rhodecode-enterprise-ce Commit - r2849:21c71a09

events: add event to catch permission changed so we can flush affected users permission caches

marcink -

r2849:21c71a09 default

parent child

rhodecode/apps/admin/subscribers.py

0 created 644 +38 0

@@ -0,0 +1,38 b''
	1	# -- coding: utf-8 --
	2
	3	# Copyright (C) 2016-2018 RhodeCode GmbH
	4	#
	5	# This program is free software: you can redistribute it and/or modify
	6	# it under the terms of the GNU Affero General Public License, version 3
	7	# (only), as published by the Free Software Foundation.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16	#
	17	# This program is dual-licensed. If you wish to learn more about the
	18	# RhodeCode Enterprise Edition, including its added features, Support services,
	19	# and proprietary license terms, please see https://rhodecode.com/licenses/
	20
	21	import logging
	22
	23	from rhodecode import events
	24
	25	log = logging.getLogger(__name__)
	26
	27
	28	def trigger_user_permission_flush(event):
	29	"""
	30	Subscriber to the `UserPermissionChange`. This triggers the
	31	automatic flush of permission caches, so the users affected receive new permissions
	32	Right Away
	33	"""
	34	affected_user_ids = event.user_ids
	35
	36
	37	def includeme(config):
	38	config.add_subscriber(trigger_user_permission_flush, events.UserPermissionsChange)

rhodecode/apps/admin/__init__.py

0 +2 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             from rhodecode.apps._base import ADMIN_PREFIX
             def admin_routes(config):
                 """
                 Admin prefixed routes
                 """
                 config.add_route(
                     name='admin_audit_logs',
                     pattern='/audit_logs')
                 config.add_route(
                     name='admin_audit_log_entry',
                     pattern='/audit_logs/{audit_log_id}')
                 config.add_route(
                     name='pull_requests_global_0',  # backward compat
                     pattern='/pull_requests/{pull_request_id:\d+}')
                 config.add_route(
                     name='pull_requests_global_1',  # backward compat
                     pattern='/pull-requests/{pull_request_id:\d+}')
                 config.add_route(
                     name='pull_requests_global',
                     pattern='/pull-request/{pull_request_id:\d+}')
                 config.add_route(
                     name='admin_settings_open_source',
                     pattern='/settings/open_source')
                 config.add_route(
                     name='admin_settings_vcs_svn_generate_cfg',
                     pattern='/settings/vcs/svn_generate_cfg')
                 config.add_route(
                     name='admin_settings_system',
                     pattern='/settings/system')
                 config.add_route(
                     name='admin_settings_system_update',
                     pattern='/settings/system/updates')
                 config.add_route(
                     name='admin_settings_sessions',
                     pattern='/settings/sessions')
                 config.add_route(
                     name='admin_settings_sessions_cleanup',
                     pattern='/settings/sessions/cleanup')
                 config.add_route(
                     name='admin_settings_process_management',
                     pattern='/settings/process_management')
                 config.add_route(
                     name='admin_settings_process_management_data',
                     pattern='/settings/process_management/data')
                 config.add_route(
                     name='admin_settings_process_management_signal',
                     pattern='/settings/process_management/signal')
                 config.add_route(
                     name='admin_settings_process_management_master_signal',
                     pattern='/settings/process_management/master_signal')
                 # default settings
                 config.add_route(
                     name='admin_defaults_repositories',
                     pattern='/defaults/repositories')
                 config.add_route(
                     name='admin_defaults_repositories_update',
                     pattern='/defaults/repositories/update')
                 # admin settings
                 config.add_route(
                     name='admin_settings',
                     pattern='/settings')
                 config.add_route(
                     name='admin_settings_update',
                     pattern='/settings/update')
                 config.add_route(
                     name='admin_settings_global',
                     pattern='/settings/global')
                 config.add_route(
                     name='admin_settings_global_update',
                     pattern='/settings/global/update')
                 config.add_route(
                     name='admin_settings_vcs',
                     pattern='/settings/vcs')
                 config.add_route(
                     name='admin_settings_vcs_update',
                     pattern='/settings/vcs/update')
                 config.add_route(
                     name='admin_settings_vcs_svn_pattern_delete',
                     pattern='/settings/vcs/svn_pattern_delete')
                 config.add_route(
                     name='admin_settings_mapping',
                     pattern='/settings/mapping')
                 config.add_route(
                     name='admin_settings_mapping_update',
                     pattern='/settings/mapping/update')
                 config.add_route(
                     name='admin_settings_visual',
                     pattern='/settings/visual')
                 config.add_route(
                     name='admin_settings_visual_update',
                     pattern='/settings/visual/update')
                 config.add_route(
                     name='admin_settings_issuetracker',
                     pattern='/settings/issue-tracker')
                 config.add_route(
                     name='admin_settings_issuetracker_update',
                     pattern='/settings/issue-tracker/update')
                 config.add_route(
                     name='admin_settings_issuetracker_test',
                     pattern='/settings/issue-tracker/test')
                 config.add_route(
                     name='admin_settings_issuetracker_delete',
                     pattern='/settings/issue-tracker/delete')
                 config.add_route(
                     name='admin_settings_email',
                     pattern='/settings/email')
                 config.add_route(
                     name='admin_settings_email_update',
                     pattern='/settings/email/update')
                 config.add_route(
                     name='admin_settings_hooks',
                     pattern='/settings/hooks')
                 config.add_route(
                     name='admin_settings_hooks_update',
                     pattern='/settings/hooks/update')
                 config.add_route(
                     name='admin_settings_hooks_delete',
                     pattern='/settings/hooks/delete')
                 config.add_route(
                     name='admin_settings_search',
                     pattern='/settings/search')
                 config.add_route(
                     name='admin_settings_labs',
                     pattern='/settings/labs')
                 config.add_route(
                     name='admin_settings_labs_update',
                     pattern='/settings/labs/update')
                 # Automation EE feature
                 config.add_route(
                     'admin_settings_automation',
                     pattern=ADMIN_PREFIX + '/settings/automation')
                 # global permissions
                 config.add_route(
                     name='admin_permissions_application',
                     pattern='/permissions/application')
                 config.add_route(
                     name='admin_permissions_application_update',
                     pattern='/permissions/application/update')
                 config.add_route(
                     name='admin_permissions_global',
                     pattern='/permissions/global')
                 config.add_route(
                     name='admin_permissions_global_update',
                     pattern='/permissions/global/update')
                 config.add_route(
                     name='admin_permissions_object',
                     pattern='/permissions/object')
                 config.add_route(
                     name='admin_permissions_object_update',
                     pattern='/permissions/object/update')
                 config.add_route(
                     name='admin_permissions_ips',
                     pattern='/permissions/ips')
                 config.add_route(
                     name='admin_permissions_overview',
                     pattern='/permissions/overview')
                 config.add_route(
                     name='admin_permissions_auth_token_access',
                     pattern='/permissions/auth_token_access')
                 config.add_route(
                     name='admin_permissions_ssh_keys',
                     pattern='/permissions/ssh_keys')
                 config.add_route(
                     name='admin_permissions_ssh_keys_data',
                     pattern='/permissions/ssh_keys/data')
                 config.add_route(
                     name='admin_permissions_ssh_keys_update',
                     pattern='/permissions/ssh_keys/update')
                 # users admin
                 config.add_route(
                     name='users',
                     pattern='/users')
                 config.add_route(
                     name='users_data',
                     pattern='/users_data')
                 config.add_route(
                     name='users_create',
                     pattern='/users/create')
                 config.add_route(
                     name='users_new',
                     pattern='/users/new')
                 # user management
                 config.add_route(
                     name='user_edit',
                     pattern='/users/{user_id:\d+}/edit',
                     user_route=True)
                 config.add_route(
                     name='user_edit_advanced',
                     pattern='/users/{user_id:\d+}/edit/advanced',
                     user_route=True)
                 config.add_route(
                     name='user_edit_global_perms',
                     pattern='/users/{user_id:\d+}/edit/global_permissions',
                     user_route=True)
                 config.add_route(
                     name='user_edit_global_perms_update',
                     pattern='/users/{user_id:\d+}/edit/global_permissions/update',
                     user_route=True)
                 config.add_route(
                     name='user_update',
                     pattern='/users/{user_id:\d+}/update',
                     user_route=True)
                 config.add_route(
                     name='user_delete',
                     pattern='/users/{user_id:\d+}/delete',
                     user_route=True)
                 config.add_route(
                     name='user_force_password_reset',
                     pattern='/users/{user_id:\d+}/password_reset',
                     user_route=True)
                 config.add_route(
                     name='user_create_personal_repo_group',
                     pattern='/users/{user_id:\d+}/create_repo_group',
                     user_route=True)
                 # user auth tokens
                 config.add_route(
                     name='edit_user_auth_tokens',
                     pattern='/users/{user_id:\d+}/edit/auth_tokens',
                     user_route=True)
                 config.add_route(
                     name='edit_user_auth_tokens_add',
                     pattern='/users/{user_id:\d+}/edit/auth_tokens/new',
                     user_route=True)
                 config.add_route(
                     name='edit_user_auth_tokens_delete',
                     pattern='/users/{user_id:\d+}/edit/auth_tokens/delete',
                     user_route=True)
                 # user ssh keys
                 config.add_route(
                     name='edit_user_ssh_keys',
                     pattern='/users/{user_id:\d+}/edit/ssh_keys',
                     user_route=True)
                 config.add_route(
                     name='edit_user_ssh_keys_generate_keypair',
                     pattern='/users/{user_id:\d+}/edit/ssh_keys/generate',
                     user_route=True)
                 config.add_route(
                     name='edit_user_ssh_keys_add',
                     pattern='/users/{user_id:\d+}/edit/ssh_keys/new',
                     user_route=True)
                 config.add_route(
                     name='edit_user_ssh_keys_delete',
                     pattern='/users/{user_id:\d+}/edit/ssh_keys/delete',
                     user_route=True)
                 # user emails
                 config.add_route(
                     name='edit_user_emails',
                     pattern='/users/{user_id:\d+}/edit/emails',
                     user_route=True)
                 config.add_route(
                     name='edit_user_emails_add',
                     pattern='/users/{user_id:\d+}/edit/emails/new',
                     user_route=True)
                 config.add_route(
                     name='edit_user_emails_delete',
                     pattern='/users/{user_id:\d+}/edit/emails/delete',
                     user_route=True)
                 # user IPs
                 config.add_route(
                     name='edit_user_ips',
                     pattern='/users/{user_id:\d+}/edit/ips',
                     user_route=True)
                 config.add_route(
                     name='edit_user_ips_add',
                     pattern='/users/{user_id:\d+}/edit/ips/new',
                     user_route_with_default=True)  # enabled for default user too
                 config.add_route(
                     name='edit_user_ips_delete',
                     pattern='/users/{user_id:\d+}/edit/ips/delete',
                     user_route_with_default=True)  # enabled for default user too
                 # user perms
                 config.add_route(
                     name='edit_user_perms_summary',
                     pattern='/users/{user_id:\d+}/edit/permissions_summary',
                     user_route=True)
                 config.add_route(
                     name='edit_user_perms_summary_json',
                     pattern='/users/{user_id:\d+}/edit/permissions_summary/json',
                     user_route=True)
                 # user user groups management
                 config.add_route(
                     name='edit_user_groups_management',
                     pattern='/users/{user_id:\d+}/edit/groups_management',
                     user_route=True)
                 config.add_route(
                     name='edit_user_groups_management_updates',
                     pattern='/users/{user_id:\d+}/edit/edit_user_groups_management/updates',
                     user_route=True)
                 # user audit logs
                 config.add_route(
                     name='edit_user_audit_logs',
                     pattern='/users/{user_id:\d+}/edit/audit', user_route=True)
                 # user caches
                 config.add_route(
                     name='edit_user_caches',
                     pattern='/users/{user_id:\d+}/edit/caches',
                     user_route=True)
                 config.add_route(
                     name='edit_user_caches_update',
                     pattern='/users/{user_id:\d+}/edit/caches/update',
                     user_route=True)
                 # user-groups admin
                 config.add_route(
                     name='user_groups',
                     pattern='/user_groups')
                 config.add_route(
                     name='user_groups_data',
                     pattern='/user_groups_data')
                 config.add_route(
                     name='user_groups_new',
                     pattern='/user_groups/new')
                 config.add_route(
                     name='user_groups_create',
                     pattern='/user_groups/create')
                 # repos admin
                 config.add_route(
                     name='repos',
                     pattern='/repos')
                 config.add_route(
                     name='repo_new',
                     pattern='/repos/new')
                 config.add_route(
                     name='repo_create',
                     pattern='/repos/create')
                 # repo groups admin
                 config.add_route(
                     name='repo_groups',
                     pattern='/repo_groups')
                 config.add_route(
                     name='repo_group_new',
                     pattern='/repo_group/new')
                 config.add_route(
                     name='repo_group_create',
                     pattern='/repo_group/create')
             def includeme(config):
                 from rhodecode.apps.admin.navigation import includeme as nav_includeme
                 # Create admin navigation registry and add it to the pyramid registry.
                 nav_includeme(config)
                 # main admin routes
                 config.add_route(name='admin_home', pattern=ADMIN_PREFIX)
                 config.include(admin_routes, route_prefix=ADMIN_PREFIX)
+                config.include('.subscribers')
                 # Scan module for configuration decorators.
                 config.scan('.views', ignore='.tests')

rhodecode/apps/repo_group/views/repo_group_permissions.py

0 +9 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             from pyramid.view import view_config
             from pyramid.httpexceptions import HTTPFound
+            from rhodecode import events
             from rhodecode.apps._base import RepoGroupAppView
             from rhodecode.lib import helpers as h
             from rhodecode.lib import audit_logger
             from rhodecode.lib.auth import (
                 LoginRequired, HasRepoGroupPermissionAnyDecorator, CSRFRequired)
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.model.forms import RepoGroupPermsForm
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             class RepoGroupPermissionsView(RepoGroupAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     return c
                 @LoginRequired()
                 @HasRepoGroupPermissionAnyDecorator('group.admin')
                 @view_config(
                     route_name='edit_repo_group_perms', request_method='GET',
                     renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
                 def edit_repo_group_permissions(self):
                     c = self.load_default_context()
                     c.active = 'permissions'
                     c.repo_group = self.db_repo_group
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasRepoGroupPermissionAnyDecorator('group.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_repo_group_perms_update', request_method='POST',
                     renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
                 def edit_repo_groups_permissions_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'perms'
                     c.repo_group = self.db_repo_group
                     valid_recursive_choices = ['none', 'repos', 'groups', 'all']
                     form = RepoGroupPermsForm(self.request.translate, valid_recursive_choices)()\
                         .to_python(self.request.POST)
                     if not c.rhodecode_user.is_admin:
                         if self._revoke_perms_on_yourself(form):
                             msg = _('Cannot change permission for yourself as admin')
                             h.flash(msg, category='warning')
                             raise HTTPFound(
                                 h.route_path('edit_repo_group_perms',
                                              repo_group_name=self.db_repo_group_name))
                     # iterate over all members(if in recursive mode) of this groups and
                     # set the permissions !
                     # this can be potentially heavy operation
                     changes = RepoGroupModel().update_permissions(
                         c.repo_group,
                         form['perm_additions'], form['perm_updates'], form['perm_deletions'],
                         form['recursive'])
                     action_data = {
                         'added': changes['added'],
                         'updated': changes['updated'],
                         'deleted': changes['deleted'],
                     }
                     audit_logger.store_web(
                         'repo_group.edit.permissions', action_data=action_data,
                         user=c.rhodecode_user)
                     Session().commit()
                     h.flash(_('Repository Group permissions updated'), category='success')
+                    affected_user_ids = []
+                    for change in changes['added'] + changes['updated'] + changes['deleted']:
+                        if change['type'] == 'user':
+                            affected_user_ids.append(change['id'])
+                    events.trigger(events.UserPermissionsChange(affected_user_ids))
                     raise HTTPFound(
                         h.route_path('edit_repo_group_perms',
                                      repo_group_name=self.db_repo_group_name))

rhodecode/apps/repository/views/repo_permissions.py

0 +8 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
+            from rhodecode import events
             from rhodecode.apps._base import RepoAppView
             from rhodecode.lib import helpers as h
             from rhodecode.lib import audit_logger
             from rhodecode.lib.auth import (
                 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
             from rhodecode.model.forms import RepoPermsForm
             from rhodecode.model.meta import Session
             from rhodecode.model.repo import RepoModel
             log = logging.getLogger(__name__)
             class RepoSettingsPermissionsView(RepoAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     return c
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator('repository.admin')
                 @view_config(
                     route_name='edit_repo_perms', request_method='GET',
                     renderer='rhodecode:templates/admin/repos/repo_edit.mako')
                 def edit_permissions(self):
                     c = self.load_default_context()
                     c.active = 'permissions'
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator('repository.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_repo_perms', request_method='POST',
                     renderer='rhodecode:templates/admin/repos/repo_edit.mako')
                 def edit_permissions_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'permissions'
                     data = self.request.POST
                     # store private flag outside of HTML to verify if we can modify
                     # default user permissions, prevents submission of FAKE post data
                     # into the form for private repos
                     data['repo_private'] = self.db_repo.private
                     form = RepoPermsForm(self.request.translate)().to_python(data)
                     changes = RepoModel().update_permissions(
                         self.db_repo_name, form['perm_additions'], form['perm_updates'],
                         form['perm_deletions'])
                     action_data = {
                         'added': changes['added'],
                         'updated': changes['updated'],
                         'deleted': changes['deleted'],
                     }
                     audit_logger.store_web(
                         'repo.edit.permissions', action_data=action_data,
                         user=self._rhodecode_user, repo=self.db_repo)
                     Session().commit()
                     h.flash(_('Repository permissions updated'), category='success')
+                    affected_user_ids = []
+                    for change in changes['added'] + changes['updated'] + changes['deleted']:
+                        if change['type'] == 'user':
+                            affected_user_ids.append(change['id'])
+                    events.trigger(events.UserPermissionsChange(affected_user_ids))
                     raise HTTPFound(
                         h.route_path('edit_repo_perms', repo_name=self.db_repo_name))

rhodecode/apps/user_group/views/__init__.py

0 +15 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import peppercorn
             import formencode
             import formencode.htmlfill
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
             from pyramid.response import Response
             from pyramid.renderers import render
+            from rhodecode import events
             from rhodecode.lib.exceptions import (
                 RepoGroupAssignmentError, UserGroupAssignedException)
             from rhodecode.model.forms import (
                 UserGroupPermsForm, UserGroupForm, UserIndividualPermissionsForm,
                 UserPermissionsForm)
             from rhodecode.model.permission import PermissionModel
             from rhodecode.apps._base import UserGroupAppView
             from rhodecode.lib.auth import (
                 LoginRequired, HasUserGroupPermissionAnyDecorator, CSRFRequired)
             from rhodecode.lib import helpers as h, audit_logger
             from rhodecode.lib.utils2 import str2bool
             from rhodecode.model.db import User
             from rhodecode.model.meta import Session
             from rhodecode.model.user_group import UserGroupModel
             log = logging.getLogger(__name__)
             class UserGroupsView(UserGroupAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     PermissionModel().set_global_permission_choices(
                         c, gettext_translator=self.request.translate)
                     return c
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @view_config(
                     route_name='user_group_members_data', request_method='GET',
                     renderer='json_ext', xhr=True)
                 def user_group_members(self):
                     """
                     Return members of given user group
                     """
                     self.load_default_context()
                     user_group = self.db_user_group
                     group_members_obj = sorted((x.user for x in user_group.members),
                                                key=lambda u: u.username.lower())
                     group_members = [
                         {
                             'id': user.user_id,
                             'first_name': user.first_name,
                             'last_name': user.last_name,
                             'username': user.username,
                             'icon_link': h.gravatar_url(user.email, 30),
                             'value_display': h.person(user.email),
                             'value': user.username,
                             'value_type': 'user',
                             'active': user.active,
                         }
                         for user in group_members_obj
                     ]
                     return {
                         'members': group_members
                     }
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @view_config(
                     route_name='edit_user_group_perms_summary', request_method='GET',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_perms_summary(self):
                     c = self.load_default_context()
                     c.user_group = self.db_user_group
                     c.active = 'perms_summary'
                     c.permissions = UserGroupModel().get_perms_summary(
                         c.user_group.users_group_id)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @view_config(
                     route_name='edit_user_group_perms_summary_json', request_method='GET',
                     renderer='json_ext')
                 def user_group_perms_summary_json(self):
                     self.load_default_context()
                     user_group = self.db_user_group
                     return UserGroupModel().get_perms_summary(user_group.users_group_id)
                 def _revoke_perms_on_yourself(self, form_result):
                     _updates = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
                                       form_result['perm_updates'])
                     _additions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
                                         form_result['perm_additions'])
                     _deletions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
                                         form_result['perm_deletions'])
                     admin_perm = 'usergroup.admin'
                     if _updates   and _updates[0][1]   != admin_perm or \
                        _additions and _additions[0][1] != admin_perm or \
                        _deletions and _deletions[0][1] != admin_perm:
                         return True
                     return False
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_groups_update', request_method='POST',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_update(self):
                     _ = self.request.translate
                     user_group = self.db_user_group
                     user_group_id = user_group.users_group_id
                     c = self.load_default_context()
                     c.user_group = user_group
                     c.group_members_obj = [x.user for x in c.user_group.members]
                     c.group_members_obj.sort(key=lambda u: u.username.lower())
                     c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
                     c.active = 'settings'
                     users_group_form = UserGroupForm(
                         self.request.translate, edit=True,
                         old_data=c.user_group.get_dict(), allow_disabled=True)()
                     old_values = c.user_group.get_api_data()
                     user_group_name = self.request.POST.get('users_group_name')
                     try:
                         form_result = users_group_form.to_python(self.request.POST)
                         pstruct = peppercorn.parse(self.request.POST.items())
                         form_result['users_group_members'] = pstruct['user_group_members']
                         user_group, added_members, removed_members = \
                             UserGroupModel().update(c.user_group, form_result)
                         updated_user_group = form_result['users_group_name']
                         for user_id in added_members:
                             user = User.get(user_id)
                             user_data = user.get_api_data()
                             audit_logger.store_web(
                                 'user_group.edit.member.add',
                                 action_data={'user': user_data, 'old_data': old_values},
                                 user=self._rhodecode_user)
                         for user_id in removed_members:
                             user = User.get(user_id)
                             user_data = user.get_api_data()
                             audit_logger.store_web(
                                 'user_group.edit.member.delete',
                                 action_data={'user': user_data, 'old_data': old_values},
                                 user=self._rhodecode_user)
                         audit_logger.store_web(
                             'user_group.edit', action_data={'old_data': old_values},
                             user=self._rhodecode_user)
                         h.flash(_('Updated user group %s') % updated_user_group,
                                 category='success')
+                        affected_user_ids = []
+                        for user_id in added_members + removed_members:
+                            affected_user_ids.append(user_id)
+                        events.trigger(events.UserPermissionsChange(affected_user_ids))
                         Session().commit()
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         e = errors.error_dict or {}
                         data = render(
                             'rhodecode:templates/admin/user_groups/user_group_edit.mako',
                             self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=defaults,
                             errors=e,
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     except Exception:
                         log.exception("Exception during update of user group")
                         h.flash(_('Error occurred during update of user group %s')
                                 % user_group_name, category='error')
                     raise HTTPFound(
                         h.route_path('edit_user_group', user_group_id=user_group_id))
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_groups_delete', request_method='POST',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_delete(self):
                     _ = self.request.translate
                     user_group = self.db_user_group
                     self.load_default_context()
                     force = str2bool(self.request.POST.get('force'))
                     old_values = user_group.get_api_data()
                     try:
                         UserGroupModel().delete(user_group, force=force)
                         audit_logger.store_web(
                             'user.delete', action_data={'old_data': old_values},
                             user=self._rhodecode_user)
                         Session().commit()
                         h.flash(_('Successfully deleted user group'), category='success')
                     except UserGroupAssignedException as e:
                         h.flash(str(e), category='error')
                     except Exception:
                         log.exception("Exception during deletion of user group")
                         h.flash(_('An error occurred during deletion of user group'),
                                 category='error')
                     raise HTTPFound(h.route_path('user_groups'))
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @view_config(
                     route_name='edit_user_group', request_method='GET',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_edit(self):
                     user_group = self.db_user_group
                     c = self.load_default_context()
                     c.user_group = user_group
                     c.group_members_obj = [x.user for x in c.user_group.members]
                     c.group_members_obj.sort(key=lambda u: u.username.lower())
                     c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
                     c.active = 'settings'
                     defaults = user_group.get_dict()
                     # fill owner
                     if user_group.user:
                         defaults.update({'user': user_group.user.username})
                     else:
                         replacement_user = User.get_first_super_admin().username
                         defaults.update({'user': replacement_user})
                     data = render(
                         'rhodecode:templates/admin/user_groups/user_group_edit.mako',
                         self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @view_config(
                     route_name='edit_user_group_perms', request_method='GET',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_edit_perms(self):
                     user_group = self.db_user_group
                     c = self.load_default_context()
                     c.user_group = user_group
                     c.active = 'perms'
                     defaults = {}
                     # fill user group users
                     for p in c.user_group.user_user_group_to_perm:
                         defaults.update({'u_perm_%s' % p.user.user_id:
                                          p.permission.permission_name})
                     for p in c.user_group.user_group_user_group_to_perm:
                         defaults.update({'g_perm_%s' % p.user_group.users_group_id:
                                          p.permission.permission_name})
                     data = render(
                         'rhodecode:templates/admin/user_groups/user_group_edit.mako',
                         self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_group_perms_update', request_method='POST',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_update_perms(self):
                     """
                     grant permission for given user group
                     """
                     _ = self.request.translate
                     user_group = self.db_user_group
                     user_group_id = user_group.users_group_id
                     c = self.load_default_context()
                     c.user_group = user_group
                     form = UserGroupPermsForm(self.request.translate)().to_python(self.request.POST)
                     if not self._rhodecode_user.is_admin:
                         if self._revoke_perms_on_yourself(form):
                             msg = _('Cannot change permission for yourself as admin')
                             h.flash(msg, category='warning')
                             raise HTTPFound(
                                 h.route_path('edit_user_group_perms',
                                              user_group_id=user_group_id))
                     try:
                         changes = UserGroupModel().update_permissions(
                             user_group,
                             form['perm_additions'], form['perm_updates'],
                             form['perm_deletions'])
                     except RepoGroupAssignmentError:
                         h.flash(_('Target group cannot be the same'), category='error')
                         raise HTTPFound(
                             h.route_path('edit_user_group_perms',
                                          user_group_id=user_group_id))
                     action_data = {
                         'added': changes['added'],
                         'updated': changes['updated'],
                         'deleted': changes['deleted'],
                     }
                     audit_logger.store_web(
                         'user_group.edit.permissions', action_data=action_data,
                         user=self._rhodecode_user)
                     Session().commit()
                     h.flash(_('User Group permissions updated'), category='success')
+                    affected_user_ids = []
+                    for change in changes['added'] + changes['updated'] + changes['deleted']:
+                        if change['type'] == 'user':
+                            affected_user_ids.append(change['id'])
+                    events.trigger(events.UserPermissionsChange(affected_user_ids))
                     raise HTTPFound(
                         h.route_path('edit_user_group_perms', user_group_id=user_group_id))
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @view_config(
                     route_name='edit_user_group_global_perms', request_method='GET',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_global_perms_edit(self):
                     user_group = self.db_user_group
                     c = self.load_default_context()
                     c.user_group = user_group
                     c.active = 'global_perms'
                     c.default_user = User.get_default_user()
                     defaults = c.user_group.get_dict()
                     defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
                     defaults.update(c.user_group.get_default_perms())
                     data = render(
                         'rhodecode:templates/admin/user_groups/user_group_edit.mako',
                         self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_group_global_perms_update', request_method='POST',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_global_perms_update(self):
                     _ = self.request.translate
                     user_group = self.db_user_group
                     user_group_id = self.db_user_group.users_group_id
                     c = self.load_default_context()
                     c.user_group = user_group
                     c.active = 'global_perms'
                     try:
                         # first stage that verifies the checkbox
                         _form = UserIndividualPermissionsForm(self.request.translate)
                         form_result = _form.to_python(dict(self.request.POST))
                         inherit_perms = form_result['inherit_default_permissions']
                         user_group.inherit_default_permissions = inherit_perms
                         Session().add(user_group)
                         if not inherit_perms:
                             # only update the individual ones if we un check the flag
                             _form = UserPermissionsForm(
                                 self.request.translate,
                                 [x[0] for x in c.repo_create_choices],
                                 [x[0] for x in c.repo_create_on_write_choices],
                                 [x[0] for x in c.repo_group_create_choices],
                                 [x[0] for x in c.user_group_create_choices],
                                 [x[0] for x in c.fork_choices],
                                 [x[0] for x in c.inherit_default_permission_choices])()
                             form_result = _form.to_python(dict(self.request.POST))
                             form_result.update(
                                 {'perm_user_group_id': user_group.users_group_id})
                             PermissionModel().update_user_group_permissions(form_result)
                         Session().commit()
                         h.flash(_('User Group global permissions updated successfully'),
                                 category='success')
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         data = render(
                             'rhodecode:templates/admin/user_groups/user_group_edit.mako',
                             self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=defaults,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     except Exception:
                         log.exception("Exception during permissions saving")
                         h.flash(_('An error occurred during permissions saving'),
                                 category='error')
                     raise HTTPFound(
                         h.route_path('edit_user_group_global_perms',
                                      user_group_id=user_group_id))
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @view_config(
                     route_name='edit_user_group_advanced', request_method='GET',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_edit_advanced(self):
                     user_group = self.db_user_group
                     c = self.load_default_context()
                     c.user_group = user_group
                     c.active = 'advanced'
                     c.group_members_obj = sorted(
                         (x.user for x in c.user_group.members),
                         key=lambda u: u.username.lower())
                     c.group_to_repos = sorted(
                         (x.repository for x in c.user_group.users_group_repo_to_perm),
                         key=lambda u: u.repo_name.lower())
                     c.group_to_repo_groups = sorted(
                         (x.group for x in c.user_group.users_group_repo_group_to_perm),
                         key=lambda u: u.group_name.lower())
                     c.group_to_review_rules = sorted(
                         (x.users_group for x in c.user_group.user_group_review_rules),
                         key=lambda u: u.users_group_name.lower())
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_group_advanced_sync', request_method='POST',
                     renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
                 def user_group_edit_advanced_set_synchronization(self):
                     _ = self.request.translate
                     user_group = self.db_user_group
                     user_group_id = user_group.users_group_id
                     existing = user_group.group_data.get('extern_type')
                     if existing:
                         new_state = user_group.group_data
                         new_state['extern_type'] = None
                     else:
                         new_state = user_group.group_data
                         new_state['extern_type'] = 'manual'
                         new_state['extern_type_set_by'] = self._rhodecode_user.username
                     try:
                         user_group.group_data = new_state
                         Session().add(user_group)
                         Session().commit()
                         h.flash(_('User Group synchronization updated successfully'),
                                 category='success')
                     except Exception:
                         log.exception("Exception during sync settings saving")
                         h.flash(_('An error occurred during synchronization update'),
                                 category='error')
                     raise HTTPFound(
                         h.route_path('edit_user_group_advanced',
                                      user_group_id=user_group_id))

rhodecode/events/__init__.py

0 +3 -1

             # Copyright (C) 2016-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             from pyramid.threadlocal import get_current_registry
             from rhodecode.events.base import RhodecodeEvent
             log = logging.getLogger(__name__)
             def trigger(event, registry=None):
                 """
                 Helper method to send an event. This wraps the pyramid logic to send an
                 event.
                 """
                 # For the first step we are using pyramids thread locals here. If the
                 # event mechanism works out as a good solution we should think about
                 # passing the registry as an argument to get rid of it.
                 registry = registry or get_current_registry()
                 registry.notify(event)
                 log.debug('event %s triggered using registry %s', event, registry)
                 # Until we can work around the problem that VCS operations do not have a
                 # pyramid context to work with, we send the events to integrations directly
                 # Later it will be possible to use regular pyramid subscribers ie:
                 # config.add_subscriber(
                 #     'rhodecode.integrations.integrations_event_handler',
                 #     'rhodecode.events.RhodecodeEvent')
                 # trigger(event, request.registry)
                 from rhodecode.integrations import integrations_event_handler
                 if isinstance(event, RhodecodeEvent):
                     integrations_event_handler(event)
             from rhodecode.events.user import (  # noqa
                 UserPreCreate,
                 UserPostCreate,
                 UserPreUpdate,
-                UserRegistered
+                UserRegistered,
+                UserPermissionsChange,
             )
             from rhodecode.events.repo import (  # noqa
                 RepoEvent,
                 RepoPreCreateEvent, RepoCreateEvent,
                 RepoPreDeleteEvent, RepoDeleteEvent,
                 RepoPrePushEvent,   RepoPushEvent,
                 RepoPrePullEvent,   RepoPullEvent,
             )
             from rhodecode.events.repo_group import (  # noqa
                 RepoGroupEvent,
                 RepoGroupCreateEvent,
                 RepoGroupUpdateEvent,
                 RepoGroupDeleteEvent,
             )
             from rhodecode.events.pullrequest import (  # noqa
                 PullRequestEvent,
                 PullRequestCreateEvent,
                 PullRequestUpdateEvent,
                 PullRequestCommentEvent,
                 PullRequestReviewEvent,
                 PullRequestMergeEvent,
                 PullRequestCloseEvent,
             )

rhodecode/events/user.py

0 +19 0

             # Copyright (C) 2016-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             from zope.interface import implementer
             from rhodecode.translation import lazy_ugettext
             from rhodecode.events.base import RhodecodeEvent
             from rhodecode.events.interfaces import (
                 IUserRegistered, IUserPreCreate, IUserPreUpdate)
             log = logging.getLogger(__name__)
             @implementer(IUserRegistered)
             class UserRegistered(RhodecodeEvent):
                 """
                 An instance of this class is emitted as an :term:`event` whenever a user
                 account is registered.
                 """
                 name = 'user-register'
                 display_name = lazy_ugettext('user registered')
                 def __init__(self, user, session):
                     super(UserRegistered, self).__init__()
                     self.user = user
                     self.session = session
             @implementer(IUserPreCreate)
             class UserPreCreate(RhodecodeEvent):
                 """
                 An instance of this class is emitted as an :term:`event` before a new user
                 object is created.
                 """
                 name = 'user-pre-create'
                 display_name = lazy_ugettext('user pre create')
                 def __init__(self, user_data):
                     super(UserPreCreate, self).__init__()
                     self.user_data = user_data
             @implementer(IUserPreCreate)
             class UserPostCreate(RhodecodeEvent):
                 """
                 An instance of this class is emitted as an :term:`event` after a new user
                 object is created.
                 """
                 name = 'user-post-create'
                 display_name = lazy_ugettext('user post create')
                 def __init__(self, user_data):
                     super(UserPostCreate, self).__init__()
                     self.user_data = user_data
             @implementer(IUserPreUpdate)
             class UserPreUpdate(RhodecodeEvent):
                 """
                 An instance of this class is emitted as an :term:`event` before a user
                 object is updated.
                 """
                 name = 'user-pre-update'
                 display_name = lazy_ugettext('user pre update')
                 def __init__(self, user, user_data):
                     super(UserPreUpdate, self).__init__()
                     self.user = user
                     self.user_data = user_data
+            class UserPermissionsChange(RhodecodeEvent):
+                """
+                This event should be triggered on an event that permissions of user might changed.
+                Currently this should be triggered on:
+                  - user added/removed from user group
+                  - repo permissions changed
+                  - repo group permissions changed
+                  - user group permissions changed
+                """
+                name = 'user-permissions-change'
+                display_name = lazy_ugettext('user permissions change')
+                def __init__(self, user_ids):
+                    super(UserPermissionsChange, self).__init__()
+                    self.user_ids = user_ids

rhodecode/subscribers.py

0 +1 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import io
             import re
             import datetime
             import logging
             import Queue
             import subprocess32
             import os
             from dateutil.parser import parse
             from pyramid.i18n import get_localizer
             from pyramid.threadlocal import get_current_request
             from pyramid.interfaces import IRoutesMapper
             from pyramid.settings import asbool
             from pyramid.path import AssetResolver
             from threading import Thread
             from rhodecode.translation import _ as tsf
             from rhodecode.config.jsroutes import generate_jsroutes_content
             from rhodecode.lib import auth
             from rhodecode.lib.base import get_auth_user
             import rhodecode
             log = logging.getLogger(__name__)
             def add_renderer_globals(event):
                 from rhodecode.lib import helpers
                 # TODO: When executed in pyramid view context the request is not available
                 # in the event. Find a better solution to get the request.
                 request = event['request'] or get_current_request()
                 # Add Pyramid translation as '_' to context
                 event['_'] = request.translate
                 event['_ungettext'] = request.plularize
                 event['h'] = helpers
             def add_localizer(event):
                 request = event.request
                 localizer = request.localizer
                 def auto_translate(*args, **kwargs):
                     return localizer.translate(tsf(*args, **kwargs))
                 request.translate = auto_translate
                 request.plularize = localizer.pluralize
             def set_user_lang(event):
                 request = event.request
                 cur_user = getattr(request, 'user', None)
                 if cur_user:
                     user_lang = cur_user.get_instance().user_data.get('language')
                     if user_lang:
                         log.debug('lang: setting current user:%s language to: %s', cur_user, user_lang)
                         event.request._LOCALE_ = user_lang
             def add_request_user_context(event):
                 """
                 Adds auth user into request context
                 """
                 request = event.request
                 # access req_id as soon as possible
                 req_id = request.req_id
                 if hasattr(request, 'vcs_call'):
                     # skip vcs calls
                     return
                 if hasattr(request, 'rpc_method'):
                     # skip api calls
                     return
                 auth_user = get_auth_user(request)
                 request.user = auth_user
                 request.environ['rc_auth_user'] = auth_user
                 request.environ['rc_req_id'] = req_id
             def inject_app_settings(event):
                 settings = event.app.registry.settings
                 # inject info about available permissions
                 auth.set_available_permissions(settings)
             def scan_repositories_if_enabled(event):
                 """
                 This is subscribed to the `pyramid.events.ApplicationCreated` event. It
                 does a repository scan if enabled in the settings.
                 """
                 settings = event.app.registry.settings
                 vcs_server_enabled = settings['vcs.server.enable']
                 import_on_startup = settings['startup.import_repos']
                 if vcs_server_enabled and import_on_startup:
                     from rhodecode.model.scm import ScmModel
                     from rhodecode.lib.utils import repo2db_mapper, get_rhodecode_base_path
                     repositories = ScmModel().repo_scan(get_rhodecode_base_path())
                     repo2db_mapper(repositories, remove_obsolete=False)
             def write_metadata_if_needed(event):
                 """
                 Writes upgrade metadata
                 """
                 import rhodecode
                 from rhodecode.lib import system_info
                 from rhodecode.lib import ext_json
                 fname = '.rcmetadata.json'
                 ini_loc = os.path.dirname(rhodecode.CONFIG.get('__file__'))
                 metadata_destination = os.path.join(ini_loc, fname)
                 def get_update_age():
                     now = datetime.datetime.utcnow()
                     with open(metadata_destination, 'rb') as f:
                         data = ext_json.json.loads(f.read())
                         if 'created_on' in data:
                             update_date = parse(data['created_on'])
                             diff = now - update_date
                             return diff.total_seconds() / 60.0
                     return 0
                 def write():
                     configuration = system_info.SysInfo(
                         system_info.rhodecode_config)()['value']
                     license_token = configuration['config']['license_token']
                     setup = dict(
                         workers=configuration['config']['server:main'].get(
                             'workers', '?'),
                         worker_type=configuration['config']['server:main'].get(
                             'worker_class', 'sync'),
                     )
                     dbinfo = system_info.SysInfo(system_info.database_info)()['value']
                     del dbinfo['url']
                     metadata = dict(
                         desc='upgrade metadata info',
                         license_token=license_token,
                         created_on=datetime.datetime.utcnow().isoformat(),
                         usage=system_info.SysInfo(system_info.usage_info)()['value'],
                         platform=system_info.SysInfo(system_info.platform_type)()['value'],
                         database=dbinfo,
                         cpu=system_info.SysInfo(system_info.cpu)()['value'],
                         memory=system_info.SysInfo(system_info.memory)()['value'],
                         setup=setup
                     )
                     with open(metadata_destination, 'wb') as f:
                         f.write(ext_json.json.dumps(metadata))
                 settings = event.app.registry.settings
                 if settings.get('metadata.skip'):
                     return
                 # only write this every 24h, workers restart caused unwanted delays
                 try:
                     age_in_min = get_update_age()
                 except Exception:
                     age_in_min = 0
                 if age_in_min > 60 * 60 * 24:
                     return
                 try:
                     write()
                 except Exception:
                     pass
             def write_js_routes_if_enabled(event):
                 registry = event.app.registry
                 mapper = registry.queryUtility(IRoutesMapper)
                 _argument_prog = re.compile('\{(.*?)\}|:\((.*)\)')
                 def _extract_route_information(route):
                     """
                     Convert a route into tuple(name, path, args), eg:
                         ('show_user', '/profile/%(username)s', ['username'])
                     """
                     routepath = route.pattern
                     pattern = route.pattern
                     def replace(matchobj):
                         if matchobj.group(1):
                             return "%%(%s)s" % matchobj.group(1).split(':')[0]
                         else:
                             return "%%(%s)s" % matchobj.group(2)
                     routepath = _argument_prog.sub(replace, routepath)
                     if not routepath.startswith('/'):
                         routepath = '/'+routepath
                     return (
                         route.name,
                         routepath,
                         [(arg[0].split(':')[0] if arg[0] != '' else arg[1])
                           for arg in _argument_prog.findall(pattern)]
                     )
                 def get_routes():
                     # pyramid routes
                     for route in mapper.get_routes():
                         if not route.name.startswith('__'):
                             yield _extract_route_information(route)
                 if asbool(registry.settings.get('generate_js_files', 'false')):
                     static_path = AssetResolver().resolve('rhodecode:public').abspath()
                     jsroutes = get_routes()
                     jsroutes_file_content = generate_jsroutes_content(jsroutes)
                     jsroutes_file_path = os.path.join(
                         static_path, 'js', 'rhodecode', 'routes.js')
                     try:
                         with io.open(jsroutes_file_path, 'w', encoding='utf-8') as f:
                             f.write(jsroutes_file_content)
                     except Exception:
                         log.exception('Failed to write routes.js into %s', jsroutes_file_path)
             class Subscriber(object):
                 """
                 Base class for subscribers to the pyramid event system.
                 """
                 def __call__(self, event):
                     self.run(event)
                 def run(self, event):
                     raise NotImplementedError('Subclass has to implement this.')
             class AsyncSubscriber(Subscriber):
                 """
                 Subscriber that handles the execution of events in a separate task to not
                 block the execution of the code which triggers the event. It puts the
                 received events into a queue from which the worker process takes them in
                 order.
                 """
                 def __init__(self):
                     self._stop = False
                     self._eventq = Queue.Queue()
                     self._worker = self.create_worker()
                     self._worker.start()
                 def __call__(self, event):
                     self._eventq.put(event)
                 def create_worker(self):
                     worker = Thread(target=self.do_work)
                     worker.daemon = True
                     return worker
                 def stop_worker(self):
                     self._stop = False
                     self._eventq.put(None)
                     self._worker.join()
                 def do_work(self):
                     while not self._stop:
                         event = self._eventq.get()
                         if event is not None:
                             self.run(event)
             class AsyncSubprocessSubscriber(AsyncSubscriber):
                 """
                 Subscriber that uses the subprocess32 module to execute a command if an
                 event is received. Events are handled asynchronously.
                 """
                 def __init__(self, cmd, timeout=None):
                     super(AsyncSubprocessSubscriber, self).__init__()
                     self._cmd = cmd
                     self._timeout = timeout
                 def run(self, event):
                     cmd = self._cmd
                     timeout = self._timeout
                     log.debug('Executing command %s.', cmd)
                     try:
                         output = subprocess32.check_output(
                             cmd, timeout=timeout, stderr=subprocess32.STDOUT)
                         log.debug('Command finished %s', cmd)
                         if output:
                             log.debug('Command output: %s', output)
                     except subprocess32.TimeoutExpired as e:
                         log.exception('Timeout while executing command.')
                         if e.output:
                             log.error('Command output: %s', e.output)
                     except subprocess32.CalledProcessError as e:
                         log.exception('Error while executing command.')
                         if e.output:
                             log.error('Command output: %s', e.output)
                     except:
                         log.exception(
                             'Exception while executing command %s.', cmd)

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages