Common function for generating api data
2954 2954
2955 2955 """
2956 2956 group = self
2957 2957 data = {
2958 2958 'group_id': group.group_id,
2959 2959 'group_name': group.group_name,
2960 2960 'group_description': group.description_safe,
2961 2961 'parent_group': group.parent_group.group_name if group.parent_group else None,
2962 2962 'repositories': [x.repo_name for x in group.repositories],
2963 2963 'owner': group.user.username,
2964 2964 }
2965 2965 return data
2966 2966
2967 2967 def get_dict(self):
2968 2968 # Since we transformed `group_name` to a hybrid property, we need to
2969 2969 # keep compatibility with the code which uses `group_name` field.
2970 2970 result = super(RepoGroup, self).get_dict()
2971 2971 result['group_name'] = result.pop('_group_name', None)
2972 2972 return result
2973 2973
2974 2974
2975 2975 class Permission(Base, BaseModel):
2976 2976 __tablename__ = 'permissions'
2977 2977 __table_args__ = (
2978 2978 Index('p_perm_name_idx', 'permission_name'),
2979 2979 base_table_args,
2980 2980 )
2981 2981
2982 2982 PERMS = [
2983 2983 ('hg.admin', _('RhodeCode Super Administrator')),
2984 2984
2985 2985 ('repository.none', _('Repository no access')),
2986 2986 ('repository.read', _('Repository read access')),
2987 2987 ('repository.write', _('Repository write access')),
2988 2988 ('repository.admin', _('Repository admin access')),
2989 2989
2990 2990 ('group.none', _('Repository group no access')),
2991 2991 ('group.read', _('Repository group read access')),
2992 2992 ('group.write', _('Repository group write access')),
2993 2993 ('group.admin', _('Repository group admin access')),
2994 2994
2995 2995 ('usergroup.none', _('User group no access')),
2996 2996 ('usergroup.read', _('User group read access')),
2997 2997 ('usergroup.write', _('User group write access')),
2998 2998 ('usergroup.admin', _('User group admin access')),
2999 2999
3000 3000 ('branch.none', _('Branch no permissions')),
3001 3001 ('branch.merge', _('Branch access by web merge')),
3002 3002 ('branch.push', _('Branch access by push')),
3003 3003 ('branch.push_force', _('Branch access by push with force')),
3004 3004
3005 3005 ('hg.repogroup.create.false', _('Repository Group creation disabled')),
3006 3006 ('hg.repogroup.create.true', _('Repository Group creation enabled')),
3007 3007
3008 3008 ('hg.usergroup.create.false', _('User Group creation disabled')),
3009 3009 ('hg.usergroup.create.true', _('User Group creation enabled')),
3010 3010
3011 3011 ('hg.create.none', _('Repository creation disabled')),
3012 3012 ('hg.create.repository', _('Repository creation enabled')),
3013 3013 ('hg.create.write_on_repogroup.true', _('Repository creation enabled with write permission to a repository group')),
3014 3014 ('hg.create.write_on_repogroup.false', _('Repository creation disabled with write permission to a repository group')),
3015 3015
3016 3016 ('hg.fork.none', _('Repository forking disabled')),
3017 3017 ('hg.fork.repository', _('Repository forking enabled')),
3018 3018
3019 3019 ('hg.register.none', _('Registration disabled')),
3020 3020 ('hg.register.manual_activate', _('User Registration with manual account activation')),
3021 3021 ('hg.register.auto_activate', _('User Registration with automatic account activation')),
3022 3022
3023 3023 ('hg.password_reset.enabled', _('Password reset enabled')),
3024 3024 ('hg.password_reset.hidden', _('Password reset hidden')),
3025 3025 ('hg.password_reset.disabled', _('Password reset disabled')),
3026 3026
3027 3027 ('hg.extern_activate.manual', _('Manual activation of external account')),
3028 3028 ('hg.extern_activate.auto', _('Automatic activation of external account')),
3029 3029
3030 3030 ('hg.inherit_default_perms.false', _('Inherit object permissions from default user disabled')),
3031 3031 ('hg.inherit_default_perms.true', _('Inherit object permissions from default user enabled')),
3032 3032 ]
3033 3033
3034 3034 # definition of system default permissions for DEFAULT user, created on
3035 3035 # system setup
3036 3036 DEFAULT_USER_PERMISSIONS = [
3037 3037 # object perms
3038 3038 'repository.read',
3039 3039 'group.read',
3040 3040 'usergroup.read',
3041 3041 # branch, for backward compat we need same value as before so forced pushed
3042 3042 'branch.push_force',
3043 3043 # global
3044 3044 'hg.create.repository',
3045 3045 'hg.repogroup.create.false',
3046 3046 'hg.usergroup.create.false',
3047 3047 'hg.create.write_on_repogroup.true',
3048 3048 'hg.fork.repository',
3049 3049 'hg.register.manual_activate',
3050 3050 'hg.password_reset.enabled',
3051 3051 'hg.extern_activate.auto',
3052 3052 'hg.inherit_default_perms.true',
3053 3053 ]
3054 3054
3055 3055 # defines which permissions are more important higher the more important
3056 3056 # Weight defines which permissions are more important.
3057 3057 # The higher number the more important.
3058 3058 PERM_WEIGHTS = {
3059 3059 'repository.none': 0,
3060 3060 'repository.read': 1,
3061 3061 'repository.write': 3,
3062 3062 'repository.admin': 4,
3063 3063
3064 3064 'group.none': 0,
3065 3065 'group.read': 1,
3066 3066 'group.write': 3,
3067 3067 'group.admin': 4,
3068 3068
3069 3069 'usergroup.none': 0,
3070 3070 'usergroup.read': 1,
3071 3071 'usergroup.write': 3,
3072 3072 'usergroup.admin': 4,
3073 3073
3074 3074 'branch.none': 0,
3075 3075 'branch.merge': 1,
3076 3076 'branch.push': 3,
3077 3077 'branch.push_force': 4,
3078 3078
3079 3079 'hg.repogroup.create.false': 0,
3080 3080 'hg.repogroup.create.true': 1,
3081 3081
3082 3082 'hg.usergroup.create.false': 0,
3083 3083 'hg.usergroup.create.true': 1,
3084 3084
3085 3085 'hg.fork.none': 0,
3086 3086 'hg.fork.repository': 1,
3087 3087 'hg.create.none': 0,
3088 3088 'hg.create.repository': 1
3089 3089 }
3090 3090
3091 3091 permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3092 3092 permission_name = Column("permission_name", String(255), nullable=True, unique=None, default=None)
3093 3093 permission_longname = Column("permission_longname", String(255), nullable=True, unique=None, default=None)
3094 3094
3095 3095 def __unicode__(self):
3096 3096 return u"<%s('%s:%s')>" % (
3097 3097 self.__class__.__name__, self.permission_id, self.permission_name
3098 3098 )
3099 3099
3100 3100 @classmethod
3101 3101 def get_by_key(cls, key):
3102 3102 return cls.query().filter(cls.permission_name == key).scalar()
3103 3103
3104 3104 @classmethod
3105 3105 def get_default_repo_perms(cls, user_id, repo_id=None):
3106 3106 q = Session().query(UserRepoToPerm, Repository, Permission)\
3107 3107 .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\
3108 3108 .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
3109 3109 .filter(UserRepoToPerm.user_id == user_id)
3110 3110 if repo_id:
3111 3111 q = q.filter(UserRepoToPerm.repository_id == repo_id)
3112 3112 return q.all()
3113 3113
3114 3114 @classmethod
3115 3115 def get_default_repo_branch_perms(cls, user_id, repo_id=None):
3116 3116 q = Session().query(UserToRepoBranchPermission, UserRepoToPerm, Permission) \
3117 3117 .join(
3118 3118 Permission,
3119 3119 UserToRepoBranchPermission.permission_id == Permission.permission_id) \
3120 3120 .join(
3121 3121 UserRepoToPerm,
3122 3122 UserToRepoBranchPermission.rule_to_perm_id == UserRepoToPerm.repo_to_perm_id) \
3123 3123 .filter(UserRepoToPerm.user_id == user_id)
3124 3124
3125 3125 if repo_id:
3126 3126 q = q.filter(UserToRepoBranchPermission.repository_id == repo_id)
3127 3127 return q.order_by(UserToRepoBranchPermission.rule_order).all()
3128 3128
3129 3129 @classmethod
3130 3130 def get_default_repo_perms_from_user_group(cls, user_id, repo_id=None):
3131 3131 q = Session().query(UserGroupRepoToPerm, Repository, Permission)\
3132 3132 .join(
3133 3133 Permission,
3134 3134 UserGroupRepoToPerm.permission_id == Permission.permission_id)\
3135 3135 .join(
3136 3136 Repository,
3137 3137 UserGroupRepoToPerm.repository_id == Repository.repo_id)\
3138 3138 .join(
3139 3139 UserGroup,
3140 3140 UserGroupRepoToPerm.users_group_id ==
3141 3141 UserGroup.users_group_id)\
3142 3142 .join(
3143 3143 UserGroupMember,
3144 3144 UserGroupRepoToPerm.users_group_id ==
3145 3145 UserGroupMember.users_group_id)\
3146 3146 .filter(
3147 3147 UserGroupMember.user_id == user_id,
3148 3148 UserGroup.users_group_active == true())
3149 3149 if repo_id:
3150 3150 q = q.filter(UserGroupRepoToPerm.repository_id == repo_id)
3151 3151 return q.all()
3152 3152
3153 3153 @classmethod
3154 3154 def get_default_repo_branch_perms_from_user_group(cls, user_id, repo_id=None):
3155 3155 q = Session().query(UserGroupToRepoBranchPermission, UserGroupRepoToPerm, Permission) \
3156 3156 .join(
3157 3157 Permission,
3158 3158 UserGroupToRepoBranchPermission.permission_id == Permission.permission_id) \
3159 3159 .join(
3160 3160 UserGroupRepoToPerm,
3161 3161 UserGroupToRepoBranchPermission.rule_to_perm_id == UserGroupRepoToPerm.users_group_to_perm_id) \
3162 3162 .join(
3163 3163 UserGroup,
3164 3164 UserGroupRepoToPerm.users_group_id == UserGroup.users_group_id) \
3165 3165 .join(
3166 3166 UserGroupMember,
3167 3167 UserGroupRepoToPerm.users_group_id == UserGroupMember.users_group_id) \
3168 3168 .filter(
3169 3169 UserGroupMember.user_id == user_id,
3170 3170 UserGroup.users_group_active == true())
3171 3171
3172 3172 if repo_id:
3173 3173 q = q.filter(UserGroupToRepoBranchPermission.repository_id == repo_id)
3174 3174 return q.order_by(UserGroupToRepoBranchPermission.rule_order).all()
3175 3175
3176 3176 @classmethod
3177 3177 def get_default_group_perms(cls, user_id, repo_group_id=None):
3178 3178 q = Session().query(UserRepoGroupToPerm, RepoGroup, Permission)\
3179 3179 .join(
3180 3180 Permission,
3181 3181 UserRepoGroupToPerm.permission_id == Permission.permission_id)\
3182 3182 .join(
3183 3183 RepoGroup,
3184 3184 UserRepoGroupToPerm.group_id == RepoGroup.group_id)\
3185 3185 .filter(UserRepoGroupToPerm.user_id == user_id)
3186 3186 if repo_group_id:
3187 3187 q = q.filter(UserRepoGroupToPerm.group_id == repo_group_id)
3188 3188 return q.all()
3189 3189
3190 3190 @classmethod
3191 3191 def get_default_group_perms_from_user_group(
3192 3192 cls, user_id, repo_group_id=None):
3193 3193 q = Session().query(UserGroupRepoGroupToPerm, RepoGroup, Permission)\
3194 3194 .join(
3195 3195 Permission,
3196 3196 UserGroupRepoGroupToPerm.permission_id ==
3197 3197 Permission.permission_id)\
3198 3198 .join(
3199 3199 RepoGroup,
3200 3200 UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id)\
3201 3201 .join(
3202 3202 UserGroup,
3203 3203 UserGroupRepoGroupToPerm.users_group_id ==
3204 3204 UserGroup.users_group_id)\
3205 3205 .join(
3206 3206 UserGroupMember,
3207 3207 UserGroupRepoGroupToPerm.users_group_id ==
3208 3208 UserGroupMember.users_group_id)\
3209 3209 .filter(
3210 3210 UserGroupMember.user_id == user_id,
3211 3211 UserGroup.users_group_active == true())
3212 3212 if repo_group_id:
3213 3213 q = q.filter(UserGroupRepoGroupToPerm.group_id == repo_group_id)
3214 3214 return q.all()
3215 3215
3216 3216 @classmethod
3217 3217 def get_default_user_group_perms(cls, user_id, user_group_id=None):
3218 3218 q = Session().query(UserUserGroupToPerm, UserGroup, Permission)\
3219 3219 .join((Permission, UserUserGroupToPerm.permission_id == Permission.permission_id))\
3220 3220 .join((UserGroup, UserUserGroupToPerm.user_group_id == UserGroup.users_group_id))\
3221 3221 .filter(UserUserGroupToPerm.user_id == user_id)
3222 3222 if user_group_id:
3223 3223 q = q.filter(UserUserGroupToPerm.user_group_id == user_group_id)
3224 3224 return q.all()
3225 3225
3226 3226 @classmethod
3227 3227 def get_default_user_group_perms_from_user_group(
3228 3228 cls, user_id, user_group_id=None):
3229 3229 TargetUserGroup = aliased(UserGroup, name='target_user_group')
3230 3230 q = Session().query(UserGroupUserGroupToPerm, UserGroup, Permission)\
3231 3231 .join(
3232 3232 Permission,
3233 3233 UserGroupUserGroupToPerm.permission_id ==
3234 3234 Permission.permission_id)\
3235 3235 .join(
3236 3236 TargetUserGroup,
3237 3237 UserGroupUserGroupToPerm.target_user_group_id ==
3238 3238 TargetUserGroup.users_group_id)\
3239 3239 .join(
3240 3240 UserGroup,
3241 3241 UserGroupUserGroupToPerm.user_group_id ==
3242 3242 UserGroup.users_group_id)\
3243 3243 .join(
3244 3244 UserGroupMember,
3245 3245 UserGroupUserGroupToPerm.user_group_id ==
3246 3246 UserGroupMember.users_group_id)\
3247 3247 .filter(
3248 3248 UserGroupMember.user_id == user_id,
3249 3249 UserGroup.users_group_active == true())
3250 3250 if user_group_id:
3251 3251 q = q.filter(
3252 3252 UserGroupUserGroupToPerm.user_group_id == user_group_id)
3253 3253
3254 3254 return q.all()
3255 3255
3256 3256
3257 3257 class UserRepoToPerm(Base, BaseModel):
3258 3258 __tablename__ = 'repo_to_perm'
3259 3259 __table_args__ = (
3260 3260 UniqueConstraint('user_id', 'repository_id', 'permission_id'),
3261 3261 base_table_args
3262 3262 )
3263 3263
3264 3264 repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3265 3265 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3266 3266 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3267 3267 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
3268 3268
3269 3269 user = relationship('User')
3270 3270 repository = relationship('Repository')
3271 3271 permission = relationship('Permission')
3272 3272
3273 3273 branch_perm_entry = relationship('UserToRepoBranchPermission', cascade="all, delete, delete-orphan", lazy='joined')
3274 3274
3275 3275 @classmethod
3276 3276 def create(cls, user, repository, permission):
3277 3277 n = cls()
3278 3278 n.user = user
3279 3279 n.repository = repository
3280 3280 n.permission = permission
3281 3281 Session().add(n)
3282 3282 return n
3283 3283
3284 3284 def __unicode__(self):
3285 3285 return u'<%s => %s >' % (self.user, self.repository)
3286 3286
3287 3287
3288 3288 class UserUserGroupToPerm(Base, BaseModel):
3289 3289 __tablename__ = 'user_user_group_to_perm'
3290 3290 __table_args__ = (
3291 3291 UniqueConstraint('user_id', 'user_group_id', 'permission_id'),
3292 3292 base_table_args
3293 3293 )
3294 3294
3295 3295 user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3296 3296 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3297 3297 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3298 3298 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3299 3299
3300 3300 user = relationship('User')
3301 3301 user_group = relationship('UserGroup')
3302 3302 permission = relationship('Permission')
3303 3303
3304 3304 @classmethod
3305 3305 def create(cls, user, user_group, permission):
3306 3306 n = cls()
3307 3307 n.user = user
3308 3308 n.user_group = user_group
3309 3309 n.permission = permission
3310 3310 Session().add(n)
3311 3311 return n
3312 3312
3313 3313 def __unicode__(self):
3314 3314 return u'<%s => %s >' % (self.user, self.user_group)
3315 3315
3316 3316
3317 3317 class UserToPerm(Base, BaseModel):
3318 3318 __tablename__ = 'user_to_perm'
3319 3319 __table_args__ = (
3320 3320 UniqueConstraint('user_id', 'permission_id'),
3321 3321 base_table_args
3322 3322 )
3323 3323
3324 3324 user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3325 3325 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3326 3326 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3327 3327
3328 3328 user = relationship('User')
3329 3329 permission = relationship('Permission', lazy='joined')
3330 3330
3331 3331 def __unicode__(self):
3332 3332 return u'<%s => %s >' % (self.user, self.permission)
3333 3333
3334 3334
3335 3335 class UserGroupRepoToPerm(Base, BaseModel):
3336 3336 __tablename__ = 'users_group_repo_to_perm'
3337 3337 __table_args__ = (
3338 3338 UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),
3339 3339 base_table_args
3340 3340 )
3341 3341
3342 3342 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3343 3343 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3344 3344 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3345 3345 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
3346 3346
3347 3347 users_group = relationship('UserGroup')
3348 3348 permission = relationship('Permission')
3349 3349 repository = relationship('Repository')
3350 3350 user_group_branch_perms = relationship('UserGroupToRepoBranchPermission', cascade='all')
3351 3351
3352 3352 @classmethod
3353 3353 def create(cls, users_group, repository, permission):
3354 3354 n = cls()
3355 3355 n.users_group = users_group
3356 3356 n.repository = repository
3357 3357 n.permission = permission
3358 3358 Session().add(n)
3359 3359 return n
3360 3360
3361 3361 def __unicode__(self):
3362 3362 return u'<UserGroupRepoToPerm:%s => %s >' % (self.users_group, self.repository)
3363 3363
3364 3364
3365 3365 class UserGroupUserGroupToPerm(Base, BaseModel):
3366 3366 __tablename__ = 'user_group_user_group_to_perm'
3367 3367 __table_args__ = (
3368 3368 UniqueConstraint('target_user_group_id', 'user_group_id', 'permission_id'),
3369 3369 CheckConstraint('target_user_group_id != user_group_id'),
3370 3370 base_table_args
3371 3371 )
3372 3372
3373 3373 user_group_user_group_to_perm_id = Column("user_group_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3374 3374 target_user_group_id = Column("target_user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3375 3375 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3376 3376 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3377 3377
3378 3378 target_user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
3379 3379 user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
3380 3380 permission = relationship('Permission')
3381 3381
3382 3382 @classmethod
3383 3383 def create(cls, target_user_group, user_group, permission):
3384 3384 n = cls()
3385 3385 n.target_user_group = target_user_group
3386 3386 n.user_group = user_group
3387 3387 n.permission = permission
3388 3388 Session().add(n)
3389 3389 return n
3390 3390
3391 3391 def __unicode__(self):
3392 3392 return u'<UserGroupUserGroup:%s => %s >' % (self.target_user_group, self.user_group)
3393 3393
3394 3394
3395 3395 class UserGroupToPerm(Base, BaseModel):
3396 3396 __tablename__ = 'users_group_to_perm'
3397 3397 __table_args__ = (
3398 3398 UniqueConstraint('users_group_id', 'permission_id',),
3399 3399 base_table_args
3400 3400 )
3401 3401
3402 3402 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3403 3403 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3404 3404 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3405 3405
3406 3406 users_group = relationship('UserGroup')
3407 3407 permission = relationship('Permission')
3408 3408
3409 3409
3410 3410 class UserRepoGroupToPerm(Base, BaseModel):
3411 3411 __tablename__ = 'user_repo_group_to_perm'
3412 3412 __table_args__ = (
3413 3413 UniqueConstraint('user_id', 'group_id', 'permission_id'),
3414 3414 base_table_args
3415 3415 )
3416 3416
3417 3417 group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3418 3418 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3419 3419 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
3420 3420 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3421 3421
3422 3422 user = relationship('User')
3423 3423 group = relationship('RepoGroup')
3424 3424 permission = relationship('Permission')
3425 3425
3426 3426 @classmethod
3427 3427 def create(cls, user, repository_group, permission):
3428 3428 n = cls()
3429 3429 n.user = user
3430 3430 n.group = repository_group
3431 3431 n.permission = permission
3432 3432 Session().add(n)
3433 3433 return n
3434 3434
3435 3435
3436 3436 class UserGroupRepoGroupToPerm(Base, BaseModel):
3437 3437 __tablename__ = 'users_group_repo_group_to_perm'
3438 3438 __table_args__ = (
3439 3439 UniqueConstraint('users_group_id', 'group_id'),
3440 3440 base_table_args
3441 3441 )
3442 3442
3443 3443 users_group_repo_group_to_perm_id = Column("users_group_repo_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3444 3444 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3445 3445 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
3446 3446 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3447 3447
3448 3448 users_group = relationship('UserGroup')
3449 3449 permission = relationship('Permission')
3450 3450 group = relationship('RepoGroup')
3451 3451
3452 3452 @classmethod
3453 3453 def create(cls, user_group, repository_group, permission):
3454 3454 n = cls()
3455 3455 n.users_group = user_group
3456 3456 n.group = repository_group
3457 3457 n.permission = permission
3458 3458 Session().add(n)
3459 3459 return n
3460 3460
3461 3461 def __unicode__(self):
3462 3462 return u'<UserGroupRepoGroupToPerm:%s => %s >' % (self.users_group, self.group)
3463 3463
3464 3464
3465 3465 class Statistics(Base, BaseModel):
3466 3466 __tablename__ = 'statistics'
3467 3467 __table_args__ = (
3468 3468 base_table_args
3469 3469 )
3470 3470
3471 3471 stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3472 3472 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
3473 3473 stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
3474 3474 commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data
3475 3475 commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
3476 3476 languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data
3477 3477
3478 3478 repository = relationship('Repository', single_parent=True)
3479 3479
3480 3480
3481 3481 class UserFollowing(Base, BaseModel):
3482 3482 __tablename__ = 'user_followings'
3483 3483 __table_args__ = (
3484 3484 UniqueConstraint('user_id', 'follows_repository_id'),
3485 3485 UniqueConstraint('user_id', 'follows_user_id'),
3486 3486 base_table_args
3487 3487 )
3488 3488
3489 3489 user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3490 3490 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3491 3491 follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None)
3492 3492 follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
3493 3493 follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
3494 3494
3495 3495 user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')
3496 3496
3497 3497 follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')
3498 3498 follows_repository = relationship('Repository', order_by='Repository.repo_name')
3499 3499
3500 3500 @classmethod
3501 3501 def get_repo_followers(cls, repo_id):
3502 3502 return cls.query().filter(cls.follows_repo_id == repo_id)
3503 3503
3504 3504
3505 3505 class CacheKey(Base, BaseModel):
3506 3506 __tablename__ = 'cache_invalidation'
3507 3507 __table_args__ = (
3508 3508 UniqueConstraint('cache_key'),
3509 3509 Index('key_idx', 'cache_key'),
3510 3510 base_table_args,
3511 3511 )
3512 3512
3513 3513 CACHE_TYPE_FEED = 'FEED'
3514 3514
3515 3515 # namespaces used to register process/thread aware caches
3516 3516 REPO_INVALIDATION_NAMESPACE = 'repo_cache:{repo_id}'
3517 3517 SETTINGS_INVALIDATION_NAMESPACE = 'system_settings'
3518 3518
3519 3519 cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3520 3520 cache_key = Column("cache_key", String(255), nullable=True, unique=None, default=None)
3521 3521 cache_args = Column("cache_args", String(255), nullable=True, unique=None, default=None)
3522 3522 cache_state_uid = Column("cache_state_uid", String(255), nullable=True, unique=None, default=None)
3523 3523 cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False)
3524 3524
3525 3525 def __init__(self, cache_key, cache_args='', cache_state_uid=None):
3526 3526 self.cache_key = cache_key
3527 3527 self.cache_args = cache_args
3528 3528 self.cache_active = False
3529 3529 # first key should be same for all entries, since all workers should share it
3530 3530 self.cache_state_uid = cache_state_uid or self.generate_new_state_uid()
3531 3531
3532 3532 def __unicode__(self):
3533 3533 return u"<%s('%s:%s[%s]')>" % (
3534 3534 self.__class__.__name__,
3535 3535 self.cache_id, self.cache_key, self.cache_active)
3536 3536
3537 3537 def _cache_key_partition(self):
3538 3538 prefix, repo_name, suffix = self.cache_key.partition(self.cache_args)
3539 3539 return prefix, repo_name, suffix
3540 3540
3541 3541 def get_prefix(self):
3542 3542 """
3543 3543 Try to extract prefix from existing cache key. The key could consist
3544 3544 of prefix, repo_name, suffix
3545 3545 """
3546 3546 # this returns prefix, repo_name, suffix
3547 3547 return self._cache_key_partition()[0]
3548 3548
3549 3549 def get_suffix(self):
3550 3550 """
3551 3551 get suffix that might have been used in _get_cache_key to
3552 3552 generate self.cache_key. Only used for informational purposes
3553 3553 in repo_edit.mako.
3554 3554 """
3555 3555 # prefix, repo_name, suffix
3556 3556 return self._cache_key_partition()[2]
3557 3557
3558 3558 @classmethod
3559 3559 def generate_new_state_uid(cls, based_on=None):
3560 3560 if based_on:
3561 3561 return str(uuid.uuid5(uuid.NAMESPACE_URL, safe_str(based_on)))
3562 3562 else:
3563 3563 return str(uuid.uuid4())
3564 3564
3565 3565 @classmethod
3566 3566 def delete_all_cache(cls):
3567 3567 """
3568 3568 Delete all cache keys from database.
3569 3569 Should only be run when all instances are down and all entries
3570 3570 thus stale.
3571 3571 """
3572 3572 cls.query().delete()
3573 3573 Session().commit()
3574 3574
3575 3575 @classmethod
3576 3576 def set_invalidate(cls, cache_uid, delete=False):
3577 3577 """
3578 3578 Mark all caches of a repo as invalid in the database.
3579 3579 """
3580 3580
3581 3581 try:
3582 3582 qry = Session().query(cls).filter(cls.cache_args == cache_uid)
3583 3583 if delete:
3584 3584 qry.delete()
3585 3585 log.debug('cache objects deleted for cache args %s',
3586 3586 safe_str(cache_uid))
3587 3587 else:
3588 3588 qry.update({"cache_active": False,
3589 3589 "cache_state_uid": cls.generate_new_state_uid()})
3590 3590 log.debug('cache objects marked as invalid for cache args %s',
3591 3591 safe_str(cache_uid))
3592 3592
3593 3593 Session().commit()
3594 3594 except Exception:
3595 3595 log.exception(
3596 3596 'Cache key invalidation failed for cache args %s',
3597 3597 safe_str(cache_uid))
3598 3598 Session().rollback()
3599 3599
3600 3600 @classmethod
3601 3601 def get_active_cache(cls, cache_key):
3602 3602 inv_obj = cls.query().filter(cls.cache_key == cache_key).scalar()
3603 3603 if inv_obj:
3604 3604 return inv_obj
3605 3605 return None
3606 3606
3607 3607 @classmethod
3608 3608 def get_namespace_map(cls, namespace):
3609 3609 return {
3610 3610 x.cache_key: x
3611 3611 for x in cls.query().filter(cls.cache_args == namespace)}
3612 3612
3613 3613
3614 3614 class ChangesetComment(Base, BaseModel):
3615 3615 __tablename__ = 'changeset_comments'
3616 3616 __table_args__ = (
3617 3617 Index('cc_revision_idx', 'revision'),
3618 3618 base_table_args,
3619 3619 )
3620 3620
3621 3621 COMMENT_OUTDATED = u'comment_outdated'
3622 3622 COMMENT_TYPE_NOTE = u'note'
3623 3623 COMMENT_TYPE_TODO = u'todo'
3624 3624 COMMENT_TYPES = [COMMENT_TYPE_NOTE, COMMENT_TYPE_TODO]
3625 3625
3626 3626 comment_id = Column('comment_id', Integer(), nullable=False, primary_key=True)
3627 3627 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3628 3628 revision = Column('revision', String(40), nullable=True)
3629 3629 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3630 3630 pull_request_version_id = Column("pull_request_version_id", Integer(), ForeignKey('pull_request_versions.pull_request_version_id'), nullable=True)
3631 3631 line_no = Column('line_no', Unicode(10), nullable=True)
3632 3632 hl_lines = Column('hl_lines', Unicode(512), nullable=True)
3633 3633 f_path = Column('f_path', Unicode(1000), nullable=True)
3634 3634 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)
3635 3635 text = Column('text', UnicodeText().with_variant(UnicodeText(25000), 'mysql'), nullable=False)
3636 3636 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3637 3637 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3638 3638 renderer = Column('renderer', Unicode(64), nullable=True)
3639 3639 display_state = Column('display_state', Unicode(128), nullable=True)
3640 3640
3641 3641 comment_type = Column('comment_type', Unicode(128), nullable=True, default=COMMENT_TYPE_NOTE)
3642 3642 resolved_comment_id = Column('resolved_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'), nullable=True)
3643 3643
3644 3644 resolved_comment = relationship('ChangesetComment', remote_side=comment_id, back_populates='resolved_by')
3645 3645 resolved_by = relationship('ChangesetComment', back_populates='resolved_comment')
3646 3646
3647 3647 author = relationship('User', lazy='joined')
3648 3648 repo = relationship('Repository')
3649 3649 status_change = relationship('ChangesetStatus', cascade="all, delete, delete-orphan", lazy='joined')
3650 3650 pull_request = relationship('PullRequest', lazy='joined')
3651 3651 pull_request_version = relationship('PullRequestVersion')
3652 3652
3653 3653 @classmethod
3654 3654 def get_users(cls, revision=None, pull_request_id=None):
3655 3655 """
3656 3656 Returns user associated with this ChangesetComment. ie those
3657 3657 who actually commented
3658 3658
3659 3659 :param cls:
3660 3660 :param revision:
3661 3661 """
3662 3662 q = Session().query(User)\
3663 3663 .join(ChangesetComment.author)
3664 3664 if revision:
3665 3665 q = q.filter(cls.revision == revision)
3666 3666 elif pull_request_id:
3667 3667 q = q.filter(cls.pull_request_id == pull_request_id)
3668 3668 return q.all()
3669 3669
3670 3670 @classmethod
3671 3671 def get_index_from_version(cls, pr_version, versions):
3672 3672 num_versions = [x.pull_request_version_id for x in versions]
3673 3673 try:
3674 3674 return num_versions.index(pr_version) +1
3675 3675 except (IndexError, ValueError):
3676 3676 return
3677 3677
3678 3678 @property
3679 3679 def outdated(self):
3680 3680 return self.display_state == self.COMMENT_OUTDATED
3681 3681
3682 3682 def outdated_at_version(self, version):
3683 3683 """
3684 3684 Checks if comment is outdated for given pull request version
3685 3685 """
3686 3686 return self.outdated and self.pull_request_version_id != version
3687 3687
3688 3688 def older_than_version(self, version):
3689 3689 """
3690 3690 Checks if comment is made from previous version than given
3691 3691 """
3692 3692 if version is None:
3693 3693 return self.pull_request_version_id is not None
3694 3694
3695 3695 return self.pull_request_version_id < version
3696 3696
3697 3697 @property
3698 3698 def resolved(self):
3699 3699 return self.resolved_by[0] if self.resolved_by else None
3700 3700
3701 3701 @property
3702 3702 def is_todo(self):
3703 3703 return self.comment_type == self.COMMENT_TYPE_TODO
3704 3704
3705 3705 @property
3706 3706 def is_inline(self):
3707 3707 return self.line_no and self.f_path
3708 3708
3709 3709 def get_index_version(self, versions):
3710 3710 return self.get_index_from_version(
3711 3711 self.pull_request_version_id, versions)
3712 3712
3713 3713 def __repr__(self):
3714 3714 if self.comment_id:
3715 3715 return '<DB:Comment #%s>' % self.comment_id
3716 3716 else:
3717 3717 return '<DB:Comment at %#x>' % id(self)
3718 3718
3719 3719 def get_api_data(self):
3720 3720 comment = self
3721 3721 data = {
3722 3722 'comment_id': comment.comment_id,
3723 3723 'comment_type': comment.comment_type,
3724 3724 'comment_text': comment.text,
3725 3725 'comment_status': comment.status_change,
3726 3726 'comment_f_path': comment.f_path,
3727 3727 'comment_lineno': comment.line_no,
3728 3728 'comment_author': comment.author,
3729 3729 'comment_created_on': comment.created_on,
3730 3730 'comment_resolved_by': self.resolved
3731 3731 }
3732 3732 return data
3733 3733
3734 3734 def __json__(self):
3735 3735 data = dict()
3736 3736 data.update(self.get_api_data())
3737 3737 return data
3738 3738
3739 3739
3740 3740 class ChangesetStatus(Base, BaseModel):
3741 3741 __tablename__ = 'changeset_statuses'
3742 3742 __table_args__ = (
3743 3743 Index('cs_revision_idx', 'revision'),
3744 3744 Index('cs_version_idx', 'version'),
3745 3745 UniqueConstraint('repo_id', 'revision', 'version'),
3746 3746 base_table_args
3747 3747 )
3748 3748
3749 3749 STATUS_NOT_REVIEWED = DEFAULT = 'not_reviewed'
3750 3750 STATUS_APPROVED = 'approved'
3751 3751 STATUS_REJECTED = 'rejected'
3752 3752 STATUS_UNDER_REVIEW = 'under_review'
3753 3753
3754 3754 STATUSES = [
3755 3755 (STATUS_NOT_REVIEWED, _("Not Reviewed")), # (no icon) and default
3756 3756 (STATUS_APPROVED, _("Approved")),
3757 3757 (STATUS_REJECTED, _("Rejected")),
3758 3758 (STATUS_UNDER_REVIEW, _("Under Review")),
3759 3759 ]
3760 3760
3761 3761 changeset_status_id = Column('changeset_status_id', Integer(), nullable=False, primary_key=True)
3762 3762 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3763 3763 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None)
3764 3764 revision = Column('revision', String(40), nullable=False)
3765 3765 status = Column('status', String(128), nullable=False, default=DEFAULT)
3766 3766 changeset_comment_id = Column('changeset_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'))
3767 3767 modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now)
3768 3768 version = Column('version', Integer(), nullable=False, default=0)
3769 3769 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3770 3770
3771 3771 author = relationship('User', lazy='joined')
3772 3772 repo = relationship('Repository')
3773 3773 comment = relationship('ChangesetComment', lazy='joined')
3774 3774 pull_request = relationship('PullRequest', lazy='joined')
3775 3775
3776 3776 def __unicode__(self):
3777 3777 return u"<%s('%s[v%s]:%s')>" % (
3778 3778 self.__class__.__name__,
3779 3779 self.status, self.version, self.author
3780 3780 )
3781 3781
3782 3782 @classmethod
3783 3783 def get_status_lbl(cls, value):
3784 3784 return dict(cls.STATUSES).get(value)
3785 3785
3786 3786 @property
3787 3787 def status_lbl(self):
3788 3788 return ChangesetStatus.get_status_lbl(self.status)
3789 3789
3790 3790 def get_api_data(self):
3791 3791 status = self
3792 3792 data = {
3793 3793 'status_id': status.changeset_status_id,
3794 3794 'status': status.status,
3795 3795 }
3796 3796 return data
3797 3797
3798 3798 def __json__(self):
3799 3799 data = dict()
3800 3800 data.update(self.get_api_data())
3801 3801 return data
3802 3802
3803 3803
3804 3804 class _SetState(object):
3805 3805 """
3806 3806 Context processor allowing changing state for sensitive operation such as
3807 3807 pull request update or merge
3808 3808 """
3809 3809
3810 3810 def __init__(self, pull_request, pr_state, back_state=None):
3811 3811 self._pr = pull_request
3812 3812 self._org_state = back_state or pull_request.pull_request_state
3813 3813 self._pr_state = pr_state
3814 3814 self._current_state = None
3815 3815
3816 3816 def __enter__(self):
3817 3817 log.debug('StateLock: entering set state context, setting state to: `%s`',
3818 3818 self._pr_state)
3819 3819 self.set_pr_state(self._pr_state)
3820 3820 return self
3821 3821
3822 3822 def __exit__(self, exc_type, exc_val, exc_tb):
3823 3823 if exc_val is not None:
3824 3824 log.error(traceback.format_exc(exc_tb))
3825 3825 return None
3826 3826
3827 3827 self.set_pr_state(self._org_state)
3828 3828 log.debug('StateLock: exiting set state context, setting state to: `%s`',
3829 3829 self._org_state)
3830 3830 @property
3831 3831 def state(self):
3832 3832 return self._current_state
3833 3833
3834 3834 def set_pr_state(self, pr_state):
3835 3835 try:
3836 3836 self._pr.pull_request_state = pr_state
3837 3837 Session().add(self._pr)
3838 3838 Session().commit()
3839 3839 self._current_state = pr_state
3840 3840 except Exception:
3841 3841 log.exception('Failed to set PullRequest %s state to %s', self._pr, pr_state)
3842 3842 raise
3843 3843
3844 3844 class _PullRequestBase(BaseModel):
3845 3845 """
3846 3846 Common attributes of pull request and version entries.
3847 3847 """
3848 3848
3849 3849 # .status values
3850 3850 STATUS_NEW = u'new'
3851 3851 STATUS_OPEN = u'open'
3852 3852 STATUS_CLOSED = u'closed'
3853 3853
3854 3854 # available states
3855 3855 STATE_CREATING = u'creating'
3856 3856 STATE_UPDATING = u'updating'
3857 3857 STATE_MERGING = u'merging'
3858 3858 STATE_CREATED = u'created'
3859 3859
3860 3860 title = Column('title', Unicode(255), nullable=True)
3861 3861 description = Column(
3862 3862 'description', UnicodeText().with_variant(UnicodeText(10240), 'mysql'),
3863 3863 nullable=True)
3864 3864 description_renderer = Column('description_renderer', Unicode(64), nullable=True)
3865 3865
3866 3866 # new/open/closed status of pull request (not approve/reject/etc)
3867 3867 status = Column('status', Unicode(255), nullable=False, default=STATUS_NEW)
3868 3868 created_on = Column(
3869 3869 'created_on', DateTime(timezone=False), nullable=False,
3870 3870 default=datetime.datetime.now)
3871 3871 updated_on = Column(
3872 3872 'updated_on', DateTime(timezone=False), nullable=False,
3873 3873 default=datetime.datetime.now)
3874 3874
3875 3875 pull_request_state = Column("pull_request_state", String(255), nullable=True)
3876 3876
3877 3877 @declared_attr
3878 3878 def user_id(cls):
3879 3879 return Column(
3880 3880 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
3881 3881 unique=None)
3882 3882
3883 3883 # 500 revisions max
3884 3884 _revisions = Column(
3885 3885 'revisions', UnicodeText().with_variant(UnicodeText(20500), 'mysql'))
3886 3886
3887 3887 @declared_attr
3888 3888 def source_repo_id(cls):
3889 3889 # TODO: dan: rename column to source_repo_id
3890 3890 return Column(
3891 3891 'org_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3892 3892 nullable=False)
3893 3893
3894 3894 _source_ref = Column('org_ref', Unicode(255), nullable=False)
3895 3895
3896 3896 @hybrid_property
3897 3897 def source_ref(self):
3898 3898 return self._source_ref
3899 3899
3900 3900 @source_ref.setter
3901 3901 def source_ref(self, val):
3902 3902 parts = (val or '').split(':')
3903 3903 if len(parts) != 3:
3904 3904 raise ValueError(
3905 3905 'Invalid reference format given: {}, expected X:Y:Z'.format(val))
3906 3906 self._source_ref = safe_unicode(val)
3907 3907
3908 3908 _target_ref = Column('other_ref', Unicode(255), nullable=False)
3909 3909
3910 3910 @hybrid_property
3911 3911 def target_ref(self):
3912 3912 return self._target_ref
3913 3913
3914 3914 @target_ref.setter
3915 3915 def target_ref(self, val):
3916 3916 parts = (val or '').split(':')
3917 3917 if len(parts) != 3:
3918 3918 raise ValueError(
3919 3919 'Invalid reference format given: {}, expected X:Y:Z'.format(val))
3920 3920 self._target_ref = safe_unicode(val)
3921 3921
3922 3922 @declared_attr
3923 3923 def target_repo_id(cls):
3924 3924 # TODO: dan: rename column to target_repo_id
3925 3925 return Column(
3926 3926 'other_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3927 3927 nullable=False)
3928 3928
3929 3929 _shadow_merge_ref = Column('shadow_merge_ref', Unicode(255), nullable=True)
3930 3930
3931 3931 # TODO: dan: rename column to last_merge_source_rev
3932 3932 _last_merge_source_rev = Column(
3933 3933 'last_merge_org_rev', String(40), nullable=True)
3934 3934 # TODO: dan: rename column to last_merge_target_rev
3935 3935 _last_merge_target_rev = Column(
3936 3936 'last_merge_other_rev', String(40), nullable=True)
3937 3937 _last_merge_status = Column('merge_status', Integer(), nullable=True)
3938 3938 merge_rev = Column('merge_rev', String(40), nullable=True)
3939 3939
3940 3940 reviewer_data = Column(
3941 3941 'reviewer_data_json', MutationObj.as_mutable(
3942 3942 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
3943 3943
3944 3944 @property
3945 3945 def reviewer_data_json(self):
3946 3946 return json.dumps(self.reviewer_data)
3947 3947
3948 3948 @hybrid_property
3949 3949 def description_safe(self):
3950 3950 from rhodecode.lib import helpers as h
3951 3951 return h.escape(self.description)
3952 3952
3953 3953 @hybrid_property
3954 3954 def revisions(self):
3955 3955 return self._revisions.split(':') if self._revisions else []
3956 3956
3957 3957 @revisions.setter
3958 3958 def revisions(self, val):
3959 3959 self._revisions = ':'.join(val)
3960 3960
3961 3961 @hybrid_property
3962 3962 def last_merge_status(self):
3963 3963 return safe_int(self._last_merge_status)
3964 3964
3965 3965 @last_merge_status.setter
3966 3966 def last_merge_status(self, val):
3967 3967 self._last_merge_status = val
3968 3968
3969 3969 @declared_attr
3970 3970 def author(cls):
3971 3971 return relationship('User', lazy='joined')
3972 3972
3973 3973 @declared_attr
3974 3974 def source_repo(cls):
3975 3975 return relationship(
3976 3976 'Repository',
3977 3977 primaryjoin='%s.source_repo_id==Repository.repo_id' % cls.__name__)
3978 3978
3979 3979 @property
3980 3980 def source_ref_parts(self):
3981 3981 return self.unicode_to_reference(self.source_ref)
3982 3982
3983 3983 @declared_attr
3984 3984 def target_repo(cls):
3985 3985 return relationship(
3986 3986 'Repository',
3987 3987 primaryjoin='%s.target_repo_id==Repository.repo_id' % cls.__name__)
3988 3988
3989 3989 @property
3990 3990 def target_ref_parts(self):
3991 3991 return self.unicode_to_reference(self.target_ref)
3992 3992
3993 3993 @property
3994 3994 def shadow_merge_ref(self):
3995 3995 return self.unicode_to_reference(self._shadow_merge_ref)
3996 3996
3997 3997 @shadow_merge_ref.setter
3998 3998 def shadow_merge_ref(self, ref):
3999 3999 self._shadow_merge_ref = self.reference_to_unicode(ref)
4000 4000
4001 4001 @staticmethod
4002 4002 def unicode_to_reference(raw):
4003 4003 """
4004 4004 Convert a unicode (or string) to a reference object.
4005 4005 If unicode evaluates to False it returns None.
4006 4006 """
4007 4007 if raw:
4008 4008 refs = raw.split(':')
4009 4009 return Reference(*refs)
4010 4010 else:
4011 4011 return None
4012 4012
4013 4013 @staticmethod
4014 4014 def reference_to_unicode(ref):
4015 4015 """
4016 4016 Convert a reference object to unicode.
4017 4017 If reference is None it returns None.
4018 4018 """
4019 4019 if ref:
4020 4020 return u':'.join(ref)
4021 4021 else:
4022 4022 return None
4023 4023
4024 4024 def get_api_data(self, with_merge_state=True):
4025 4025 from rhodecode.model.pull_request import PullRequestModel
4026 4026
4027 4027 pull_request = self
4028 4028 if with_merge_state:
4029 4029 merge_status = PullRequestModel().merge_status(pull_request)
4030 4030 merge_state = {
4031 4031 'status': merge_status[0],
4032 4032 'message': safe_unicode(merge_status[1]),
4033 4033 }
4034 4034 else:
4035 4035 merge_state = {'status': 'not_available',
4036 4036 'message': 'not_available'}
4037 4037
4038 4038 merge_data = {
4039 4039 'clone_url': PullRequestModel().get_shadow_clone_url(pull_request),
4040 4040 'reference': (
4041 4041 pull_request.shadow_merge_ref._asdict()
4042 4042 if pull_request.shadow_merge_ref else None),
4043 4043 }
4044 4044
4045 4045 data = {
4046 4046 'pull_request_id': pull_request.pull_request_id,
4047 4047 'url': PullRequestModel().get_url(pull_request),
4048 4048 'title': pull_request.title,
4049 4049 'description': pull_request.description,
4050 4050 'status': pull_request.status,
4051 4051 'state': pull_request.pull_request_state,
4052 4052 'created_on': pull_request.created_on,
4053 4053 'updated_on': pull_request.updated_on,
4054 4054 'commit_ids': pull_request.revisions,
4055 4055 'review_status': pull_request.calculated_review_status(),
4056 4056 'mergeable': merge_state,
4057 4057 'source': {
4058 4058 'clone_url': pull_request.source_repo.clone_url(),
4059 4059 'repository': pull_request.source_repo.repo_name,
4060 4060 'reference': {
4061 4061 'name': pull_request.source_ref_parts.name,
4062 4062 'type': pull_request.source_ref_parts.type,
4063 4063 'commit_id': pull_request.source_ref_parts.commit_id,
4064 4064 },
4065 4065 },
4066 4066 'target': {
4067 4067 'clone_url': pull_request.target_repo.clone_url(),
4068 4068 'repository': pull_request.target_repo.repo_name,
4069 4069 'reference': {
4070 4070 'name': pull_request.target_ref_parts.name,
4071 4071 'type': pull_request.target_ref_parts.type,
4072 4072 'commit_id': pull_request.target_ref_parts.commit_id,
4073 4073 },
4074 4074 },
4075 4075 'merge': merge_data,
4076 4076 'author': pull_request.author.get_api_data(include_secrets=False,
4077 4077 details='basic'),
4078 4078 'reviewers': [
4079 4079 {
4080 4080 'user': reviewer.get_api_data(include_secrets=False,
4081 4081 details='basic'),
4082 4082 'reasons': reasons,
4083 4083 'review_status': st[0][1].status if st else 'not_reviewed',
4084 4084 }
4085 4085 for obj, reviewer, reasons, mandatory, st in
4086 4086 pull_request.reviewers_statuses()
4087 4087 ]
4088 4088 }
4089 4089
4090 4090 return data
4091 4091
4092 4092 def set_state(self, pull_request_state, final_state=None):
4093 4093 """
4094 4094 # goes from initial state to updating to initial state.
4095 4095 # initial state can be changed by specifying back_state=
4096 4096 with pull_request_obj.set_state(PullRequest.STATE_UPDATING):
4097 4097 pull_request.merge()
4098 4098
4099 4099 :param pull_request_state:
4100 4100 :param final_state:
4101 4101
4102 4102 """
4103 4103
4104 4104 return _SetState(self, pull_request_state, back_state=final_state)
4105 4105
4106 4106
4107 4107 class PullRequest(Base, _PullRequestBase):
4108 4108 __tablename__ = 'pull_requests'
4109 4109 __table_args__ = (
4110 4110 base_table_args,
4111 4111 )
4112 4112
4113 4113 pull_request_id = Column(
4114 4114 'pull_request_id', Integer(), nullable=False, primary_key=True)
4115 4115
4116 4116 def __repr__(self):
4117 4117 if self.pull_request_id:
4118 4118 return '<DB:PullRequest #%s>' % self.pull_request_id
4119 4119 else:
4120 4120 return '<DB:PullRequest at %#x>' % id(self)
4121 4121
4122 4122 reviewers = relationship('PullRequestReviewers',
4123 4123 cascade="all, delete, delete-orphan")
4124 4124 statuses = relationship('ChangesetStatus',
4125 4125 cascade="all, delete, delete-orphan")
4126 4126 comments = relationship('ChangesetComment',
4127 4127 cascade="all, delete, delete-orphan")
4128 4128 versions = relationship('PullRequestVersion',
4129 4129 cascade="all, delete, delete-orphan",
4130 4130 lazy='dynamic')
4131 4131
4132 4132 @classmethod
4133 4133 def get_pr_display_object(cls, pull_request_obj, org_pull_request_obj,
4134 4134 internal_methods=None):
4135 4135
4136 4136 class PullRequestDisplay(object):
4137 4137 """
4138 4138 Special object wrapper for showing PullRequest data via Versions
4139 4139 It mimics PR object as close as possible. This is read only object
4140 4140 just for display
4141 4141 """
4142 4142
4143 4143 def __init__(self, attrs, internal=None):
4144 4144 self.attrs = attrs
4145 4145 # internal have priority over the given ones via attrs
4146 4146 self.internal = internal or ['versions']
4147 4147
4148 4148 def __getattr__(self, item):
4149 4149 if item in self.internal:
4150 4150 return getattr(self, item)
4151 4151 try:
4152 4152 return self.attrs[item]
4153 4153 except KeyError:
4154 4154 raise AttributeError(
4155 4155 '%s object has no attribute %s' % (self, item))
4156 4156
4157 4157 def __repr__(self):
4158 4158 return '<DB:PullRequestDisplay #%s>' % self.attrs.get('pull_request_id')
4159 4159
4160 4160 def versions(self):
4161 4161 return pull_request_obj.versions.order_by(
4162 4162 PullRequestVersion.pull_request_version_id).all()
4163 4163
4164 4164 def is_closed(self):
4165 4165 return pull_request_obj.is_closed()
4166 4166
4167 4167 @property
4168 4168 def pull_request_version_id(self):
4169 4169 return getattr(pull_request_obj, 'pull_request_version_id', None)
4170 4170
4171 4171 attrs = StrictAttributeDict(pull_request_obj.get_api_data(with_merge_state=False))
4172 4172
4173 4173 attrs.author = StrictAttributeDict(
4174 4174 pull_request_obj.author.get_api_data())
4175 4175 if pull_request_obj.target_repo:
4176 4176 attrs.target_repo = StrictAttributeDict(
4177 4177 pull_request_obj.target_repo.get_api_data())
4178 4178 attrs.target_repo.clone_url = pull_request_obj.target_repo.clone_url
4179 4179
4180 4180 if pull_request_obj.source_repo:
4181 4181 attrs.source_repo = StrictAttributeDict(
4182 4182 pull_request_obj.source_repo.get_api_data())
4183 4183 attrs.source_repo.clone_url = pull_request_obj.source_repo.clone_url
4184 4184
4185 4185 attrs.source_ref_parts = pull_request_obj.source_ref_parts
4186 4186 attrs.target_ref_parts = pull_request_obj.target_ref_parts
4187 4187 attrs.revisions = pull_request_obj.revisions
4188 4188
4189 4189 attrs.shadow_merge_ref = org_pull_request_obj.shadow_merge_ref
4190 4190 attrs.reviewer_data = org_pull_request_obj.reviewer_data
4191 4191 attrs.reviewer_data_json = org_pull_request_obj.reviewer_data_json
4192 4192
4193 4193 return PullRequestDisplay(attrs, internal=internal_methods)
4194 4194
4195 4195 def is_closed(self):
4196 4196 return self.status == self.STATUS_CLOSED
4197 4197
4198 4198 def __json__(self):
4199 4199 return {
4200 4200 'revisions': self.revisions,
4201 4201 }
4202 4202
4203 4203 def calculated_review_status(self):
4204 4204 from rhodecode.model.changeset_status import ChangesetStatusModel
4205 4205 return ChangesetStatusModel().calculated_review_status(self)
4206 4206
4207 4207 def reviewers_statuses(self):
4208 4208 from rhodecode.model.changeset_status import ChangesetStatusModel
4209 4209 return ChangesetStatusModel().reviewers_statuses(self)
4210 4210
4211 4211 @property
4212 4212 def workspace_id(self):
4213 4213 from rhodecode.model.pull_request import PullRequestModel
4214 4214 return PullRequestModel()._workspace_id(self)
4215 4215
4216 4216 def get_shadow_repo(self):
4217 4217 workspace_id = self.workspace_id
4218 4218 shadow_repository_path = self.target_repo.get_shadow_repository_path(workspace_id)
4219 4219 if os.path.isdir(shadow_repository_path):
4220 4220 vcs_obj = self.target_repo.scm_instance()
4221 4221 return vcs_obj.get_shadow_instance(shadow_repository_path)
4222 4222
4223 4223
4224 4224 class PullRequestVersion(Base, _PullRequestBase):
4225 4225 __tablename__ = 'pull_request_versions'
4226 4226 __table_args__ = (
4227 4227 base_table_args,
4228 4228 )
4229 4229
4230 4230 pull_request_version_id = Column(
4231 4231 'pull_request_version_id', Integer(), nullable=False, primary_key=True)
4232 4232 pull_request_id = Column(
4233 4233 'pull_request_id', Integer(),
4234 4234 ForeignKey('pull_requests.pull_request_id'), nullable=False)
4235 4235 pull_request = relationship('PullRequest')
4236 4236
4237 4237 def __repr__(self):
4238 4238 if self.pull_request_version_id:
4239 4239 return '<DB:PullRequestVersion #%s>' % self.pull_request_version_id
4240 4240 else:
4241 4241 return '<DB:PullRequestVersion at %#x>' % id(self)
4242 4242
4243 4243 @property
4244 4244 def reviewers(self):
4245 4245 return self.pull_request.reviewers
4246 4246
4247 4247 @property
4248 4248 def versions(self):
4249 4249 return self.pull_request.versions
4250 4250
4251 4251 def is_closed(self):
4252 4252 # calculate from original
4253 4253 return self.pull_request.status == self.STATUS_CLOSED
4254 4254
4255 4255 def calculated_review_status(self):
4256 4256 return self.pull_request.calculated_review_status()
4257 4257
4258 4258 def reviewers_statuses(self):
4259 4259 return self.pull_request.reviewers_statuses()
4260 4260
4261 4261
4262 4262 class PullRequestReviewers(Base, BaseModel):
4263 4263 __tablename__ = 'pull_request_reviewers'
4264 4264 __table_args__ = (
4265 4265 base_table_args,
4266 4266 )
4267 4267
4268 4268 @hybrid_property
4269 4269 def reasons(self):
4270 4270 if not self._reasons:
4271 4271 return []
4272 4272 return self._reasons
4273 4273
4274 4274 @reasons.setter
4275 4275 def reasons(self, val):
4276 4276 val = val or []
4277 4277 if any(not isinstance(x, compat.string_types) for x in val):
4278 4278 raise Exception('invalid reasons type, must be list of strings')
4279 4279 self._reasons = val
4280 4280
4281 4281 pull_requests_reviewers_id = Column(
4282 4282 'pull_requests_reviewers_id', Integer(), nullable=False,
4283 4283 primary_key=True)
4284 4284 pull_request_id = Column(
4285 4285 "pull_request_id", Integer(),
4286 4286 ForeignKey('pull_requests.pull_request_id'), nullable=False)
4287 4287 user_id = Column(
4288 4288 "user_id", Integer(), ForeignKey('users.user_id'), nullable=True)
4289 4289 _reasons = Column(
4290 4290 'reason', MutationList.as_mutable(
4291 4291 JsonType('list', dialect_map=dict(mysql=UnicodeText(16384)))))
4292 4292
4293 4293 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4294 4294 user = relationship('User')
4295 4295 pull_request = relationship('PullRequest')
4296 4296
4297 4297 rule_data = Column(
4298 4298 'rule_data_json',
4299 4299 JsonType(dialect_map=dict(mysql=UnicodeText(16384))))
4300 4300
4301 4301 def rule_user_group_data(self):
4302 4302 """
4303 4303 Returns the voting user group rule data for this reviewer
4304 4304 """
4305 4305
4306 4306 if self.rule_data and 'vote_rule' in self.rule_data:
4307 4307 user_group_data = {}
4308 4308 if 'rule_user_group_entry_id' in self.rule_data:
4309 4309 # means a group with voting rules !
4310 4310 user_group_data['id'] = self.rule_data['rule_user_group_entry_id']
4311 4311 user_group_data['name'] = self.rule_data['rule_name']
4312 4312 user_group_data['vote_rule'] = self.rule_data['vote_rule']
4313 4313
4314 4314 return user_group_data
4315 4315
4316 4316 def __unicode__(self):
4317 4317 return u"<%s('id:%s')>" % (self.__class__.__name__,
4318 4318 self.pull_requests_reviewers_id)
4319 4319
4320 4320
4321 4321 class Notification(Base, BaseModel):
4322 4322 __tablename__ = 'notifications'
4323 4323 __table_args__ = (
4324 4324 Index('notification_type_idx', 'type'),
4325 4325 base_table_args,
4326 4326 )
4327 4327
4328 4328 TYPE_CHANGESET_COMMENT = u'cs_comment'
4329 4329 TYPE_MESSAGE = u'message'
4330 4330 TYPE_MENTION = u'mention'
4331 4331 TYPE_REGISTRATION = u'registration'
4332 4332 TYPE_PULL_REQUEST = u'pull_request'
4333 4333 TYPE_PULL_REQUEST_COMMENT = u'pull_request_comment'
4334 4334
4335 4335 notification_id = Column('notification_id', Integer(), nullable=False, primary_key=True)
4336 4336 subject = Column('subject', Unicode(512), nullable=True)
4337 4337 body = Column('body', UnicodeText().with_variant(UnicodeText(50000), 'mysql'), nullable=True)
4338 4338 created_by = Column("created_by", Integer(), ForeignKey('users.user_id'), nullable=True)
4339 4339 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
4340 4340 type_ = Column('type', Unicode(255))
4341 4341
4342 4342 created_by_user = relationship('User')
4343 4343 notifications_to_users = relationship('UserNotification', lazy='joined',
4344 4344 cascade="all, delete, delete-orphan")
4345 4345
4346 4346 @property
4347 4347 def recipients(self):
4348 4348 return [x.user for x in UserNotification.query()\
4349 4349 .filter(UserNotification.notification == self)\
4350 4350 .order_by(UserNotification.user_id.asc()).all()]
4351 4351
4352 4352 @classmethod
4353 4353 def create(cls, created_by, subject, body, recipients, type_=None):
4354 4354 if type_ is None:
4355 4355 type_ = Notification.TYPE_MESSAGE
4356 4356
4357 4357 notification = cls()
4358 4358 notification.created_by_user = created_by
4359 4359 notification.subject = subject
4360 4360 notification.body = body
4361 4361 notification.type_ = type_
4362 4362 notification.created_on = datetime.datetime.now()
4363 4363
4364 4364 # For each recipient link the created notification to his account
4365 4365 for u in recipients:
4366 4366 assoc = UserNotification()
4367 4367 assoc.user_id = u.user_id
4368 4368 assoc.notification = notification
4369 4369
4370 4370 # if created_by is inside recipients mark his notification
4371 4371 # as read
4372 4372 if u.user_id == created_by.user_id:
4373 4373 assoc.read = True
4374 4374 Session().add(assoc)
4375 4375
4376 4376 Session().add(notification)
4377 4377
4378 4378 return notification
4379 4379
4380 4380
4381 4381 class UserNotification(Base, BaseModel):
4382 4382 __tablename__ = 'user_to_notification'
4383 4383 __table_args__ = (
4384 4384 UniqueConstraint('user_id', 'notification_id'),
4385 4385 base_table_args
4386 4386 )
4387 4387
4388 4388 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)
4389 4389 notification_id = Column("notification_id", Integer(), ForeignKey('notifications.notification_id'), primary_key=True)
4390 4390 read = Column('read', Boolean, default=False)
4391 4391 sent_on = Column('sent_on', DateTime(timezone=False), nullable=True, unique=None)
4392 4392
4393 4393 user = relationship('User', lazy="joined")
4394 4394 notification = relationship('Notification', lazy="joined",
4395 4395 order_by=lambda: Notification.created_on.desc(),)
4396 4396
4397 4397 def mark_as_read(self):
4398 4398 self.read = True
4399 4399 Session().add(self)
4400 4400
4401 4401
4402 4402 class Gist(Base, BaseModel):
4403 4403 __tablename__ = 'gists'
4404 4404 __table_args__ = (
4405 4405 Index('g_gist_access_id_idx', 'gist_access_id'),
4406 4406 Index('g_created_on_idx', 'created_on'),
4407 4407 base_table_args
4408 4408 )
4409 4409
4410 4410 GIST_PUBLIC = u'public'
4411 4411 GIST_PRIVATE = u'private'
4412 4412 DEFAULT_FILENAME = u'gistfile1.txt'
4413 4413
4414 4414 ACL_LEVEL_PUBLIC = u'acl_public'
4415 4415 ACL_LEVEL_PRIVATE = u'acl_private'
4416 4416
4417 4417 gist_id = Column('gist_id', Integer(), primary_key=True)
4418 4418 gist_access_id = Column('gist_access_id', Unicode(250))
4419 4419 gist_description = Column('gist_description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
4420 4420 gist_owner = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True)
4421 4421 gist_expires = Column('gist_expires', Float(53), nullable=False)
4422 4422 gist_type = Column('gist_type', Unicode(128), nullable=False)
4423 4423 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
4424 4424 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
4425 4425 acl_level = Column('acl_level', Unicode(128), nullable=True)
4426 4426
4427 4427 owner = relationship('User')
4428 4428
4429 4429 def __repr__(self):
4430 4430 return '<Gist:[%s]%s>' % (self.gist_type, self.gist_access_id)
4431 4431
4432 4432 @hybrid_property
4433 4433 def description_safe(self):
4434 4434 from rhodecode.lib import helpers as h
4435 4435 return h.escape(self.gist_description)
4436 4436
4437 4437 @classmethod
4438 4438 def get_or_404(cls, id_):
4439 4439 from pyramid.httpexceptions import HTTPNotFound
4440 4440
4441 4441 res = cls.query().filter(cls.gist_access_id == id_).scalar()
4442 4442 if not res:
4443 4443 raise HTTPNotFound()
4444 4444 return res
4445 4445
4446 4446 @classmethod
4447 4447 def get_by_access_id(cls, gist_access_id):
4448 4448 return cls.query().filter(cls.gist_access_id == gist_access_id).scalar()
4449 4449
4450 4450 def gist_url(self):
4451 4451 from rhodecode.model.gist import GistModel
4452 4452 return GistModel().get_url(self)
4453 4453
4454 4454 @classmethod
4455 4455 def base_path(cls):
4456 4456 """
4457 4457 Returns base path when all gists are stored
4458 4458
4459 4459 :param cls:
4460 4460 """
4461 4461 from rhodecode.model.gist import GIST_STORE_LOC
4462 4462 q = Session().query(RhodeCodeUi)\
4463 4463 .filter(RhodeCodeUi.ui_key == URL_SEP)
4464 4464 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
4465 4465 return os.path.join(q.one().ui_value, GIST_STORE_LOC)
4466 4466
4467 4467 def get_api_data(self):
4468 4468 """
4469 4469 Common function for generating gist related data for API
4470 4470 """
4471 4471 gist = self
4472 4472 data = {
4473 4473 'gist_id': gist.gist_id,
4474 4474 'type': gist.gist_type,
4475 4475 'access_id': gist.gist_access_id,
4476 4476 'description': gist.gist_description,
4477 4477 'url': gist.gist_url(),
4478 4478 'expires': gist.gist_expires,
4479 4479 'created_on': gist.created_on,
4480 4480 'modified_at': gist.modified_at,
4481 4481 'content': None,
4482 4482 'acl_level': gist.acl_level,
4483 4483 }
4484 4484 return data
4485 4485
4486 4486 def __json__(self):
4487 4487 data = dict(
4488 4488 )
4489 4489 data.update(self.get_api_data())
4490 4490 return data
4491 4491 # SCM functions
4492 4492
4493 4493 def scm_instance(self, **kwargs):
4494 4494 """
4495 4495 Get an instance of VCS Repository
4496 4496
4497 4497 :param kwargs:
4498 4498 """
4499 4499 from rhodecode.model.gist import GistModel
4500 4500 full_repo_path = os.path.join(self.base_path(), self.gist_access_id)
4501 4501 return get_vcs_instance(
4502 4502 repo_path=safe_str(full_repo_path), create=False,
4503 4503 _vcs_alias=GistModel.vcs_backend)
4504 4504
4505 4505
4506 4506 class ExternalIdentity(Base, BaseModel):
4507 4507 __tablename__ = 'external_identities'
4508 4508 __table_args__ = (
4509 4509 Index('local_user_id_idx', 'local_user_id'),
4510 4510 Index('external_id_idx', 'external_id'),
4511 4511 base_table_args
4512 4512 )
4513 4513
4514 4514 external_id = Column('external_id', Unicode(255), default=u'', primary_key=True)
4515 4515 external_username = Column('external_username', Unicode(1024), default=u'')
4516 4516 local_user_id = Column('local_user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)
4517 4517 provider_name = Column('provider_name', Unicode(255), default=u'', primary_key=True)
4518 4518 access_token = Column('access_token', String(1024), default=u'')
4519 4519 alt_token = Column('alt_token', String(1024), default=u'')
4520 4520 token_secret = Column('token_secret', String(1024), default=u'')
4521 4521
4522 4522 @classmethod
4523 4523 def by_external_id_and_provider(cls, external_id, provider_name, local_user_id=None):
4524 4524 """
4525 4525 Returns ExternalIdentity instance based on search params
4526 4526
4527 4527 :param external_id:
4528 4528 :param provider_name:
4529 4529 :return: ExternalIdentity
4530 4530 """
4531 4531 query = cls.query()
4532 4532 query = query.filter(cls.external_id == external_id)
4533 4533 query = query.filter(cls.provider_name == provider_name)
4534 4534 if local_user_id:
4535 4535 query = query.filter(cls.local_user_id == local_user_id)
4536 4536 return query.first()
4537 4537
4538 4538 @classmethod
4539 4539 def user_by_external_id_and_provider(cls, external_id, provider_name):
4540 4540 """
4541 4541 Returns User instance based on search params
4542 4542
4543 4543 :param external_id:
4544 4544 :param provider_name:
4545 4545 :return: User
4546 4546 """
4547 4547 query = User.query()
4548 4548 query = query.filter(cls.external_id == external_id)
4549 4549 query = query.filter(cls.provider_name == provider_name)
4550 4550 query = query.filter(User.user_id == cls.local_user_id)
4551 4551 return query.first()
4552 4552
4553 4553 @classmethod
4554 4554 def by_local_user_id(cls, local_user_id):
4555 4555 """
4556 4556 Returns all tokens for user
4557 4557
4558 4558 :param local_user_id:
4559 4559 :return: ExternalIdentity
4560 4560 """
4561 4561 query = cls.query()
4562 4562 query = query.filter(cls.local_user_id == local_user_id)
4563 4563 return query
4564 4564
4565 4565 @classmethod
4566 4566 def load_provider_plugin(cls, plugin_id):
4567 4567 from rhodecode.authentication.base import loadplugin
4568 4568 _plugin_id = 'egg:rhodecode-enterprise-ee#{}'.format(plugin_id)
4569 4569 auth_plugin = loadplugin(_plugin_id)
4570 4570 return auth_plugin
4571 4571
4572 4572
4573 4573 class Integration(Base, BaseModel):
4574 4574 __tablename__ = 'integrations'
4575 4575 __table_args__ = (
4576 4576 base_table_args
4577 4577 )
4578 4578
4579 4579 integration_id = Column('integration_id', Integer(), primary_key=True)
4580 4580 integration_type = Column('integration_type', String(255))
4581 4581 enabled = Column('enabled', Boolean(), nullable=False)
4582 4582 name = Column('name', String(255), nullable=False)
4583 4583 child_repos_only = Column('child_repos_only', Boolean(), nullable=False,
4584 4584 default=False)
4585 4585
4586 4586 settings = Column(
4587 4587 'settings_json', MutationObj.as_mutable(
4588 4588 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
4589 4589 repo_id = Column(
4590 4590 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
4591 4591 nullable=True, unique=None, default=None)
4592 4592 repo = relationship('Repository', lazy='joined')
4593 4593
4594 4594 repo_group_id = Column(
4595 4595 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
4596 4596 nullable=True, unique=None, default=None)
4597 4597 repo_group = relationship('RepoGroup', lazy='joined')
4598 4598
4599 4599 @property
4600 4600 def scope(self):
4601 4601 if self.repo:
4602 4602 return repr(self.repo)
4603 4603 if self.repo_group:
4604 4604 if self.child_repos_only:
4605 4605 return repr(self.repo_group) + ' (child repos only)'
4606 4606 else:
4607 4607 return repr(self.repo_group) + ' (recursive)'
4608 4608 if self.child_repos_only:
4609 4609 return 'root_repos'
4610 4610 return 'global'
4611 4611
4612 4612 def __repr__(self):
4613 4613 return '<Integration(%r, %r)>' % (self.integration_type, self.scope)
4614 4614
4615 4615
4616 4616 class RepoReviewRuleUser(Base, BaseModel):
4617 4617 __tablename__ = 'repo_review_rules_users'
4618 4618 __table_args__ = (
4619 4619 base_table_args
4620 4620 )
4621 4621
4622 4622 repo_review_rule_user_id = Column('repo_review_rule_user_id', Integer(), primary_key=True)
4623 4623 repo_review_rule_id = Column("repo_review_rule_id", Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
4624 4624 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False)
4625 4625 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4626 4626 user = relationship('User')
4627 4627
4628 4628 def rule_data(self):
4629 4629 return {
4630 4630 'mandatory': self.mandatory
4631 4631 }
4632 4632
4633 4633
4634 4634 class RepoReviewRuleUserGroup(Base, BaseModel):
4635 4635 __tablename__ = 'repo_review_rules_users_groups'
4636 4636 __table_args__ = (
4637 4637 base_table_args
4638 4638 )
4639 4639
4640 4640 VOTE_RULE_ALL = -1
4641 4641
4642 4642 repo_review_rule_users_group_id = Column('repo_review_rule_users_group_id', Integer(), primary_key=True)
4643 4643 repo_review_rule_id = Column("repo_review_rule_id", Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
4644 4644 users_group_id = Column("users_group_id", Integer(),ForeignKey('users_groups.users_group_id'), nullable=False)
4645 4645 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4646 4646 vote_rule = Column("vote_rule", Integer(), nullable=True, default=VOTE_RULE_ALL)
4647 4647 users_group = relationship('UserGroup')
4648 4648
4649 4649 def rule_data(self):
4650 4650 return {
4651 4651 'mandatory': self.mandatory,
4652 4652 'vote_rule': self.vote_rule
4653 4653 }
4654 4654
4655 4655 @property
4656 4656 def vote_rule_label(self):
4657 4657 if not self.vote_rule or self.vote_rule == self.VOTE_RULE_ALL:
4658 4658 return 'all must vote'
4659 4659 else:
4660 4660 return 'min. vote {}'.format(self.vote_rule)
4661 4661
4662 4662
4663 4663 class RepoReviewRule(Base, BaseModel):
4664 4664 __tablename__ = 'repo_review_rules'
4665 4665 __table_args__ = (
4666 4666 base_table_args
4667 4667 )
4668 4668
4669 4669 repo_review_rule_id = Column(
4670 4670 'repo_review_rule_id', Integer(), primary_key=True)
4671 4671 repo_id = Column(
4672 4672 "repo_id", Integer(), ForeignKey('repositories.repo_id'))
4673 4673 repo = relationship('Repository', backref='review_rules')
4674 4674
4675 4675 review_rule_name = Column('review_rule_name', String(255))
4676 4676 _branch_pattern = Column("branch_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4677 4677 _target_branch_pattern = Column("target_branch_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4678 4678 _file_pattern = Column("file_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4679 4679
4680 4680 use_authors_for_review = Column("use_authors_for_review", Boolean(), nullable=False, default=False)
4681 4681 forbid_author_to_review = Column("forbid_author_to_review", Boolean(), nullable=False, default=False)
4682 4682 forbid_commit_author_to_review = Column("forbid_commit_author_to_review", Boolean(), nullable=False, default=False)
4683 4683 forbid_adding_reviewers = Column("forbid_adding_reviewers", Boolean(), nullable=False, default=False)
4684 4684
4685 4685 rule_users = relationship('RepoReviewRuleUser')
4686 4686 rule_user_groups = relationship('RepoReviewRuleUserGroup')
4687 4687
4688 4688 def _validate_pattern(self, value):
4689 4689 re.compile('^' + glob2re(value) + '$')
4690 4690
4691 4691 @hybrid_property
4692 4692 def source_branch_pattern(self):
4693 4693 return self._branch_pattern or '*'
4694 4694
4695 4695 @source_branch_pattern.setter
4696 4696 def source_branch_pattern(self, value):
4697 4697 self._validate_pattern(value)
4698 4698 self._branch_pattern = value or '*'
4699 4699
4700 4700 @hybrid_property
4701 4701 def target_branch_pattern(self):
4702 4702 return self._target_branch_pattern or '*'
4703 4703
4704 4704 @target_branch_pattern.setter
4705 4705 def target_branch_pattern(self, value):
4706 4706 self._validate_pattern(value)
4707 4707 self._target_branch_pattern = value or '*'
4708 4708
4709 4709 @hybrid_property
4710 4710 def file_pattern(self):
4711 4711 return self._file_pattern or '*'
4712 4712
4713 4713 @file_pattern.setter
4714 4714 def file_pattern(self, value):
4715 4715 self._validate_pattern(value)
4716 4716 self._file_pattern = value or '*'
4717 4717
4718 4718 def matches(self, source_branch, target_branch, files_changed):
4719 4719 """
4720 4720 Check if this review rule matches a branch/files in a pull request
4721 4721
4722 4722 :param source_branch: source branch name for the commit
4723 4723 :param target_branch: target branch name for the commit
4724 4724 :param files_changed: list of file paths changed in the pull request
4725 4725 """
4726 4726
4727 4727 source_branch = source_branch or ''
4728 4728 target_branch = target_branch or ''
4729 4729 files_changed = files_changed or []
4730 4730
4731 4731 branch_matches = True
4732 4732 if source_branch or target_branch:
4733 4733 if self.source_branch_pattern == '*':
4734 4734 source_branch_match = True
4735 4735 else:
4736 4736 if self.source_branch_pattern.startswith('re:'):
4737 4737 source_pattern = self.source_branch_pattern[3:]
4738 4738 else:
4739 4739 source_pattern = '^' + glob2re(self.source_branch_pattern) + '$'
4740 4740 source_branch_regex = re.compile(source_pattern)
4741 4741 source_branch_match = bool(source_branch_regex.search(source_branch))
4742 4742 if self.target_branch_pattern == '*':
4743 4743 target_branch_match = True
4744 4744 else:
4745 4745 if self.target_branch_pattern.startswith('re:'):
4746 4746 target_pattern = self.target_branch_pattern[3:]
4747 4747 else:
4748 4748 target_pattern = '^' + glob2re(self.target_branch_pattern) + '$'
4749 4749 target_branch_regex = re.compile(target_pattern)
4750 4750 target_branch_match = bool(target_branch_regex.search(target_branch))
4751 4751
4752 4752 branch_matches = source_branch_match and target_branch_match
4753 4753
4754 4754 files_matches = True
4755 4755 if self.file_pattern != '*':
4756 4756 files_matches = False
4757 4757 if self.file_pattern.startswith('re:'):
4758 4758 file_pattern = self.file_pattern[3:]
4759 4759 else:
4760 4760 file_pattern = glob2re(self.file_pattern)
4761 4761 file_regex = re.compile(file_pattern)
4762 4762 for filename in files_changed:
4763 4763 if file_regex.search(filename):
4764 4764 files_matches = True
4765 4765 break
4766 4766
4767 4767 return branch_matches and files_matches
4768 4768
4769 4769 @property
4770 4770 def review_users(self):
4771 4771 """ Returns the users which this rule applies to """
4772 4772
4773 4773 users = collections.OrderedDict()
4774 4774
4775 4775 for rule_user in self.rule_users:
4776 4776 if rule_user.user.active:
4777 4777 if rule_user.user not in users:
4778 4778 users[rule_user.user.username] = {
4779 4779 'user': rule_user.user,
4780 4780 'source': 'user',
4781 4781 'source_data': {},
4782 4782 'data': rule_user.rule_data()
4783 4783 }
4784 4784
4785 4785 for rule_user_group in self.rule_user_groups:
4786 4786 source_data = {
4787 4787 'user_group_id': rule_user_group.users_group.users_group_id,
4788 4788 'name': rule_user_group.users_group.users_group_name,
4789 4789 'members': len(rule_user_group.users_group.members)
4790 4790 }
4791 4791 for member in rule_user_group.users_group.members:
4792 4792 if member.user.active:
4793 4793 key = member.user.username
4794 4794 if key in users:
4795 4795 # skip this member as we have him already
4796 4796 # this prevents from override the "first" matched
4797 4797 # users with duplicates in multiple groups
4798 4798 continue
4799 4799
4800 4800 users[key] = {
4801 4801 'user': member.user,
4802 4802 'source': 'user_group',
4803 4803 'source_data': source_data,
4804 4804 'data': rule_user_group.rule_data()
4805 4805 }
4806 4806
4807 4807 return users
4808 4808
4809 4809 def user_group_vote_rule(self, user_id):
4810 4810
4811 4811 rules = []
4812 4812 if not self.rule_user_groups:
4813 4813 return rules
4814 4814
4815 4815 for user_group in self.rule_user_groups:
4816 4816 user_group_members = [x.user_id for x in user_group.users_group.members]
4817 4817 if user_id in user_group_members:
4818 4818 rules.append(user_group)
4819 4819 return rules
4820 4820
4821 4821 def __repr__(self):
4822 4822 return '<RepoReviewerRule(id=%r, repo=%r)>' % (
4823 4823 self.repo_review_rule_id, self.repo)
4824 4824
4825 4825
4826 4826 class ScheduleEntry(Base, BaseModel):
4827 4827 __tablename__ = 'schedule_entries'
4828 4828 __table_args__ = (
4829 4829 UniqueConstraint('schedule_name', name='s_schedule_name_idx'),
4830 4830 UniqueConstraint('task_uid', name='s_task_uid_idx'),
4831 4831 base_table_args,
4832 4832 )
4833 4833
4834 4834 schedule_types = ['crontab', 'timedelta', 'integer']
4835 4835 schedule_entry_id = Column('schedule_entry_id', Integer(), primary_key=True)
4836 4836
4837 4837 schedule_name = Column("schedule_name", String(255), nullable=False, unique=None, default=None)
4838 4838 schedule_description = Column("schedule_description", String(10000), nullable=True, unique=None, default=None)
4839 4839 schedule_enabled = Column("schedule_enabled", Boolean(), nullable=False, unique=None, default=True)
4840 4840
4841 4841 _schedule_type = Column("schedule_type", String(255), nullable=False, unique=None, default=None)
4842 4842 schedule_definition = Column('schedule_definition_json', MutationObj.as_mutable(JsonType(default=lambda: "", dialect_map=dict(mysql=LONGTEXT()))))
4843 4843
4844 4844 schedule_last_run = Column('schedule_last_run', DateTime(timezone=False), nullable=True, unique=None, default=None)
4845 4845 schedule_total_run_count = Column('schedule_total_run_count', Integer(), nullable=True, unique=None, default=0)
4846 4846
4847 4847 # task
4848 4848 task_uid = Column("task_uid", String(255), nullable=False, unique=None, default=None)
4849 4849 task_dot_notation = Column("task_dot_notation", String(4096), nullable=False, unique=None, default=None)
4850 4850 task_args = Column('task_args_json', MutationObj.as_mutable(JsonType(default=list, dialect_map=dict(mysql=LONGTEXT()))))
4851 4851 task_kwargs = Column('task_kwargs_json', MutationObj.as_mutable(JsonType(default=dict, dialect_map=dict(mysql=LONGTEXT()))))
4852 4852
4853 4853 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
4854 4854 updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=None)
4855 4855
4856 4856 @hybrid_property
4857 4857 def schedule_type(self):
4858 4858 return self._schedule_type
4859 4859
4860 4860 @schedule_type.setter
4861 4861 def schedule_type(self, val):
4862 4862 if val not in self.schedule_types:
4863 4863 raise ValueError('Value must be on of `{}` and got `{}`'.format(
4864 4864 val, self.schedule_type))
4865 4865
4866 4866 self._schedule_type = val
4867 4867
4868 4868 @classmethod
4869 4869 def get_uid(cls, obj):
4870 4870 args = obj.task_args
4871 4871 kwargs = obj.task_kwargs
4872 4872 if isinstance(args, JsonRaw):
4873 4873 try:
4874 4874 args = json.loads(args)
4875 4875 except ValueError:
4876 4876 args = tuple()
4877 4877
4878 4878 if isinstance(kwargs, JsonRaw):
4879 4879 try:
4880 4880 kwargs = json.loads(kwargs)
4881 4881 except ValueError:
4882 4882 kwargs = dict()
4883 4883
4884 4884 dot_notation = obj.task_dot_notation
4885 4885 val = '.'.join(map(safe_str, [
4886 4886 sorted(dot_notation), args, sorted(kwargs.items())]))
4887 4887 return hashlib.sha1(val).hexdigest()
4888 4888
4889 4889 @classmethod
4890 4890 def get_by_schedule_name(cls, schedule_name):
4891 4891 return cls.query().filter(cls.schedule_name == schedule_name).scalar()
4892 4892
4893 4893 @classmethod
4894 4894 def get_by_schedule_id(cls, schedule_id):
4895 4895 return cls.query().filter(cls.schedule_entry_id == schedule_id).scalar()
4896 4896
4897 4897 @property
4898 4898 def task(self):
4899 4899 return self.task_dot_notation
4900 4900
4901 4901 @property
4902 4902 def schedule(self):
4903 4903 from rhodecode.lib.celerylib.utils import raw_2_schedule
4904 4904 schedule = raw_2_schedule(self.schedule_definition, self.schedule_type)
4905 4905 return schedule
4906 4906
4907 4907 @property
4908 4908 def args(self):
4909 4909 try:
4910 4910 return list(self.task_args or [])
4911 4911 except ValueError:
4912 4912 return list()
4913 4913
4914 4914 @property
4915 4915 def kwargs(self):
4916 4916 try:
4917 4917 return dict(self.task_kwargs or {})
4918 4918 except ValueError:
4919 4919 return dict()
4920 4920
4921 4921 def _as_raw(self, val):
4922 4922 if hasattr(val, 'de_coerce'):
4923 4923 val = val.de_coerce()
4924 4924 if val:
4925 4925 val = json.dumps(val)
4926 4926
4927 4927 return val
4928 4928
4929 4929 @property
4930 4930 def schedule_definition_raw(self):
4931 4931 return self._as_raw(self.schedule_definition)
4932 4932
4933 4933 @property
4934 4934 def args_raw(self):
4935 4935 return self._as_raw(self.task_args)
4936 4936
4937 4937 @property
4938 4938 def kwargs_raw(self):
4939 4939 return self._as_raw(self.task_kwargs)
4940 4940
4941 4941 def __repr__(self):
4942 4942 return '<DB:ScheduleEntry({}:{})>'.format(
4943 4943 self.schedule_entry_id, self.schedule_name)
4944 4944
4945 4945
4946 4946 @event.listens_for(ScheduleEntry, 'before_update')
4947 4947 def update_task_uid(mapper, connection, target):
4948 4948 target.task_uid = ScheduleEntry.get_uid(target)
4949 4949
4950 4950
4951 4951 @event.listens_for(ScheduleEntry, 'before_insert')
4952 4952 def set_task_uid(mapper, connection, target):
4953 4953 target.task_uid = ScheduleEntry.get_uid(target)
4954 4954
4955 4955
4956 4956 class _BaseBranchPerms(BaseModel):
4957 4957 @classmethod
4958 4958 def compute_hash(cls, value):
4959 4959 return sha1_safe(value)
4960 4960
4961 4961 @hybrid_property
4962 4962 def branch_pattern(self):
4963 4963 return self._branch_pattern or '*'
4964 4964
4965 4965 @hybrid_property
4966 4966 def branch_hash(self):
4967 4967 return self._branch_hash
4968 4968
4969 4969 def _validate_glob(self, value):
4970 4970 re.compile('^' + glob2re(value) + '$')
4971 4971
4972 4972 @branch_pattern.setter
4973 4973 def branch_pattern(self, value):
4974 4974 self._validate_glob(value)
4975 4975 self._branch_pattern = value or '*'
4976 4976 # set the Hash when setting the branch pattern
4977 4977 self._branch_hash = self.compute_hash(self._branch_pattern)
4978 4978
4979 4979 def matches(self, branch):
4980 4980 """
4981 4981 Check if this the branch matches entry
4982 4982
4983 4983 :param branch: branch name for the commit
4984 4984 """
4985 4985
4986 4986 branch = branch or ''
4987 4987
4988 4988 branch_matches = True
4989 4989 if branch:
4990 4990 branch_regex = re.compile('^' + glob2re(self.branch_pattern) + '$')
4991 4991 branch_matches = bool(branch_regex.search(branch))
4992 4992
4993 4993 return branch_matches
4994 4994
4995 4995
4996 4996 class UserToRepoBranchPermission(Base, _BaseBranchPerms):
4997 4997 __tablename__ = 'user_to_repo_branch_permissions'
4998 4998 __table_args__ = (
4999 4999 {'extend_existing': True, 'mysql_engine': 'InnoDB',
5000 5000 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
5001 5001 )
5002 5002
5003 5003 branch_rule_id = Column('branch_rule_id', Integer(), primary_key=True)
5004 5004
5005 5005 repository_id = Column('repository_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
5006 5006 repo = relationship('Repository', backref='user_branch_perms')
5007 5007
5008 5008 permission_id = Column('permission_id', Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
5009 5009 permission = relationship('Permission')
5010 5010
5011 5011 rule_to_perm_id = Column('rule_to_perm_id', Integer(), ForeignKey('repo_to_perm.repo_to_perm_id'), nullable=False, unique=None, default=None)
5012 5012 user_repo_to_perm = relationship('UserRepoToPerm')
5013 5013
5014 5014 rule_order = Column('rule_order', Integer(), nullable=False)
5015 5015 _branch_pattern = Column('branch_pattern', UnicodeText().with_variant(UnicodeText(2048), 'mysql'), default=u'*') # glob
5016 5016 _branch_hash = Column('branch_hash', UnicodeText().with_variant(UnicodeText(2048), 'mysql'))
5017 5017
5018 5018 def __unicode__(self):
5019 5019 return u'<UserBranchPermission(%s => %r)>' % (
5020 5020 self.user_repo_to_perm, self.branch_pattern)
5021 5021
5022 5022
5023 5023 class UserGroupToRepoBranchPermission(Base, _BaseBranchPerms):
5024 5024 __tablename__ = 'user_group_to_repo_branch_permissions'
5025 5025 __table_args__ = (
5026 5026 {'extend_existing': True, 'mysql_engine': 'InnoDB',
5027 5027 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
5028 5028 )
5029 5029
5030 5030 branch_rule_id = Column('branch_rule_id', Integer(), primary_key=True)
5031 5031
5032 5032 repository_id = Column('repository_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
5033 5033 repo = relationship('Repository', backref='user_group_branch_perms')
5034 5034
5035 5035 permission_id = Column('permission_id', Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
5036 5036 permission = relationship('Permission')
5037 5037
5038 5038 rule_to_perm_id = Column('rule_to_perm_id', Integer(), ForeignKey('users_group_repo_to_perm.users_group_to_perm_id'), nullable=False, unique=None, default=None)
5039 5039 user_group_repo_to_perm = relationship('UserGroupRepoToPerm')
5040 5040
5041 5041 rule_order = Column('rule_order', Integer(), nullable=False)
5042 5042 _branch_pattern = Column('branch_pattern', UnicodeText().with_variant(UnicodeText(2048), 'mysql'), default=u'*') # glob
5043 5043 _branch_hash = Column('branch_hash', UnicodeText().with_variant(UnicodeText(2048), 'mysql'))
5044 5044
5045 5045 def __unicode__(self):
5046 5046 return u'<UserBranchPermission(%s => %r)>' % (
5047 5047 self.user_group_repo_to_perm, self.branch_pattern)
5048 5048
5049 5049
5050 5050 class UserBookmark(Base, BaseModel):
5051 5051 __tablename__ = 'user_bookmarks'
5052 5052 __table_args__ = (
5053 5053 UniqueConstraint('user_id', 'bookmark_repo_id'),
5054 5054 UniqueConstraint('user_id', 'bookmark_repo_group_id'),
5055 5055 UniqueConstraint('user_id', 'bookmark_position'),
5056 5056 base_table_args
5057 5057 )
5058 5058
5059 5059 user_bookmark_id = Column("user_bookmark_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
5060 5060 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
5061 5061 position = Column("bookmark_position", Integer(), nullable=False)
5062 5062 title = Column("bookmark_title", String(255), nullable=True, unique=None, default=None)
5063 5063 redirect_url = Column("bookmark_redirect_url", String(10240), nullable=True, unique=None, default=None)
5064 5064 created_on = Column("created_on", DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
5065 5065
5066 5066 bookmark_repo_id = Column("bookmark_repo_id", Integer(), ForeignKey("repositories.repo_id"), nullable=True, unique=None, default=None)
5067 5067 bookmark_repo_group_id = Column("bookmark_repo_group_id", Integer(), ForeignKey("groups.group_id"), nullable=True, unique=None, default=None)
5068 5068
5069 5069 user = relationship("User")
5070 5070
5071 5071 repository = relationship("Repository")
5072 5072 repository_group = relationship("RepoGroup")
5073 5073
5074 5074 @classmethod
5075 5075 def get_by_position_for_user(cls, position, user_id):
5076 5076 return cls.query() \
5077 5077 .filter(UserBookmark.user_id == user_id) \
5078 5078 .filter(UserBookmark.position == position).scalar()
5079 5079
5080 5080 @classmethod
5081 5081 def get_bookmarks_for_user(cls, user_id):
5082 5082 return cls.query() \
5083 5083 .filter(UserBookmark.user_id == user_id) \
5084 5084 .options(joinedload(UserBookmark.repository)) \
5085 5085 .options(joinedload(UserBookmark.repository_group)) \
5086 5086 .order_by(UserBookmark.position.asc()) \
5087 5087 .all()
5088 5088
5089 5089 def __unicode__(self):
5090 5090 return u'<UserBookmark(%d @ %r)>' % (self.position, self.redirect_url)
5091 5091
5092 5092
5093 5093 class FileStore(Base, BaseModel):
5094 5094 __tablename__ = 'file_store'
5095 5095 __table_args__ = (
5096 5096 base_table_args
5097 5097 )
5098 5098
5099 5099 file_store_id = Column('file_store_id', Integer(), primary_key=True)
5100 5100 file_uid = Column('file_uid', String(1024), nullable=False)
5101 5101 file_display_name = Column('file_display_name', UnicodeText().with_variant(UnicodeText(2048), 'mysql'), nullable=True)
5102 5102 file_description = Column('file_description', UnicodeText().with_variant(UnicodeText(10240), 'mysql'), nullable=True)
5103 5103 file_org_name = Column('file_org_name', UnicodeText().with_variant(UnicodeText(10240), 'mysql'), nullable=False)
5104 5104
5105 5105 # sha256 hash
5106 5106 file_hash = Column('file_hash', String(512), nullable=False)
5107 5107 file_size = Column('file_size', Integer(), nullable=False)
5108 5108
5109 5109 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
5110 5110 accessed_on = Column('accessed_on', DateTime(timezone=False), nullable=True)
5111 5111 accessed_count = Column('accessed_count', Integer(), default=0)
5112 5112
5113 5113 enabled = Column('enabled', Boolean(), nullable=False, default=True)
5114 5114
5115 5115 # if repo/repo_group reference is set, check for permissions
5116 5116 check_acl = Column('check_acl', Boolean(), nullable=False, default=True)
5117 5117
5118 5118 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)
5119 5119 upload_user = relationship('User', lazy='joined', primaryjoin='User.user_id==FileStore.user_id')
5120 5120
5121 5121 # scope limited to user, which requester have access to
5122 5122 scope_user_id = Column(
5123 5123 'scope_user_id', Integer(), ForeignKey('users.user_id'),
5124 5124 nullable=True, unique=None, default=None)
5125 5125 user = relationship('User', lazy='joined', primaryjoin='User.user_id==FileStore.scope_user_id')
5126 5126
5127 5127 # scope limited to user group, which requester have access to
5128 5128 scope_user_group_id = Column(
5129 5129 'scope_user_group_id', Integer(), ForeignKey('users_groups.users_group_id'),
5130 5130 nullable=True, unique=None, default=None)
5131 5131 user_group = relationship('UserGroup', lazy='joined')
5132 5132
5133 5133 # scope limited to repo, which requester have access to
5134 5134 scope_repo_id = Column(
5135 5135 'scope_repo_id', Integer(), ForeignKey('repositories.repo_id'),
5136 5136 nullable=True, unique=None, default=None)
5137 5137 repo = relationship('Repository', lazy='joined')
5138 5138
5139 5139 # scope limited to repo group, which requester have access to
5140 5140 scope_repo_group_id = Column(
5141 5141 'scope_repo_group_id', Integer(), ForeignKey('groups.group_id'),
5142 5142 nullable=True, unique=None, default=None)
5143 5143 repo_group = relationship('RepoGroup', lazy='joined')
5144 5144
5145 5145 @classmethod
5146 5146 def create(cls, file_uid, filename, file_hash, file_size, file_display_name='',
5147 5147 file_description='', enabled=True, check_acl=True, user_id=None,
5148 5148 scope_user_id=None, scope_repo_id=None, scope_repo_group_id=None):
5149 5149
5150 5150 store_entry = FileStore()
5151 5151 store_entry.file_uid = file_uid
5152 5152 store_entry.file_display_name = file_display_name
5153 5153 store_entry.file_org_name = filename
5154 5154 store_entry.file_size = file_size
5155 5155 store_entry.file_hash = file_hash
5156 5156 store_entry.file_description = file_description
5157 5157
5158 5158 store_entry.check_acl = check_acl
5159 5159 store_entry.enabled = enabled
5160 5160
5161 5161 store_entry.user_id = user_id
5162 5162 store_entry.scope_user_id = scope_user_id
5163 5163 store_entry.scope_repo_id = scope_repo_id
5164 5164 store_entry.scope_repo_group_id = scope_repo_group_id
5165 5165 return store_entry
5166 5166
5167 5167 @classmethod
5168 5168 def bump_access_counter(cls, file_uid, commit=True):
5169 5169 FileStore().query()\
5170 5170 .filter(FileStore.file_uid == file_uid)\
5171 5171 .update({FileStore.accessed_count: (FileStore.accessed_count + 1),
5172 5172 FileStore.accessed_on: datetime.datetime.now()})
5173 5173 if commit:
5174 5174 Session().commit()
5175 5175
5176 5176 def __repr__(self):
5177 5177 return '<FileStore({})>'.format(self.file_store_id)
5178 5178
5179 5179
5180 5180 class DbMigrateVersion(Base, BaseModel):
5181 5181 __tablename__ = 'db_migrate_version'
5182 5182 __table_args__ = (
5183 5183 base_table_args,
5184 5184 )
5185 5185
5186 5186 repository_id = Column('repository_id', String(250), primary_key=True)
5187 5187 repository_path = Column('repository_path', Text)
5188 5188 version = Column('version', Integer)
5189 5189
5190 5190 @classmethod
5191 5191 def set_version(cls, version):
5192 5192 """
5193 5193 Helper for forcing a different version, usually for debugging purposes via ishell.
5194 5194 """
5195 5195 ver = DbMigrateVersion.query().first()
5196 5196 ver.version = version
5197 5197 Session().commit()
5198 5198
5199 5199
5200 5200 class DbSession(Base, BaseModel):
5201 5201 __tablename__ = 'db_session'
5202 5202 __table_args__ = (
5203 5203 base_table_args,
5204 5204 )
5205 5205
5206 5206 def __repr__(self):
5207 5207 return '<DB:DbSession({})>'.format(self.id)
5208 5208
5209 5209 id = Column('id', Integer())
5210 5210 namespace = Column('namespace', String(255), primary_key=True)
5211 5211 accessed = Column('accessed', DateTime, nullable=False)
5212 5212 created = Column('created', DateTime, nullable=False)
5213 5213 data = Column('data', PickleType, nullable=False)
@@ -1,942 +1,942 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2019 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 users model for RhodeCode
23 23 """
24 24
25 25 import logging
26 26 import traceback
27 27 import datetime
28 28 import ipaddress
29 29
30 30 from pyramid.threadlocal import get_current_request
31 31 from sqlalchemy.exc import DatabaseError
32 32
33 33 from rhodecode import events
34 34 from rhodecode.lib.user_log_filter import user_log_filter
35 35 from rhodecode.lib.utils2 import (
36 36 safe_unicode, get_current_rhodecode_user, action_logger_generic,
37 37 AttributeDict, str2bool)
38 38 from rhodecode.lib.exceptions import (
39 39 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
40 40 UserOwnsUserGroupsException, NotAllowedToCreateUserError)
41 41 from rhodecode.lib.caching_query import FromCache
42 42 from rhodecode.model import BaseModel
43 43 from rhodecode.model.auth_token import AuthTokenModel
44 44 from rhodecode.model.db import (
45 45 _hash_key, true, false, or_, joinedload, User, UserToPerm,
46 46 UserEmailMap, UserIpMap, UserLog)
47 47 from rhodecode.model.meta import Session
48 48 from rhodecode.model.repo_group import RepoGroupModel
49 49
50 50
51 51 log = logging.getLogger(__name__)
52 52
53 53
54 54 class UserModel(BaseModel):
55 55 cls = User
56 56
57 57 def get(self, user_id, cache=False):
58 58 user = self.sa.query(User)
59 59 if cache:
60 60 user = user.options(
61 61 FromCache("sql_cache_short", "get_user_%s" % user_id))
62 62 return user.get(user_id)
63 63
64 64 def get_user(self, user):
65 65 return self._get_user(user)
66 66
67 67 def _serialize_user(self, user):
68 68 import rhodecode.lib.helpers as h
69 69
70 70 return {
71 71 'id': user.user_id,
72 72 'first_name': user.first_name,
73 73 'last_name': user.last_name,
74 74 'username': user.username,
75 75 'email': user.email,
76 76 'icon_link': h.gravatar_url(user.email, 30),
77 77 'profile_link': h.link_to_user(user),
78 78 'value_display': h.escape(h.person(user)),
79 79 'value': user.username,
80 80 'value_type': 'user',
81 81 'active': user.active,
82 82 }
83 83
84 84 def get_users(self, name_contains=None, limit=20, only_active=True):
85 85
86 86 query = self.sa.query(User)
87 87 if only_active:
88 88 query = query.filter(User.active == true())
89 89
90 90 if name_contains:
91 91 ilike_expression = u'%{}%'.format(safe_unicode(name_contains))
92 92 query = query.filter(
93 93 or_(
94 94 User.name.ilike(ilike_expression),
95 95 User.lastname.ilike(ilike_expression),
96 96 User.username.ilike(ilike_expression)
97 97 )
98 98 )
99 99 query = query.limit(limit)
100 100 users = query.all()
101 101
102 102 _users = [
103 103 self._serialize_user(user) for user in users
104 104 ]
105 105 return _users
106 106
107 107 def get_by_username(self, username, cache=False, case_insensitive=False):
108 108
109 109 if case_insensitive:
110 110 user = self.sa.query(User).filter(User.username.ilike(username))
111 111 else:
112 112 user = self.sa.query(User)\
113 113 .filter(User.username == username)
114 114 if cache:
115 115 name_key = _hash_key(username)
116 116 user = user.options(
117 117 FromCache("sql_cache_short", "get_user_%s" % name_key))
118 118 return user.scalar()
119 119
120 120 def get_by_email(self, email, cache=False, case_insensitive=False):
121 121 return User.get_by_email(email, case_insensitive, cache)
122 122
123 123 def get_by_auth_token(self, auth_token, cache=False):
124 124 return User.get_by_auth_token(auth_token, cache)
125 125
126 126 def get_active_user_count(self, cache=False):
127 127 qry = User.query().filter(
128 128 User.active == true()).filter(
129 129 User.username != User.DEFAULT_USER)
130 130 if cache:
131 131 qry = qry.options(
132 132 FromCache("sql_cache_short", "get_active_users"))
133 133 return qry.count()
134 134
135 135 def create(self, form_data, cur_user=None):
136 136 if not cur_user:
137 137 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
138 138
139 139 user_data = {
140 140 'username': form_data['username'],
141 141 'password': form_data['password'],
142 142 'email': form_data['email'],
143 143 'firstname': form_data['firstname'],
144 144 'lastname': form_data['lastname'],
145 145 'active': form_data['active'],
146 146 'extern_type': form_data['extern_type'],
147 147 'extern_name': form_data['extern_name'],
148 148 'admin': False,
149 149 'cur_user': cur_user
150 150 }
151 151
152 152 if 'create_repo_group' in form_data:
153 153 user_data['create_repo_group'] = str2bool(
154 154 form_data.get('create_repo_group'))
155 155
156 156 try:
157 157 if form_data.get('password_change'):
158 158 user_data['force_password_change'] = True
159 159 return UserModel().create_or_update(**user_data)
160 160 except Exception:
161 161 log.error(traceback.format_exc())
162 162 raise
163 163
164 164 def update_user(self, user, skip_attrs=None, **kwargs):
165 165 from rhodecode.lib.auth import get_crypt_password
166 166
167 167 user = self._get_user(user)
168 168 if user.username == User.DEFAULT_USER:
169 169 raise DefaultUserException(
170 170 "You can't edit this user (`%(username)s`) since it's "
171 171 "crucial for entire application" % {
172 172 'username': user.username})
173 173
174 174 # first store only defaults
175 175 user_attrs = {
176 176 'updating_user_id': user.user_id,
177 177 'username': user.username,
178 178 'password': user.password,
179 179 'email': user.email,
180 180 'firstname': user.name,
181 181 'lastname': user.lastname,
182 182 'active': user.active,
183 183 'admin': user.admin,
184 184 'extern_name': user.extern_name,
185 185 'extern_type': user.extern_type,
186 186 'language': user.user_data.get('language')
187 187 }
188 188
189 189 # in case there's new_password, that comes from form, use it to
190 190 # store password
191 191 if kwargs.get('new_password'):
192 192 kwargs['password'] = kwargs['new_password']
193 193
194 194 # cleanups, my_account password change form
195 195 kwargs.pop('current_password', None)
196 196 kwargs.pop('new_password', None)
197 197
198 198 # cleanups, user edit password change form
199 199 kwargs.pop('password_confirmation', None)
200 200 kwargs.pop('password_change', None)
201 201
202 202 # create repo group on user creation
203 203 kwargs.pop('create_repo_group', None)
204 204
205 205 # legacy forms send name, which is the firstname
206 206 firstname = kwargs.pop('name', None)
207 207 if firstname:
208 208 kwargs['firstname'] = firstname
209 209
210 210 for k, v in kwargs.items():
211 211 # skip if we don't want to update this
212 212 if skip_attrs and k in skip_attrs:
213 213 continue
214 214
215 215 user_attrs[k] = v
216 216
217 217 try:
218 218 return self.create_or_update(**user_attrs)
219 219 except Exception:
220 220 log.error(traceback.format_exc())
221 221 raise
222 222
223 223 def create_or_update(
224 224 self, username, password, email, firstname='', lastname='',
225 225 active=True, admin=False, extern_type=None, extern_name=None,
226 226 cur_user=None, plugin=None, force_password_change=False,
227 227 allow_to_create_user=True, create_repo_group=None,
228 228 updating_user_id=None, language=None, strict_creation_check=True):
229 229 """
230 230 Creates a new instance if not found, or updates current one
231 231
232 232 :param username:
233 233 :param password:
234 234 :param email:
235 235 :param firstname:
236 236 :param lastname:
237 237 :param active:
238 238 :param admin:
239 239 :param extern_type:
240 240 :param extern_name:
241 241 :param cur_user:
242 242 :param plugin: optional plugin this method was called from
243 243 :param force_password_change: toggles new or existing user flag
244 244 for password change
245 245 :param allow_to_create_user: Defines if the method can actually create
246 246 new users
247 247 :param create_repo_group: Defines if the method should also
248 248 create an repo group with user name, and owner
249 249 :param updating_user_id: if we set it up this is the user we want to
250 250 update this allows to editing username.
251 251 :param language: language of user from interface.
252 252
253 253 :returns: new User object with injected `is_new_user` attribute.
254 254 """
255 255
256 256 if not cur_user:
257 257 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
258 258
259 259 from rhodecode.lib.auth import (
260 260 get_crypt_password, check_password, generate_auth_token)
261 261 from rhodecode.lib.hooks_base import (
262 262 log_create_user, check_allowed_create_user)
263 263
264 264 def _password_change(new_user, password):
265 265 old_password = new_user.password or ''
266 266 # empty password
267 267 if not old_password:
268 268 return False
269 269
270 270 # password check is only needed for RhodeCode internal auth calls
271 271 # in case it's a plugin we don't care
272 272 if not plugin:
273 273
274 274 # first check if we gave crypted password back, and if it
275 275 # matches it's not password change
276 276 if new_user.password == password:
277 277 return False
278 278
279 279 password_match = check_password(password, old_password)
280 280 if not password_match:
281 281 return True
282 282
283 283 return False
284 284
285 285 # read settings on default personal repo group creation
286 286 if create_repo_group is None:
287 287 default_create_repo_group = RepoGroupModel()\
288 288 .get_default_create_personal_repo_group()
289 289 create_repo_group = default_create_repo_group
290 290
291 291 user_data = {
292 292 'username': username,
293 293 'password': password,
294 294 'email': email,
295 295 'firstname': firstname,
296 296 'lastname': lastname,
297 297 'active': active,
298 298 'admin': admin
299 299 }
300 300
301 301 if updating_user_id:
302 302 log.debug('Checking for existing account in RhodeCode '
303 303 'database with user_id `%s` ', updating_user_id)
304 304 user = User.get(updating_user_id)
305 305 else:
306 306 log.debug('Checking for existing account in RhodeCode '
307 307 'database with username `%s` ', username)
308 308 user = User.get_by_username(username, case_insensitive=True)
309 309
310 310 if user is None:
311 311 # we check internal flag if this method is actually allowed to
312 312 # create new user
313 313 if not allow_to_create_user:
314 314 msg = ('Method wants to create new user, but it is not '
315 315 'allowed to do so')
316 316 log.warning(msg)
317 317 raise NotAllowedToCreateUserError(msg)
318 318
319 319 log.debug('Creating new user %s', username)
320 320
321 321 # only if we create user that is active
322 322 new_active_user = active
323 323 if new_active_user and strict_creation_check:
324 324 # raises UserCreationError if it's not allowed for any reason to
325 325 # create new active user, this also executes pre-create hooks
326 326 check_allowed_create_user(user_data, cur_user, strict_check=True)
327 327 events.trigger(events.UserPreCreate(user_data))
328 328 new_user = User()
329 329 edit = False
330 330 else:
331 log.debug('updating user %s', username)
331 log.debug('updating user `%s`', username)
332 332 events.trigger(events.UserPreUpdate(user, user_data))
333 333 new_user = user
334 334 edit = True
335 335
336 336 # we're not allowed to edit default user
337 337 if user.username == User.DEFAULT_USER:
338 338 raise DefaultUserException(
339 339 "You can't edit this user (`%(username)s`) since it's "
340 340 "crucial for entire application"
341 341 % {'username': user.username})
342 342
343 343 # inject special attribute that will tell us if User is new or old
344 344 new_user.is_new_user = not edit
345 345 # for users that didn's specify auth type, we use RhodeCode built in
346 346 from rhodecode.authentication.plugins import auth_rhodecode
347 347 extern_name = extern_name or auth_rhodecode.RhodeCodeAuthPlugin.uid
348 348 extern_type = extern_type or auth_rhodecode.RhodeCodeAuthPlugin.uid
349 349
350 350 try:
351 351 new_user.username = username
352 352 new_user.admin = admin
353 353 new_user.email = email
354 354 new_user.active = active
355 355 new_user.extern_name = safe_unicode(extern_name)
356 356 new_user.extern_type = safe_unicode(extern_type)
357 357 new_user.name = firstname
358 358 new_user.lastname = lastname
359 359
360 360 # set password only if creating an user or password is changed
361 361 if not edit or _password_change(new_user, password):
362 362 reason = 'new password' if edit else 'new user'
363 363 log.debug('Updating password reason=>%s', reason)
364 364 new_user.password = get_crypt_password(password) if password else None
365 365
366 366 if force_password_change:
367 367 new_user.update_userdata(force_password_change=True)
368 368 if language:
369 369 new_user.update_userdata(language=language)
370 370 new_user.update_userdata(notification_status=True)
371 371
372 372 self.sa.add(new_user)
373 373
374 374 if not edit and create_repo_group:
375 375 RepoGroupModel().create_personal_repo_group(
376 376 new_user, commit_early=False)
377 377
378 378 if not edit:
379 379 # add the RSS token
380 380 self.add_auth_token(
381 381 user=username, lifetime_minutes=-1,
382 382 role=self.auth_token_role.ROLE_FEED,
383 383 description=u'Generated feed token')
384 384
385 385 kwargs = new_user.get_dict()
386 386 # backward compat, require api_keys present
387 387 kwargs['api_keys'] = kwargs['auth_tokens']
388 388 log_create_user(created_by=cur_user, **kwargs)
389 389 events.trigger(events.UserPostCreate(user_data))
390 390 return new_user
391 391 except (DatabaseError,):
392 392 log.error(traceback.format_exc())
393 393 raise
394 394
395 395 def create_registration(self, form_data,
396 396 extern_name='rhodecode', extern_type='rhodecode'):
397 397 from rhodecode.model.notification import NotificationModel
398 398 from rhodecode.model.notification import EmailNotificationModel
399 399
400 400 try:
401 401 form_data['admin'] = False
402 402 form_data['extern_name'] = extern_name
403 403 form_data['extern_type'] = extern_type
404 404 new_user = self.create(form_data)
405 405
406 406 self.sa.add(new_user)
407 407 self.sa.flush()
408 408
409 409 user_data = new_user.get_dict()
410 410 kwargs = {
411 411 # use SQLALCHEMY safe dump of user data
412 412 'user': AttributeDict(user_data),
413 413 'date': datetime.datetime.now()
414 414 }
415 415 notification_type = EmailNotificationModel.TYPE_REGISTRATION
416 416 # pre-generate the subject for notification itself
417 417 (subject,
418 418 _h, _e, # we don't care about those
419 419 body_plaintext) = EmailNotificationModel().render_email(
420 420 notification_type, **kwargs)
421 421
422 422 # create notification objects, and emails
423 423 NotificationModel().create(
424 424 created_by=new_user,
425 425 notification_subject=subject,
426 426 notification_body=body_plaintext,
427 427 notification_type=notification_type,
428 428 recipients=None, # all admins
429 429 email_kwargs=kwargs,
430 430 )
431 431
432 432 return new_user
433 433 except Exception:
434 434 log.error(traceback.format_exc())
435 435 raise
436 436
437 437 def _handle_user_repos(self, username, repositories, handle_mode=None):
438 438 _superadmin = self.cls.get_first_super_admin()
439 439 left_overs = True
440 440
441 441 from rhodecode.model.repo import RepoModel
442 442
443 443 if handle_mode == 'detach':
444 444 for obj in repositories:
445 445 obj.user = _superadmin
446 446 # set description we know why we super admin now owns
447 447 # additional repositories that were orphaned !
448 448 obj.description += ' \n::detached repository from deleted user: %s' % (username,)
449 449 self.sa.add(obj)
450 450 left_overs = False
451 451 elif handle_mode == 'delete':
452 452 for obj in repositories:
453 453 RepoModel().delete(obj, forks='detach')
454 454 left_overs = False
455 455
456 456 # if nothing is done we have left overs left
457 457 return left_overs
458 458
459 459 def _handle_user_repo_groups(self, username, repository_groups,
460 460 handle_mode=None):
461 461 _superadmin = self.cls.get_first_super_admin()
462 462 left_overs = True
463 463
464 464 from rhodecode.model.repo_group import RepoGroupModel
465 465
466 466 if handle_mode == 'detach':
467 467 for r in repository_groups:
468 468 r.user = _superadmin
469 469 # set description we know why we super admin now owns
470 470 # additional repositories that were orphaned !
471 471 r.group_description += ' \n::detached repository group from deleted user: %s' % (username,)
472 472 r.personal = False
473 473 self.sa.add(r)
474 474 left_overs = False
475 475 elif handle_mode == 'delete':
476 476 for r in repository_groups:
477 477 RepoGroupModel().delete(r)
478 478 left_overs = False
479 479
480 480 # if nothing is done we have left overs left
481 481 return left_overs
482 482
483 483 def _handle_user_user_groups(self, username, user_groups, handle_mode=None):
484 484 _superadmin = self.cls.get_first_super_admin()
485 485 left_overs = True
486 486
487 487 from rhodecode.model.user_group import UserGroupModel
488 488
489 489 if handle_mode == 'detach':
490 490 for r in user_groups:
491 491 for user_user_group_to_perm in r.user_user_group_to_perm:
492 492 if user_user_group_to_perm.user.username == username:
493 493 user_user_group_to_perm.user = _superadmin
494 494 r.user = _superadmin
495 495 # set description we know why we super admin now owns
496 496 # additional repositories that were orphaned !
497 497 r.user_group_description += ' \n::detached user group from deleted user: %s' % (username,)
498 498 self.sa.add(r)
499 499 left_overs = False
500 500 elif handle_mode == 'delete':
501 501 for r in user_groups:
502 502 UserGroupModel().delete(r)
503 503 left_overs = False
504 504
505 505 # if nothing is done we have left overs left
506 506 return left_overs
507 507
508 508 def delete(self, user, cur_user=None, handle_repos=None,
509 509 handle_repo_groups=None, handle_user_groups=None):
510 510 if not cur_user:
511 511 cur_user = getattr(
512 512 get_current_rhodecode_user(), 'username', None)
513 513 user = self._get_user(user)
514 514
515 515 try:
516 516 if user.username == User.DEFAULT_USER:
517 517 raise DefaultUserException(
518 518 u"You can't remove this user since it's"
519 519 u" crucial for entire application")
520 520
521 521 left_overs = self._handle_user_repos(
522 522 user.username, user.repositories, handle_repos)
523 523 if left_overs and user.repositories:
524 524 repos = [x.repo_name for x in user.repositories]
525 525 raise UserOwnsReposException(
526 526 u'user "%(username)s" still owns %(len_repos)s repositories and cannot be '
527 527 u'removed. Switch owners or remove those repositories:%(list_repos)s'
528 528 % {'username': user.username, 'len_repos': len(repos),
529 529 'list_repos': ', '.join(repos)})
530 530
531 531 left_overs = self._handle_user_repo_groups(
532 532 user.username, user.repository_groups, handle_repo_groups)
533 533 if left_overs and user.repository_groups:
534 534 repo_groups = [x.group_name for x in user.repository_groups]
535 535 raise UserOwnsRepoGroupsException(
536 536 u'user "%(username)s" still owns %(len_repo_groups)s repository groups and cannot be '
537 537 u'removed. Switch owners or remove those repository groups:%(list_repo_groups)s'
538 538 % {'username': user.username, 'len_repo_groups': len(repo_groups),
539 539 'list_repo_groups': ', '.join(repo_groups)})
540 540
541 541 left_overs = self._handle_user_user_groups(
542 542 user.username, user.user_groups, handle_user_groups)
543 543 if left_overs and user.user_groups:
544 544 user_groups = [x.users_group_name for x in user.user_groups]
545 545 raise UserOwnsUserGroupsException(
546 546 u'user "%s" still owns %s user groups and cannot be '
547 547 u'removed. Switch owners or remove those user groups:%s'
548 548 % (user.username, len(user_groups), ', '.join(user_groups)))
549 549
550 550 # we might change the user data with detach/delete, make sure
551 551 # the object is marked as expired before actually deleting !
552 552 self.sa.expire(user)
553 553 self.sa.delete(user)
554 554 from rhodecode.lib.hooks_base import log_delete_user
555 555 log_delete_user(deleted_by=cur_user, **user.get_dict())
556 556 except Exception:
557 557 log.error(traceback.format_exc())
558 558 raise
559 559
560 560 def reset_password_link(self, data, pwd_reset_url):
561 561 from rhodecode.lib.celerylib import tasks, run_task
562 562 from rhodecode.model.notification import EmailNotificationModel
563 563 user_email = data['email']
564 564 try:
565 565 user = User.get_by_email(user_email)
566 566 if user:
567 567 log.debug('password reset user found %s', user)
568 568
569 569 email_kwargs = {
570 570 'password_reset_url': pwd_reset_url,
571 571 'user': user,
572 572 'email': user_email,
573 573 'date': datetime.datetime.now()
574 574 }
575 575
576 576 (subject, headers, email_body,
577 577 email_body_plaintext) = EmailNotificationModel().render_email(
578 578 EmailNotificationModel.TYPE_PASSWORD_RESET, **email_kwargs)
579 579
580 580 recipients = [user_email]
581 581
582 582 action_logger_generic(
583 583 'sending password reset email to user: {}'.format(
584 584 user), namespace='security.password_reset')
585 585
586 586 run_task(tasks.send_email, recipients, subject,
587 587 email_body_plaintext, email_body)
588 588
589 589 else:
590 590 log.debug("password reset email %s not found", user_email)
591 591 except Exception:
592 592 log.error(traceback.format_exc())
593 593 return False
594 594
595 595 return True
596 596
597 597 def reset_password(self, data):
598 598 from rhodecode.lib.celerylib import tasks, run_task
599 599 from rhodecode.model.notification import EmailNotificationModel
600 600 from rhodecode.lib import auth
601 601 user_email = data['email']
602 602 pre_db = True
603 603 try:
604 604 user = User.get_by_email(user_email)
605 605 new_passwd = auth.PasswordGenerator().gen_password(
606 606 12, auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
607 607 if user:
608 608 user.password = auth.get_crypt_password(new_passwd)
609 609 # also force this user to reset his password !
610 610 user.update_userdata(force_password_change=True)
611 611
612 612 Session().add(user)
613 613
614 614 # now delete the token in question
615 615 UserApiKeys = AuthTokenModel.cls
616 616 UserApiKeys().query().filter(
617 617 UserApiKeys.api_key == data['token']).delete()
618 618
619 619 Session().commit()
620 620 log.info('successfully reset password for `%s`', user_email)
621 621
622 622 if new_passwd is None:
623 623 raise Exception('unable to generate new password')
624 624
625 625 pre_db = False
626 626
627 627 email_kwargs = {
628 628 'new_password': new_passwd,
629 629 'user': user,
630 630 'email': user_email,
631 631 'date': datetime.datetime.now()
632 632 }
633 633
634 634 (subject, headers, email_body,
635 635 email_body_plaintext) = EmailNotificationModel().render_email(
636 636 EmailNotificationModel.TYPE_PASSWORD_RESET_CONFIRMATION,
637 637 **email_kwargs)
638 638
639 639 recipients = [user_email]
640 640
641 641 action_logger_generic(
642 642 'sent new password to user: {} with email: {}'.format(
643 643 user, user_email), namespace='security.password_reset')
644 644
645 645 run_task(tasks.send_email, recipients, subject,
646 646 email_body_plaintext, email_body)
647 647
648 648 except Exception:
649 649 log.error('Failed to update user password')
650 650 log.error(traceback.format_exc())
651 651 if pre_db:
652 652 # we rollback only if local db stuff fails. If it goes into
653 653 # run_task, we're pass rollback state this wouldn't work then
654 654 Session().rollback()
655 655
656 656 return True
657 657
658 658 def fill_data(self, auth_user, user_id=None, api_key=None, username=None):
659 659 """
660 660 Fetches auth_user by user_id,or api_key if present.
661 661 Fills auth_user attributes with those taken from database.
662 662 Additionally set's is_authenitated if lookup fails
663 663 present in database
664 664
665 665 :param auth_user: instance of user to set attributes
666 666 :param user_id: user id to fetch by
667 667 :param api_key: api key to fetch by
668 668 :param username: username to fetch by
669 669 """
670 670 def token_obfuscate(token):
671 671 if token:
672 672 return token[:4] + "****"
673 673
674 674 if user_id is None and api_key is None and username is None:
675 675 raise Exception('You need to pass user_id, api_key or username')
676 676
677 677 log.debug(
678 678 'AuthUser: fill data execution based on: '
679 679 'user_id:%s api_key:%s username:%s', user_id, api_key, username)
680 680 try:
681 681 dbuser = None
682 682 if user_id:
683 683 dbuser = self.get(user_id)
684 684 elif api_key:
685 685 dbuser = self.get_by_auth_token(api_key)
686 686 elif username:
687 687 dbuser = self.get_by_username(username)
688 688
689 689 if not dbuser:
690 690 log.warning(
691 691 'Unable to lookup user by id:%s api_key:%s username:%s',
692 692 user_id, token_obfuscate(api_key), username)
693 693 return False
694 694 if not dbuser.active:
695 695 log.debug('User `%s:%s` is inactive, skipping fill data',
696 696 username, user_id)
697 697 return False
698 698
699 699 log.debug('AuthUser: filling found user:%s data', dbuser)
700 700 user_data = dbuser.get_dict()
701 701
702 702 user_data.update({
703 703 # set explicit the safe escaped values
704 704 'first_name': dbuser.first_name,
705 705 'last_name': dbuser.last_name,
706 706 })
707 707
708 708 for k, v in user_data.items():
709 709 # properties of auth user we dont update
710 710 if k not in ['auth_tokens', 'permissions']:
711 711 setattr(auth_user, k, v)
712 712
713 713 except Exception:
714 714 log.error(traceback.format_exc())
715 715 auth_user.is_authenticated = False
716 716 return False
717 717
718 718 return True
719 719
720 720 def has_perm(self, user, perm):
721 721 perm = self._get_perm(perm)
722 722 user = self._get_user(user)
723 723
724 724 return UserToPerm.query().filter(UserToPerm.user == user)\
725 725 .filter(UserToPerm.permission == perm).scalar() is not None
726 726
727 727 def grant_perm(self, user, perm):
728 728 """
729 729 Grant user global permissions
730 730
731 731 :param user:
732 732 :param perm:
733 733 """
734 734 user = self._get_user(user)
735 735 perm = self._get_perm(perm)
736 736 # if this permission is already granted skip it
737 737 _perm = UserToPerm.query()\
738 738 .filter(UserToPerm.user == user)\
739 739 .filter(UserToPerm.permission == perm)\
740 740 .scalar()
741 741 if _perm:
742 742 return
743 743 new = UserToPerm()
744 744 new.user = user
745 745 new.permission = perm
746 746 self.sa.add(new)
747 747 return new
748 748
749 749 def revoke_perm(self, user, perm):
750 750 """
751 751 Revoke users global permissions
752 752
753 753 :param user:
754 754 :param perm:
755 755 """
756 756 user = self._get_user(user)
757 757 perm = self._get_perm(perm)
758 758
759 759 obj = UserToPerm.query()\
760 760 .filter(UserToPerm.user == user)\
761 761 .filter(UserToPerm.permission == perm)\
762 762 .scalar()
763 763 if obj:
764 764 self.sa.delete(obj)
765 765
766 766 def add_extra_email(self, user, email):
767 767 """
768 768 Adds email address to UserEmailMap
769 769
770 770 :param user:
771 771 :param email:
772 772 """
773 773
774 774 user = self._get_user(user)
775 775
776 776 obj = UserEmailMap()
777 777 obj.user = user
778 778 obj.email = email
779 779 self.sa.add(obj)
780 780 return obj
781 781
782 782 def delete_extra_email(self, user, email_id):
783 783 """
784 784 Removes email address from UserEmailMap
785 785
786 786 :param user:
787 787 :param email_id:
788 788 """
789 789 user = self._get_user(user)
790 790 obj = UserEmailMap.query().get(email_id)
791 791 if obj and obj.user_id == user.user_id:
792 792 self.sa.delete(obj)
793 793
794 794 def parse_ip_range(self, ip_range):
795 795 ip_list = []
796 796
797 797 def make_unique(value):
798 798 seen = []
799 799 return [c for c in value if not (c in seen or seen.append(c))]
800 800
801 801 # firsts split by commas
802 802 for ip_range in ip_range.split(','):
803 803 if not ip_range:
804 804 continue
805 805 ip_range = ip_range.strip()
806 806 if '-' in ip_range:
807 807 start_ip, end_ip = ip_range.split('-', 1)
808 808 start_ip = ipaddress.ip_address(safe_unicode(start_ip.strip()))
809 809 end_ip = ipaddress.ip_address(safe_unicode(end_ip.strip()))
810 810 parsed_ip_range = []
811 811
812 812 for index in xrange(int(start_ip), int(end_ip) + 1):
813 813 new_ip = ipaddress.ip_address(index)
814 814 parsed_ip_range.append(str(new_ip))
815 815 ip_list.extend(parsed_ip_range)
816 816 else:
817 817 ip_list.append(ip_range)
818 818
819 819 return make_unique(ip_list)
820 820
821 821 def add_extra_ip(self, user, ip, description=None):
822 822 """
823 823 Adds ip address to UserIpMap
824 824
825 825 :param user:
826 826 :param ip:
827 827 """
828 828
829 829 user = self._get_user(user)
830 830 obj = UserIpMap()
831 831 obj.user = user
832 832 obj.ip_addr = ip
833 833 obj.description = description
834 834 self.sa.add(obj)
835 835 return obj
836 836
837 837 auth_token_role = AuthTokenModel.cls
838 838
839 839 def add_auth_token(self, user, lifetime_minutes, role, description=u'',
840 840 scope_callback=None):
841 841 """
842 842 Add AuthToken for user.
843 843
844 844 :param user: username/user_id
845 845 :param lifetime_minutes: in minutes the lifetime for token, -1 equals no limit
846 846 :param role: one of AuthTokenModel.cls.ROLE_*
847 847 :param description: optional string description
848 848 """
849 849
850 850 token = AuthTokenModel().create(
851 851 user, description, lifetime_minutes, role)
852 852 if scope_callback and callable(scope_callback):
853 853 # call the callback if we provide, used to attach scope for EE edition
854 854 scope_callback(token)
855 855 return token
856 856
857 857 def delete_extra_ip(self, user, ip_id):
858 858 """
859 859 Removes ip address from UserIpMap
860 860
861 861 :param user:
862 862 :param ip_id:
863 863 """
864 864 user = self._get_user(user)
865 865 obj = UserIpMap.query().get(ip_id)
866 866 if obj and obj.user_id == user.user_id:
867 867 self.sa.delete(obj)
868 868
869 869 def get_accounts_in_creation_order(self, current_user=None):
870 870 """
871 871 Get accounts in order of creation for deactivation for license limits
872 872
873 873 pick currently logged in user, and append to the list in position 0
874 874 pick all super-admins in order of creation date and add it to the list
875 875 pick all other accounts in order of creation and add it to the list.
876 876
877 877 Based on that list, the last accounts can be disabled as they are
878 878 created at the end and don't include any of the super admins as well
879 879 as the current user.
880 880
881 881 :param current_user: optionally current user running this operation
882 882 """
883 883
884 884 if not current_user:
885 885 current_user = get_current_rhodecode_user()
886 886 active_super_admins = [
887 887 x.user_id for x in User.query()
888 888 .filter(User.user_id != current_user.user_id)
889 889 .filter(User.active == true())
890 890 .filter(User.admin == true())
891 891 .order_by(User.created_on.asc())]
892 892
893 893 active_regular_users = [
894 894 x.user_id for x in User.query()
895 895 .filter(User.user_id != current_user.user_id)
896 896 .filter(User.active == true())
897 897 .filter(User.admin == false())
898 898 .order_by(User.created_on.asc())]
899 899
900 900 list_of_accounts = [current_user.user_id]
901 901 list_of_accounts += active_super_admins
902 902 list_of_accounts += active_regular_users
903 903
904 904 return list_of_accounts
905 905
906 906 def deactivate_last_users(self, expected_users, current_user=None):
907 907 """
908 908 Deactivate accounts that are over the license limits.
909 909 Algorithm of which accounts to disabled is based on the formula:
910 910
911 911 Get current user, then super admins in creation order, then regular
912 912 active users in creation order.
913 913
914 914 Using that list we mark all accounts from the end of it as inactive.
915 915 This way we block only latest created accounts.
916 916
917 917 :param expected_users: list of users in special order, we deactivate
918 918 the end N amount of users from that list
919 919 """
920 920
921 921 list_of_accounts = self.get_accounts_in_creation_order(
922 922 current_user=current_user)
923 923
924 924 for acc_id in list_of_accounts[expected_users + 1:]:
925 925 user = User.get(acc_id)
926 926 log.info('Deactivating account %s for license unlock', user)
927 927 user.active = False
928 928 Session().add(user)
929 929 Session().commit()
930 930
931 931 return
932 932
933 933 def get_user_log(self, user, filter_term):
934 934 user_log = UserLog.query()\
935 935 .filter(or_(UserLog.user_id == user.user_id,
936 936 UserLog.username == user.username))\
937 937 .options(joinedload(UserLog.user))\
938 938 .options(joinedload(UserLog.repository))\
939 939 .order_by(UserLog.action_date.desc())
940 940
941 941 user_log = user_log_filter(user_log, filter_term)
942 942 return user_log
General Comments 0
You need to be logged in to leave comments. Login now