##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
branch permissions: added logic to define in UI branch permissions....
marcink -
r2975:2d612d18 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,45 b''
1 # -*- coding: utf-8 -*-
2
3 # Copyright (C) 2011-2018 RhodeCode GmbH
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
21 import logging
22
23 from pyramid.view import view_config
24
25 from rhodecode.apps._base import RepoAppView
26 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
27
28 log = logging.getLogger(__name__)
29
30
31 class RepoSettingsBranchPermissionsView(RepoAppView):
32
33 def load_default_context(self):
34 c = self._get_local_tmpl_context()
35 return c
36
37 @LoginRequired()
38 @HasRepoPermissionAnyDecorator('repository.admin')
39 @view_config(
40 route_name='edit_repo_perms_branch', request_method='GET',
41 renderer='rhodecode:templates/admin/repos/repo_edit.mako')
42 def branch_permissions(self):
43 c = self.load_default_context()
44 c.active = 'permissions_branch'
45 return self._get_template_context(c)
Show file before | Show file after | Hide comments
This diff has been collapsed as it changes many lines, (4587 lines changed) Show them Hide them
@@ -0,0 +1,4587 b''
1 # -*- coding: utf-8 -*-
2
3 # Copyright (C) 2010-2018 RhodeCode GmbH
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
21 """
22 Database Models for RhodeCode Enterprise
23 """
24
25 import re
26 import os
27 import time
28 import hashlib
29 import logging
30 import datetime
31 import warnings
32 import ipaddress
33 import functools
34 import traceback
35 import collections
36
37 from sqlalchemy import (
38 or_, and_, not_, func, TypeDecorator, event,
39 Index, Sequence, UniqueConstraint, ForeignKey, CheckConstraint, Column,
40 Boolean, String, Unicode, UnicodeText, DateTime, Integer, LargeBinary,
41 Text, Float, PickleType)
42 from sqlalchemy.sql.expression import true, false
43 from sqlalchemy.sql.functions import coalesce, count # noqa
44 from sqlalchemy.orm import (
45 relationship, joinedload, class_mapper, validates, aliased)
46 from sqlalchemy.ext.declarative import declared_attr
47 from sqlalchemy.ext.hybrid import hybrid_property
48 from sqlalchemy.exc import IntegrityError # noqa
49 from sqlalchemy.dialects.mysql import LONGTEXT
50 from beaker.cache import cache_region
51 from zope.cachedescriptors.property import Lazy as LazyProperty
52
53 from pyramid.threadlocal import get_current_request
54
55 from rhodecode.translation import _
56 from rhodecode.lib.vcs import get_vcs_instance
57 from rhodecode.lib.vcs.backends.base import EmptyCommit, Reference
58 from rhodecode.lib.utils2 import (
59 str2bool, safe_str, get_commit_safe, safe_unicode, md5_safe,
60 time_to_datetime, aslist, Optional, safe_int, get_clone_url, AttributeDict,
61 glob2re, StrictAttributeDict, cleaned_uri)
62 from rhodecode.lib.jsonalchemy import MutationObj, MutationList, JsonType, \
63 JsonRaw
64 from rhodecode.lib.ext_json import json
65 from rhodecode.lib.caching_query import FromCache
66 from rhodecode.lib.encrypt import AESCipher
67
68 from rhodecode.model.meta import Base, Session
69
70 URL_SEP = '/'
71 log = logging.getLogger(__name__)
72
73 # =============================================================================
74 # BASE CLASSES
75 # =============================================================================
76
77 # this is propagated from .ini file rhodecode.encrypted_values.secret or
78 # beaker.session.secret if first is not set.
79 # and initialized at environment.py
80 ENCRYPTION_KEY = None
81
82 # used to sort permissions by types, '#' used here is not allowed to be in
83 # usernames, and it's very early in sorted string.printable table.
84 PERMISSION_TYPE_SORT = {
85 'admin': '####',
86 'write': '###',
87 'read': '##',
88 'none': '#',
89 }
90
91
92 def display_user_sort(obj):
93 """
94 Sort function used to sort permissions in .permissions() function of
95 Repository, RepoGroup, UserGroup. Also it put the default user in front
96 of all other resources
97 """
98
99 if obj.username == User.DEFAULT_USER:
100 return '#####'
101 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
102 return prefix + obj.username
103
104
105 def display_user_group_sort(obj):
106 """
107 Sort function used to sort permissions in .permissions() function of
108 Repository, RepoGroup, UserGroup. Also it put the default user in front
109 of all other resources
110 """
111
112 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
113 return prefix + obj.users_group_name
114
115
116 def _hash_key(k):
117 return md5_safe(k)
118
119
120 def in_filter_generator(qry, items, limit=500):
121 """
122 Splits IN() into multiple with OR
123 e.g.::
124 cnt = Repository.query().filter(
125 or_(
126 *in_filter_generator(Repository.repo_id, range(100000))
127 )).count()
128 """
129 if not items:
130 # empty list will cause empty query which might cause security issues
131 # this can lead to hidden unpleasant results
132 items = [-1]
133
134 parts = []
135 for chunk in xrange(0, len(items), limit):
136 parts.append(
137 qry.in_(items[chunk: chunk + limit])
138 )
139
140 return parts
141
142
143 class EncryptedTextValue(TypeDecorator):
144 """
145 Special column for encrypted long text data, use like::
146
147 value = Column("encrypted_value", EncryptedValue(), nullable=False)
148
149 This column is intelligent so if value is in unencrypted form it return
150 unencrypted form, but on save it always encrypts
151 """
152 impl = Text
153
154 def process_bind_param(self, value, dialect):
155 if not value:
156 return value
157 if value.startswith('enc$aes$') or value.startswith('enc$aes_hmac$'):
158 # protect against double encrypting if someone manually starts
159 # doing
160 raise ValueError('value needs to be in unencrypted format, ie. '
161 'not starting with enc$aes')
162 return 'enc$aes_hmac$%s' % AESCipher(
163 ENCRYPTION_KEY, hmac=True).encrypt(value)
164
165 def process_result_value(self, value, dialect):
166 import rhodecode
167
168 if not value:
169 return value
170
171 parts = value.split('$', 3)
172 if not len(parts) == 3:
173 # probably not encrypted values
174 return value
175 else:
176 if parts[0] != 'enc':
177 # parts ok but without our header ?
178 return value
179 enc_strict_mode = str2bool(rhodecode.CONFIG.get(
180 'rhodecode.encrypted_values.strict') or True)
181 # at that stage we know it's our encryption
182 if parts[1] == 'aes':
183 decrypted_data = AESCipher(ENCRYPTION_KEY).decrypt(parts[2])
184 elif parts[1] == 'aes_hmac':
185 decrypted_data = AESCipher(
186 ENCRYPTION_KEY, hmac=True,
187 strict_verification=enc_strict_mode).decrypt(parts[2])
188 else:
189 raise ValueError(
190 'Encryption type part is wrong, must be `aes` '
191 'or `aes_hmac`, got `%s` instead' % (parts[1]))
192 return decrypted_data
193
194
195 class BaseModel(object):
196 """
197 Base Model for all classes
198 """
199
200 @classmethod
201 def _get_keys(cls):
202 """return column names for this model """
203 return class_mapper(cls).c.keys()
204
205 def get_dict(self):
206 """
207 return dict with keys and values corresponding
208 to this model data """
209
210 d = {}
211 for k in self._get_keys():
212 d[k] = getattr(self, k)
213
214 # also use __json__() if present to get additional fields
215 _json_attr = getattr(self, '__json__', None)
216 if _json_attr:
217 # update with attributes from __json__
218 if callable(_json_attr):
219 _json_attr = _json_attr()
220 for k, val in _json_attr.iteritems():
221 d[k] = val
222 return d
223
224 def get_appstruct(self):
225 """return list with keys and values tuples corresponding
226 to this model data """
227
228 lst = []
229 for k in self._get_keys():
230 lst.append((k, getattr(self, k),))
231 return lst
232
233 def populate_obj(self, populate_dict):
234 """populate model with data from given populate_dict"""
235
236 for k in self._get_keys():
237 if k in populate_dict:
238 setattr(self, k, populate_dict[k])
239
240 @classmethod
241 def query(cls):
242 return Session().query(cls)
243
244 @classmethod
245 def get(cls, id_):
246 if id_:
247 return cls.query().get(id_)
248
249 @classmethod
250 def get_or_404(cls, id_):
251 from pyramid.httpexceptions import HTTPNotFound
252
253 try:
254 id_ = int(id_)
255 except (TypeError, ValueError):
256 raise HTTPNotFound()
257
258 res = cls.query().get(id_)
259 if not res:
260 raise HTTPNotFound()
261 return res
262
263 @classmethod
264 def getAll(cls):
265 # deprecated and left for backward compatibility
266 return cls.get_all()
267
268 @classmethod
269 def get_all(cls):
270 return cls.query().all()
271
272 @classmethod
273 def delete(cls, id_):
274 obj = cls.query().get(id_)
275 Session().delete(obj)
276
277 @classmethod
278 def identity_cache(cls, session, attr_name, value):
279 exist_in_session = []
280 for (item_cls, pkey), instance in session.identity_map.items():
281 if cls == item_cls and getattr(instance, attr_name) == value:
282 exist_in_session.append(instance)
283 if exist_in_session:
284 if len(exist_in_session) == 1:
285 return exist_in_session[0]
286 log.exception(
287 'multiple objects with attr %s and '
288 'value %s found with same name: %r',
289 attr_name, value, exist_in_session)
290
291 def __repr__(self):
292 if hasattr(self, '__unicode__'):
293 # python repr needs to return str
294 try:
295 return safe_str(self.__unicode__())
296 except UnicodeDecodeError:
297 pass
298 return '<DB:%s>' % (self.__class__.__name__)
299
300
301 class RhodeCodeSetting(Base, BaseModel):
302 __tablename__ = 'rhodecode_settings'
303 __table_args__ = (
304 UniqueConstraint('app_settings_name'),
305 {'extend_existing': True, 'mysql_engine': 'InnoDB',
306 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
307 )
308
309 SETTINGS_TYPES = {
310 'str': safe_str,
311 'int': safe_int,
312 'unicode': safe_unicode,
313 'bool': str2bool,
314 'list': functools.partial(aslist, sep=',')
315 }
316 DEFAULT_UPDATE_URL = 'https://rhodecode.com/api/v1/info/versions'
317 GLOBAL_CONF_KEY = 'app_settings'
318
319 app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
320 app_settings_name = Column("app_settings_name", String(255), nullable=True, unique=None, default=None)
321 _app_settings_value = Column("app_settings_value", String(4096), nullable=True, unique=None, default=None)
322 _app_settings_type = Column("app_settings_type", String(255), nullable=True, unique=None, default=None)
323
324 def __init__(self, key='', val='', type='unicode'):
325 self.app_settings_name = key
326 self.app_settings_type = type
327 self.app_settings_value = val
328
329 @validates('_app_settings_value')
330 def validate_settings_value(self, key, val):
331 assert type(val) == unicode
332 return val
333
334 @hybrid_property
335 def app_settings_value(self):
336 v = self._app_settings_value
337 _type = self.app_settings_type
338 if _type:
339 _type = self.app_settings_type.split('.')[0]
340 # decode the encrypted value
341 if 'encrypted' in self.app_settings_type:
342 cipher = EncryptedTextValue()
343 v = safe_unicode(cipher.process_result_value(v, None))
344
345 converter = self.SETTINGS_TYPES.get(_type) or \
346 self.SETTINGS_TYPES['unicode']
347 return converter(v)
348
349 @app_settings_value.setter
350 def app_settings_value(self, val):
351 """
352 Setter that will always make sure we use unicode in app_settings_value
353
354 :param val:
355 """
356 val = safe_unicode(val)
357 # encode the encrypted value
358 if 'encrypted' in self.app_settings_type:
359 cipher = EncryptedTextValue()
360 val = safe_unicode(cipher.process_bind_param(val, None))
361 self._app_settings_value = val
362
363 @hybrid_property
364 def app_settings_type(self):
365 return self._app_settings_type
366
367 @app_settings_type.setter
368 def app_settings_type(self, val):
369 if val.split('.')[0] not in self.SETTINGS_TYPES:
370 raise Exception('type must be one of %s got %s'
371 % (self.SETTINGS_TYPES.keys(), val))
372 self._app_settings_type = val
373
374 def __unicode__(self):
375 return u"<%s('%s:%s[%s]')>" % (
376 self.__class__.__name__,
377 self.app_settings_name, self.app_settings_value,
378 self.app_settings_type
379 )
380
381
382 class RhodeCodeUi(Base, BaseModel):
383 __tablename__ = 'rhodecode_ui'
384 __table_args__ = (
385 UniqueConstraint('ui_key'),
386 {'extend_existing': True, 'mysql_engine': 'InnoDB',
387 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
388 )
389
390 HOOK_REPO_SIZE = 'changegroup.repo_size'
391 # HG
392 HOOK_PRE_PULL = 'preoutgoing.pre_pull'
393 HOOK_PULL = 'outgoing.pull_logger'
394 HOOK_PRE_PUSH = 'prechangegroup.pre_push'
395 HOOK_PRETX_PUSH = 'pretxnchangegroup.pre_push'
396 HOOK_PUSH = 'changegroup.push_logger'
397 HOOK_PUSH_KEY = 'pushkey.key_push'
398
399 # TODO: johbo: Unify way how hooks are configured for git and hg,
400 # git part is currently hardcoded.
401
402 # SVN PATTERNS
403 SVN_BRANCH_ID = 'vcs_svn_branch'
404 SVN_TAG_ID = 'vcs_svn_tag'
405
406 ui_id = Column(
407 "ui_id", Integer(), nullable=False, unique=True, default=None,
408 primary_key=True)
409 ui_section = Column(
410 "ui_section", String(255), nullable=True, unique=None, default=None)
411 ui_key = Column(
412 "ui_key", String(255), nullable=True, unique=None, default=None)
413 ui_value = Column(
414 "ui_value", String(255), nullable=True, unique=None, default=None)
415 ui_active = Column(
416 "ui_active", Boolean(), nullable=True, unique=None, default=True)
417
418 def __repr__(self):
419 return '<%s[%s]%s=>%s]>' % (self.__class__.__name__, self.ui_section,
420 self.ui_key, self.ui_value)
421
422
423 class RepoRhodeCodeSetting(Base, BaseModel):
424 __tablename__ = 'repo_rhodecode_settings'
425 __table_args__ = (
426 UniqueConstraint(
427 'app_settings_name', 'repository_id',
428 name='uq_repo_rhodecode_setting_name_repo_id'),
429 {'extend_existing': True, 'mysql_engine': 'InnoDB',
430 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
431 )
432
433 repository_id = Column(
434 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
435 nullable=False)
436 app_settings_id = Column(
437 "app_settings_id", Integer(), nullable=False, unique=True,
438 default=None, primary_key=True)
439 app_settings_name = Column(
440 "app_settings_name", String(255), nullable=True, unique=None,
441 default=None)
442 _app_settings_value = Column(
443 "app_settings_value", String(4096), nullable=True, unique=None,
444 default=None)
445 _app_settings_type = Column(
446 "app_settings_type", String(255), nullable=True, unique=None,
447 default=None)
448
449 repository = relationship('Repository')
450
451 def __init__(self, repository_id, key='', val='', type='unicode'):
452 self.repository_id = repository_id
453 self.app_settings_name = key
454 self.app_settings_type = type
455 self.app_settings_value = val
456
457 @validates('_app_settings_value')
458 def validate_settings_value(self, key, val):
459 assert type(val) == unicode
460 return val
461
462 @hybrid_property
463 def app_settings_value(self):
464 v = self._app_settings_value
465 type_ = self.app_settings_type
466 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
467 converter = SETTINGS_TYPES.get(type_) or SETTINGS_TYPES['unicode']
468 return converter(v)
469
470 @app_settings_value.setter
471 def app_settings_value(self, val):
472 """
473 Setter that will always make sure we use unicode in app_settings_value
474
475 :param val:
476 """
477 self._app_settings_value = safe_unicode(val)
478
479 @hybrid_property
480 def app_settings_type(self):
481 return self._app_settings_type
482
483 @app_settings_type.setter
484 def app_settings_type(self, val):
485 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
486 if val not in SETTINGS_TYPES:
487 raise Exception('type must be one of %s got %s'
488 % (SETTINGS_TYPES.keys(), val))
489 self._app_settings_type = val
490
491 def __unicode__(self):
492 return u"<%s('%s:%s:%s[%s]')>" % (
493 self.__class__.__name__, self.repository.repo_name,
494 self.app_settings_name, self.app_settings_value,
495 self.app_settings_type
496 )
497
498
499 class RepoRhodeCodeUi(Base, BaseModel):
500 __tablename__ = 'repo_rhodecode_ui'
501 __table_args__ = (
502 UniqueConstraint(
503 'repository_id', 'ui_section', 'ui_key',
504 name='uq_repo_rhodecode_ui_repository_id_section_key'),
505 {'extend_existing': True, 'mysql_engine': 'InnoDB',
506 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
507 )
508
509 repository_id = Column(
510 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
511 nullable=False)
512 ui_id = Column(
513 "ui_id", Integer(), nullable=False, unique=True, default=None,
514 primary_key=True)
515 ui_section = Column(
516 "ui_section", String(255), nullable=True, unique=None, default=None)
517 ui_key = Column(
518 "ui_key", String(255), nullable=True, unique=None, default=None)
519 ui_value = Column(
520 "ui_value", String(255), nullable=True, unique=None, default=None)
521 ui_active = Column(
522 "ui_active", Boolean(), nullable=True, unique=None, default=True)
523
524 repository = relationship('Repository')
525
526 def __repr__(self):
527 return '<%s[%s:%s]%s=>%s]>' % (
528 self.__class__.__name__, self.repository.repo_name,
529 self.ui_section, self.ui_key, self.ui_value)
530
531
532 class User(Base, BaseModel):
533 __tablename__ = 'users'
534 __table_args__ = (
535 UniqueConstraint('username'), UniqueConstraint('email'),
536 Index('u_username_idx', 'username'),
537 Index('u_email_idx', 'email'),
538 {'extend_existing': True, 'mysql_engine': 'InnoDB',
539 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
540 )
541 DEFAULT_USER = 'default'
542 DEFAULT_USER_EMAIL = 'anonymous@rhodecode.org'
543 DEFAULT_GRAVATAR_URL = 'https://secure.gravatar.com/avatar/{md5email}?d=identicon&s={size}'
544
545 user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
546 username = Column("username", String(255), nullable=True, unique=None, default=None)
547 password = Column("password", String(255), nullable=True, unique=None, default=None)
548 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
549 admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
550 name = Column("firstname", String(255), nullable=True, unique=None, default=None)
551 lastname = Column("lastname", String(255), nullable=True, unique=None, default=None)
552 _email = Column("email", String(255), nullable=True, unique=None, default=None)
553 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
554 last_activity = Column('last_activity', DateTime(timezone=False), nullable=True, unique=None, default=None)
555
556 extern_type = Column("extern_type", String(255), nullable=True, unique=None, default=None)
557 extern_name = Column("extern_name", String(255), nullable=True, unique=None, default=None)
558 _api_key = Column("api_key", String(255), nullable=True, unique=None, default=None)
559 inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
560 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
561 _user_data = Column("user_data", LargeBinary(), nullable=True) # JSON data
562
563 user_log = relationship('UserLog')
564 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
565
566 repositories = relationship('Repository')
567 repository_groups = relationship('RepoGroup')
568 user_groups = relationship('UserGroup')
569
570 user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
571 followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')
572
573 repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
574 repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')
575 user_group_to_perm = relationship('UserUserGroupToPerm', primaryjoin='UserUserGroupToPerm.user_id==User.user_id', cascade='all')
576
577 group_member = relationship('UserGroupMember', cascade='all')
578
579 notifications = relationship('UserNotification', cascade='all')
580 # notifications assigned to this user
581 user_created_notifications = relationship('Notification', cascade='all')
582 # comments created by this user
583 user_comments = relationship('ChangesetComment', cascade='all')
584 # user profile extra info
585 user_emails = relationship('UserEmailMap', cascade='all')
586 user_ip_map = relationship('UserIpMap', cascade='all')
587 user_auth_tokens = relationship('UserApiKeys', cascade='all')
588 user_ssh_keys = relationship('UserSshKeys', cascade='all')
589
590 # gists
591 user_gists = relationship('Gist', cascade='all')
592 # user pull requests
593 user_pull_requests = relationship('PullRequest', cascade='all')
594 # external identities
595 extenal_identities = relationship(
596 'ExternalIdentity',
597 primaryjoin="User.user_id==ExternalIdentity.local_user_id",
598 cascade='all')
599 # review rules
600 user_review_rules = relationship('RepoReviewRuleUser', cascade='all')
601
602 def __unicode__(self):
603 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
604 self.user_id, self.username)
605
606 @hybrid_property
607 def email(self):
608 return self._email
609
610 @email.setter
611 def email(self, val):
612 self._email = val.lower() if val else None
613
614 @hybrid_property
615 def first_name(self):
616 from rhodecode.lib import helpers as h
617 if self.name:
618 return h.escape(self.name)
619 return self.name
620
621 @hybrid_property
622 def last_name(self):
623 from rhodecode.lib import helpers as h
624 if self.lastname:
625 return h.escape(self.lastname)
626 return self.lastname
627
628 @hybrid_property
629 def api_key(self):
630 """
631 Fetch if exist an auth-token with role ALL connected to this user
632 """
633 user_auth_token = UserApiKeys.query()\
634 .filter(UserApiKeys.user_id == self.user_id)\
635 .filter(or_(UserApiKeys.expires == -1,
636 UserApiKeys.expires >= time.time()))\
637 .filter(UserApiKeys.role == UserApiKeys.ROLE_ALL).first()
638 if user_auth_token:
639 user_auth_token = user_auth_token.api_key
640
641 return user_auth_token
642
643 @api_key.setter
644 def api_key(self, val):
645 # don't allow to set API key this is deprecated for now
646 self._api_key = None
647
648 @property
649 def reviewer_pull_requests(self):
650 return PullRequestReviewers.query() \
651 .options(joinedload(PullRequestReviewers.pull_request)) \
652 .filter(PullRequestReviewers.user_id == self.user_id) \
653 .all()
654
655 @property
656 def firstname(self):
657 # alias for future
658 return self.name
659
660 @property
661 def emails(self):
662 other = UserEmailMap.query()\
663 .filter(UserEmailMap.user == self) \
664 .order_by(UserEmailMap.email_id.asc()) \
665 .all()
666 return [self.email] + [x.email for x in other]
667
668 @property
669 def auth_tokens(self):
670 auth_tokens = self.get_auth_tokens()
671 return [x.api_key for x in auth_tokens]
672
673 def get_auth_tokens(self):
674 return UserApiKeys.query()\
675 .filter(UserApiKeys.user == self)\
676 .order_by(UserApiKeys.user_api_key_id.asc())\
677 .all()
678
679 @LazyProperty
680 def feed_token(self):
681 return self.get_feed_token()
682
683 def get_feed_token(self, cache=True):
684 feed_tokens = UserApiKeys.query()\
685 .filter(UserApiKeys.user == self)\
686 .filter(UserApiKeys.role == UserApiKeys.ROLE_FEED)
687 if cache:
688 feed_tokens = feed_tokens.options(
689 FromCache("long_term", "get_user_feed_token_%s" % self.user_id))
690
691 feed_tokens = feed_tokens.all()
692 if feed_tokens:
693 return feed_tokens[0].api_key
694 return 'NO_FEED_TOKEN_AVAILABLE'
695
696 @classmethod
697 def get(cls, user_id, cache=False):
698 if not user_id:
699 return
700
701 user = cls.query()
702 if cache:
703 user = user.options(
704 FromCache("sql_cache_short", "get_users_%s" % user_id))
705 return user.get(user_id)
706
707 @classmethod
708 def extra_valid_auth_tokens(cls, user, role=None):
709 tokens = UserApiKeys.query().filter(UserApiKeys.user == user)\
710 .filter(or_(UserApiKeys.expires == -1,
711 UserApiKeys.expires >= time.time()))
712 if role:
713 tokens = tokens.filter(or_(UserApiKeys.role == role,
714 UserApiKeys.role == UserApiKeys.ROLE_ALL))
715 return tokens.all()
716
717 def authenticate_by_token(self, auth_token, roles=None, scope_repo_id=None):
718 from rhodecode.lib import auth
719
720 log.debug('Trying to authenticate user: %s via auth-token, '
721 'and roles: %s', self, roles)
722
723 if not auth_token:
724 return False
725
726 crypto_backend = auth.crypto_backend()
727
728 roles = (roles or []) + [UserApiKeys.ROLE_ALL]
729 tokens_q = UserApiKeys.query()\
730 .filter(UserApiKeys.user_id == self.user_id)\
731 .filter(or_(UserApiKeys.expires == -1,
732 UserApiKeys.expires >= time.time()))
733
734 tokens_q = tokens_q.filter(UserApiKeys.role.in_(roles))
735
736 plain_tokens = []
737 hash_tokens = []
738
739 for token in tokens_q.all():
740 # verify scope first
741 if token.repo_id:
742 # token has a scope, we need to verify it
743 if scope_repo_id != token.repo_id:
744 log.debug(
745 'Scope mismatch: token has a set repo scope: %s, '
746 'and calling scope is:%s, skipping further checks',
747 token.repo, scope_repo_id)
748 # token has a scope, and it doesn't match, skip token
749 continue
750
751 if token.api_key.startswith(crypto_backend.ENC_PREF):
752 hash_tokens.append(token.api_key)
753 else:
754 plain_tokens.append(token.api_key)
755
756 is_plain_match = auth_token in plain_tokens
757 if is_plain_match:
758 return True
759
760 for hashed in hash_tokens:
761 # TODO(marcink): this is expensive to calculate, but most secure
762 match = crypto_backend.hash_check(auth_token, hashed)
763 if match:
764 return True
765
766 return False
767
768 @property
769 def ip_addresses(self):
770 ret = UserIpMap.query().filter(UserIpMap.user == self).all()
771 return [x.ip_addr for x in ret]
772
773 @property
774 def username_and_name(self):
775 return '%s (%s %s)' % (self.username, self.first_name, self.last_name)
776
777 @property
778 def username_or_name_or_email(self):
779 full_name = self.full_name if self.full_name is not ' ' else None
780 return self.username or full_name or self.email
781
782 @property
783 def full_name(self):
784 return '%s %s' % (self.first_name, self.last_name)
785
786 @property
787 def full_name_or_username(self):
788 return ('%s %s' % (self.first_name, self.last_name)
789 if (self.first_name and self.last_name) else self.username)
790
791 @property
792 def full_contact(self):
793 return '%s %s <%s>' % (self.first_name, self.last_name, self.email)
794
795 @property
796 def short_contact(self):
797 return '%s %s' % (self.first_name, self.last_name)
798
799 @property
800 def is_admin(self):
801 return self.admin
802
803 def AuthUser(self, **kwargs):
804 """
805 Returns instance of AuthUser for this user
806 """
807 from rhodecode.lib.auth import AuthUser
808 return AuthUser(user_id=self.user_id, username=self.username, **kwargs)
809
810 @hybrid_property
811 def user_data(self):
812 if not self._user_data:
813 return {}
814
815 try:
816 return json.loads(self._user_data)
817 except TypeError:
818 return {}
819
820 @user_data.setter
821 def user_data(self, val):
822 if not isinstance(val, dict):
823 raise Exception('user_data must be dict, got %s' % type(val))
824 try:
825 self._user_data = json.dumps(val)
826 except Exception:
827 log.error(traceback.format_exc())
828
829 @classmethod
830 def get_by_username(cls, username, case_insensitive=False,
831 cache=False, identity_cache=False):
832 session = Session()
833
834 if case_insensitive:
835 q = cls.query().filter(
836 func.lower(cls.username) == func.lower(username))
837 else:
838 q = cls.query().filter(cls.username == username)
839
840 if cache:
841 if identity_cache:
842 val = cls.identity_cache(session, 'username', username)
843 if val:
844 return val
845 else:
846 cache_key = "get_user_by_name_%s" % _hash_key(username)
847 q = q.options(
848 FromCache("sql_cache_short", cache_key))
849
850 return q.scalar()
851
852 @classmethod
853 def get_by_auth_token(cls, auth_token, cache=False):
854 q = UserApiKeys.query()\
855 .filter(UserApiKeys.api_key == auth_token)\
856 .filter(or_(UserApiKeys.expires == -1,
857 UserApiKeys.expires >= time.time()))
858 if cache:
859 q = q.options(
860 FromCache("sql_cache_short", "get_auth_token_%s" % auth_token))
861
862 match = q.first()
863 if match:
864 return match.user
865
866 @classmethod
867 def get_by_email(cls, email, case_insensitive=False, cache=False):
868
869 if case_insensitive:
870 q = cls.query().filter(func.lower(cls.email) == func.lower(email))
871
872 else:
873 q = cls.query().filter(cls.email == email)
874
875 email_key = _hash_key(email)
876 if cache:
877 q = q.options(
878 FromCache("sql_cache_short", "get_email_key_%s" % email_key))
879
880 ret = q.scalar()
881 if ret is None:
882 q = UserEmailMap.query()
883 # try fetching in alternate email map
884 if case_insensitive:
885 q = q.filter(func.lower(UserEmailMap.email) == func.lower(email))
886 else:
887 q = q.filter(UserEmailMap.email == email)
888 q = q.options(joinedload(UserEmailMap.user))
889 if cache:
890 q = q.options(
891 FromCache("sql_cache_short", "get_email_map_key_%s" % email_key))
892 ret = getattr(q.scalar(), 'user', None)
893
894 return ret
895
896 @classmethod
897 def get_from_cs_author(cls, author):
898 """
899 Tries to get User objects out of commit author string
900
901 :param author:
902 """
903 from rhodecode.lib.helpers import email, author_name
904 # Valid email in the attribute passed, see if they're in the system
905 _email = email(author)
906 if _email:
907 user = cls.get_by_email(_email, case_insensitive=True)
908 if user:
909 return user
910 # Maybe we can match by username?
911 _author = author_name(author)
912 user = cls.get_by_username(_author, case_insensitive=True)
913 if user:
914 return user
915
916 def update_userdata(self, **kwargs):
917 usr = self
918 old = usr.user_data
919 old.update(**kwargs)
920 usr.user_data = old
921 Session().add(usr)
922 log.debug('updated userdata with ', kwargs)
923
924 def update_lastlogin(self):
925 """Update user lastlogin"""
926 self.last_login = datetime.datetime.now()
927 Session().add(self)
928 log.debug('updated user %s lastlogin', self.username)
929
930 def update_lastactivity(self):
931 """Update user lastactivity"""
932 self.last_activity = datetime.datetime.now()
933 Session().add(self)
934 log.debug('updated user `%s` last activity', self.username)
935
936 def update_password(self, new_password):
937 from rhodecode.lib.auth import get_crypt_password
938
939 self.password = get_crypt_password(new_password)
940 Session().add(self)
941
942 @classmethod
943 def get_first_super_admin(cls):
944 user = User.query().filter(User.admin == true()).first()
945 if user is None:
946 raise Exception('FATAL: Missing administrative account!')
947 return user
948
949 @classmethod
950 def get_all_super_admins(cls):
951 """
952 Returns all admin accounts sorted by username
953 """
954 return User.query().filter(User.admin == true())\
955 .order_by(User.username.asc()).all()
956
957 @classmethod
958 def get_default_user(cls, cache=False, refresh=False):
959 user = User.get_by_username(User.DEFAULT_USER, cache=cache)
960 if user is None:
961 raise Exception('FATAL: Missing default account!')
962 if refresh:
963 # The default user might be based on outdated state which
964 # has been loaded from the cache.
965 # A call to refresh() ensures that the
966 # latest state from the database is used.
967 Session().refresh(user)
968 return user
969
970 def _get_default_perms(self, user, suffix=''):
971 from rhodecode.model.permission import PermissionModel
972 return PermissionModel().get_default_perms(user.user_perms, suffix)
973
974 def get_default_perms(self, suffix=''):
975 return self._get_default_perms(self, suffix)
976
977 def get_api_data(self, include_secrets=False, details='full'):
978 """
979 Common function for generating user related data for API
980
981 :param include_secrets: By default secrets in the API data will be replaced
982 by a placeholder value to prevent exposing this data by accident. In case
983 this data shall be exposed, set this flag to ``True``.
984
985 :param details: details can be 'basic|full' basic gives only a subset of
986 the available user information that includes user_id, name and emails.
987 """
988 user = self
989 user_data = self.user_data
990 data = {
991 'user_id': user.user_id,
992 'username': user.username,
993 'firstname': user.name,
994 'lastname': user.lastname,
995 'email': user.email,
996 'emails': user.emails,
997 }
998 if details == 'basic':
999 return data
1000
1001 auth_token_length = 40
1002 auth_token_replacement = '*' * auth_token_length
1003
1004 extras = {
1005 'auth_tokens': [auth_token_replacement],
1006 'active': user.active,
1007 'admin': user.admin,
1008 'extern_type': user.extern_type,
1009 'extern_name': user.extern_name,
1010 'last_login': user.last_login,
1011 'last_activity': user.last_activity,
1012 'ip_addresses': user.ip_addresses,
1013 'language': user_data.get('language')
1014 }
1015 data.update(extras)
1016
1017 if include_secrets:
1018 data['auth_tokens'] = user.auth_tokens
1019 return data
1020
1021 def __json__(self):
1022 data = {
1023 'full_name': self.full_name,
1024 'full_name_or_username': self.full_name_or_username,
1025 'short_contact': self.short_contact,
1026 'full_contact': self.full_contact,
1027 }
1028 data.update(self.get_api_data())
1029 return data
1030
1031
1032 class UserApiKeys(Base, BaseModel):
1033 __tablename__ = 'user_api_keys'
1034 __table_args__ = (
1035 Index('uak_api_key_idx', 'api_key', unique=True),
1036 Index('uak_api_key_expires_idx', 'api_key', 'expires'),
1037 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1038 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1039 )
1040 __mapper_args__ = {}
1041
1042 # ApiKey role
1043 ROLE_ALL = 'token_role_all'
1044 ROLE_HTTP = 'token_role_http'
1045 ROLE_VCS = 'token_role_vcs'
1046 ROLE_API = 'token_role_api'
1047 ROLE_FEED = 'token_role_feed'
1048 ROLE_PASSWORD_RESET = 'token_password_reset'
1049
1050 ROLES = [ROLE_ALL, ROLE_HTTP, ROLE_VCS, ROLE_API, ROLE_FEED]
1051
1052 user_api_key_id = Column("user_api_key_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1053 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1054 api_key = Column("api_key", String(255), nullable=False, unique=True)
1055 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1056 expires = Column('expires', Float(53), nullable=False)
1057 role = Column('role', String(255), nullable=True)
1058 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1059
1060 # scope columns
1061 repo_id = Column(
1062 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
1063 nullable=True, unique=None, default=None)
1064 repo = relationship('Repository', lazy='joined')
1065
1066 repo_group_id = Column(
1067 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
1068 nullable=True, unique=None, default=None)
1069 repo_group = relationship('RepoGroup', lazy='joined')
1070
1071 user = relationship('User', lazy='joined')
1072
1073 def __unicode__(self):
1074 return u"<%s('%s')>" % (self.__class__.__name__, self.role)
1075
1076 def __json__(self):
1077 data = {
1078 'auth_token': self.api_key,
1079 'role': self.role,
1080 'scope': self.scope_humanized,
1081 'expired': self.expired
1082 }
1083 return data
1084
1085 def get_api_data(self, include_secrets=False):
1086 data = self.__json__()
1087 if include_secrets:
1088 return data
1089 else:
1090 data['auth_token'] = self.token_obfuscated
1091 return data
1092
1093 @hybrid_property
1094 def description_safe(self):
1095 from rhodecode.lib import helpers as h
1096 return h.escape(self.description)
1097
1098 @property
1099 def expired(self):
1100 if self.expires == -1:
1101 return False
1102 return time.time() > self.expires
1103
1104 @classmethod
1105 def _get_role_name(cls, role):
1106 return {
1107 cls.ROLE_ALL: _('all'),
1108 cls.ROLE_HTTP: _('http/web interface'),
1109 cls.ROLE_VCS: _('vcs (git/hg/svn protocol)'),
1110 cls.ROLE_API: _('api calls'),
1111 cls.ROLE_FEED: _('feed access'),
1112 }.get(role, role)
1113
1114 @property
1115 def role_humanized(self):
1116 return self._get_role_name(self.role)
1117
1118 def _get_scope(self):
1119 if self.repo:
1120 return repr(self.repo)
1121 if self.repo_group:
1122 return repr(self.repo_group) + ' (recursive)'
1123 return 'global'
1124
1125 @property
1126 def scope_humanized(self):
1127 return self._get_scope()
1128
1129 @property
1130 def token_obfuscated(self):
1131 if self.api_key:
1132 return self.api_key[:4] + "****"
1133
1134
1135 class UserEmailMap(Base, BaseModel):
1136 __tablename__ = 'user_email_map'
1137 __table_args__ = (
1138 Index('uem_email_idx', 'email'),
1139 UniqueConstraint('email'),
1140 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1141 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1142 )
1143 __mapper_args__ = {}
1144
1145 email_id = Column("email_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1146 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1147 _email = Column("email", String(255), nullable=True, unique=False, default=None)
1148 user = relationship('User', lazy='joined')
1149
1150 @validates('_email')
1151 def validate_email(self, key, email):
1152 # check if this email is not main one
1153 main_email = Session().query(User).filter(User.email == email).scalar()
1154 if main_email is not None:
1155 raise AttributeError('email %s is present is user table' % email)
1156 return email
1157
1158 @hybrid_property
1159 def email(self):
1160 return self._email
1161
1162 @email.setter
1163 def email(self, val):
1164 self._email = val.lower() if val else None
1165
1166
1167 class UserIpMap(Base, BaseModel):
1168 __tablename__ = 'user_ip_map'
1169 __table_args__ = (
1170 UniqueConstraint('user_id', 'ip_addr'),
1171 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1172 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1173 )
1174 __mapper_args__ = {}
1175
1176 ip_id = Column("ip_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1177 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1178 ip_addr = Column("ip_addr", String(255), nullable=True, unique=False, default=None)
1179 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
1180 description = Column("description", String(10000), nullable=True, unique=None, default=None)
1181 user = relationship('User', lazy='joined')
1182
1183 @hybrid_property
1184 def description_safe(self):
1185 from rhodecode.lib import helpers as h
1186 return h.escape(self.description)
1187
1188 @classmethod
1189 def _get_ip_range(cls, ip_addr):
1190 net = ipaddress.ip_network(safe_unicode(ip_addr), strict=False)
1191 return [str(net.network_address), str(net.broadcast_address)]
1192
1193 def __json__(self):
1194 return {
1195 'ip_addr': self.ip_addr,
1196 'ip_range': self._get_ip_range(self.ip_addr),
1197 }
1198
1199 def __unicode__(self):
1200 return u"<%s('user_id:%s=>%s')>" % (self.__class__.__name__,
1201 self.user_id, self.ip_addr)
1202
1203
1204 class UserSshKeys(Base, BaseModel):
1205 __tablename__ = 'user_ssh_keys'
1206 __table_args__ = (
1207 Index('usk_ssh_key_fingerprint_idx', 'ssh_key_fingerprint'),
1208
1209 UniqueConstraint('ssh_key_fingerprint'),
1210
1211 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1212 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1213 )
1214 __mapper_args__ = {}
1215
1216 ssh_key_id = Column('ssh_key_id', Integer(), nullable=False, unique=True, default=None, primary_key=True)
1217 ssh_key_data = Column('ssh_key_data', String(10240), nullable=False, unique=None, default=None)
1218 ssh_key_fingerprint = Column('ssh_key_fingerprint', String(255), nullable=False, unique=None, default=None)
1219
1220 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1221
1222 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1223 accessed_on = Column('accessed_on', DateTime(timezone=False), nullable=True, default=None)
1224 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1225
1226 user = relationship('User', lazy='joined')
1227
1228 def __json__(self):
1229 data = {
1230 'ssh_fingerprint': self.ssh_key_fingerprint,
1231 'description': self.description,
1232 'created_on': self.created_on
1233 }
1234 return data
1235
1236 def get_api_data(self):
1237 data = self.__json__()
1238 return data
1239
1240
1241 class UserLog(Base, BaseModel):
1242 __tablename__ = 'user_logs'
1243 __table_args__ = (
1244 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1245 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1246 )
1247 VERSION_1 = 'v1'
1248 VERSION_2 = 'v2'
1249 VERSIONS = [VERSION_1, VERSION_2]
1250
1251 user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1252 user_id = Column("user_id", Integer(), ForeignKey('users.user_id',ondelete='SET NULL'), nullable=True, unique=None, default=None)
1253 username = Column("username", String(255), nullable=True, unique=None, default=None)
1254 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id', ondelete='SET NULL'), nullable=True, unique=None, default=None)
1255 repository_name = Column("repository_name", String(255), nullable=True, unique=None, default=None)
1256 user_ip = Column("user_ip", String(255), nullable=True, unique=None, default=None)
1257 action = Column("action", Text().with_variant(Text(1200000), 'mysql'), nullable=True, unique=None, default=None)
1258 action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
1259
1260 version = Column("version", String(255), nullable=True, default=VERSION_1)
1261 user_data = Column('user_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=LONGTEXT()))))
1262 action_data = Column('action_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=LONGTEXT()))))
1263
1264 def __unicode__(self):
1265 return u"<%s('id:%s:%s')>" % (
1266 self.__class__.__name__, self.repository_name, self.action)
1267
1268 def __json__(self):
1269 return {
1270 'user_id': self.user_id,
1271 'username': self.username,
1272 'repository_id': self.repository_id,
1273 'repository_name': self.repository_name,
1274 'user_ip': self.user_ip,
1275 'action_date': self.action_date,
1276 'action': self.action,
1277 }
1278
1279 @hybrid_property
1280 def entry_id(self):
1281 return self.user_log_id
1282
1283 @property
1284 def action_as_day(self):
1285 return datetime.date(*self.action_date.timetuple()[:3])
1286
1287 user = relationship('User')
1288 repository = relationship('Repository', cascade='')
1289
1290
1291 class UserGroup(Base, BaseModel):
1292 __tablename__ = 'users_groups'
1293 __table_args__ = (
1294 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1295 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1296 )
1297
1298 users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1299 users_group_name = Column("users_group_name", String(255), nullable=False, unique=True, default=None)
1300 user_group_description = Column("user_group_description", String(10000), nullable=True, unique=None, default=None)
1301 users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
1302 inherit_default_permissions = Column("users_group_inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
1303 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
1304 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1305 _group_data = Column("group_data", LargeBinary(), nullable=True) # JSON data
1306
1307 members = relationship('UserGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
1308 users_group_to_perm = relationship('UserGroupToPerm', cascade='all')
1309 users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1310 users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
1311 user_user_group_to_perm = relationship('UserUserGroupToPerm', cascade='all')
1312 user_group_user_group_to_perm = relationship('UserGroupUserGroupToPerm ', primaryjoin="UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id", cascade='all')
1313
1314 user_group_review_rules = relationship('RepoReviewRuleUserGroup', cascade='all')
1315 user = relationship('User', primaryjoin="User.user_id==UserGroup.user_id")
1316
1317 @classmethod
1318 def _load_group_data(cls, column):
1319 if not column:
1320 return {}
1321
1322 try:
1323 return json.loads(column) or {}
1324 except TypeError:
1325 return {}
1326
1327 @hybrid_property
1328 def description_safe(self):
1329 from rhodecode.lib import helpers as h
1330 return h.escape(self.user_group_description)
1331
1332 @hybrid_property
1333 def group_data(self):
1334 return self._load_group_data(self._group_data)
1335
1336 @group_data.expression
1337 def group_data(self, **kwargs):
1338 return self._group_data
1339
1340 @group_data.setter
1341 def group_data(self, val):
1342 try:
1343 self._group_data = json.dumps(val)
1344 except Exception:
1345 log.error(traceback.format_exc())
1346
1347 @classmethod
1348 def _load_sync(cls, group_data):
1349 if group_data:
1350 return group_data.get('extern_type')
1351
1352 @property
1353 def sync(self):
1354 return self._load_sync(self.group_data)
1355
1356 def __unicode__(self):
1357 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
1358 self.users_group_id,
1359 self.users_group_name)
1360
1361 @classmethod
1362 def get_by_group_name(cls, group_name, cache=False,
1363 case_insensitive=False):
1364 if case_insensitive:
1365 q = cls.query().filter(func.lower(cls.users_group_name) ==
1366 func.lower(group_name))
1367
1368 else:
1369 q = cls.query().filter(cls.users_group_name == group_name)
1370 if cache:
1371 q = q.options(
1372 FromCache("sql_cache_short", "get_group_%s" % _hash_key(group_name)))
1373 return q.scalar()
1374
1375 @classmethod
1376 def get(cls, user_group_id, cache=False):
1377 if not user_group_id:
1378 return
1379
1380 user_group = cls.query()
1381 if cache:
1382 user_group = user_group.options(
1383 FromCache("sql_cache_short", "get_users_group_%s" % user_group_id))
1384 return user_group.get(user_group_id)
1385
1386 def permissions(self, with_admins=True, with_owner=True):
1387 q = UserUserGroupToPerm.query().filter(UserUserGroupToPerm.user_group == self)
1388 q = q.options(joinedload(UserUserGroupToPerm.user_group),
1389 joinedload(UserUserGroupToPerm.user),
1390 joinedload(UserUserGroupToPerm.permission),)
1391
1392 # get owners and admins and permissions. We do a trick of re-writing
1393 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1394 # has a global reference and changing one object propagates to all
1395 # others. This means if admin is also an owner admin_row that change
1396 # would propagate to both objects
1397 perm_rows = []
1398 for _usr in q.all():
1399 usr = AttributeDict(_usr.user.get_dict())
1400 usr.permission = _usr.permission.permission_name
1401 perm_rows.append(usr)
1402
1403 # filter the perm rows by 'default' first and then sort them by
1404 # admin,write,read,none permissions sorted again alphabetically in
1405 # each group
1406 perm_rows = sorted(perm_rows, key=display_user_sort)
1407
1408 _admin_perm = 'usergroup.admin'
1409 owner_row = []
1410 if with_owner:
1411 usr = AttributeDict(self.user.get_dict())
1412 usr.owner_row = True
1413 usr.permission = _admin_perm
1414 owner_row.append(usr)
1415
1416 super_admin_rows = []
1417 if with_admins:
1418 for usr in User.get_all_super_admins():
1419 # if this admin is also owner, don't double the record
1420 if usr.user_id == owner_row[0].user_id:
1421 owner_row[0].admin_row = True
1422 else:
1423 usr = AttributeDict(usr.get_dict())
1424 usr.admin_row = True
1425 usr.permission = _admin_perm
1426 super_admin_rows.append(usr)
1427
1428 return super_admin_rows + owner_row + perm_rows
1429
1430 def permission_user_groups(self):
1431 q = UserGroupUserGroupToPerm.query().filter(UserGroupUserGroupToPerm.target_user_group == self)
1432 q = q.options(joinedload(UserGroupUserGroupToPerm.user_group),
1433 joinedload(UserGroupUserGroupToPerm.target_user_group),
1434 joinedload(UserGroupUserGroupToPerm.permission),)
1435
1436 perm_rows = []
1437 for _user_group in q.all():
1438 usr = AttributeDict(_user_group.user_group.get_dict())
1439 usr.permission = _user_group.permission.permission_name
1440 perm_rows.append(usr)
1441
1442 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1443 return perm_rows
1444
1445 def _get_default_perms(self, user_group, suffix=''):
1446 from rhodecode.model.permission import PermissionModel
1447 return PermissionModel().get_default_perms(user_group.users_group_to_perm, suffix)
1448
1449 def get_default_perms(self, suffix=''):
1450 return self._get_default_perms(self, suffix)
1451
1452 def get_api_data(self, with_group_members=True, include_secrets=False):
1453 """
1454 :param include_secrets: See :meth:`User.get_api_data`, this parameter is
1455 basically forwarded.
1456
1457 """
1458 user_group = self
1459 data = {
1460 'users_group_id': user_group.users_group_id,
1461 'group_name': user_group.users_group_name,
1462 'group_description': user_group.user_group_description,
1463 'active': user_group.users_group_active,
1464 'owner': user_group.user.username,
1465 'sync': user_group.sync,
1466 'owner_email': user_group.user.email,
1467 }
1468
1469 if with_group_members:
1470 users = []
1471 for user in user_group.members:
1472 user = user.user
1473 users.append(user.get_api_data(include_secrets=include_secrets))
1474 data['users'] = users
1475
1476 return data
1477
1478
1479 class UserGroupMember(Base, BaseModel):
1480 __tablename__ = 'users_groups_members'
1481 __table_args__ = (
1482 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1483 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1484 )
1485
1486 users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1487 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1488 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
1489
1490 user = relationship('User', lazy='joined')
1491 users_group = relationship('UserGroup')
1492
1493 def __init__(self, gr_id='', u_id=''):
1494 self.users_group_id = gr_id
1495 self.user_id = u_id
1496
1497
1498 class RepositoryField(Base, BaseModel):
1499 __tablename__ = 'repositories_fields'
1500 __table_args__ = (
1501 UniqueConstraint('repository_id', 'field_key'), # no-multi field
1502 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1503 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1504 )
1505 PREFIX = 'ex_' # prefix used in form to not conflict with already existing fields
1506
1507 repo_field_id = Column("repo_field_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1508 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
1509 field_key = Column("field_key", String(250))
1510 field_label = Column("field_label", String(1024), nullable=False)
1511 field_value = Column("field_value", String(10000), nullable=False)
1512 field_desc = Column("field_desc", String(1024), nullable=False)
1513 field_type = Column("field_type", String(255), nullable=False, unique=None)
1514 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1515
1516 repository = relationship('Repository')
1517
1518 @property
1519 def field_key_prefixed(self):
1520 return 'ex_%s' % self.field_key
1521
1522 @classmethod
1523 def un_prefix_key(cls, key):
1524 if key.startswith(cls.PREFIX):
1525 return key[len(cls.PREFIX):]
1526 return key
1527
1528 @classmethod
1529 def get_by_key_name(cls, key, repo):
1530 row = cls.query()\
1531 .filter(cls.repository == repo)\
1532 .filter(cls.field_key == key).scalar()
1533 return row
1534
1535
1536 class Repository(Base, BaseModel):
1537 __tablename__ = 'repositories'
1538 __table_args__ = (
1539 Index('r_repo_name_idx', 'repo_name', mysql_length=255),
1540 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1541 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1542 )
1543 DEFAULT_CLONE_URI = '{scheme}://{user}@{netloc}/{repo}'
1544 DEFAULT_CLONE_URI_ID = '{scheme}://{user}@{netloc}/_{repoid}'
1545 DEFAULT_CLONE_URI_SSH = 'ssh://{sys_user}@{hostname}/{repo}'
1546
1547 STATE_CREATED = 'repo_state_created'
1548 STATE_PENDING = 'repo_state_pending'
1549 STATE_ERROR = 'repo_state_error'
1550
1551 LOCK_AUTOMATIC = 'lock_auto'
1552 LOCK_API = 'lock_api'
1553 LOCK_WEB = 'lock_web'
1554 LOCK_PULL = 'lock_pull'
1555
1556 NAME_SEP = URL_SEP
1557
1558 repo_id = Column(
1559 "repo_id", Integer(), nullable=False, unique=True, default=None,
1560 primary_key=True)
1561 _repo_name = Column(
1562 "repo_name", Text(), nullable=False, default=None)
1563 _repo_name_hash = Column(
1564 "repo_name_hash", String(255), nullable=False, unique=True)
1565 repo_state = Column("repo_state", String(255), nullable=True)
1566
1567 clone_uri = Column(
1568 "clone_uri", EncryptedTextValue(), nullable=True, unique=False,
1569 default=None)
1570 push_uri = Column(
1571 "push_uri", EncryptedTextValue(), nullable=True, unique=False,
1572 default=None)
1573 repo_type = Column(
1574 "repo_type", String(255), nullable=False, unique=False, default=None)
1575 user_id = Column(
1576 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
1577 unique=False, default=None)
1578 private = Column(
1579 "private", Boolean(), nullable=True, unique=None, default=None)
1580 enable_statistics = Column(
1581 "statistics", Boolean(), nullable=True, unique=None, default=True)
1582 enable_downloads = Column(
1583 "downloads", Boolean(), nullable=True, unique=None, default=True)
1584 description = Column(
1585 "description", String(10000), nullable=True, unique=None, default=None)
1586 created_on = Column(
1587 'created_on', DateTime(timezone=False), nullable=True, unique=None,
1588 default=datetime.datetime.now)
1589 updated_on = Column(
1590 'updated_on', DateTime(timezone=False), nullable=True, unique=None,
1591 default=datetime.datetime.now)
1592 _landing_revision = Column(
1593 "landing_revision", String(255), nullable=False, unique=False,
1594 default=None)
1595 enable_locking = Column(
1596 "enable_locking", Boolean(), nullable=False, unique=None,
1597 default=False)
1598 _locked = Column(
1599 "locked", String(255), nullable=True, unique=False, default=None)
1600 _changeset_cache = Column(
1601 "changeset_cache", LargeBinary(), nullable=True) # JSON data
1602
1603 fork_id = Column(
1604 "fork_id", Integer(), ForeignKey('repositories.repo_id'),
1605 nullable=True, unique=False, default=None)
1606 group_id = Column(
1607 "group_id", Integer(), ForeignKey('groups.group_id'), nullable=True,
1608 unique=False, default=None)
1609
1610 user = relationship('User', lazy='joined')
1611 fork = relationship('Repository', remote_side=repo_id, lazy='joined')
1612 group = relationship('RepoGroup', lazy='joined')
1613 repo_to_perm = relationship(
1614 'UserRepoToPerm', cascade='all',
1615 order_by='UserRepoToPerm.repo_to_perm_id')
1616 users_group_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1617 stats = relationship('Statistics', cascade='all', uselist=False)
1618
1619 followers = relationship(
1620 'UserFollowing',
1621 primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id',
1622 cascade='all')
1623 extra_fields = relationship(
1624 'RepositoryField', cascade="all, delete, delete-orphan")
1625 logs = relationship('UserLog')
1626 comments = relationship(
1627 'ChangesetComment', cascade="all, delete, delete-orphan")
1628 pull_requests_source = relationship(
1629 'PullRequest',
1630 primaryjoin='PullRequest.source_repo_id==Repository.repo_id',
1631 cascade="all, delete, delete-orphan")
1632 pull_requests_target = relationship(
1633 'PullRequest',
1634 primaryjoin='PullRequest.target_repo_id==Repository.repo_id',
1635 cascade="all, delete, delete-orphan")
1636 ui = relationship('RepoRhodeCodeUi', cascade="all")
1637 settings = relationship('RepoRhodeCodeSetting', cascade="all")
1638 integrations = relationship('Integration',
1639 cascade="all, delete, delete-orphan")
1640
1641 scoped_tokens = relationship('UserApiKeys', cascade="all")
1642
1643 def __unicode__(self):
1644 return u"<%s('%s:%s')>" % (self.__class__.__name__, self.repo_id,
1645 safe_unicode(self.repo_name))
1646
1647 @hybrid_property
1648 def description_safe(self):
1649 from rhodecode.lib import helpers as h
1650 return h.escape(self.description)
1651
1652 @hybrid_property
1653 def landing_rev(self):
1654 # always should return [rev_type, rev]
1655 if self._landing_revision:
1656 _rev_info = self._landing_revision.split(':')
1657 if len(_rev_info) < 2:
1658 _rev_info.insert(0, 'rev')
1659 return [_rev_info[0], _rev_info[1]]
1660 return [None, None]
1661
1662 @landing_rev.setter
1663 def landing_rev(self, val):
1664 if ':' not in val:
1665 raise ValueError('value must be delimited with `:` and consist '
1666 'of <rev_type>:<rev>, got %s instead' % val)
1667 self._landing_revision = val
1668
1669 @hybrid_property
1670 def locked(self):
1671 if self._locked:
1672 user_id, timelocked, reason = self._locked.split(':')
1673 lock_values = int(user_id), timelocked, reason
1674 else:
1675 lock_values = [None, None, None]
1676 return lock_values
1677
1678 @locked.setter
1679 def locked(self, val):
1680 if val and isinstance(val, (list, tuple)):
1681 self._locked = ':'.join(map(str, val))
1682 else:
1683 self._locked = None
1684
1685 @hybrid_property
1686 def changeset_cache(self):
1687 from rhodecode.lib.vcs.backends.base import EmptyCommit
1688 dummy = EmptyCommit().__json__()
1689 if not self._changeset_cache:
1690 return dummy
1691 try:
1692 return json.loads(self._changeset_cache)
1693 except TypeError:
1694 return dummy
1695 except Exception:
1696 log.error(traceback.format_exc())
1697 return dummy
1698
1699 @changeset_cache.setter
1700 def changeset_cache(self, val):
1701 try:
1702 self._changeset_cache = json.dumps(val)
1703 except Exception:
1704 log.error(traceback.format_exc())
1705
1706 @hybrid_property
1707 def repo_name(self):
1708 return self._repo_name
1709
1710 @repo_name.setter
1711 def repo_name(self, value):
1712 self._repo_name = value
1713 self._repo_name_hash = hashlib.sha1(safe_str(value)).hexdigest()
1714
1715 @classmethod
1716 def normalize_repo_name(cls, repo_name):
1717 """
1718 Normalizes os specific repo_name to the format internally stored inside
1719 database using URL_SEP
1720
1721 :param cls:
1722 :param repo_name:
1723 """
1724 return cls.NAME_SEP.join(repo_name.split(os.sep))
1725
1726 @classmethod
1727 def get_by_repo_name(cls, repo_name, cache=False, identity_cache=False):
1728 session = Session()
1729 q = session.query(cls).filter(cls.repo_name == repo_name)
1730
1731 if cache:
1732 if identity_cache:
1733 val = cls.identity_cache(session, 'repo_name', repo_name)
1734 if val:
1735 return val
1736 else:
1737 cache_key = "get_repo_by_name_%s" % _hash_key(repo_name)
1738 q = q.options(
1739 FromCache("sql_cache_short", cache_key))
1740
1741 return q.scalar()
1742
1743 @classmethod
1744 def get_by_id_or_repo_name(cls, repoid):
1745 if isinstance(repoid, (int, long)):
1746 try:
1747 repo = cls.get(repoid)
1748 except ValueError:
1749 repo = None
1750 else:
1751 repo = cls.get_by_repo_name(repoid)
1752 return repo
1753
1754 @classmethod
1755 def get_by_full_path(cls, repo_full_path):
1756 repo_name = repo_full_path.split(cls.base_path(), 1)[-1]
1757 repo_name = cls.normalize_repo_name(repo_name)
1758 return cls.get_by_repo_name(repo_name.strip(URL_SEP))
1759
1760 @classmethod
1761 def get_repo_forks(cls, repo_id):
1762 return cls.query().filter(Repository.fork_id == repo_id)
1763
1764 @classmethod
1765 def base_path(cls):
1766 """
1767 Returns base path when all repos are stored
1768
1769 :param cls:
1770 """
1771 q = Session().query(RhodeCodeUi)\
1772 .filter(RhodeCodeUi.ui_key == cls.NAME_SEP)
1773 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1774 return q.one().ui_value
1775
1776 @classmethod
1777 def get_all_repos(cls, user_id=Optional(None), group_id=Optional(None),
1778 case_insensitive=True):
1779 q = Repository.query()
1780
1781 if not isinstance(user_id, Optional):
1782 q = q.filter(Repository.user_id == user_id)
1783
1784 if not isinstance(group_id, Optional):
1785 q = q.filter(Repository.group_id == group_id)
1786
1787 if case_insensitive:
1788 q = q.order_by(func.lower(Repository.repo_name))
1789 else:
1790 q = q.order_by(Repository.repo_name)
1791 return q.all()
1792
1793 @property
1794 def forks(self):
1795 """
1796 Return forks of this repo
1797 """
1798 return Repository.get_repo_forks(self.repo_id)
1799
1800 @property
1801 def parent(self):
1802 """
1803 Returns fork parent
1804 """
1805 return self.fork
1806
1807 @property
1808 def just_name(self):
1809 return self.repo_name.split(self.NAME_SEP)[-1]
1810
1811 @property
1812 def groups_with_parents(self):
1813 groups = []
1814 if self.group is None:
1815 return groups
1816
1817 cur_gr = self.group
1818 groups.insert(0, cur_gr)
1819 while 1:
1820 gr = getattr(cur_gr, 'parent_group', None)
1821 cur_gr = cur_gr.parent_group
1822 if gr is None:
1823 break
1824 groups.insert(0, gr)
1825
1826 return groups
1827
1828 @property
1829 def groups_and_repo(self):
1830 return self.groups_with_parents, self
1831
1832 @LazyProperty
1833 def repo_path(self):
1834 """
1835 Returns base full path for that repository means where it actually
1836 exists on a filesystem
1837 """
1838 q = Session().query(RhodeCodeUi).filter(
1839 RhodeCodeUi.ui_key == self.NAME_SEP)
1840 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1841 return q.one().ui_value
1842
1843 @property
1844 def repo_full_path(self):
1845 p = [self.repo_path]
1846 # we need to split the name by / since this is how we store the
1847 # names in the database, but that eventually needs to be converted
1848 # into a valid system path
1849 p += self.repo_name.split(self.NAME_SEP)
1850 return os.path.join(*map(safe_unicode, p))
1851
1852 @property
1853 def cache_keys(self):
1854 """
1855 Returns associated cache keys for that repo
1856 """
1857 return CacheKey.query()\
1858 .filter(CacheKey.cache_args == self.repo_name)\
1859 .order_by(CacheKey.cache_key)\
1860 .all()
1861
1862 @property
1863 def cached_diffs_relative_dir(self):
1864 """
1865 Return a relative to the repository store path of cached diffs
1866 used for safe display for users, who shouldn't know the absolute store
1867 path
1868 """
1869 return os.path.join(
1870 os.path.dirname(self.repo_name),
1871 self.cached_diffs_dir.split(os.path.sep)[-1])
1872
1873 @property
1874 def cached_diffs_dir(self):
1875 path = self.repo_full_path
1876 return os.path.join(
1877 os.path.dirname(path),
1878 '.__shadow_diff_cache_repo_{}'.format(self.repo_id))
1879
1880 def cached_diffs(self):
1881 diff_cache_dir = self.cached_diffs_dir
1882 if os.path.isdir(diff_cache_dir):
1883 return os.listdir(diff_cache_dir)
1884 return []
1885
1886 def get_new_name(self, repo_name):
1887 """
1888 returns new full repository name based on assigned group and new new
1889
1890 :param group_name:
1891 """
1892 path_prefix = self.group.full_path_splitted if self.group else []
1893 return self.NAME_SEP.join(path_prefix + [repo_name])
1894
1895 @property
1896 def _config(self):
1897 """
1898 Returns db based config object.
1899 """
1900 from rhodecode.lib.utils import make_db_config
1901 return make_db_config(clear_session=False, repo=self)
1902
1903 def permissions(self, with_admins=True, with_owner=True):
1904 q = UserRepoToPerm.query().filter(UserRepoToPerm.repository == self)
1905 q = q.options(joinedload(UserRepoToPerm.repository),
1906 joinedload(UserRepoToPerm.user),
1907 joinedload(UserRepoToPerm.permission),)
1908
1909 # get owners and admins and permissions. We do a trick of re-writing
1910 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1911 # has a global reference and changing one object propagates to all
1912 # others. This means if admin is also an owner admin_row that change
1913 # would propagate to both objects
1914 perm_rows = []
1915 for _usr in q.all():
1916 usr = AttributeDict(_usr.user.get_dict())
1917 usr.permission = _usr.permission.permission_name
1918 usr.permission_id = _usr.repo_to_perm_id
1919 perm_rows.append(usr)
1920
1921 # filter the perm rows by 'default' first and then sort them by
1922 # admin,write,read,none permissions sorted again alphabetically in
1923 # each group
1924 perm_rows = sorted(perm_rows, key=display_user_sort)
1925
1926 _admin_perm = 'repository.admin'
1927 owner_row = []
1928 if with_owner:
1929 usr = AttributeDict(self.user.get_dict())
1930 usr.owner_row = True
1931 usr.permission = _admin_perm
1932 usr.permission_id = None
1933 owner_row.append(usr)
1934
1935 super_admin_rows = []
1936 if with_admins:
1937 for usr in User.get_all_super_admins():
1938 # if this admin is also owner, don't double the record
1939 if usr.user_id == owner_row[0].user_id:
1940 owner_row[0].admin_row = True
1941 else:
1942 usr = AttributeDict(usr.get_dict())
1943 usr.admin_row = True
1944 usr.permission = _admin_perm
1945 usr.permission_id = None
1946 super_admin_rows.append(usr)
1947
1948 return super_admin_rows + owner_row + perm_rows
1949
1950 def permission_user_groups(self):
1951 q = UserGroupRepoToPerm.query().filter(
1952 UserGroupRepoToPerm.repository == self)
1953 q = q.options(joinedload(UserGroupRepoToPerm.repository),
1954 joinedload(UserGroupRepoToPerm.users_group),
1955 joinedload(UserGroupRepoToPerm.permission),)
1956
1957 perm_rows = []
1958 for _user_group in q.all():
1959 usr = AttributeDict(_user_group.users_group.get_dict())
1960 usr.permission = _user_group.permission.permission_name
1961 perm_rows.append(usr)
1962
1963 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1964 return perm_rows
1965
1966 def get_api_data(self, include_secrets=False):
1967 """
1968 Common function for generating repo api data
1969
1970 :param include_secrets: See :meth:`User.get_api_data`.
1971
1972 """
1973 # TODO: mikhail: Here there is an anti-pattern, we probably need to
1974 # move this methods on models level.
1975 from rhodecode.model.settings import SettingsModel
1976 from rhodecode.model.repo import RepoModel
1977
1978 repo = self
1979 _user_id, _time, _reason = self.locked
1980
1981 data = {
1982 'repo_id': repo.repo_id,
1983 'repo_name': repo.repo_name,
1984 'repo_type': repo.repo_type,
1985 'clone_uri': repo.clone_uri or '',
1986 'push_uri': repo.push_uri or '',
1987 'url': RepoModel().get_url(self),
1988 'private': repo.private,
1989 'created_on': repo.created_on,
1990 'description': repo.description_safe,
1991 'landing_rev': repo.landing_rev,
1992 'owner': repo.user.username,
1993 'fork_of': repo.fork.repo_name if repo.fork else None,
1994 'fork_of_id': repo.fork.repo_id if repo.fork else None,
1995 'enable_statistics': repo.enable_statistics,
1996 'enable_locking': repo.enable_locking,
1997 'enable_downloads': repo.enable_downloads,
1998 'last_changeset': repo.changeset_cache,
1999 'locked_by': User.get(_user_id).get_api_data(
2000 include_secrets=include_secrets) if _user_id else None,
2001 'locked_date': time_to_datetime(_time) if _time else None,
2002 'lock_reason': _reason if _reason else None,
2003 }
2004
2005 # TODO: mikhail: should be per-repo settings here
2006 rc_config = SettingsModel().get_all_settings()
2007 repository_fields = str2bool(
2008 rc_config.get('rhodecode_repository_fields'))
2009 if repository_fields:
2010 for f in self.extra_fields:
2011 data[f.field_key_prefixed] = f.field_value
2012
2013 return data
2014
2015 @classmethod
2016 def lock(cls, repo, user_id, lock_time=None, lock_reason=None):
2017 if not lock_time:
2018 lock_time = time.time()
2019 if not lock_reason:
2020 lock_reason = cls.LOCK_AUTOMATIC
2021 repo.locked = [user_id, lock_time, lock_reason]
2022 Session().add(repo)
2023 Session().commit()
2024
2025 @classmethod
2026 def unlock(cls, repo):
2027 repo.locked = None
2028 Session().add(repo)
2029 Session().commit()
2030
2031 @classmethod
2032 def getlock(cls, repo):
2033 return repo.locked
2034
2035 def is_user_lock(self, user_id):
2036 if self.lock[0]:
2037 lock_user_id = safe_int(self.lock[0])
2038 user_id = safe_int(user_id)
2039 # both are ints, and they are equal
2040 return all([lock_user_id, user_id]) and lock_user_id == user_id
2041
2042 return False
2043
2044 def get_locking_state(self, action, user_id, only_when_enabled=True):
2045 """
2046 Checks locking on this repository, if locking is enabled and lock is
2047 present returns a tuple of make_lock, locked, locked_by.
2048 make_lock can have 3 states None (do nothing) True, make lock
2049 False release lock, This value is later propagated to hooks, which
2050 do the locking. Think about this as signals passed to hooks what to do.
2051
2052 """
2053 # TODO: johbo: This is part of the business logic and should be moved
2054 # into the RepositoryModel.
2055
2056 if action not in ('push', 'pull'):
2057 raise ValueError("Invalid action value: %s" % repr(action))
2058
2059 # defines if locked error should be thrown to user
2060 currently_locked = False
2061 # defines if new lock should be made, tri-state
2062 make_lock = None
2063 repo = self
2064 user = User.get(user_id)
2065
2066 lock_info = repo.locked
2067
2068 if repo and (repo.enable_locking or not only_when_enabled):
2069 if action == 'push':
2070 # check if it's already locked !, if it is compare users
2071 locked_by_user_id = lock_info[0]
2072 if user.user_id == locked_by_user_id:
2073 log.debug(
2074 'Got `push` action from user %s, now unlocking', user)
2075 # unlock if we have push from user who locked
2076 make_lock = False
2077 else:
2078 # we're not the same user who locked, ban with
2079 # code defined in settings (default is 423 HTTP Locked) !
2080 log.debug('Repo %s is currently locked by %s', repo, user)
2081 currently_locked = True
2082 elif action == 'pull':
2083 # [0] user [1] date
2084 if lock_info[0] and lock_info[1]:
2085 log.debug('Repo %s is currently locked by %s', repo, user)
2086 currently_locked = True
2087 else:
2088 log.debug('Setting lock on repo %s by %s', repo, user)
2089 make_lock = True
2090
2091 else:
2092 log.debug('Repository %s do not have locking enabled', repo)
2093
2094 log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s',
2095 make_lock, currently_locked, lock_info)
2096
2097 from rhodecode.lib.auth import HasRepoPermissionAny
2098 perm_check = HasRepoPermissionAny('repository.write', 'repository.admin')
2099 if make_lock and not perm_check(repo_name=repo.repo_name, user=user):
2100 # if we don't have at least write permission we cannot make a lock
2101 log.debug('lock state reset back to FALSE due to lack '
2102 'of at least read permission')
2103 make_lock = False
2104
2105 return make_lock, currently_locked, lock_info
2106
2107 @property
2108 def last_db_change(self):
2109 return self.updated_on
2110
2111 @property
2112 def clone_uri_hidden(self):
2113 clone_uri = self.clone_uri
2114 if clone_uri:
2115 import urlobject
2116 url_obj = urlobject.URLObject(cleaned_uri(clone_uri))
2117 if url_obj.password:
2118 clone_uri = url_obj.with_password('*****')
2119 return clone_uri
2120
2121 @property
2122 def push_uri_hidden(self):
2123 push_uri = self.push_uri
2124 if push_uri:
2125 import urlobject
2126 url_obj = urlobject.URLObject(cleaned_uri(push_uri))
2127 if url_obj.password:
2128 push_uri = url_obj.with_password('*****')
2129 return push_uri
2130
2131 def clone_url(self, **override):
2132 from rhodecode.model.settings import SettingsModel
2133
2134 uri_tmpl = None
2135 if 'with_id' in override:
2136 uri_tmpl = self.DEFAULT_CLONE_URI_ID
2137 del override['with_id']
2138
2139 if 'uri_tmpl' in override:
2140 uri_tmpl = override['uri_tmpl']
2141 del override['uri_tmpl']
2142
2143 ssh = False
2144 if 'ssh' in override:
2145 ssh = True
2146 del override['ssh']
2147
2148 # we didn't override our tmpl from **overrides
2149 if not uri_tmpl:
2150 rc_config = SettingsModel().get_all_settings(cache=True)
2151 if ssh:
2152 uri_tmpl = rc_config.get(
2153 'rhodecode_clone_uri_ssh_tmpl') or self.DEFAULT_CLONE_URI_SSH
2154 else:
2155 uri_tmpl = rc_config.get(
2156 'rhodecode_clone_uri_tmpl') or self.DEFAULT_CLONE_URI
2157
2158 request = get_current_request()
2159 return get_clone_url(request=request,
2160 uri_tmpl=uri_tmpl,
2161 repo_name=self.repo_name,
2162 repo_id=self.repo_id, **override)
2163
2164 def set_state(self, state):
2165 self.repo_state = state
2166 Session().add(self)
2167 #==========================================================================
2168 # SCM PROPERTIES
2169 #==========================================================================
2170
2171 def get_commit(self, commit_id=None, commit_idx=None, pre_load=None):
2172 return get_commit_safe(
2173 self.scm_instance(), commit_id, commit_idx, pre_load=pre_load)
2174
2175 def get_changeset(self, rev=None, pre_load=None):
2176 warnings.warn("Use get_commit", DeprecationWarning)
2177 commit_id = None
2178 commit_idx = None
2179 if isinstance(rev, basestring):
2180 commit_id = rev
2181 else:
2182 commit_idx = rev
2183 return self.get_commit(commit_id=commit_id, commit_idx=commit_idx,
2184 pre_load=pre_load)
2185
2186 def get_landing_commit(self):
2187 """
2188 Returns landing commit, or if that doesn't exist returns the tip
2189 """
2190 _rev_type, _rev = self.landing_rev
2191 commit = self.get_commit(_rev)
2192 if isinstance(commit, EmptyCommit):
2193 return self.get_commit()
2194 return commit
2195
2196 def update_commit_cache(self, cs_cache=None, config=None):
2197 """
2198 Update cache of last changeset for repository, keys should be::
2199
2200 short_id
2201 raw_id
2202 revision
2203 parents
2204 message
2205 date
2206 author
2207
2208 :param cs_cache:
2209 """
2210 from rhodecode.lib.vcs.backends.base import BaseChangeset
2211 if cs_cache is None:
2212 # use no-cache version here
2213 scm_repo = self.scm_instance(cache=False, config=config)
2214 if scm_repo:
2215 cs_cache = scm_repo.get_commit(
2216 pre_load=["author", "date", "message", "parents"])
2217 else:
2218 cs_cache = EmptyCommit()
2219
2220 if isinstance(cs_cache, BaseChangeset):
2221 cs_cache = cs_cache.__json__()
2222
2223 def is_outdated(new_cs_cache):
2224 if (new_cs_cache['raw_id'] != self.changeset_cache['raw_id'] or
2225 new_cs_cache['revision'] != self.changeset_cache['revision']):
2226 return True
2227 return False
2228
2229 # check if we have maybe already latest cached revision
2230 if is_outdated(cs_cache) or not self.changeset_cache:
2231 _default = datetime.datetime.fromtimestamp(0)
2232 last_change = cs_cache.get('date') or _default
2233 log.debug('updated repo %s with new cs cache %s',
2234 self.repo_name, cs_cache)
2235 self.updated_on = last_change
2236 self.changeset_cache = cs_cache
2237 Session().add(self)
2238 Session().commit()
2239 else:
2240 log.debug('Skipping update_commit_cache for repo:`%s` '
2241 'commit already with latest changes', self.repo_name)
2242
2243 @property
2244 def tip(self):
2245 return self.get_commit('tip')
2246
2247 @property
2248 def author(self):
2249 return self.tip.author
2250
2251 @property
2252 def last_change(self):
2253 return self.scm_instance().last_change
2254
2255 def get_comments(self, revisions=None):
2256 """
2257 Returns comments for this repository grouped by revisions
2258
2259 :param revisions: filter query by revisions only
2260 """
2261 cmts = ChangesetComment.query()\
2262 .filter(ChangesetComment.repo == self)
2263 if revisions:
2264 cmts = cmts.filter(ChangesetComment.revision.in_(revisions))
2265 grouped = collections.defaultdict(list)
2266 for cmt in cmts.all():
2267 grouped[cmt.revision].append(cmt)
2268 return grouped
2269
2270 def statuses(self, revisions=None):
2271 """
2272 Returns statuses for this repository
2273
2274 :param revisions: list of revisions to get statuses for
2275 """
2276 statuses = ChangesetStatus.query()\
2277 .filter(ChangesetStatus.repo == self)\
2278 .filter(ChangesetStatus.version == 0)
2279
2280 if revisions:
2281 # Try doing the filtering in chunks to avoid hitting limits
2282 size = 500
2283 status_results = []
2284 for chunk in xrange(0, len(revisions), size):
2285 status_results += statuses.filter(
2286 ChangesetStatus.revision.in_(
2287 revisions[chunk: chunk+size])
2288 ).all()
2289 else:
2290 status_results = statuses.all()
2291
2292 grouped = {}
2293
2294 # maybe we have open new pullrequest without a status?
2295 stat = ChangesetStatus.STATUS_UNDER_REVIEW
2296 status_lbl = ChangesetStatus.get_status_lbl(stat)
2297 for pr in PullRequest.query().filter(PullRequest.source_repo == self).all():
2298 for rev in pr.revisions:
2299 pr_id = pr.pull_request_id
2300 pr_repo = pr.target_repo.repo_name
2301 grouped[rev] = [stat, status_lbl, pr_id, pr_repo]
2302
2303 for stat in status_results:
2304 pr_id = pr_repo = None
2305 if stat.pull_request:
2306 pr_id = stat.pull_request.pull_request_id
2307 pr_repo = stat.pull_request.target_repo.repo_name
2308 grouped[stat.revision] = [str(stat.status), stat.status_lbl,
2309 pr_id, pr_repo]
2310 return grouped
2311
2312 # ==========================================================================
2313 # SCM CACHE INSTANCE
2314 # ==========================================================================
2315
2316 def scm_instance(self, **kwargs):
2317 import rhodecode
2318
2319 # Passing a config will not hit the cache currently only used
2320 # for repo2dbmapper
2321 config = kwargs.pop('config', None)
2322 cache = kwargs.pop('cache', None)
2323 full_cache = str2bool(rhodecode.CONFIG.get('vcs_full_cache'))
2324 # if cache is NOT defined use default global, else we have a full
2325 # control over cache behaviour
2326 if cache is None and full_cache and not config:
2327 return self._get_instance_cached()
2328 return self._get_instance(cache=bool(cache), config=config)
2329
2330 def _get_instance_cached(self):
2331 return self._get_instance()
2332
2333 def _get_instance(self, cache=True, config=None):
2334 config = config or self._config
2335 custom_wire = {
2336 'cache': cache # controls the vcs.remote cache
2337 }
2338 repo = get_vcs_instance(
2339 repo_path=safe_str(self.repo_full_path),
2340 config=config,
2341 with_wire=custom_wire,
2342 create=False,
2343 _vcs_alias=self.repo_type)
2344
2345 return repo
2346
2347 def __json__(self):
2348 return {'landing_rev': self.landing_rev}
2349
2350 def get_dict(self):
2351
2352 # Since we transformed `repo_name` to a hybrid property, we need to
2353 # keep compatibility with the code which uses `repo_name` field.
2354
2355 result = super(Repository, self).get_dict()
2356 result['repo_name'] = result.pop('_repo_name', None)
2357 return result
2358
2359
2360 class RepoGroup(Base, BaseModel):
2361 __tablename__ = 'groups'
2362 __table_args__ = (
2363 UniqueConstraint('group_name', 'group_parent_id'),
2364 CheckConstraint('group_id != group_parent_id'),
2365 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2366 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2367 )
2368 __mapper_args__ = {'order_by': 'group_name'}
2369
2370 CHOICES_SEPARATOR = '/' # used to generate select2 choices for nested groups
2371
2372 group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2373 group_name = Column("group_name", String(255), nullable=False, unique=True, default=None)
2374 group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
2375 group_description = Column("group_description", String(10000), nullable=True, unique=None, default=None)
2376 enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)
2377 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
2378 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
2379 updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
2380 personal = Column('personal', Boolean(), nullable=True, unique=None, default=None)
2381
2382 repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')
2383 users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
2384 parent_group = relationship('RepoGroup', remote_side=group_id)
2385 user = relationship('User')
2386 integrations = relationship('Integration',
2387 cascade="all, delete, delete-orphan")
2388
2389 def __init__(self, group_name='', parent_group=None):
2390 self.group_name = group_name
2391 self.parent_group = parent_group
2392
2393 def __unicode__(self):
2394 return u"<%s('id:%s:%s')>" % (
2395 self.__class__.__name__, self.group_id, self.group_name)
2396
2397 @hybrid_property
2398 def description_safe(self):
2399 from rhodecode.lib import helpers as h
2400 return h.escape(self.group_description)
2401
2402 @classmethod
2403 def _generate_choice(cls, repo_group):
2404 from webhelpers.html import literal as _literal
2405 _name = lambda k: _literal(cls.CHOICES_SEPARATOR.join(k))
2406 return repo_group.group_id, _name(repo_group.full_path_splitted)
2407
2408 @classmethod
2409 def groups_choices(cls, groups=None, show_empty_group=True):
2410 if not groups:
2411 groups = cls.query().all()
2412
2413 repo_groups = []
2414 if show_empty_group:
2415 repo_groups = [(-1, u'-- %s --' % _('No parent'))]
2416
2417 repo_groups.extend([cls._generate_choice(x) for x in groups])
2418
2419 repo_groups = sorted(
2420 repo_groups, key=lambda t: t[1].split(cls.CHOICES_SEPARATOR)[0])
2421 return repo_groups
2422
2423 @classmethod
2424 def url_sep(cls):
2425 return URL_SEP
2426
2427 @classmethod
2428 def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
2429 if case_insensitive:
2430 gr = cls.query().filter(func.lower(cls.group_name)
2431 == func.lower(group_name))
2432 else:
2433 gr = cls.query().filter(cls.group_name == group_name)
2434 if cache:
2435 name_key = _hash_key(group_name)
2436 gr = gr.options(
2437 FromCache("sql_cache_short", "get_group_%s" % name_key))
2438 return gr.scalar()
2439
2440 @classmethod
2441 def get_user_personal_repo_group(cls, user_id):
2442 user = User.get(user_id)
2443 if user.username == User.DEFAULT_USER:
2444 return None
2445
2446 return cls.query()\
2447 .filter(cls.personal == true()) \
2448 .filter(cls.user == user).scalar()
2449
2450 @classmethod
2451 def get_all_repo_groups(cls, user_id=Optional(None), group_id=Optional(None),
2452 case_insensitive=True):
2453 q = RepoGroup.query()
2454
2455 if not isinstance(user_id, Optional):
2456 q = q.filter(RepoGroup.user_id == user_id)
2457
2458 if not isinstance(group_id, Optional):
2459 q = q.filter(RepoGroup.group_parent_id == group_id)
2460
2461 if case_insensitive:
2462 q = q.order_by(func.lower(RepoGroup.group_name))
2463 else:
2464 q = q.order_by(RepoGroup.group_name)
2465 return q.all()
2466
2467 @property
2468 def parents(self):
2469 parents_recursion_limit = 10
2470 groups = []
2471 if self.parent_group is None:
2472 return groups
2473 cur_gr = self.parent_group
2474 groups.insert(0, cur_gr)
2475 cnt = 0
2476 while 1:
2477 cnt += 1
2478 gr = getattr(cur_gr, 'parent_group', None)
2479 cur_gr = cur_gr.parent_group
2480 if gr is None:
2481 break
2482 if cnt == parents_recursion_limit:
2483 # this will prevent accidental infinit loops
2484 log.error(('more than %s parents found for group %s, stopping '
2485 'recursive parent fetching' % (parents_recursion_limit, self)))
2486 break
2487
2488 groups.insert(0, gr)
2489 return groups
2490
2491 @property
2492 def last_db_change(self):
2493 return self.updated_on
2494
2495 @property
2496 def children(self):
2497 return RepoGroup.query().filter(RepoGroup.parent_group == self)
2498
2499 @property
2500 def name(self):
2501 return self.group_name.split(RepoGroup.url_sep())[-1]
2502
2503 @property
2504 def full_path(self):
2505 return self.group_name
2506
2507 @property
2508 def full_path_splitted(self):
2509 return self.group_name.split(RepoGroup.url_sep())
2510
2511 @property
2512 def repositories(self):
2513 return Repository.query()\
2514 .filter(Repository.group == self)\
2515 .order_by(Repository.repo_name)
2516
2517 @property
2518 def repositories_recursive_count(self):
2519 cnt = self.repositories.count()
2520
2521 def children_count(group):
2522 cnt = 0
2523 for child in group.children:
2524 cnt += child.repositories.count()
2525 cnt += children_count(child)
2526 return cnt
2527
2528 return cnt + children_count(self)
2529
2530 def _recursive_objects(self, include_repos=True):
2531 all_ = []
2532
2533 def _get_members(root_gr):
2534 if include_repos:
2535 for r in root_gr.repositories:
2536 all_.append(r)
2537 childs = root_gr.children.all()
2538 if childs:
2539 for gr in childs:
2540 all_.append(gr)
2541 _get_members(gr)
2542
2543 _get_members(self)
2544 return [self] + all_
2545
2546 def recursive_groups_and_repos(self):
2547 """
2548 Recursive return all groups, with repositories in those groups
2549 """
2550 return self._recursive_objects()
2551
2552 def recursive_groups(self):
2553 """
2554 Returns all children groups for this group including children of children
2555 """
2556 return self._recursive_objects(include_repos=False)
2557
2558 def get_new_name(self, group_name):
2559 """
2560 returns new full group name based on parent and new name
2561
2562 :param group_name:
2563 """
2564 path_prefix = (self.parent_group.full_path_splitted if
2565 self.parent_group else [])
2566 return RepoGroup.url_sep().join(path_prefix + [group_name])
2567
2568 def permissions(self, with_admins=True, with_owner=True):
2569 q = UserRepoGroupToPerm.query().filter(UserRepoGroupToPerm.group == self)
2570 q = q.options(joinedload(UserRepoGroupToPerm.group),
2571 joinedload(UserRepoGroupToPerm.user),
2572 joinedload(UserRepoGroupToPerm.permission),)
2573
2574 # get owners and admins and permissions. We do a trick of re-writing
2575 # objects from sqlalchemy to named-tuples due to sqlalchemy session
2576 # has a global reference and changing one object propagates to all
2577 # others. This means if admin is also an owner admin_row that change
2578 # would propagate to both objects
2579 perm_rows = []
2580 for _usr in q.all():
2581 usr = AttributeDict(_usr.user.get_dict())
2582 usr.permission = _usr.permission.permission_name
2583 perm_rows.append(usr)
2584
2585 # filter the perm rows by 'default' first and then sort them by
2586 # admin,write,read,none permissions sorted again alphabetically in
2587 # each group
2588 perm_rows = sorted(perm_rows, key=display_user_sort)
2589
2590 _admin_perm = 'group.admin'
2591 owner_row = []
2592 if with_owner:
2593 usr = AttributeDict(self.user.get_dict())
2594 usr.owner_row = True
2595 usr.permission = _admin_perm
2596 owner_row.append(usr)
2597
2598 super_admin_rows = []
2599 if with_admins:
2600 for usr in User.get_all_super_admins():
2601 # if this admin is also owner, don't double the record
2602 if usr.user_id == owner_row[0].user_id:
2603 owner_row[0].admin_row = True
2604 else:
2605 usr = AttributeDict(usr.get_dict())
2606 usr.admin_row = True
2607 usr.permission = _admin_perm
2608 super_admin_rows.append(usr)
2609
2610 return super_admin_rows + owner_row + perm_rows
2611
2612 def permission_user_groups(self):
2613 q = UserGroupRepoGroupToPerm.query().filter(UserGroupRepoGroupToPerm.group == self)
2614 q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
2615 joinedload(UserGroupRepoGroupToPerm.users_group),
2616 joinedload(UserGroupRepoGroupToPerm.permission),)
2617
2618 perm_rows = []
2619 for _user_group in q.all():
2620 usr = AttributeDict(_user_group.users_group.get_dict())
2621 usr.permission = _user_group.permission.permission_name
2622 perm_rows.append(usr)
2623
2624 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2625 return perm_rows
2626
2627 def get_api_data(self):
2628 """
2629 Common function for generating api data
2630
2631 """
2632 group = self
2633 data = {
2634 'group_id': group.group_id,
2635 'group_name': group.group_name,
2636 'group_description': group.description_safe,
2637 'parent_group': group.parent_group.group_name if group.parent_group else None,
2638 'repositories': [x.repo_name for x in group.repositories],
2639 'owner': group.user.username,
2640 }
2641 return data
2642
2643
2644 class Permission(Base, BaseModel):
2645 __tablename__ = 'permissions'
2646 __table_args__ = (
2647 Index('p_perm_name_idx', 'permission_name'),
2648 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2649 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2650 )
2651 PERMS = [
2652 ('hg.admin', _('RhodeCode Super Administrator')),
2653
2654 ('repository.none', _('Repository no access')),
2655 ('repository.read', _('Repository read access')),
2656 ('repository.write', _('Repository write access')),
2657 ('repository.admin', _('Repository admin access')),
2658
2659 ('group.none', _('Repository group no access')),
2660 ('group.read', _('Repository group read access')),
2661 ('group.write', _('Repository group write access')),
2662 ('group.admin', _('Repository group admin access')),
2663
2664 ('usergroup.none', _('User group no access')),
2665 ('usergroup.read', _('User group read access')),
2666 ('usergroup.write', _('User group write access')),
2667 ('usergroup.admin', _('User group admin access')),
2668
2669 ('branch.none', _('Branch no permissions')),
2670 ('branch.merge', _('Branch access by web merge')),
2671 ('branch.push', _('Branch access by push')),
2672 ('branch.push_force', _('Branch access by push with force')),
2673
2674 ('hg.repogroup.create.false', _('Repository Group creation disabled')),
2675 ('hg.repogroup.create.true', _('Repository Group creation enabled')),
2676
2677 ('hg.usergroup.create.false', _('User Group creation disabled')),
2678 ('hg.usergroup.create.true', _('User Group creation enabled')),
2679
2680 ('hg.create.none', _('Repository creation disabled')),
2681 ('hg.create.repository', _('Repository creation enabled')),
2682 ('hg.create.write_on_repogroup.true', _('Repository creation enabled with write permission to a repository group')),
2683 ('hg.create.write_on_repogroup.false', _('Repository creation disabled with write permission to a repository group')),
2684
2685 ('hg.fork.none', _('Repository forking disabled')),
2686 ('hg.fork.repository', _('Repository forking enabled')),
2687
2688 ('hg.register.none', _('Registration disabled')),
2689 ('hg.register.manual_activate', _('User Registration with manual account activation')),
2690 ('hg.register.auto_activate', _('User Registration with automatic account activation')),
2691
2692 ('hg.password_reset.enabled', _('Password reset enabled')),
2693 ('hg.password_reset.hidden', _('Password reset hidden')),
2694 ('hg.password_reset.disabled', _('Password reset disabled')),
2695
2696 ('hg.extern_activate.manual', _('Manual activation of external account')),
2697 ('hg.extern_activate.auto', _('Automatic activation of external account')),
2698
2699 ('hg.inherit_default_perms.false', _('Inherit object permissions from default user disabled')),
2700 ('hg.inherit_default_perms.true', _('Inherit object permissions from default user enabled')),
2701 ]
2702
2703 # definition of system default permissions for DEFAULT user, created on
2704 # system setup
2705 DEFAULT_USER_PERMISSIONS = [
2706 # object perms
2707 'repository.read',
2708 'group.read',
2709 'usergroup.read',
2710 # branch
2711 'branch.push',
2712 # global
2713 'hg.create.repository',
2714 'hg.repogroup.create.false',
2715 'hg.usergroup.create.false',
2716 'hg.create.write_on_repogroup.true',
2717 'hg.fork.repository',
2718 'hg.register.manual_activate',
2719 'hg.password_reset.enabled',
2720 'hg.extern_activate.auto',
2721 'hg.inherit_default_perms.true',
2722 ]
2723
2724 # defines which permissions are more important higher the more important
2725 # Weight defines which permissions are more important.
2726 # The higher number the more important.
2727 PERM_WEIGHTS = {
2728 'repository.none': 0,
2729 'repository.read': 1,
2730 'repository.write': 3,
2731 'repository.admin': 4,
2732
2733 'group.none': 0,
2734 'group.read': 1,
2735 'group.write': 3,
2736 'group.admin': 4,
2737
2738 'usergroup.none': 0,
2739 'usergroup.read': 1,
2740 'usergroup.write': 3,
2741 'usergroup.admin': 4,
2742
2743 'branch.none': 0,
2744 'branch.merge': 1,
2745 'branch.push': 3,
2746 'branch.push_force': 4,
2747
2748 'hg.repogroup.create.false': 0,
2749 'hg.repogroup.create.true': 1,
2750
2751 'hg.usergroup.create.false': 0,
2752 'hg.usergroup.create.true': 1,
2753
2754 'hg.fork.none': 0,
2755 'hg.fork.repository': 1,
2756 'hg.create.none': 0,
2757 'hg.create.repository': 1
2758 }
2759
2760 permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2761 permission_name = Column("permission_name", String(255), nullable=True, unique=None, default=None)
2762 permission_longname = Column("permission_longname", String(255), nullable=True, unique=None, default=None)
2763
2764 def __unicode__(self):
2765 return u"<%s('%s:%s')>" % (
2766 self.__class__.__name__, self.permission_id, self.permission_name
2767 )
2768
2769 @classmethod
2770 def get_by_key(cls, key):
2771 return cls.query().filter(cls.permission_name == key).scalar()
2772
2773 @classmethod
2774 def get_default_repo_perms(cls, user_id, repo_id=None):
2775 q = Session().query(UserRepoToPerm, Repository, Permission)\
2776 .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\
2777 .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
2778 .filter(UserRepoToPerm.user_id == user_id)
2779 if repo_id:
2780 q = q.filter(UserRepoToPerm.repository_id == repo_id)
2781 return q.all()
2782
2783 @classmethod
2784 def get_default_repo_perms_from_user_group(cls, user_id, repo_id=None):
2785 q = Session().query(UserGroupRepoToPerm, Repository, Permission)\
2786 .join(
2787 Permission,
2788 UserGroupRepoToPerm.permission_id == Permission.permission_id)\
2789 .join(
2790 Repository,
2791 UserGroupRepoToPerm.repository_id == Repository.repo_id)\
2792 .join(
2793 UserGroup,
2794 UserGroupRepoToPerm.users_group_id ==
2795 UserGroup.users_group_id)\
2796 .join(
2797 UserGroupMember,
2798 UserGroupRepoToPerm.users_group_id ==
2799 UserGroupMember.users_group_id)\
2800 .filter(
2801 UserGroupMember.user_id == user_id,
2802 UserGroup.users_group_active == true())
2803 if repo_id:
2804 q = q.filter(UserGroupRepoToPerm.repository_id == repo_id)
2805 return q.all()
2806
2807 @classmethod
2808 def get_default_group_perms(cls, user_id, repo_group_id=None):
2809 q = Session().query(UserRepoGroupToPerm, RepoGroup, Permission)\
2810 .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\
2811 .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
2812 .filter(UserRepoGroupToPerm.user_id == user_id)
2813 if repo_group_id:
2814 q = q.filter(UserRepoGroupToPerm.group_id == repo_group_id)
2815 return q.all()
2816
2817 @classmethod
2818 def get_default_group_perms_from_user_group(
2819 cls, user_id, repo_group_id=None):
2820 q = Session().query(UserGroupRepoGroupToPerm, RepoGroup, Permission)\
2821 .join(
2822 Permission,
2823 UserGroupRepoGroupToPerm.permission_id ==
2824 Permission.permission_id)\
2825 .join(
2826 RepoGroup,
2827 UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id)\
2828 .join(
2829 UserGroup,
2830 UserGroupRepoGroupToPerm.users_group_id ==
2831 UserGroup.users_group_id)\
2832 .join(
2833 UserGroupMember,
2834 UserGroupRepoGroupToPerm.users_group_id ==
2835 UserGroupMember.users_group_id)\
2836 .filter(
2837 UserGroupMember.user_id == user_id,
2838 UserGroup.users_group_active == true())
2839 if repo_group_id:
2840 q = q.filter(UserGroupRepoGroupToPerm.group_id == repo_group_id)
2841 return q.all()
2842
2843 @classmethod
2844 def get_default_user_group_perms(cls, user_id, user_group_id=None):
2845 q = Session().query(UserUserGroupToPerm, UserGroup, Permission)\
2846 .join((Permission, UserUserGroupToPerm.permission_id == Permission.permission_id))\
2847 .join((UserGroup, UserUserGroupToPerm.user_group_id == UserGroup.users_group_id))\
2848 .filter(UserUserGroupToPerm.user_id == user_id)
2849 if user_group_id:
2850 q = q.filter(UserUserGroupToPerm.user_group_id == user_group_id)
2851 return q.all()
2852
2853 @classmethod
2854 def get_default_user_group_perms_from_user_group(
2855 cls, user_id, user_group_id=None):
2856 TargetUserGroup = aliased(UserGroup, name='target_user_group')
2857 q = Session().query(UserGroupUserGroupToPerm, UserGroup, Permission)\
2858 .join(
2859 Permission,
2860 UserGroupUserGroupToPerm.permission_id ==
2861 Permission.permission_id)\
2862 .join(
2863 TargetUserGroup,
2864 UserGroupUserGroupToPerm.target_user_group_id ==
2865 TargetUserGroup.users_group_id)\
2866 .join(
2867 UserGroup,
2868 UserGroupUserGroupToPerm.user_group_id ==
2869 UserGroup.users_group_id)\
2870 .join(
2871 UserGroupMember,
2872 UserGroupUserGroupToPerm.user_group_id ==
2873 UserGroupMember.users_group_id)\
2874 .filter(
2875 UserGroupMember.user_id == user_id,
2876 UserGroup.users_group_active == true())
2877 if user_group_id:
2878 q = q.filter(
2879 UserGroupUserGroupToPerm.user_group_id == user_group_id)
2880
2881 return q.all()
2882
2883
2884 class UserRepoToPerm(Base, BaseModel):
2885 __tablename__ = 'repo_to_perm'
2886 __table_args__ = (
2887 UniqueConstraint('user_id', 'repository_id', 'permission_id'),
2888 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2889 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2890 )
2891 repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2892 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2893 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2894 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2895
2896 user = relationship('User')
2897 repository = relationship('Repository')
2898 permission = relationship('Permission')
2899
2900 branch_perm_entry = relationship('UserToRepoBranchPermission', cascade="all, delete, delete-orphan", lazy='joined')
2901
2902 @classmethod
2903 def create(cls, user, repository, permission):
2904 n = cls()
2905 n.user = user
2906 n.repository = repository
2907 n.permission = permission
2908 Session().add(n)
2909 return n
2910
2911 def __unicode__(self):
2912 return u'<%s => %s >' % (self.user, self.repository)
2913
2914
2915 class UserUserGroupToPerm(Base, BaseModel):
2916 __tablename__ = 'user_user_group_to_perm'
2917 __table_args__ = (
2918 UniqueConstraint('user_id', 'user_group_id', 'permission_id'),
2919 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2920 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2921 )
2922 user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2923 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2924 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2925 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2926
2927 user = relationship('User')
2928 user_group = relationship('UserGroup')
2929 permission = relationship('Permission')
2930
2931 @classmethod
2932 def create(cls, user, user_group, permission):
2933 n = cls()
2934 n.user = user
2935 n.user_group = user_group
2936 n.permission = permission
2937 Session().add(n)
2938 return n
2939
2940 def __unicode__(self):
2941 return u'<%s => %s >' % (self.user, self.user_group)
2942
2943
2944 class UserToPerm(Base, BaseModel):
2945 __tablename__ = 'user_to_perm'
2946 __table_args__ = (
2947 UniqueConstraint('user_id', 'permission_id'),
2948 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2949 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2950 )
2951 user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2952 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2953 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2954
2955 user = relationship('User')
2956 permission = relationship('Permission', lazy='joined')
2957
2958 def __unicode__(self):
2959 return u'<%s => %s >' % (self.user, self.permission)
2960
2961
2962 class UserGroupRepoToPerm(Base, BaseModel):
2963 __tablename__ = 'users_group_repo_to_perm'
2964 __table_args__ = (
2965 UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),
2966 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2967 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2968 )
2969 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2970 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2971 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2972 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2973
2974 users_group = relationship('UserGroup')
2975 permission = relationship('Permission')
2976 repository = relationship('Repository')
2977
2978 @classmethod
2979 def create(cls, users_group, repository, permission):
2980 n = cls()
2981 n.users_group = users_group
2982 n.repository = repository
2983 n.permission = permission
2984 Session().add(n)
2985 return n
2986
2987 def __unicode__(self):
2988 return u'<UserGroupRepoToPerm:%s => %s >' % (self.users_group, self.repository)
2989
2990
2991 class UserGroupUserGroupToPerm(Base, BaseModel):
2992 __tablename__ = 'user_group_user_group_to_perm'
2993 __table_args__ = (
2994 UniqueConstraint('target_user_group_id', 'user_group_id', 'permission_id'),
2995 CheckConstraint('target_user_group_id != user_group_id'),
2996 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2997 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2998 )
2999 user_group_user_group_to_perm_id = Column("user_group_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3000 target_user_group_id = Column("target_user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3001 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3002 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3003
3004 target_user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
3005 user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
3006 permission = relationship('Permission')
3007
3008 @classmethod
3009 def create(cls, target_user_group, user_group, permission):
3010 n = cls()
3011 n.target_user_group = target_user_group
3012 n.user_group = user_group
3013 n.permission = permission
3014 Session().add(n)
3015 return n
3016
3017 def __unicode__(self):
3018 return u'<UserGroupUserGroup:%s => %s >' % (self.target_user_group, self.user_group)
3019
3020
3021 class UserGroupToPerm(Base, BaseModel):
3022 __tablename__ = 'users_group_to_perm'
3023 __table_args__ = (
3024 UniqueConstraint('users_group_id', 'permission_id',),
3025 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3026 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3027 )
3028 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3029 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3030 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3031
3032 users_group = relationship('UserGroup')
3033 permission = relationship('Permission')
3034
3035
3036 class UserRepoGroupToPerm(Base, BaseModel):
3037 __tablename__ = 'user_repo_group_to_perm'
3038 __table_args__ = (
3039 UniqueConstraint('user_id', 'group_id', 'permission_id'),
3040 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3041 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3042 )
3043
3044 group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3045 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3046 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
3047 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3048
3049 user = relationship('User')
3050 group = relationship('RepoGroup')
3051 permission = relationship('Permission')
3052
3053 @classmethod
3054 def create(cls, user, repository_group, permission):
3055 n = cls()
3056 n.user = user
3057 n.group = repository_group
3058 n.permission = permission
3059 Session().add(n)
3060 return n
3061
3062
3063 class UserGroupRepoGroupToPerm(Base, BaseModel):
3064 __tablename__ = 'users_group_repo_group_to_perm'
3065 __table_args__ = (
3066 UniqueConstraint('users_group_id', 'group_id'),
3067 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3068 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3069 )
3070
3071 users_group_repo_group_to_perm_id = Column("users_group_repo_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3072 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3073 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
3074 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3075
3076 users_group = relationship('UserGroup')
3077 permission = relationship('Permission')
3078 group = relationship('RepoGroup')
3079
3080 @classmethod
3081 def create(cls, user_group, repository_group, permission):
3082 n = cls()
3083 n.users_group = user_group
3084 n.group = repository_group
3085 n.permission = permission
3086 Session().add(n)
3087 return n
3088
3089 def __unicode__(self):
3090 return u'<UserGroupRepoGroupToPerm:%s => %s >' % (self.users_group, self.group)
3091
3092
3093 class Statistics(Base, BaseModel):
3094 __tablename__ = 'statistics'
3095 __table_args__ = (
3096 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3097 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3098 )
3099 stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3100 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
3101 stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
3102 commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data
3103 commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
3104 languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data
3105
3106 repository = relationship('Repository', single_parent=True)
3107
3108
3109 class UserFollowing(Base, BaseModel):
3110 __tablename__ = 'user_followings'
3111 __table_args__ = (
3112 UniqueConstraint('user_id', 'follows_repository_id'),
3113 UniqueConstraint('user_id', 'follows_user_id'),
3114 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3115 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3116 )
3117
3118 user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3119 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3120 follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None)
3121 follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
3122 follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
3123
3124 user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')
3125
3126 follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')
3127 follows_repository = relationship('Repository', order_by='Repository.repo_name')
3128
3129 @classmethod
3130 def get_repo_followers(cls, repo_id):
3131 return cls.query().filter(cls.follows_repo_id == repo_id)
3132
3133
3134 class CacheKey(Base, BaseModel):
3135 __tablename__ = 'cache_invalidation'
3136 __table_args__ = (
3137 UniqueConstraint('cache_key'),
3138 Index('key_idx', 'cache_key'),
3139 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3140 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3141 )
3142 CACHE_TYPE_ATOM = 'ATOM'
3143 CACHE_TYPE_RSS = 'RSS'
3144 CACHE_TYPE_README = 'README'
3145
3146 cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3147 cache_key = Column("cache_key", String(255), nullable=True, unique=None, default=None)
3148 cache_args = Column("cache_args", String(255), nullable=True, unique=None, default=None)
3149 cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False)
3150
3151 def __init__(self, cache_key, cache_args=''):
3152 self.cache_key = cache_key
3153 self.cache_args = cache_args
3154 self.cache_active = False
3155
3156 def __unicode__(self):
3157 return u"<%s('%s:%s[%s]')>" % (
3158 self.__class__.__name__,
3159 self.cache_id, self.cache_key, self.cache_active)
3160
3161 def _cache_key_partition(self):
3162 prefix, repo_name, suffix = self.cache_key.partition(self.cache_args)
3163 return prefix, repo_name, suffix
3164
3165 def get_prefix(self):
3166 """
3167 Try to extract prefix from existing cache key. The key could consist
3168 of prefix, repo_name, suffix
3169 """
3170 # this returns prefix, repo_name, suffix
3171 return self._cache_key_partition()[0]
3172
3173 def get_suffix(self):
3174 """
3175 get suffix that might have been used in _get_cache_key to
3176 generate self.cache_key. Only used for informational purposes
3177 in repo_edit.mako.
3178 """
3179 # prefix, repo_name, suffix
3180 return self._cache_key_partition()[2]
3181
3182 @classmethod
3183 def delete_all_cache(cls):
3184 """
3185 Delete all cache keys from database.
3186 Should only be run when all instances are down and all entries
3187 thus stale.
3188 """
3189 cls.query().delete()
3190 Session().commit()
3191
3192 @classmethod
3193 def get_cache_key(cls, repo_name, cache_type):
3194 """
3195
3196 Generate a cache key for this process of RhodeCode instance.
3197 Prefix most likely will be process id or maybe explicitly set
3198 instance_id from .ini file.
3199 """
3200 import rhodecode
3201 prefix = safe_unicode(rhodecode.CONFIG.get('instance_id') or '')
3202
3203 repo_as_unicode = safe_unicode(repo_name)
3204 key = u'{}_{}'.format(repo_as_unicode, cache_type) \
3205 if cache_type else repo_as_unicode
3206
3207 return u'{}{}'.format(prefix, key)
3208
3209 @classmethod
3210 def set_invalidate(cls, repo_name, delete=False):
3211 """
3212 Mark all caches of a repo as invalid in the database.
3213 """
3214
3215 try:
3216 qry = Session().query(cls).filter(cls.cache_args == repo_name)
3217 if delete:
3218 log.debug('cache objects deleted for repo %s',
3219 safe_str(repo_name))
3220 qry.delete()
3221 else:
3222 log.debug('cache objects marked as invalid for repo %s',
3223 safe_str(repo_name))
3224 qry.update({"cache_active": False})
3225
3226 Session().commit()
3227 except Exception:
3228 log.exception(
3229 'Cache key invalidation failed for repository %s',
3230 safe_str(repo_name))
3231 Session().rollback()
3232
3233 @classmethod
3234 def get_active_cache(cls, cache_key):
3235 inv_obj = cls.query().filter(cls.cache_key == cache_key).scalar()
3236 if inv_obj:
3237 return inv_obj
3238 return None
3239
3240
3241 class ChangesetComment(Base, BaseModel):
3242 __tablename__ = 'changeset_comments'
3243 __table_args__ = (
3244 Index('cc_revision_idx', 'revision'),
3245 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3246 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3247 )
3248
3249 COMMENT_OUTDATED = u'comment_outdated'
3250 COMMENT_TYPE_NOTE = u'note'
3251 COMMENT_TYPE_TODO = u'todo'
3252 COMMENT_TYPES = [COMMENT_TYPE_NOTE, COMMENT_TYPE_TODO]
3253
3254 comment_id = Column('comment_id', Integer(), nullable=False, primary_key=True)
3255 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3256 revision = Column('revision', String(40), nullable=True)
3257 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3258 pull_request_version_id = Column("pull_request_version_id", Integer(), ForeignKey('pull_request_versions.pull_request_version_id'), nullable=True)
3259 line_no = Column('line_no', Unicode(10), nullable=True)
3260 hl_lines = Column('hl_lines', Unicode(512), nullable=True)
3261 f_path = Column('f_path', Unicode(1000), nullable=True)
3262 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)
3263 text = Column('text', UnicodeText().with_variant(UnicodeText(25000), 'mysql'), nullable=False)
3264 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3265 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3266 renderer = Column('renderer', Unicode(64), nullable=True)
3267 display_state = Column('display_state', Unicode(128), nullable=True)
3268
3269 comment_type = Column('comment_type', Unicode(128), nullable=True, default=COMMENT_TYPE_NOTE)
3270 resolved_comment_id = Column('resolved_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'), nullable=True)
3271 resolved_comment = relationship('ChangesetComment', remote_side=comment_id, backref='resolved_by')
3272 author = relationship('User', lazy='joined')
3273 repo = relationship('Repository')
3274 status_change = relationship('ChangesetStatus', cascade="all, delete, delete-orphan", lazy='joined')
3275 pull_request = relationship('PullRequest', lazy='joined')
3276 pull_request_version = relationship('PullRequestVersion')
3277
3278 @classmethod
3279 def get_users(cls, revision=None, pull_request_id=None):
3280 """
3281 Returns user associated with this ChangesetComment. ie those
3282 who actually commented
3283
3284 :param cls:
3285 :param revision:
3286 """
3287 q = Session().query(User)\
3288 .join(ChangesetComment.author)
3289 if revision:
3290 q = q.filter(cls.revision == revision)
3291 elif pull_request_id:
3292 q = q.filter(cls.pull_request_id == pull_request_id)
3293 return q.all()
3294
3295 @classmethod
3296 def get_index_from_version(cls, pr_version, versions):
3297 num_versions = [x.pull_request_version_id for x in versions]
3298 try:
3299 return num_versions.index(pr_version) +1
3300 except (IndexError, ValueError):
3301 return
3302
3303 @property
3304 def outdated(self):
3305 return self.display_state == self.COMMENT_OUTDATED
3306
3307 def outdated_at_version(self, version):
3308 """
3309 Checks if comment is outdated for given pull request version
3310 """
3311 return self.outdated and self.pull_request_version_id != version
3312
3313 def older_than_version(self, version):
3314 """
3315 Checks if comment is made from previous version than given
3316 """
3317 if version is None:
3318 return self.pull_request_version_id is not None
3319
3320 return self.pull_request_version_id < version
3321
3322 @property
3323 def resolved(self):
3324 return self.resolved_by[0] if self.resolved_by else None
3325
3326 @property
3327 def is_todo(self):
3328 return self.comment_type == self.COMMENT_TYPE_TODO
3329
3330 @property
3331 def is_inline(self):
3332 return self.line_no and self.f_path
3333
3334 def get_index_version(self, versions):
3335 return self.get_index_from_version(
3336 self.pull_request_version_id, versions)
3337
3338 def __repr__(self):
3339 if self.comment_id:
3340 return '<DB:Comment #%s>' % self.comment_id
3341 else:
3342 return '<DB:Comment at %#x>' % id(self)
3343
3344 def get_api_data(self):
3345 comment = self
3346 data = {
3347 'comment_id': comment.comment_id,
3348 'comment_type': comment.comment_type,
3349 'comment_text': comment.text,
3350 'comment_status': comment.status_change,
3351 'comment_f_path': comment.f_path,
3352 'comment_lineno': comment.line_no,
3353 'comment_author': comment.author,
3354 'comment_created_on': comment.created_on
3355 }
3356 return data
3357
3358 def __json__(self):
3359 data = dict()
3360 data.update(self.get_api_data())
3361 return data
3362
3363
3364 class ChangesetStatus(Base, BaseModel):
3365 __tablename__ = 'changeset_statuses'
3366 __table_args__ = (
3367 Index('cs_revision_idx', 'revision'),
3368 Index('cs_version_idx', 'version'),
3369 UniqueConstraint('repo_id', 'revision', 'version'),
3370 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3371 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3372 )
3373 STATUS_NOT_REVIEWED = DEFAULT = 'not_reviewed'
3374 STATUS_APPROVED = 'approved'
3375 STATUS_REJECTED = 'rejected'
3376 STATUS_UNDER_REVIEW = 'under_review'
3377
3378 STATUSES = [
3379 (STATUS_NOT_REVIEWED, _("Not Reviewed")), # (no icon) and default
3380 (STATUS_APPROVED, _("Approved")),
3381 (STATUS_REJECTED, _("Rejected")),
3382 (STATUS_UNDER_REVIEW, _("Under Review")),
3383 ]
3384
3385 changeset_status_id = Column('changeset_status_id', Integer(), nullable=False, primary_key=True)
3386 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3387 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None)
3388 revision = Column('revision', String(40), nullable=False)
3389 status = Column('status', String(128), nullable=False, default=DEFAULT)
3390 changeset_comment_id = Column('changeset_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'))
3391 modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now)
3392 version = Column('version', Integer(), nullable=False, default=0)
3393 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3394
3395 author = relationship('User', lazy='joined')
3396 repo = relationship('Repository')
3397 comment = relationship('ChangesetComment', lazy='joined')
3398 pull_request = relationship('PullRequest', lazy='joined')
3399
3400 def __unicode__(self):
3401 return u"<%s('%s[v%s]:%s')>" % (
3402 self.__class__.__name__,
3403 self.status, self.version, self.author
3404 )
3405
3406 @classmethod
3407 def get_status_lbl(cls, value):
3408 return dict(cls.STATUSES).get(value)
3409
3410 @property
3411 def status_lbl(self):
3412 return ChangesetStatus.get_status_lbl(self.status)
3413
3414 def get_api_data(self):
3415 status = self
3416 data = {
3417 'status_id': status.changeset_status_id,
3418 'status': status.status,
3419 }
3420 return data
3421
3422 def __json__(self):
3423 data = dict()
3424 data.update(self.get_api_data())
3425 return data
3426
3427
3428 class _PullRequestBase(BaseModel):
3429 """
3430 Common attributes of pull request and version entries.
3431 """
3432
3433 # .status values
3434 STATUS_NEW = u'new'
3435 STATUS_OPEN = u'open'
3436 STATUS_CLOSED = u'closed'
3437
3438 title = Column('title', Unicode(255), nullable=True)
3439 description = Column(
3440 'description', UnicodeText().with_variant(UnicodeText(10240), 'mysql'),
3441 nullable=True)
3442 # new/open/closed status of pull request (not approve/reject/etc)
3443 status = Column('status', Unicode(255), nullable=False, default=STATUS_NEW)
3444 created_on = Column(
3445 'created_on', DateTime(timezone=False), nullable=False,
3446 default=datetime.datetime.now)
3447 updated_on = Column(
3448 'updated_on', DateTime(timezone=False), nullable=False,
3449 default=datetime.datetime.now)
3450
3451 @declared_attr
3452 def user_id(cls):
3453 return Column(
3454 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
3455 unique=None)
3456
3457 # 500 revisions max
3458 _revisions = Column(
3459 'revisions', UnicodeText().with_variant(UnicodeText(20500), 'mysql'))
3460
3461 @declared_attr
3462 def source_repo_id(cls):
3463 # TODO: dan: rename column to source_repo_id
3464 return Column(
3465 'org_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3466 nullable=False)
3467
3468 source_ref = Column('org_ref', Unicode(255), nullable=False)
3469
3470 @declared_attr
3471 def target_repo_id(cls):
3472 # TODO: dan: rename column to target_repo_id
3473 return Column(
3474 'other_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3475 nullable=False)
3476
3477 target_ref = Column('other_ref', Unicode(255), nullable=False)
3478 _shadow_merge_ref = Column('shadow_merge_ref', Unicode(255), nullable=True)
3479
3480 # TODO: dan: rename column to last_merge_source_rev
3481 _last_merge_source_rev = Column(
3482 'last_merge_org_rev', String(40), nullable=True)
3483 # TODO: dan: rename column to last_merge_target_rev
3484 _last_merge_target_rev = Column(
3485 'last_merge_other_rev', String(40), nullable=True)
3486 _last_merge_status = Column('merge_status', Integer(), nullable=True)
3487 merge_rev = Column('merge_rev', String(40), nullable=True)
3488
3489 reviewer_data = Column(
3490 'reviewer_data_json', MutationObj.as_mutable(
3491 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
3492
3493 @property
3494 def reviewer_data_json(self):
3495 return json.dumps(self.reviewer_data)
3496
3497 @hybrid_property
3498 def description_safe(self):
3499 from rhodecode.lib import helpers as h
3500 return h.escape(self.description)
3501
3502 @hybrid_property
3503 def revisions(self):
3504 return self._revisions.split(':') if self._revisions else []
3505
3506 @revisions.setter
3507 def revisions(self, val):
3508 self._revisions = ':'.join(val)
3509
3510 @hybrid_property
3511 def last_merge_status(self):
3512 return safe_int(self._last_merge_status)
3513
3514 @last_merge_status.setter
3515 def last_merge_status(self, val):
3516 self._last_merge_status = val
3517
3518 @declared_attr
3519 def author(cls):
3520 return relationship('User', lazy='joined')
3521
3522 @declared_attr
3523 def source_repo(cls):
3524 return relationship(
3525 'Repository',
3526 primaryjoin='%s.source_repo_id==Repository.repo_id' % cls.__name__)
3527
3528 @property
3529 def source_ref_parts(self):
3530 return self.unicode_to_reference(self.source_ref)
3531
3532 @declared_attr
3533 def target_repo(cls):
3534 return relationship(
3535 'Repository',
3536 primaryjoin='%s.target_repo_id==Repository.repo_id' % cls.__name__)
3537
3538 @property
3539 def target_ref_parts(self):
3540 return self.unicode_to_reference(self.target_ref)
3541
3542 @property
3543 def shadow_merge_ref(self):
3544 return self.unicode_to_reference(self._shadow_merge_ref)
3545
3546 @shadow_merge_ref.setter
3547 def shadow_merge_ref(self, ref):
3548 self._shadow_merge_ref = self.reference_to_unicode(ref)
3549
3550 def unicode_to_reference(self, raw):
3551 """
3552 Convert a unicode (or string) to a reference object.
3553 If unicode evaluates to False it returns None.
3554 """
3555 if raw:
3556 refs = raw.split(':')
3557 return Reference(*refs)
3558 else:
3559 return None
3560
3561 def reference_to_unicode(self, ref):
3562 """
3563 Convert a reference object to unicode.
3564 If reference is None it returns None.
3565 """
3566 if ref:
3567 return u':'.join(ref)
3568 else:
3569 return None
3570
3571 def get_api_data(self, with_merge_state=True):
3572 from rhodecode.model.pull_request import PullRequestModel
3573
3574 pull_request = self
3575 if with_merge_state:
3576 merge_status = PullRequestModel().merge_status(pull_request)
3577 merge_state = {
3578 'status': merge_status[0],
3579 'message': safe_unicode(merge_status[1]),
3580 }
3581 else:
3582 merge_state = {'status': 'not_available',
3583 'message': 'not_available'}
3584
3585 merge_data = {
3586 'clone_url': PullRequestModel().get_shadow_clone_url(pull_request),
3587 'reference': (
3588 pull_request.shadow_merge_ref._asdict()
3589 if pull_request.shadow_merge_ref else None),
3590 }
3591
3592 data = {
3593 'pull_request_id': pull_request.pull_request_id,
3594 'url': PullRequestModel().get_url(pull_request),
3595 'title': pull_request.title,
3596 'description': pull_request.description,
3597 'status': pull_request.status,
3598 'created_on': pull_request.created_on,
3599 'updated_on': pull_request.updated_on,
3600 'commit_ids': pull_request.revisions,
3601 'review_status': pull_request.calculated_review_status(),
3602 'mergeable': merge_state,
3603 'source': {
3604 'clone_url': pull_request.source_repo.clone_url(),
3605 'repository': pull_request.source_repo.repo_name,
3606 'reference': {
3607 'name': pull_request.source_ref_parts.name,
3608 'type': pull_request.source_ref_parts.type,
3609 'commit_id': pull_request.source_ref_parts.commit_id,
3610 },
3611 },
3612 'target': {
3613 'clone_url': pull_request.target_repo.clone_url(),
3614 'repository': pull_request.target_repo.repo_name,
3615 'reference': {
3616 'name': pull_request.target_ref_parts.name,
3617 'type': pull_request.target_ref_parts.type,
3618 'commit_id': pull_request.target_ref_parts.commit_id,
3619 },
3620 },
3621 'merge': merge_data,
3622 'author': pull_request.author.get_api_data(include_secrets=False,
3623 details='basic'),
3624 'reviewers': [
3625 {
3626 'user': reviewer.get_api_data(include_secrets=False,
3627 details='basic'),
3628 'reasons': reasons,
3629 'review_status': st[0][1].status if st else 'not_reviewed',
3630 }
3631 for obj, reviewer, reasons, mandatory, st in
3632 pull_request.reviewers_statuses()
3633 ]
3634 }
3635
3636 return data
3637
3638
3639 class PullRequest(Base, _PullRequestBase):
3640 __tablename__ = 'pull_requests'
3641 __table_args__ = (
3642 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3643 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3644 )
3645
3646 pull_request_id = Column(
3647 'pull_request_id', Integer(), nullable=False, primary_key=True)
3648
3649 def __repr__(self):
3650 if self.pull_request_id:
3651 return '<DB:PullRequest #%s>' % self.pull_request_id
3652 else:
3653 return '<DB:PullRequest at %#x>' % id(self)
3654
3655 reviewers = relationship('PullRequestReviewers',
3656 cascade="all, delete, delete-orphan")
3657 statuses = relationship('ChangesetStatus',
3658 cascade="all, delete, delete-orphan")
3659 comments = relationship('ChangesetComment',
3660 cascade="all, delete, delete-orphan")
3661 versions = relationship('PullRequestVersion',
3662 cascade="all, delete, delete-orphan",
3663 lazy='dynamic')
3664
3665 @classmethod
3666 def get_pr_display_object(cls, pull_request_obj, org_pull_request_obj,
3667 internal_methods=None):
3668
3669 class PullRequestDisplay(object):
3670 """
3671 Special object wrapper for showing PullRequest data via Versions
3672 It mimics PR object as close as possible. This is read only object
3673 just for display
3674 """
3675
3676 def __init__(self, attrs, internal=None):
3677 self.attrs = attrs
3678 # internal have priority over the given ones via attrs
3679 self.internal = internal or ['versions']
3680
3681 def __getattr__(self, item):
3682 if item in self.internal:
3683 return getattr(self, item)
3684 try:
3685 return self.attrs[item]
3686 except KeyError:
3687 raise AttributeError(
3688 '%s object has no attribute %s' % (self, item))
3689
3690 def __repr__(self):
3691 return '<DB:PullRequestDisplay #%s>' % self.attrs.get('pull_request_id')
3692
3693 def versions(self):
3694 return pull_request_obj.versions.order_by(
3695 PullRequestVersion.pull_request_version_id).all()
3696
3697 def is_closed(self):
3698 return pull_request_obj.is_closed()
3699
3700 @property
3701 def pull_request_version_id(self):
3702 return getattr(pull_request_obj, 'pull_request_version_id', None)
3703
3704 attrs = StrictAttributeDict(pull_request_obj.get_api_data())
3705
3706 attrs.author = StrictAttributeDict(
3707 pull_request_obj.author.get_api_data())
3708 if pull_request_obj.target_repo:
3709 attrs.target_repo = StrictAttributeDict(
3710 pull_request_obj.target_repo.get_api_data())
3711 attrs.target_repo.clone_url = pull_request_obj.target_repo.clone_url
3712
3713 if pull_request_obj.source_repo:
3714 attrs.source_repo = StrictAttributeDict(
3715 pull_request_obj.source_repo.get_api_data())
3716 attrs.source_repo.clone_url = pull_request_obj.source_repo.clone_url
3717
3718 attrs.source_ref_parts = pull_request_obj.source_ref_parts
3719 attrs.target_ref_parts = pull_request_obj.target_ref_parts
3720 attrs.revisions = pull_request_obj.revisions
3721
3722 attrs.shadow_merge_ref = org_pull_request_obj.shadow_merge_ref
3723 attrs.reviewer_data = org_pull_request_obj.reviewer_data
3724 attrs.reviewer_data_json = org_pull_request_obj.reviewer_data_json
3725
3726 return PullRequestDisplay(attrs, internal=internal_methods)
3727
3728 def is_closed(self):
3729 return self.status == self.STATUS_CLOSED
3730
3731 def __json__(self):
3732 return {
3733 'revisions': self.revisions,
3734 }
3735
3736 def calculated_review_status(self):
3737 from rhodecode.model.changeset_status import ChangesetStatusModel
3738 return ChangesetStatusModel().calculated_review_status(self)
3739
3740 def reviewers_statuses(self):
3741 from rhodecode.model.changeset_status import ChangesetStatusModel
3742 return ChangesetStatusModel().reviewers_statuses(self)
3743
3744 @property
3745 def workspace_id(self):
3746 from rhodecode.model.pull_request import PullRequestModel
3747 return PullRequestModel()._workspace_id(self)
3748
3749 def get_shadow_repo(self):
3750 workspace_id = self.workspace_id
3751 vcs_obj = self.target_repo.scm_instance()
3752 shadow_repository_path = vcs_obj._get_shadow_repository_path(
3753 workspace_id)
3754 return vcs_obj._get_shadow_instance(shadow_repository_path)
3755
3756
3757 class PullRequestVersion(Base, _PullRequestBase):
3758 __tablename__ = 'pull_request_versions'
3759 __table_args__ = (
3760 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3761 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3762 )
3763
3764 pull_request_version_id = Column(
3765 'pull_request_version_id', Integer(), nullable=False, primary_key=True)
3766 pull_request_id = Column(
3767 'pull_request_id', Integer(),
3768 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3769 pull_request = relationship('PullRequest')
3770
3771 def __repr__(self):
3772 if self.pull_request_version_id:
3773 return '<DB:PullRequestVersion #%s>' % self.pull_request_version_id
3774 else:
3775 return '<DB:PullRequestVersion at %#x>' % id(self)
3776
3777 @property
3778 def reviewers(self):
3779 return self.pull_request.reviewers
3780
3781 @property
3782 def versions(self):
3783 return self.pull_request.versions
3784
3785 def is_closed(self):
3786 # calculate from original
3787 return self.pull_request.status == self.STATUS_CLOSED
3788
3789 def calculated_review_status(self):
3790 return self.pull_request.calculated_review_status()
3791
3792 def reviewers_statuses(self):
3793 return self.pull_request.reviewers_statuses()
3794
3795
3796 class PullRequestReviewers(Base, BaseModel):
3797 __tablename__ = 'pull_request_reviewers'
3798 __table_args__ = (
3799 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3800 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3801 )
3802
3803 @hybrid_property
3804 def reasons(self):
3805 if not self._reasons:
3806 return []
3807 return self._reasons
3808
3809 @reasons.setter
3810 def reasons(self, val):
3811 val = val or []
3812 if any(not isinstance(x, basestring) for x in val):
3813 raise Exception('invalid reasons type, must be list of strings')
3814 self._reasons = val
3815
3816 pull_requests_reviewers_id = Column(
3817 'pull_requests_reviewers_id', Integer(), nullable=False,
3818 primary_key=True)
3819 pull_request_id = Column(
3820 "pull_request_id", Integer(),
3821 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3822 user_id = Column(
3823 "user_id", Integer(), ForeignKey('users.user_id'), nullable=True)
3824 _reasons = Column(
3825 'reason', MutationList.as_mutable(
3826 JsonType('list', dialect_map=dict(mysql=UnicodeText(16384)))))
3827
3828 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
3829 user = relationship('User')
3830 pull_request = relationship('PullRequest')
3831
3832 rule_data = Column(
3833 'rule_data_json',
3834 JsonType(dialect_map=dict(mysql=UnicodeText(16384))))
3835
3836 def rule_user_group_data(self):
3837 """
3838 Returns the voting user group rule data for this reviewer
3839 """
3840
3841 if self.rule_data and 'vote_rule' in self.rule_data:
3842 user_group_data = {}
3843 if 'rule_user_group_entry_id' in self.rule_data:
3844 # means a group with voting rules !
3845 user_group_data['id'] = self.rule_data['rule_user_group_entry_id']
3846 user_group_data['name'] = self.rule_data['rule_name']
3847 user_group_data['vote_rule'] = self.rule_data['vote_rule']
3848
3849 return user_group_data
3850
3851 def __unicode__(self):
3852 return u"<%s('id:%s')>" % (self.__class__.__name__,
3853 self.pull_requests_reviewers_id)
3854
3855
3856 class Notification(Base, BaseModel):
3857 __tablename__ = 'notifications'
3858 __table_args__ = (
3859 Index('notification_type_idx', 'type'),
3860 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3861 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3862 )
3863
3864 TYPE_CHANGESET_COMMENT = u'cs_comment'
3865 TYPE_MESSAGE = u'message'
3866 TYPE_MENTION = u'mention'
3867 TYPE_REGISTRATION = u'registration'
3868 TYPE_PULL_REQUEST = u'pull_request'
3869 TYPE_PULL_REQUEST_COMMENT = u'pull_request_comment'
3870
3871 notification_id = Column('notification_id', Integer(), nullable=False, primary_key=True)
3872 subject = Column('subject', Unicode(512), nullable=True)
3873 body = Column('body', UnicodeText().with_variant(UnicodeText(50000), 'mysql'), nullable=True)
3874 created_by = Column("created_by", Integer(), ForeignKey('users.user_id'), nullable=True)
3875 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3876 type_ = Column('type', Unicode(255))
3877
3878 created_by_user = relationship('User')
3879 notifications_to_users = relationship('UserNotification', lazy='joined',
3880 cascade="all, delete, delete-orphan")
3881
3882 @property
3883 def recipients(self):
3884 return [x.user for x in UserNotification.query()\
3885 .filter(UserNotification.notification == self)\
3886 .order_by(UserNotification.user_id.asc()).all()]
3887
3888 @classmethod
3889 def create(cls, created_by, subject, body, recipients, type_=None):
3890 if type_ is None:
3891 type_ = Notification.TYPE_MESSAGE
3892
3893 notification = cls()
3894 notification.created_by_user = created_by
3895 notification.subject = subject
3896 notification.body = body
3897 notification.type_ = type_
3898 notification.created_on = datetime.datetime.now()
3899
3900 for u in recipients:
3901 assoc = UserNotification()
3902 assoc.notification = notification
3903
3904 # if created_by is inside recipients mark his notification
3905 # as read
3906 if u.user_id == created_by.user_id:
3907 assoc.read = True
3908
3909 u.notifications.append(assoc)
3910 Session().add(notification)
3911
3912 return notification
3913
3914
3915 class UserNotification(Base, BaseModel):
3916 __tablename__ = 'user_to_notification'
3917 __table_args__ = (
3918 UniqueConstraint('user_id', 'notification_id'),
3919 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3920 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3921 )
3922 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)
3923 notification_id = Column("notification_id", Integer(), ForeignKey('notifications.notification_id'), primary_key=True)
3924 read = Column('read', Boolean, default=False)
3925 sent_on = Column('sent_on', DateTime(timezone=False), nullable=True, unique=None)
3926
3927 user = relationship('User', lazy="joined")
3928 notification = relationship('Notification', lazy="joined",
3929 order_by=lambda: Notification.created_on.desc(),)
3930
3931 def mark_as_read(self):
3932 self.read = True
3933 Session().add(self)
3934
3935
3936 class Gist(Base, BaseModel):
3937 __tablename__ = 'gists'
3938 __table_args__ = (
3939 Index('g_gist_access_id_idx', 'gist_access_id'),
3940 Index('g_created_on_idx', 'created_on'),
3941 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3942 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3943 )
3944 GIST_PUBLIC = u'public'
3945 GIST_PRIVATE = u'private'
3946 DEFAULT_FILENAME = u'gistfile1.txt'
3947
3948 ACL_LEVEL_PUBLIC = u'acl_public'
3949 ACL_LEVEL_PRIVATE = u'acl_private'
3950
3951 gist_id = Column('gist_id', Integer(), primary_key=True)
3952 gist_access_id = Column('gist_access_id', Unicode(250))
3953 gist_description = Column('gist_description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
3954 gist_owner = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True)
3955 gist_expires = Column('gist_expires', Float(53), nullable=False)
3956 gist_type = Column('gist_type', Unicode(128), nullable=False)
3957 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3958 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3959 acl_level = Column('acl_level', Unicode(128), nullable=True)
3960
3961 owner = relationship('User')
3962
3963 def __repr__(self):
3964 return '<Gist:[%s]%s>' % (self.gist_type, self.gist_access_id)
3965
3966 @hybrid_property
3967 def description_safe(self):
3968 from rhodecode.lib import helpers as h
3969 return h.escape(self.gist_description)
3970
3971 @classmethod
3972 def get_or_404(cls, id_):
3973 from pyramid.httpexceptions import HTTPNotFound
3974
3975 res = cls.query().filter(cls.gist_access_id == id_).scalar()
3976 if not res:
3977 raise HTTPNotFound()
3978 return res
3979
3980 @classmethod
3981 def get_by_access_id(cls, gist_access_id):
3982 return cls.query().filter(cls.gist_access_id == gist_access_id).scalar()
3983
3984 def gist_url(self):
3985 from rhodecode.model.gist import GistModel
3986 return GistModel().get_url(self)
3987
3988 @classmethod
3989 def base_path(cls):
3990 """
3991 Returns base path when all gists are stored
3992
3993 :param cls:
3994 """
3995 from rhodecode.model.gist import GIST_STORE_LOC
3996 q = Session().query(RhodeCodeUi)\
3997 .filter(RhodeCodeUi.ui_key == URL_SEP)
3998 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
3999 return os.path.join(q.one().ui_value, GIST_STORE_LOC)
4000
4001 def get_api_data(self):
4002 """
4003 Common function for generating gist related data for API
4004 """
4005 gist = self
4006 data = {
4007 'gist_id': gist.gist_id,
4008 'type': gist.gist_type,
4009 'access_id': gist.gist_access_id,
4010 'description': gist.gist_description,
4011 'url': gist.gist_url(),
4012 'expires': gist.gist_expires,
4013 'created_on': gist.created_on,
4014 'modified_at': gist.modified_at,
4015 'content': None,
4016 'acl_level': gist.acl_level,
4017 }
4018 return data
4019
4020 def __json__(self):
4021 data = dict(
4022 )
4023 data.update(self.get_api_data())
4024 return data
4025 # SCM functions
4026
4027 def scm_instance(self, **kwargs):
4028 full_repo_path = os.path.join(self.base_path(), self.gist_access_id)
4029 return get_vcs_instance(
4030 repo_path=safe_str(full_repo_path), create=False)
4031
4032
4033 class ExternalIdentity(Base, BaseModel):
4034 __tablename__ = 'external_identities'
4035 __table_args__ = (
4036 Index('local_user_id_idx', 'local_user_id'),
4037 Index('external_id_idx', 'external_id'),
4038 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4039 'mysql_charset': 'utf8'})
4040
4041 external_id = Column('external_id', Unicode(255), default=u'',
4042 primary_key=True)
4043 external_username = Column('external_username', Unicode(1024), default=u'')
4044 local_user_id = Column('local_user_id', Integer(),
4045 ForeignKey('users.user_id'), primary_key=True)
4046 provider_name = Column('provider_name', Unicode(255), default=u'',
4047 primary_key=True)
4048 access_token = Column('access_token', String(1024), default=u'')
4049 alt_token = Column('alt_token', String(1024), default=u'')
4050 token_secret = Column('token_secret', String(1024), default=u'')
4051
4052 @classmethod
4053 def by_external_id_and_provider(cls, external_id, provider_name,
4054 local_user_id=None):
4055 """
4056 Returns ExternalIdentity instance based on search params
4057
4058 :param external_id:
4059 :param provider_name:
4060 :return: ExternalIdentity
4061 """
4062 query = cls.query()
4063 query = query.filter(cls.external_id == external_id)
4064 query = query.filter(cls.provider_name == provider_name)
4065 if local_user_id:
4066 query = query.filter(cls.local_user_id == local_user_id)
4067 return query.first()
4068
4069 @classmethod
4070 def user_by_external_id_and_provider(cls, external_id, provider_name):
4071 """
4072 Returns User instance based on search params
4073
4074 :param external_id:
4075 :param provider_name:
4076 :return: User
4077 """
4078 query = User.query()
4079 query = query.filter(cls.external_id == external_id)
4080 query = query.filter(cls.provider_name == provider_name)
4081 query = query.filter(User.user_id == cls.local_user_id)
4082 return query.first()
4083
4084 @classmethod
4085 def by_local_user_id(cls, local_user_id):
4086 """
4087 Returns all tokens for user
4088
4089 :param local_user_id:
4090 :return: ExternalIdentity
4091 """
4092 query = cls.query()
4093 query = query.filter(cls.local_user_id == local_user_id)
4094 return query
4095
4096
4097 class Integration(Base, BaseModel):
4098 __tablename__ = 'integrations'
4099 __table_args__ = (
4100 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4101 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
4102 )
4103
4104 integration_id = Column('integration_id', Integer(), primary_key=True)
4105 integration_type = Column('integration_type', String(255))
4106 enabled = Column('enabled', Boolean(), nullable=False)
4107 name = Column('name', String(255), nullable=False)
4108 child_repos_only = Column('child_repos_only', Boolean(), nullable=False,
4109 default=False)
4110
4111 settings = Column(
4112 'settings_json', MutationObj.as_mutable(
4113 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
4114 repo_id = Column(
4115 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
4116 nullable=True, unique=None, default=None)
4117 repo = relationship('Repository', lazy='joined')
4118
4119 repo_group_id = Column(
4120 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
4121 nullable=True, unique=None, default=None)
4122 repo_group = relationship('RepoGroup', lazy='joined')
4123
4124 @property
4125 def scope(self):
4126 if self.repo:
4127 return repr(self.repo)
4128 if self.repo_group:
4129 if self.child_repos_only:
4130 return repr(self.repo_group) + ' (child repos only)'
4131 else:
4132 return repr(self.repo_group) + ' (recursive)'
4133 if self.child_repos_only:
4134 return 'root_repos'
4135 return 'global'
4136
4137 def __repr__(self):
4138 return '<Integration(%r, %r)>' % (self.integration_type, self.scope)
4139
4140
4141 class RepoReviewRuleUser(Base, BaseModel):
4142 __tablename__ = 'repo_review_rules_users'
4143 __table_args__ = (
4144 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4145 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4146 )
4147
4148 repo_review_rule_user_id = Column('repo_review_rule_user_id', Integer(), primary_key=True)
4149 repo_review_rule_id = Column("repo_review_rule_id", Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
4150 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False)
4151 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4152 user = relationship('User')
4153
4154 def rule_data(self):
4155 return {
4156 'mandatory': self.mandatory
4157 }
4158
4159
4160 class RepoReviewRuleUserGroup(Base, BaseModel):
4161 __tablename__ = 'repo_review_rules_users_groups'
4162 __table_args__ = (
4163 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4164 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4165 )
4166 VOTE_RULE_ALL = -1
4167
4168 repo_review_rule_users_group_id = Column('repo_review_rule_users_group_id', Integer(), primary_key=True)
4169 repo_review_rule_id = Column("repo_review_rule_id", Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
4170 users_group_id = Column("users_group_id", Integer(),ForeignKey('users_groups.users_group_id'), nullable=False)
4171 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4172 vote_rule = Column("vote_rule", Integer(), nullable=True, default=VOTE_RULE_ALL)
4173 users_group = relationship('UserGroup')
4174
4175 def rule_data(self):
4176 return {
4177 'mandatory': self.mandatory,
4178 'vote_rule': self.vote_rule
4179 }
4180
4181 @property
4182 def vote_rule_label(self):
4183 if not self.vote_rule or self.vote_rule == self.VOTE_RULE_ALL:
4184 return 'all must vote'
4185 else:
4186 return 'min. vote {}'.format(self.vote_rule)
4187
4188
4189 class RepoReviewRule(Base, BaseModel):
4190 __tablename__ = 'repo_review_rules'
4191 __table_args__ = (
4192 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4193 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4194 )
4195
4196 repo_review_rule_id = Column(
4197 'repo_review_rule_id', Integer(), primary_key=True)
4198 repo_id = Column(
4199 "repo_id", Integer(), ForeignKey('repositories.repo_id'))
4200 repo = relationship('Repository', backref='review_rules')
4201
4202 review_rule_name = Column('review_rule_name', String(255))
4203 _branch_pattern = Column("branch_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4204 _target_branch_pattern = Column("target_branch_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4205 _file_pattern = Column("file_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4206
4207 use_authors_for_review = Column("use_authors_for_review", Boolean(), nullable=False, default=False)
4208 forbid_author_to_review = Column("forbid_author_to_review", Boolean(), nullable=False, default=False)
4209 forbid_commit_author_to_review = Column("forbid_commit_author_to_review", Boolean(), nullable=False, default=False)
4210 forbid_adding_reviewers = Column("forbid_adding_reviewers", Boolean(), nullable=False, default=False)
4211
4212 rule_users = relationship('RepoReviewRuleUser')
4213 rule_user_groups = relationship('RepoReviewRuleUserGroup')
4214
4215 def _validate_glob(self, value):
4216 re.compile('^' + glob2re(value) + '$')
4217
4218 @hybrid_property
4219 def source_branch_pattern(self):
4220 return self._branch_pattern or '*'
4221
4222 @source_branch_pattern.setter
4223 def source_branch_pattern(self, value):
4224 self._validate_glob(value)
4225 self._branch_pattern = value or '*'
4226
4227 @hybrid_property
4228 def target_branch_pattern(self):
4229 return self._target_branch_pattern or '*'
4230
4231 @target_branch_pattern.setter
4232 def target_branch_pattern(self, value):
4233 self._validate_glob(value)
4234 self._target_branch_pattern = value or '*'
4235
4236 @hybrid_property
4237 def file_pattern(self):
4238 return self._file_pattern or '*'
4239
4240 @file_pattern.setter
4241 def file_pattern(self, value):
4242 self._validate_glob(value)
4243 self._file_pattern = value or '*'
4244
4245 def matches(self, source_branch, target_branch, files_changed):
4246 """
4247 Check if this review rule matches a branch/files in a pull request
4248
4249 :param source_branch: source branch name for the commit
4250 :param target_branch: target branch name for the commit
4251 :param files_changed: list of file paths changed in the pull request
4252 """
4253
4254 source_branch = source_branch or ''
4255 target_branch = target_branch or ''
4256 files_changed = files_changed or []
4257
4258 branch_matches = True
4259 if source_branch or target_branch:
4260 if self.source_branch_pattern == '*':
4261 source_branch_match = True
4262 else:
4263 source_branch_regex = re.compile(
4264 '^' + glob2re(self.source_branch_pattern) + '$')
4265 source_branch_match = bool(source_branch_regex.search(source_branch))
4266 if self.target_branch_pattern == '*':
4267 target_branch_match = True
4268 else:
4269 target_branch_regex = re.compile(
4270 '^' + glob2re(self.target_branch_pattern) + '$')
4271 target_branch_match = bool(target_branch_regex.search(target_branch))
4272
4273 branch_matches = source_branch_match and target_branch_match
4274
4275 files_matches = True
4276 if self.file_pattern != '*':
4277 files_matches = False
4278 file_regex = re.compile(glob2re(self.file_pattern))
4279 for filename in files_changed:
4280 if file_regex.search(filename):
4281 files_matches = True
4282 break
4283
4284 return branch_matches and files_matches
4285
4286 @property
4287 def review_users(self):
4288 """ Returns the users which this rule applies to """
4289
4290 users = collections.OrderedDict()
4291
4292 for rule_user in self.rule_users:
4293 if rule_user.user.active:
4294 if rule_user.user not in users:
4295 users[rule_user.user.username] = {
4296 'user': rule_user.user,
4297 'source': 'user',
4298 'source_data': {},
4299 'data': rule_user.rule_data()
4300 }
4301
4302 for rule_user_group in self.rule_user_groups:
4303 source_data = {
4304 'user_group_id': rule_user_group.users_group.users_group_id,
4305 'name': rule_user_group.users_group.users_group_name,
4306 'members': len(rule_user_group.users_group.members)
4307 }
4308 for member in rule_user_group.users_group.members:
4309 if member.user.active:
4310 key = member.user.username
4311 if key in users:
4312 # skip this member as we have him already
4313 # this prevents from override the "first" matched
4314 # users with duplicates in multiple groups
4315 continue
4316
4317 users[key] = {
4318 'user': member.user,
4319 'source': 'user_group',
4320 'source_data': source_data,
4321 'data': rule_user_group.rule_data()
4322 }
4323
4324 return users
4325
4326 def user_group_vote_rule(self):
4327 rules = []
4328 if self.rule_user_groups:
4329 for user_group in self.rule_user_groups:
4330 rules.append(user_group)
4331 return rules
4332
4333 def __repr__(self):
4334 return '<RepoReviewerRule(id=%r, repo=%r)>' % (
4335 self.repo_review_rule_id, self.repo)
4336
4337
4338 class ScheduleEntry(Base, BaseModel):
4339 __tablename__ = 'schedule_entries'
4340 __table_args__ = (
4341 UniqueConstraint('schedule_name', name='s_schedule_name_idx'),
4342 UniqueConstraint('task_uid', name='s_task_uid_idx'),
4343 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4344 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
4345 )
4346 schedule_types = ['crontab', 'timedelta', 'integer']
4347 schedule_entry_id = Column('schedule_entry_id', Integer(), primary_key=True)
4348
4349 schedule_name = Column("schedule_name", String(255), nullable=False, unique=None, default=None)
4350 schedule_description = Column("schedule_description", String(10000), nullable=True, unique=None, default=None)
4351 schedule_enabled = Column("schedule_enabled", Boolean(), nullable=False, unique=None, default=True)
4352
4353 _schedule_type = Column("schedule_type", String(255), nullable=False, unique=None, default=None)
4354 schedule_definition = Column('schedule_definition_json', MutationObj.as_mutable(JsonType(default=lambda: "", dialect_map=dict(mysql=LONGTEXT()))))
4355
4356 schedule_last_run = Column('schedule_last_run', DateTime(timezone=False), nullable=True, unique=None, default=None)
4357 schedule_total_run_count = Column('schedule_total_run_count', Integer(), nullable=True, unique=None, default=0)
4358
4359 # task
4360 task_uid = Column("task_uid", String(255), nullable=False, unique=None, default=None)
4361 task_dot_notation = Column("task_dot_notation", String(4096), nullable=False, unique=None, default=None)
4362 task_args = Column('task_args_json', MutationObj.as_mutable(JsonType(default=list, dialect_map=dict(mysql=LONGTEXT()))))
4363 task_kwargs = Column('task_kwargs_json', MutationObj.as_mutable(JsonType(default=dict, dialect_map=dict(mysql=LONGTEXT()))))
4364
4365 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
4366 updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=None)
4367
4368 @hybrid_property
4369 def schedule_type(self):
4370 return self._schedule_type
4371
4372 @schedule_type.setter
4373 def schedule_type(self, val):
4374 if val not in self.schedule_types:
4375 raise ValueError('Value must be on of `{}` and got `{}`'.format(
4376 val, self.schedule_type))
4377
4378 self._schedule_type = val
4379
4380 @classmethod
4381 def get_uid(cls, obj):
4382 args = obj.task_args
4383 kwargs = obj.task_kwargs
4384 if isinstance(args, JsonRaw):
4385 try:
4386 args = json.loads(args)
4387 except ValueError:
4388 args = tuple()
4389
4390 if isinstance(kwargs, JsonRaw):
4391 try:
4392 kwargs = json.loads(kwargs)
4393 except ValueError:
4394 kwargs = dict()
4395
4396 dot_notation = obj.task_dot_notation
4397 val = '.'.join(map(safe_str, [
4398 sorted(dot_notation), args, sorted(kwargs.items())]))
4399 return hashlib.sha1(val).hexdigest()
4400
4401 @classmethod
4402 def get_by_schedule_name(cls, schedule_name):
4403 return cls.query().filter(cls.schedule_name == schedule_name).scalar()
4404
4405 @classmethod
4406 def get_by_schedule_id(cls, schedule_id):
4407 return cls.query().filter(cls.schedule_entry_id == schedule_id).scalar()
4408
4409 @property
4410 def task(self):
4411 return self.task_dot_notation
4412
4413 @property
4414 def schedule(self):
4415 from rhodecode.lib.celerylib.utils import raw_2_schedule
4416 schedule = raw_2_schedule(self.schedule_definition, self.schedule_type)
4417 return schedule
4418
4419 @property
4420 def args(self):
4421 try:
4422 return list(self.task_args or [])
4423 except ValueError:
4424 return list()
4425
4426 @property
4427 def kwargs(self):
4428 try:
4429 return dict(self.task_kwargs or {})
4430 except ValueError:
4431 return dict()
4432
4433 def _as_raw(self, val):
4434 if hasattr(val, 'de_coerce'):
4435 val = val.de_coerce()
4436 if val:
4437 val = json.dumps(val)
4438
4439 return val
4440
4441 @property
4442 def schedule_definition_raw(self):
4443 return self._as_raw(self.schedule_definition)
4444
4445 @property
4446 def args_raw(self):
4447 return self._as_raw(self.task_args)
4448
4449 @property
4450 def kwargs_raw(self):
4451 return self._as_raw(self.task_kwargs)
4452
4453 def __repr__(self):
4454 return '<DB:ScheduleEntry({}:{})>'.format(
4455 self.schedule_entry_id, self.schedule_name)
4456
4457
4458 @event.listens_for(ScheduleEntry, 'before_update')
4459 def update_task_uid(mapper, connection, target):
4460 target.task_uid = ScheduleEntry.get_uid(target)
4461
4462
4463 @event.listens_for(ScheduleEntry, 'before_insert')
4464 def set_task_uid(mapper, connection, target):
4465 target.task_uid = ScheduleEntry.get_uid(target)
4466
4467
4468 class _BaseBranchPerms(BaseModel):
4469 @classmethod
4470 def compute_hash(cls, value):
4471 return md5_safe(value)
4472
4473 @hybrid_property
4474 def branch_pattern(self):
4475 return self._branch_pattern or '*'
4476
4477 @hybrid_property
4478 def branch_hash(self):
4479 return self._branch_hash
4480
4481 def _validate_glob(self, value):
4482 re.compile('^' + glob2re(value) + '$')
4483
4484 @branch_pattern.setter
4485 def branch_pattern(self, value):
4486 self._validate_glob(value)
4487 self._branch_pattern = value or '*'
4488 # set the Hash when setting the branch pattern
4489 self._branch_hash = self.compute_hash(self._branch_pattern)
4490
4491 def matches(self, branch):
4492 """
4493 Check if this the branch matches entry
4494
4495 :param branch: branch name for the commit
4496 """
4497
4498 branch = branch or ''
4499
4500 branch_matches = True
4501 if branch:
4502 branch_regex = re.compile('^' + glob2re(self.branch_pattern) + '$')
4503 branch_matches = bool(branch_regex.search(branch))
4504
4505 return branch_matches
4506
4507
4508 class UserToRepoBranchPermission(Base, _BaseBranchPerms):
4509 __tablename__ = 'user_to_repo_branch_permissions'
4510 __table_args__ = (
4511 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4512 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4513 )
4514
4515 branch_rule_id = Column('branch_rule_id', Integer(), primary_key=True)
4516
4517 repository_id = Column('repository_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
4518 repo = relationship('Repository', backref='user_branch_perms')
4519
4520 permission_id = Column('permission_id', Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
4521 permission = relationship('Permission')
4522
4523 rule_to_perm_id = Column('rule_to_perm_id', Integer(), ForeignKey('repo_to_perm.repo_to_perm_id'), nullable=False, unique=None, default=None)
4524 user_repo_to_perm = relationship('UserRepoToPerm')
4525
4526 rule_order = Column('rule_order', Integer(), nullable=False)
4527 _branch_pattern = Column('branch_pattern', UnicodeText().with_variant(UnicodeText(2048), 'mysql'), default=u'*') # glob
4528 _branch_hash = Column('branch_hash', UnicodeText().with_variant(UnicodeText(2048), 'mysql'))
4529
4530 def __unicode__(self):
4531 return u'<UserBranchPermission(%s => %r)>' % (
4532 self.user_repo_to_perm, self.branch_pattern)
4533
4534
4535 class UserGroupToRepoBranchPermission(Base, _BaseBranchPerms):
4536 __tablename__ = 'user_group_to_repo_branch_permissions'
4537 __table_args__ = (
4538 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4539 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4540 )
4541
4542 branch_rule_id = Column('branch_rule_id', Integer(), primary_key=True)
4543
4544 repository_id = Column('repository_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
4545 repo = relationship('Repository', backref='user_group_branch_perms')
4546
4547 permission_id = Column('permission_id', Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
4548 permission = relationship('Permission')
4549
4550 rule_to_perm_id = Column('rule_to_perm_id', Integer(), ForeignKey('users_group_repo_to_perm.users_group_to_perm_id'), nullable=False, unique=None, default=None)
4551 user_group_repo_to_perm = relationship('UserGroupRepoToPerm')
4552
4553 rule_order = Column('rule_order', Integer(), nullable=False)
4554 _branch_pattern = Column('branch_pattern', UnicodeText().with_variant(UnicodeText(2048), 'mysql'), default=u'*') # glob
4555 _branch_hash = Column('branch_hash', UnicodeText().with_variant(UnicodeText(2048), 'mysql'))
4556
4557 def __unicode__(self):
4558 return u'<UserBranchPermission(%s => %r)>' % (
4559 self.user_group_repo_to_perm, self.branch_pattern)
4560
4561
4562 class DbMigrateVersion(Base, BaseModel):
4563 __tablename__ = 'db_migrate_version'
4564 __table_args__ = (
4565 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4566 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
4567 )
4568 repository_id = Column('repository_id', String(250), primary_key=True)
4569 repository_path = Column('repository_path', Text)
4570 version = Column('version', Integer)
4571
4572
4573 class DbSession(Base, BaseModel):
4574 __tablename__ = 'db_session'
4575 __table_args__ = (
4576 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4577 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
4578 )
4579
4580 def __repr__(self):
4581 return '<DB:DbSession({})>'.format(self.id)
4582
4583 id = Column('id', Integer())
4584 namespace = Column('namespace', String(255), primary_key=True)
4585 accessed = Column('accessed', DateTime, nullable=False)
4586 created = Column('created', DateTime, nullable=False)
4587 data = Column('data', PickleType, nullable=False)
Show file before | Show file after | Hide comments
@@ -0,0 +1,46 b''
1 import logging
2
3 from sqlalchemy import *
4 from sqlalchemy.engine import reflection
5 from sqlalchemy.dialects.mysql import LONGTEXT
6
7 from alembic.migration import MigrationContext
8 from alembic.operations import Operations
9
10 from rhodecode.lib.dbmigrate.utils import create_default_permissions, \
11 create_default_object_permission
12 from rhodecode.model import meta
13 from rhodecode.lib.dbmigrate.versions import _reset_base, notify
14
15 log = logging.getLogger(__name__)
16
17
18 def upgrade(migrate_engine):
19 """
20 Upgrade operations go here.
21 Don't create your own engine; bind migrate_engine to your metadata
22 """
23 _reset_base(migrate_engine)
24 from rhodecode.lib.dbmigrate.schema import db_4_13_0_0 as db
25
26 # issue fixups
27 fixups(db, meta.Session)
28
29
30 def downgrade(migrate_engine):
31 meta = MetaData()
32 meta.bind = migrate_engine
33
34
35 def fixups(models, _SESSION):
36 # create default permissions
37 create_default_permissions(_SESSION, models)
38 log.info('created default global permissions definitions')
39 _SESSION().commit()
40
41 # # fix default object permissions
42 # create_default_object_permission(_SESSION, models)
43
44 log.info('created default permission')
45 _SESSION().commit()
46
Show file before | Show file after | Hide comments
@@ -0,0 +1,39 b''
1 import logging
2
3 from sqlalchemy import *
4 from sqlalchemy.engine import reflection
5 from sqlalchemy.dialects.mysql import LONGTEXT
6
7 from alembic.migration import MigrationContext
8 from alembic.operations import Operations
9
10 from rhodecode.model import meta
11 from rhodecode.lib.dbmigrate.versions import _reset_base, notify
12
13 log = logging.getLogger(__name__)
14
15
16 def upgrade(migrate_engine):
17 """
18 Upgrade operations go here.
19 Don't create your own engine; bind migrate_engine to your metadata
20 """
21 _reset_base(migrate_engine)
22 from rhodecode.lib.dbmigrate.schema import db_4_13_0_0 as db
23
24 db.UserToRepoBranchPermission.__table__.create()
25 db.UserGroupToRepoBranchPermission.__table__.create()
26
27 # issue fixups
28 fixups(db, meta.Session)
29
30
31 def downgrade(migrate_engine):
32 meta = MetaData()
33 meta.bind = migrate_engine
34
35
36 def fixups(models, _SESSION):
37 pass
38
39
Show file before | Show file after | Hide comments
@@ -0,0 +1,43 b''
1 import logging
2
3 from sqlalchemy import *
4
5 from rhodecode.lib.dbmigrate.utils import (
6 create_default_object_permission, create_default_permissions)
7
8 from rhodecode.model import meta
9 from rhodecode.lib.dbmigrate.versions import _reset_base, notify
10
11 log = logging.getLogger(__name__)
12
13
14 def upgrade(migrate_engine):
15 """
16 Upgrade operations go here.
17 Don't create your own engine; bind migrate_engine to your metadata
18 """
19 _reset_base(migrate_engine)
20 from rhodecode.lib.dbmigrate.schema import db_4_13_0_0 as db
21
22 # issue fixups
23 fixups(db, meta.Session)
24
25
26 def downgrade(migrate_engine):
27 meta = MetaData()
28 meta.bind = migrate_engine
29
30
31 def fixups(models, _SESSION):
32 # create default permissions
33 create_default_permissions(_SESSION, models)
34 log.info('created default global permissions definitions')
35 _SESSION().commit()
36
37 # fix default object permissions
38 create_default_object_permission(_SESSION, models)
39
40 log.info('created default permission')
41 _SESSION().commit()
42
43
Show file before | Show file after | Hide comments
@@ -0,0 +1,9 b''
1 <div class="panel panel-default">
2 <div class="panel-heading">
3 <h3 class="panel-title">${_('Default Permissions for Branches.')}</h3>
4 </div>
5 <div class="panel-body">
6 <h4>${_('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')|n}</h4>
7 <img style="width: 100%; height: 100%" src="${h.asset('images/ee_features/admin_branch_permissions.png')}"/>
8 </div>
9 </div>
Show file before | Show file after | Hide comments
@@ -0,0 +1,9 b''
1 <div class="panel panel-default">
2 <div class="panel-heading">
3 <h3 class="panel-title">${_('Repository Branch Permissions.')}</h3>
4 </div>
5 <div class="panel-body">
6 <h4>${_('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')|n}</h4>
7 <img style="width: 100%; height: 100%" src="${h.asset('images/ee_features/repo_branch_permissions.png')}"/>
8 </div>
9 </div>
Show file before | Show file after | Hide comments
@@ -1,63 +1,63 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22
23 23 RhodeCode, a web based repository management software
24 24 versioning implementation: http://www.python.org/dev/peps/pep-0386/
25 25 """
26 26
27 27 import os
28 28 import sys
29 29 import platform
30 30
31 31 VERSION = tuple(open(os.path.join(
32 32 os.path.dirname(__file__), 'VERSION')).read().split('.'))
33 33
34 34 BACKENDS = {
35 35 'hg': 'Mercurial repository',
36 36 'git': 'Git repository',
37 37 'svn': 'Subversion repository',
38 38 }
39 39
40 40 CELERY_ENABLED = False
41 41 CELERY_EAGER = False
42 42
43 43 # link to config for pyramid
44 44 CONFIG = {}
45 45
46 46 # Populated with the settings dictionary from application init in
47 47 # rhodecode.conf.environment.load_pyramid_environment
48 48 PYRAMID_SETTINGS = {}
49 49
50 50 # Linked module for extensions
51 51 EXTENSIONS = {}
52 52
53 53 __version__ = ('.'.join((str(each) for each in VERSION[:3])))
54 __dbversion__ = 87 # defines current db version for migrations
54 __dbversion__ = 90 # defines current db version for migrations
55 55 __platform__ = platform.system()
56 56 __license__ = 'AGPLv3, and Commercial License'
57 57 __author__ = 'RhodeCode GmbH'
58 58 __url__ = 'https://code.rhodecode.com'
59 59
60 60 is_windows = __platform__ in ['Windows']
61 61 is_unix = not is_windows
62 62 is_test = False
63 63 disable_error_handler = False
Show file before | Show file after | Hide comments
@@ -1,439 +1,444 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2016-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21
22 22 from rhodecode.apps._base import ADMIN_PREFIX
23 23
24 24
25 25 def admin_routes(config):
26 26 """
27 27 Admin prefixed routes
28 28 """
29 29
30 30 config.add_route(
31 31 name='admin_audit_logs',
32 32 pattern='/audit_logs')
33 33
34 34 config.add_route(
35 35 name='admin_audit_log_entry',
36 36 pattern='/audit_logs/{audit_log_id}')
37 37
38 38 config.add_route(
39 39 name='pull_requests_global_0', # backward compat
40 40 pattern='/pull_requests/{pull_request_id:\d+}')
41 41 config.add_route(
42 42 name='pull_requests_global_1', # backward compat
43 43 pattern='/pull-requests/{pull_request_id:\d+}')
44 44 config.add_route(
45 45 name='pull_requests_global',
46 46 pattern='/pull-request/{pull_request_id:\d+}')
47 47
48 48 config.add_route(
49 49 name='admin_settings_open_source',
50 50 pattern='/settings/open_source')
51 51 config.add_route(
52 52 name='admin_settings_vcs_svn_generate_cfg',
53 53 pattern='/settings/vcs/svn_generate_cfg')
54 54
55 55 config.add_route(
56 56 name='admin_settings_system',
57 57 pattern='/settings/system')
58 58 config.add_route(
59 59 name='admin_settings_system_update',
60 60 pattern='/settings/system/updates')
61 61
62 62 config.add_route(
63 63 name='admin_settings_exception_tracker',
64 64 pattern='/settings/exceptions')
65 65 config.add_route(
66 66 name='admin_settings_exception_tracker_delete_all',
67 67 pattern='/settings/exceptions/delete')
68 68 config.add_route(
69 69 name='admin_settings_exception_tracker_show',
70 70 pattern='/settings/exceptions/{exception_id}')
71 71 config.add_route(
72 72 name='admin_settings_exception_tracker_delete',
73 73 pattern='/settings/exceptions/{exception_id}/delete')
74 74
75 75 config.add_route(
76 76 name='admin_settings_sessions',
77 77 pattern='/settings/sessions')
78 78 config.add_route(
79 79 name='admin_settings_sessions_cleanup',
80 80 pattern='/settings/sessions/cleanup')
81 81
82 82 config.add_route(
83 83 name='admin_settings_process_management',
84 84 pattern='/settings/process_management')
85 85 config.add_route(
86 86 name='admin_settings_process_management_data',
87 87 pattern='/settings/process_management/data')
88 88 config.add_route(
89 89 name='admin_settings_process_management_signal',
90 90 pattern='/settings/process_management/signal')
91 91 config.add_route(
92 92 name='admin_settings_process_management_master_signal',
93 93 pattern='/settings/process_management/master_signal')
94 94
95 95 # default settings
96 96 config.add_route(
97 97 name='admin_defaults_repositories',
98 98 pattern='/defaults/repositories')
99 99 config.add_route(
100 100 name='admin_defaults_repositories_update',
101 101 pattern='/defaults/repositories/update')
102 102
103 103 # admin settings
104 104
105 105 config.add_route(
106 106 name='admin_settings',
107 107 pattern='/settings')
108 108 config.add_route(
109 109 name='admin_settings_update',
110 110 pattern='/settings/update')
111 111
112 112 config.add_route(
113 113 name='admin_settings_global',
114 114 pattern='/settings/global')
115 115 config.add_route(
116 116 name='admin_settings_global_update',
117 117 pattern='/settings/global/update')
118 118
119 119 config.add_route(
120 120 name='admin_settings_vcs',
121 121 pattern='/settings/vcs')
122 122 config.add_route(
123 123 name='admin_settings_vcs_update',
124 124 pattern='/settings/vcs/update')
125 125 config.add_route(
126 126 name='admin_settings_vcs_svn_pattern_delete',
127 127 pattern='/settings/vcs/svn_pattern_delete')
128 128
129 129 config.add_route(
130 130 name='admin_settings_mapping',
131 131 pattern='/settings/mapping')
132 132 config.add_route(
133 133 name='admin_settings_mapping_update',
134 134 pattern='/settings/mapping/update')
135 135
136 136 config.add_route(
137 137 name='admin_settings_visual',
138 138 pattern='/settings/visual')
139 139 config.add_route(
140 140 name='admin_settings_visual_update',
141 141 pattern='/settings/visual/update')
142 142
143 143
144 144 config.add_route(
145 145 name='admin_settings_issuetracker',
146 146 pattern='/settings/issue-tracker')
147 147 config.add_route(
148 148 name='admin_settings_issuetracker_update',
149 149 pattern='/settings/issue-tracker/update')
150 150 config.add_route(
151 151 name='admin_settings_issuetracker_test',
152 152 pattern='/settings/issue-tracker/test')
153 153 config.add_route(
154 154 name='admin_settings_issuetracker_delete',
155 155 pattern='/settings/issue-tracker/delete')
156 156
157 157 config.add_route(
158 158 name='admin_settings_email',
159 159 pattern='/settings/email')
160 160 config.add_route(
161 161 name='admin_settings_email_update',
162 162 pattern='/settings/email/update')
163 163
164 164 config.add_route(
165 165 name='admin_settings_hooks',
166 166 pattern='/settings/hooks')
167 167 config.add_route(
168 168 name='admin_settings_hooks_update',
169 169 pattern='/settings/hooks/update')
170 170 config.add_route(
171 171 name='admin_settings_hooks_delete',
172 172 pattern='/settings/hooks/delete')
173 173
174 174 config.add_route(
175 175 name='admin_settings_search',
176 176 pattern='/settings/search')
177 177
178 178 config.add_route(
179 179 name='admin_settings_labs',
180 180 pattern='/settings/labs')
181 181 config.add_route(
182 182 name='admin_settings_labs_update',
183 183 pattern='/settings/labs/update')
184 184
185 185 # Automation EE feature
186 186 config.add_route(
187 187 'admin_settings_automation',
188 188 pattern=ADMIN_PREFIX + '/settings/automation')
189 189
190 190 # global permissions
191 191
192 192 config.add_route(
193 193 name='admin_permissions_application',
194 194 pattern='/permissions/application')
195 195 config.add_route(
196 196 name='admin_permissions_application_update',
197 197 pattern='/permissions/application/update')
198 198
199 199 config.add_route(
200 200 name='admin_permissions_global',
201 201 pattern='/permissions/global')
202 202 config.add_route(
203 203 name='admin_permissions_global_update',
204 204 pattern='/permissions/global/update')
205 205
206 206 config.add_route(
207 207 name='admin_permissions_object',
208 208 pattern='/permissions/object')
209 209 config.add_route(
210 210 name='admin_permissions_object_update',
211 211 pattern='/permissions/object/update')
212 212
213 # Branch perms EE feature
214 config.add_route(
215 name='admin_permissions_branch',
216 pattern='/permissions/branch')
217
213 218 config.add_route(
214 219 name='admin_permissions_ips',
215 220 pattern='/permissions/ips')
216 221
217 222 config.add_route(
218 223 name='admin_permissions_overview',
219 224 pattern='/permissions/overview')
220 225
221 226 config.add_route(
222 227 name='admin_permissions_auth_token_access',
223 228 pattern='/permissions/auth_token_access')
224 229
225 230 config.add_route(
226 231 name='admin_permissions_ssh_keys',
227 232 pattern='/permissions/ssh_keys')
228 233 config.add_route(
229 234 name='admin_permissions_ssh_keys_data',
230 235 pattern='/permissions/ssh_keys/data')
231 236 config.add_route(
232 237 name='admin_permissions_ssh_keys_update',
233 238 pattern='/permissions/ssh_keys/update')
234 239
235 240 # users admin
236 241 config.add_route(
237 242 name='users',
238 243 pattern='/users')
239 244
240 245 config.add_route(
241 246 name='users_data',
242 247 pattern='/users_data')
243 248
244 249 config.add_route(
245 250 name='users_create',
246 251 pattern='/users/create')
247 252
248 253 config.add_route(
249 254 name='users_new',
250 255 pattern='/users/new')
251 256
252 257 # user management
253 258 config.add_route(
254 259 name='user_edit',
255 260 pattern='/users/{user_id:\d+}/edit',
256 261 user_route=True)
257 262 config.add_route(
258 263 name='user_edit_advanced',
259 264 pattern='/users/{user_id:\d+}/edit/advanced',
260 265 user_route=True)
261 266 config.add_route(
262 267 name='user_edit_global_perms',
263 268 pattern='/users/{user_id:\d+}/edit/global_permissions',
264 269 user_route=True)
265 270 config.add_route(
266 271 name='user_edit_global_perms_update',
267 272 pattern='/users/{user_id:\d+}/edit/global_permissions/update',
268 273 user_route=True)
269 274 config.add_route(
270 275 name='user_update',
271 276 pattern='/users/{user_id:\d+}/update',
272 277 user_route=True)
273 278 config.add_route(
274 279 name='user_delete',
275 280 pattern='/users/{user_id:\d+}/delete',
276 281 user_route=True)
277 282 config.add_route(
278 283 name='user_force_password_reset',
279 284 pattern='/users/{user_id:\d+}/password_reset',
280 285 user_route=True)
281 286 config.add_route(
282 287 name='user_create_personal_repo_group',
283 288 pattern='/users/{user_id:\d+}/create_repo_group',
284 289 user_route=True)
285 290
286 291 # user auth tokens
287 292 config.add_route(
288 293 name='edit_user_auth_tokens',
289 294 pattern='/users/{user_id:\d+}/edit/auth_tokens',
290 295 user_route=True)
291 296 config.add_route(
292 297 name='edit_user_auth_tokens_add',
293 298 pattern='/users/{user_id:\d+}/edit/auth_tokens/new',
294 299 user_route=True)
295 300 config.add_route(
296 301 name='edit_user_auth_tokens_delete',
297 302 pattern='/users/{user_id:\d+}/edit/auth_tokens/delete',
298 303 user_route=True)
299 304
300 305 # user ssh keys
301 306 config.add_route(
302 307 name='edit_user_ssh_keys',
303 308 pattern='/users/{user_id:\d+}/edit/ssh_keys',
304 309 user_route=True)
305 310 config.add_route(
306 311 name='edit_user_ssh_keys_generate_keypair',
307 312 pattern='/users/{user_id:\d+}/edit/ssh_keys/generate',
308 313 user_route=True)
309 314 config.add_route(
310 315 name='edit_user_ssh_keys_add',
311 316 pattern='/users/{user_id:\d+}/edit/ssh_keys/new',
312 317 user_route=True)
313 318 config.add_route(
314 319 name='edit_user_ssh_keys_delete',
315 320 pattern='/users/{user_id:\d+}/edit/ssh_keys/delete',
316 321 user_route=True)
317 322
318 323 # user emails
319 324 config.add_route(
320 325 name='edit_user_emails',
321 326 pattern='/users/{user_id:\d+}/edit/emails',
322 327 user_route=True)
323 328 config.add_route(
324 329 name='edit_user_emails_add',
325 330 pattern='/users/{user_id:\d+}/edit/emails/new',
326 331 user_route=True)
327 332 config.add_route(
328 333 name='edit_user_emails_delete',
329 334 pattern='/users/{user_id:\d+}/edit/emails/delete',
330 335 user_route=True)
331 336
332 337 # user IPs
333 338 config.add_route(
334 339 name='edit_user_ips',
335 340 pattern='/users/{user_id:\d+}/edit/ips',
336 341 user_route=True)
337 342 config.add_route(
338 343 name='edit_user_ips_add',
339 344 pattern='/users/{user_id:\d+}/edit/ips/new',
340 345 user_route_with_default=True) # enabled for default user too
341 346 config.add_route(
342 347 name='edit_user_ips_delete',
343 348 pattern='/users/{user_id:\d+}/edit/ips/delete',
344 349 user_route_with_default=True) # enabled for default user too
345 350
346 351 # user perms
347 352 config.add_route(
348 353 name='edit_user_perms_summary',
349 354 pattern='/users/{user_id:\d+}/edit/permissions_summary',
350 355 user_route=True)
351 356 config.add_route(
352 357 name='edit_user_perms_summary_json',
353 358 pattern='/users/{user_id:\d+}/edit/permissions_summary/json',
354 359 user_route=True)
355 360
356 361 # user user groups management
357 362 config.add_route(
358 363 name='edit_user_groups_management',
359 364 pattern='/users/{user_id:\d+}/edit/groups_management',
360 365 user_route=True)
361 366
362 367 config.add_route(
363 368 name='edit_user_groups_management_updates',
364 369 pattern='/users/{user_id:\d+}/edit/edit_user_groups_management/updates',
365 370 user_route=True)
366 371
367 372 # user audit logs
368 373 config.add_route(
369 374 name='edit_user_audit_logs',
370 375 pattern='/users/{user_id:\d+}/edit/audit', user_route=True)
371 376
372 377 # user caches
373 378 config.add_route(
374 379 name='edit_user_caches',
375 380 pattern='/users/{user_id:\d+}/edit/caches',
376 381 user_route=True)
377 382 config.add_route(
378 383 name='edit_user_caches_update',
379 384 pattern='/users/{user_id:\d+}/edit/caches/update',
380 385 user_route=True)
381 386
382 387 # user-groups admin
383 388 config.add_route(
384 389 name='user_groups',
385 390 pattern='/user_groups')
386 391
387 392 config.add_route(
388 393 name='user_groups_data',
389 394 pattern='/user_groups_data')
390 395
391 396 config.add_route(
392 397 name='user_groups_new',
393 398 pattern='/user_groups/new')
394 399
395 400 config.add_route(
396 401 name='user_groups_create',
397 402 pattern='/user_groups/create')
398 403
399 404 # repos admin
400 405 config.add_route(
401 406 name='repos',
402 407 pattern='/repos')
403 408
404 409 config.add_route(
405 410 name='repo_new',
406 411 pattern='/repos/new')
407 412
408 413 config.add_route(
409 414 name='repo_create',
410 415 pattern='/repos/create')
411 416
412 417 # repo groups admin
413 418 config.add_route(
414 419 name='repo_groups',
415 420 pattern='/repo_groups')
416 421
417 422 config.add_route(
418 423 name='repo_group_new',
419 424 pattern='/repo_group/new')
420 425
421 426 config.add_route(
422 427 name='repo_group_create',
423 428 pattern='/repo_group/create')
424 429
425 430
426 431 def includeme(config):
427 432 from rhodecode.apps.admin.navigation import includeme as nav_includeme
428 433
429 434 # Create admin navigation registry and add it to the pyramid registry.
430 435 nav_includeme(config)
431 436
432 437 # main admin routes
433 438 config.add_route(name='admin_home', pattern=ADMIN_PREFIX)
434 439 config.include(admin_routes, route_prefix=ADMIN_PREFIX)
435 440
436 441 config.include('.subscribers')
437 442
438 443 # Scan module for configuration decorators.
439 444 config.scan('.views', ignore='.tests')
Show file before | Show file after | Hide comments
@@ -1,484 +1,509 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2016-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import re
22 22 import logging
23 23 import formencode
24 24 import formencode.htmlfill
25 25 import datetime
26 26 from pyramid.interfaces import IRoutesMapper
27 27
28 28 from pyramid.view import view_config
29 29 from pyramid.httpexceptions import HTTPFound
30 30 from pyramid.renderers import render
31 31 from pyramid.response import Response
32 32
33 33 from rhodecode.apps._base import BaseAppView, DataGridAppView
34 34 from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
35 35 from rhodecode.events import trigger
36 36
37 37 from rhodecode.lib import helpers as h
38 38 from rhodecode.lib.auth import (
39 39 LoginRequired, HasPermissionAllDecorator, CSRFRequired)
40 40 from rhodecode.lib.utils2 import aslist, safe_unicode
41 41 from rhodecode.model.db import (
42 42 or_, coalesce, User, UserIpMap, UserSshKeys)
43 43 from rhodecode.model.forms import (
44 44 ApplicationPermissionsForm, ObjectPermissionsForm, UserPermissionsForm)
45 45 from rhodecode.model.meta import Session
46 46 from rhodecode.model.permission import PermissionModel
47 47 from rhodecode.model.settings import SettingsModel
48 48
49 49
50 50 log = logging.getLogger(__name__)
51 51
52 52
53 53 class AdminPermissionsView(BaseAppView, DataGridAppView):
54 54 def load_default_context(self):
55 55 c = self._get_local_tmpl_context()
56 56 PermissionModel().set_global_permission_choices(
57 57 c, gettext_translator=self.request.translate)
58 58 return c
59 59
60 60 @LoginRequired()
61 61 @HasPermissionAllDecorator('hg.admin')
62 62 @view_config(
63 63 route_name='admin_permissions_application', request_method='GET',
64 64 renderer='rhodecode:templates/admin/permissions/permissions.mako')
65 65 def permissions_application(self):
66 66 c = self.load_default_context()
67 67 c.active = 'application'
68 68
69 69 c.user = User.get_default_user(refresh=True)
70 70
71 71 app_settings = SettingsModel().get_all_settings()
72 72 defaults = {
73 73 'anonymous': c.user.active,
74 74 'default_register_message': app_settings.get(
75 75 'rhodecode_register_message')
76 76 }
77 77 defaults.update(c.user.get_default_perms())
78 78
79 79 data = render('rhodecode:templates/admin/permissions/permissions.mako',
80 80 self._get_template_context(c), self.request)
81 81 html = formencode.htmlfill.render(
82 82 data,
83 83 defaults=defaults,
84 84 encoding="UTF-8",
85 85 force_defaults=False
86 86 )
87 87 return Response(html)
88 88
89 89 @LoginRequired()
90 90 @HasPermissionAllDecorator('hg.admin')
91 91 @CSRFRequired()
92 92 @view_config(
93 93 route_name='admin_permissions_application_update', request_method='POST',
94 94 renderer='rhodecode:templates/admin/permissions/permissions.mako')
95 95 def permissions_application_update(self):
96 96 _ = self.request.translate
97 97 c = self.load_default_context()
98 98 c.active = 'application'
99 99
100 100 _form = ApplicationPermissionsForm(
101 101 self.request.translate,
102 102 [x[0] for x in c.register_choices],
103 103 [x[0] for x in c.password_reset_choices],
104 104 [x[0] for x in c.extern_activate_choices])()
105 105
106 106 try:
107 107 form_result = _form.to_python(dict(self.request.POST))
108 108 form_result.update({'perm_user_name': User.DEFAULT_USER})
109 109 PermissionModel().update_application_permissions(form_result)
110 110
111 111 settings = [
112 112 ('register_message', 'default_register_message'),
113 113 ]
114 114 for setting, form_key in settings:
115 115 sett = SettingsModel().create_or_update_setting(
116 116 setting, form_result[form_key])
117 117 Session().add(sett)
118 118
119 119 Session().commit()
120 120 h.flash(_('Application permissions updated successfully'),
121 121 category='success')
122 122
123 123 except formencode.Invalid as errors:
124 124 defaults = errors.value
125 125
126 126 data = render(
127 127 'rhodecode:templates/admin/permissions/permissions.mako',
128 128 self._get_template_context(c), self.request)
129 129 html = formencode.htmlfill.render(
130 130 data,
131 131 defaults=defaults,
132 132 errors=errors.error_dict or {},
133 133 prefix_error=False,
134 134 encoding="UTF-8",
135 135 force_defaults=False
136 136 )
137 137 return Response(html)
138 138
139 139 except Exception:
140 140 log.exception("Exception during update of permissions")
141 141 h.flash(_('Error occurred during update of permissions'),
142 142 category='error')
143 143
144 144 raise HTTPFound(h.route_path('admin_permissions_application'))
145 145
146 146 @LoginRequired()
147 147 @HasPermissionAllDecorator('hg.admin')
148 148 @view_config(
149 149 route_name='admin_permissions_object', request_method='GET',
150 150 renderer='rhodecode:templates/admin/permissions/permissions.mako')
151 151 def permissions_objects(self):
152 152 c = self.load_default_context()
153 153 c.active = 'objects'
154 154
155 155 c.user = User.get_default_user(refresh=True)
156 156 defaults = {}
157 157 defaults.update(c.user.get_default_perms())
158 158
159 159 data = render(
160 160 'rhodecode:templates/admin/permissions/permissions.mako',
161 161 self._get_template_context(c), self.request)
162 162 html = formencode.htmlfill.render(
163 163 data,
164 164 defaults=defaults,
165 165 encoding="UTF-8",
166 166 force_defaults=False
167 167 )
168 168 return Response(html)
169 169
170 170 @LoginRequired()
171 171 @HasPermissionAllDecorator('hg.admin')
172 172 @CSRFRequired()
173 173 @view_config(
174 174 route_name='admin_permissions_object_update', request_method='POST',
175 175 renderer='rhodecode:templates/admin/permissions/permissions.mako')
176 176 def permissions_objects_update(self):
177 177 _ = self.request.translate
178 178 c = self.load_default_context()
179 179 c.active = 'objects'
180 180
181 181 _form = ObjectPermissionsForm(
182 182 self.request.translate,
183 183 [x[0] for x in c.repo_perms_choices],
184 184 [x[0] for x in c.group_perms_choices],
185 [x[0] for x in c.user_group_perms_choices])()
185 [x[0] for x in c.user_group_perms_choices],
186 )()
186 187
187 188 try:
188 189 form_result = _form.to_python(dict(self.request.POST))
189 190 form_result.update({'perm_user_name': User.DEFAULT_USER})
190 191 PermissionModel().update_object_permissions(form_result)
191 192
192 193 Session().commit()
193 194 h.flash(_('Object permissions updated successfully'),
194 195 category='success')
195 196
196 197 except formencode.Invalid as errors:
197 198 defaults = errors.value
198 199
199 200 data = render(
200 201 'rhodecode:templates/admin/permissions/permissions.mako',
201 202 self._get_template_context(c), self.request)
202 203 html = formencode.htmlfill.render(
203 204 data,
204 205 defaults=defaults,
205 206 errors=errors.error_dict or {},
206 207 prefix_error=False,
207 208 encoding="UTF-8",
208 209 force_defaults=False
209 210 )
210 211 return Response(html)
211 212 except Exception:
212 213 log.exception("Exception during update of permissions")
213 214 h.flash(_('Error occurred during update of permissions'),
214 215 category='error')
215 216
216 217 raise HTTPFound(h.route_path('admin_permissions_object'))
217 218
218 219 @LoginRequired()
219 220 @HasPermissionAllDecorator('hg.admin')
220 221 @view_config(
222 route_name='admin_permissions_branch', request_method='GET',
223 renderer='rhodecode:templates/admin/permissions/permissions.mako')
224 def permissions_branch(self):
225 c = self.load_default_context()
226 c.active = 'branch'
227
228 c.user = User.get_default_user(refresh=True)
229 defaults = {}
230 defaults.update(c.user.get_default_perms())
231
232 data = render(
233 'rhodecode:templates/admin/permissions/permissions.mako',
234 self._get_template_context(c), self.request)
235 html = formencode.htmlfill.render(
236 data,
237 defaults=defaults,
238 encoding="UTF-8",
239 force_defaults=False
240 )
241 return Response(html)
242
243 @LoginRequired()
244 @HasPermissionAllDecorator('hg.admin')
245 @view_config(
221 246 route_name='admin_permissions_global', request_method='GET',
222 247 renderer='rhodecode:templates/admin/permissions/permissions.mako')
223 248 def permissions_global(self):
224 249 c = self.load_default_context()
225 250 c.active = 'global'
226 251
227 252 c.user = User.get_default_user(refresh=True)
228 253 defaults = {}
229 254 defaults.update(c.user.get_default_perms())
230 255
231 256 data = render(
232 257 'rhodecode:templates/admin/permissions/permissions.mako',
233 258 self._get_template_context(c), self.request)
234 259 html = formencode.htmlfill.render(
235 260 data,
236 261 defaults=defaults,
237 262 encoding="UTF-8",
238 263 force_defaults=False
239 264 )
240 265 return Response(html)
241 266
242 267 @LoginRequired()
243 268 @HasPermissionAllDecorator('hg.admin')
244 269 @CSRFRequired()
245 270 @view_config(
246 271 route_name='admin_permissions_global_update', request_method='POST',
247 272 renderer='rhodecode:templates/admin/permissions/permissions.mako')
248 273 def permissions_global_update(self):
249 274 _ = self.request.translate
250 275 c = self.load_default_context()
251 276 c.active = 'global'
252 277
253 278 _form = UserPermissionsForm(
254 279 self.request.translate,
255 280 [x[0] for x in c.repo_create_choices],
256 281 [x[0] for x in c.repo_create_on_write_choices],
257 282 [x[0] for x in c.repo_group_create_choices],
258 283 [x[0] for x in c.user_group_create_choices],
259 284 [x[0] for x in c.fork_choices],
260 285 [x[0] for x in c.inherit_default_permission_choices])()
261 286
262 287 try:
263 288 form_result = _form.to_python(dict(self.request.POST))
264 289 form_result.update({'perm_user_name': User.DEFAULT_USER})
265 290 PermissionModel().update_user_permissions(form_result)
266 291
267 292 Session().commit()
268 293 h.flash(_('Global permissions updated successfully'),
269 294 category='success')
270 295
271 296 except formencode.Invalid as errors:
272 297 defaults = errors.value
273 298
274 299 data = render(
275 300 'rhodecode:templates/admin/permissions/permissions.mako',
276 301 self._get_template_context(c), self.request)
277 302 html = formencode.htmlfill.render(
278 303 data,
279 304 defaults=defaults,
280 305 errors=errors.error_dict or {},
281 306 prefix_error=False,
282 307 encoding="UTF-8",
283 308 force_defaults=False
284 309 )
285 310 return Response(html)
286 311 except Exception:
287 312 log.exception("Exception during update of permissions")
288 313 h.flash(_('Error occurred during update of permissions'),
289 314 category='error')
290 315
291 316 raise HTTPFound(h.route_path('admin_permissions_global'))
292 317
293 318 @LoginRequired()
294 319 @HasPermissionAllDecorator('hg.admin')
295 320 @view_config(
296 321 route_name='admin_permissions_ips', request_method='GET',
297 322 renderer='rhodecode:templates/admin/permissions/permissions.mako')
298 323 def permissions_ips(self):
299 324 c = self.load_default_context()
300 325 c.active = 'ips'
301 326
302 327 c.user = User.get_default_user(refresh=True)
303 328 c.user_ip_map = (
304 329 UserIpMap.query().filter(UserIpMap.user == c.user).all())
305 330
306 331 return self._get_template_context(c)
307 332
308 333 @LoginRequired()
309 334 @HasPermissionAllDecorator('hg.admin')
310 335 @view_config(
311 336 route_name='admin_permissions_overview', request_method='GET',
312 337 renderer='rhodecode:templates/admin/permissions/permissions.mako')
313 338 def permissions_overview(self):
314 339 c = self.load_default_context()
315 340 c.active = 'perms'
316 341
317 342 c.user = User.get_default_user(refresh=True)
318 343 c.perm_user = c.user.AuthUser()
319 344 return self._get_template_context(c)
320 345
321 346 @LoginRequired()
322 347 @HasPermissionAllDecorator('hg.admin')
323 348 @view_config(
324 349 route_name='admin_permissions_auth_token_access', request_method='GET',
325 350 renderer='rhodecode:templates/admin/permissions/permissions.mako')
326 351 def auth_token_access(self):
327 352 from rhodecode import CONFIG
328 353
329 354 c = self.load_default_context()
330 355 c.active = 'auth_token_access'
331 356
332 357 c.user = User.get_default_user(refresh=True)
333 358 c.perm_user = c.user.AuthUser()
334 359
335 360 mapper = self.request.registry.queryUtility(IRoutesMapper)
336 361 c.view_data = []
337 362
338 363 _argument_prog = re.compile('\{(.*?)\}|:\((.*)\)')
339 364 introspector = self.request.registry.introspector
340 365
341 366 view_intr = {}
342 367 for view_data in introspector.get_category('views'):
343 368 intr = view_data['introspectable']
344 369
345 370 if 'route_name' in intr and intr['attr']:
346 371 view_intr[intr['route_name']] = '{}:{}'.format(
347 372 str(intr['derived_callable'].func_name), intr['attr']
348 373 )
349 374
350 375 c.whitelist_key = 'api_access_controllers_whitelist'
351 376 c.whitelist_file = CONFIG.get('__file__')
352 377 whitelist_views = aslist(
353 378 CONFIG.get(c.whitelist_key), sep=',')
354 379
355 380 for route_info in mapper.get_routes():
356 381 if not route_info.name.startswith('__'):
357 382 routepath = route_info.pattern
358 383
359 384 def replace(matchobj):
360 385 if matchobj.group(1):
361 386 return "{%s}" % matchobj.group(1).split(':')[0]
362 387 else:
363 388 return "{%s}" % matchobj.group(2)
364 389
365 390 routepath = _argument_prog.sub(replace, routepath)
366 391
367 392 if not routepath.startswith('/'):
368 393 routepath = '/' + routepath
369 394
370 395 view_fqn = view_intr.get(route_info.name, 'NOT AVAILABLE')
371 396 active = view_fqn in whitelist_views
372 397 c.view_data.append((route_info.name, view_fqn, routepath, active))
373 398
374 399 c.whitelist_views = whitelist_views
375 400 return self._get_template_context(c)
376 401
377 402 def ssh_enabled(self):
378 403 return self.request.registry.settings.get(
379 404 'ssh.generate_authorized_keyfile')
380 405
381 406 @LoginRequired()
382 407 @HasPermissionAllDecorator('hg.admin')
383 408 @view_config(
384 409 route_name='admin_permissions_ssh_keys', request_method='GET',
385 410 renderer='rhodecode:templates/admin/permissions/permissions.mako')
386 411 def ssh_keys(self):
387 412 c = self.load_default_context()
388 413 c.active = 'ssh_keys'
389 414 c.ssh_enabled = self.ssh_enabled()
390 415 return self._get_template_context(c)
391 416
392 417 @LoginRequired()
393 418 @HasPermissionAllDecorator('hg.admin')
394 419 @view_config(
395 420 route_name='admin_permissions_ssh_keys_data', request_method='GET',
396 421 renderer='json_ext', xhr=True)
397 422 def ssh_keys_data(self):
398 423 _ = self.request.translate
399 424 self.load_default_context()
400 425 column_map = {
401 426 'fingerprint': 'ssh_key_fingerprint',
402 427 'username': User.username
403 428 }
404 429 draw, start, limit = self._extract_chunk(self.request)
405 430 search_q, order_by, order_dir = self._extract_ordering(
406 431 self.request, column_map=column_map)
407 432
408 433 ssh_keys_data_total_count = UserSshKeys.query()\
409 434 .count()
410 435
411 436 # json generate
412 437 base_q = UserSshKeys.query().join(UserSshKeys.user)
413 438
414 439 if search_q:
415 440 like_expression = u'%{}%'.format(safe_unicode(search_q))
416 441 base_q = base_q.filter(or_(
417 442 User.username.ilike(like_expression),
418 443 UserSshKeys.ssh_key_fingerprint.ilike(like_expression),
419 444 ))
420 445
421 446 users_data_total_filtered_count = base_q.count()
422 447
423 448 sort_col = self._get_order_col(order_by, UserSshKeys)
424 449 if sort_col:
425 450 if order_dir == 'asc':
426 451 # handle null values properly to order by NULL last
427 452 if order_by in ['created_on']:
428 453 sort_col = coalesce(sort_col, datetime.date.max)
429 454 sort_col = sort_col.asc()
430 455 else:
431 456 # handle null values properly to order by NULL last
432 457 if order_by in ['created_on']:
433 458 sort_col = coalesce(sort_col, datetime.date.min)
434 459 sort_col = sort_col.desc()
435 460
436 461 base_q = base_q.order_by(sort_col)
437 462 base_q = base_q.offset(start).limit(limit)
438 463
439 464 ssh_keys = base_q.all()
440 465
441 466 ssh_keys_data = []
442 467 for ssh_key in ssh_keys:
443 468 ssh_keys_data.append({
444 469 "username": h.gravatar_with_user(self.request, ssh_key.user.username),
445 470 "fingerprint": ssh_key.ssh_key_fingerprint,
446 471 "description": ssh_key.description,
447 472 "created_on": h.format_date(ssh_key.created_on),
448 473 "accessed_on": h.format_date(ssh_key.accessed_on),
449 474 "action": h.link_to(
450 475 _('Edit'), h.route_path('edit_user_ssh_keys',
451 476 user_id=ssh_key.user.user_id))
452 477 })
453 478
454 479 data = ({
455 480 'draw': draw,
456 481 'data': ssh_keys_data,
457 482 'recordsTotal': ssh_keys_data_total_count,
458 483 'recordsFiltered': users_data_total_filtered_count,
459 484 })
460 485
461 486 return data
462 487
463 488 @LoginRequired()
464 489 @HasPermissionAllDecorator('hg.admin')
465 490 @CSRFRequired()
466 491 @view_config(
467 492 route_name='admin_permissions_ssh_keys_update', request_method='POST',
468 493 renderer='rhodecode:templates/admin/permissions/permissions.mako')
469 494 def ssh_keys_update(self):
470 495 _ = self.request.translate
471 496 self.load_default_context()
472 497
473 498 ssh_enabled = self.ssh_enabled()
474 499 key_file = self.request.registry.settings.get(
475 500 'ssh.authorized_keys_file_path')
476 501 if ssh_enabled:
477 502 trigger(SshKeyFileChangeEvent(), self.request.registry)
478 503 h.flash(_('Updated SSH keys file: {}').format(key_file),
479 504 category='success')
480 505 else:
481 506 h.flash(_('SSH key support is disabled in .ini file'),
482 507 category='warning')
483 508
484 509 raise HTTPFound(h.route_path('admin_permissions_ssh_keys'))
Show file before | Show file after | Hide comments
@@ -1,467 +1,476 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2016-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20 from rhodecode.apps._base import add_route_with_slash
21 21
22 22
23 23 def includeme(config):
24 24
25 25 # repo creating checks, special cases that aren't repo routes
26 26 config.add_route(
27 27 name='repo_creating',
28 28 pattern='/{repo_name:.*?[^/]}/repo_creating')
29 29
30 30 config.add_route(
31 31 name='repo_creating_check',
32 32 pattern='/{repo_name:.*?[^/]}/repo_creating_check')
33 33
34 34 # Summary
35 35 # NOTE(marcink): one additional route is defined in very bottom, catch
36 36 # all pattern
37 37 config.add_route(
38 38 name='repo_summary_explicit',
39 39 pattern='/{repo_name:.*?[^/]}/summary', repo_route=True)
40 40 config.add_route(
41 41 name='repo_summary_commits',
42 42 pattern='/{repo_name:.*?[^/]}/summary-commits', repo_route=True)
43 43
44 44 # Commits
45 45 config.add_route(
46 46 name='repo_commit',
47 47 pattern='/{repo_name:.*?[^/]}/changeset/{commit_id}', repo_route=True)
48 48
49 49 config.add_route(
50 50 name='repo_commit_children',
51 51 pattern='/{repo_name:.*?[^/]}/changeset_children/{commit_id}', repo_route=True)
52 52
53 53 config.add_route(
54 54 name='repo_commit_parents',
55 55 pattern='/{repo_name:.*?[^/]}/changeset_parents/{commit_id}', repo_route=True)
56 56
57 57 config.add_route(
58 58 name='repo_commit_raw',
59 59 pattern='/{repo_name:.*?[^/]}/changeset-diff/{commit_id}', repo_route=True)
60 60
61 61 config.add_route(
62 62 name='repo_commit_patch',
63 63 pattern='/{repo_name:.*?[^/]}/changeset-patch/{commit_id}', repo_route=True)
64 64
65 65 config.add_route(
66 66 name='repo_commit_download',
67 67 pattern='/{repo_name:.*?[^/]}/changeset-download/{commit_id}', repo_route=True)
68 68
69 69 config.add_route(
70 70 name='repo_commit_data',
71 71 pattern='/{repo_name:.*?[^/]}/changeset-data/{commit_id}', repo_route=True)
72 72
73 73 config.add_route(
74 74 name='repo_commit_comment_create',
75 75 pattern='/{repo_name:.*?[^/]}/changeset/{commit_id}/comment/create', repo_route=True)
76 76
77 77 config.add_route(
78 78 name='repo_commit_comment_preview',
79 79 pattern='/{repo_name:.*?[^/]}/changeset/{commit_id}/comment/preview', repo_route=True)
80 80
81 81 config.add_route(
82 82 name='repo_commit_comment_delete',
83 83 pattern='/{repo_name:.*?[^/]}/changeset/{commit_id}/comment/{comment_id}/delete', repo_route=True)
84 84
85 85 # still working url for backward compat.
86 86 config.add_route(
87 87 name='repo_commit_raw_deprecated',
88 88 pattern='/{repo_name:.*?[^/]}/raw-changeset/{commit_id}', repo_route=True)
89 89
90 90 # Files
91 91 config.add_route(
92 92 name='repo_archivefile',
93 93 pattern='/{repo_name:.*?[^/]}/archive/{fname}', repo_route=True)
94 94
95 95 config.add_route(
96 96 name='repo_files_diff',
97 97 pattern='/{repo_name:.*?[^/]}/diff/{f_path:.*}', repo_route=True)
98 98 config.add_route( # legacy route to make old links work
99 99 name='repo_files_diff_2way_redirect',
100 100 pattern='/{repo_name:.*?[^/]}/diff-2way/{f_path:.*}', repo_route=True)
101 101
102 102 config.add_route(
103 103 name='repo_files',
104 104 pattern='/{repo_name:.*?[^/]}/files/{commit_id}/{f_path:.*}', repo_route=True)
105 105 config.add_route(
106 106 name='repo_files:default_path',
107 107 pattern='/{repo_name:.*?[^/]}/files/{commit_id}/', repo_route=True)
108 108 config.add_route(
109 109 name='repo_files:default_commit',
110 110 pattern='/{repo_name:.*?[^/]}/files', repo_route=True)
111 111
112 112 config.add_route(
113 113 name='repo_files:rendered',
114 114 pattern='/{repo_name:.*?[^/]}/render/{commit_id}/{f_path:.*}', repo_route=True)
115 115
116 116 config.add_route(
117 117 name='repo_files:annotated',
118 118 pattern='/{repo_name:.*?[^/]}/annotate/{commit_id}/{f_path:.*}', repo_route=True)
119 119 config.add_route(
120 120 name='repo_files:annotated_previous',
121 121 pattern='/{repo_name:.*?[^/]}/annotate-previous/{commit_id}/{f_path:.*}', repo_route=True)
122 122
123 123 config.add_route(
124 124 name='repo_nodetree_full',
125 125 pattern='/{repo_name:.*?[^/]}/nodetree_full/{commit_id}/{f_path:.*}', repo_route=True)
126 126 config.add_route(
127 127 name='repo_nodetree_full:default_path',
128 128 pattern='/{repo_name:.*?[^/]}/nodetree_full/{commit_id}/', repo_route=True)
129 129
130 130 config.add_route(
131 131 name='repo_files_nodelist',
132 132 pattern='/{repo_name:.*?[^/]}/nodelist/{commit_id}/{f_path:.*}', repo_route=True)
133 133
134 134 config.add_route(
135 135 name='repo_file_raw',
136 136 pattern='/{repo_name:.*?[^/]}/raw/{commit_id}/{f_path:.*}', repo_route=True)
137 137
138 138 config.add_route(
139 139 name='repo_file_download',
140 140 pattern='/{repo_name:.*?[^/]}/download/{commit_id}/{f_path:.*}', repo_route=True)
141 141 config.add_route( # backward compat to keep old links working
142 142 name='repo_file_download:legacy',
143 143 pattern='/{repo_name:.*?[^/]}/rawfile/{commit_id}/{f_path:.*}',
144 144 repo_route=True)
145 145
146 146 config.add_route(
147 147 name='repo_file_history',
148 148 pattern='/{repo_name:.*?[^/]}/history/{commit_id}/{f_path:.*}', repo_route=True)
149 149
150 150 config.add_route(
151 151 name='repo_file_authors',
152 152 pattern='/{repo_name:.*?[^/]}/authors/{commit_id}/{f_path:.*}', repo_route=True)
153 153
154 154 config.add_route(
155 155 name='repo_files_remove_file',
156 156 pattern='/{repo_name:.*?[^/]}/remove_file/{commit_id}/{f_path:.*}',
157 157 repo_route=True)
158 158 config.add_route(
159 159 name='repo_files_delete_file',
160 160 pattern='/{repo_name:.*?[^/]}/delete_file/{commit_id}/{f_path:.*}',
161 161 repo_route=True)
162 162 config.add_route(
163 163 name='repo_files_edit_file',
164 164 pattern='/{repo_name:.*?[^/]}/edit_file/{commit_id}/{f_path:.*}',
165 165 repo_route=True)
166 166 config.add_route(
167 167 name='repo_files_update_file',
168 168 pattern='/{repo_name:.*?[^/]}/update_file/{commit_id}/{f_path:.*}',
169 169 repo_route=True)
170 170 config.add_route(
171 171 name='repo_files_add_file',
172 172 pattern='/{repo_name:.*?[^/]}/add_file/{commit_id}/{f_path:.*}',
173 173 repo_route=True)
174 174 config.add_route(
175 175 name='repo_files_create_file',
176 176 pattern='/{repo_name:.*?[^/]}/create_file/{commit_id}/{f_path:.*}',
177 177 repo_route=True)
178 178
179 179 # Refs data
180 180 config.add_route(
181 181 name='repo_refs_data',
182 182 pattern='/{repo_name:.*?[^/]}/refs-data', repo_route=True)
183 183
184 184 config.add_route(
185 185 name='repo_refs_changelog_data',
186 186 pattern='/{repo_name:.*?[^/]}/refs-data-changelog', repo_route=True)
187 187
188 188 config.add_route(
189 189 name='repo_stats',
190 190 pattern='/{repo_name:.*?[^/]}/repo_stats/{commit_id}', repo_route=True)
191 191
192 192 # Changelog
193 193 config.add_route(
194 194 name='repo_changelog',
195 195 pattern='/{repo_name:.*?[^/]}/changelog', repo_route=True)
196 196 config.add_route(
197 197 name='repo_changelog_file',
198 198 pattern='/{repo_name:.*?[^/]}/changelog/{commit_id}/{f_path:.*}', repo_route=True)
199 199 config.add_route(
200 200 name='repo_changelog_elements',
201 201 pattern='/{repo_name:.*?[^/]}/changelog_elements', repo_route=True)
202 202 config.add_route(
203 203 name='repo_changelog_elements_file',
204 204 pattern='/{repo_name:.*?[^/]}/changelog_elements/{commit_id}/{f_path:.*}', repo_route=True)
205 205
206 206 # Compare
207 207 config.add_route(
208 208 name='repo_compare_select',
209 209 pattern='/{repo_name:.*?[^/]}/compare', repo_route=True)
210 210
211 211 config.add_route(
212 212 name='repo_compare',
213 213 pattern='/{repo_name:.*?[^/]}/compare/{source_ref_type}@{source_ref:.*?}...{target_ref_type}@{target_ref:.*?}', repo_route=True)
214 214
215 215 # Tags
216 216 config.add_route(
217 217 name='tags_home',
218 218 pattern='/{repo_name:.*?[^/]}/tags', repo_route=True)
219 219
220 220 # Branches
221 221 config.add_route(
222 222 name='branches_home',
223 223 pattern='/{repo_name:.*?[^/]}/branches', repo_route=True)
224 224
225 225 # Bookmarks
226 226 config.add_route(
227 227 name='bookmarks_home',
228 228 pattern='/{repo_name:.*?[^/]}/bookmarks', repo_route=True)
229 229
230 230 # Forks
231 231 config.add_route(
232 232 name='repo_fork_new',
233 233 pattern='/{repo_name:.*?[^/]}/fork', repo_route=True,
234 234 repo_accepted_types=['hg', 'git'])
235 235
236 236 config.add_route(
237 237 name='repo_fork_create',
238 238 pattern='/{repo_name:.*?[^/]}/fork/create', repo_route=True,
239 239 repo_accepted_types=['hg', 'git'])
240 240
241 241 config.add_route(
242 242 name='repo_forks_show_all',
243 243 pattern='/{repo_name:.*?[^/]}/forks', repo_route=True,
244 244 repo_accepted_types=['hg', 'git'])
245 245 config.add_route(
246 246 name='repo_forks_data',
247 247 pattern='/{repo_name:.*?[^/]}/forks/data', repo_route=True,
248 248 repo_accepted_types=['hg', 'git'])
249 249
250 250 # Pull Requests
251 251 config.add_route(
252 252 name='pullrequest_show',
253 253 pattern='/{repo_name:.*?[^/]}/pull-request/{pull_request_id:\d+}',
254 254 repo_route=True)
255 255
256 256 config.add_route(
257 257 name='pullrequest_show_all',
258 258 pattern='/{repo_name:.*?[^/]}/pull-request',
259 259 repo_route=True, repo_accepted_types=['hg', 'git'])
260 260
261 261 config.add_route(
262 262 name='pullrequest_show_all_data',
263 263 pattern='/{repo_name:.*?[^/]}/pull-request-data',
264 264 repo_route=True, repo_accepted_types=['hg', 'git'])
265 265
266 266 config.add_route(
267 267 name='pullrequest_repo_refs',
268 268 pattern='/{repo_name:.*?[^/]}/pull-request/refs/{target_repo_name:.*?[^/]}',
269 269 repo_route=True)
270 270
271 271 config.add_route(
272 272 name='pullrequest_repo_destinations',
273 273 pattern='/{repo_name:.*?[^/]}/pull-request/repo-destinations',
274 274 repo_route=True)
275 275
276 276 config.add_route(
277 277 name='pullrequest_new',
278 278 pattern='/{repo_name:.*?[^/]}/pull-request/new',
279 279 repo_route=True, repo_accepted_types=['hg', 'git'])
280 280
281 281 config.add_route(
282 282 name='pullrequest_create',
283 283 pattern='/{repo_name:.*?[^/]}/pull-request/create',
284 284 repo_route=True, repo_accepted_types=['hg', 'git'])
285 285
286 286 config.add_route(
287 287 name='pullrequest_update',
288 288 pattern='/{repo_name:.*?[^/]}/pull-request/{pull_request_id:\d+}/update',
289 289 repo_route=True)
290 290
291 291 config.add_route(
292 292 name='pullrequest_merge',
293 293 pattern='/{repo_name:.*?[^/]}/pull-request/{pull_request_id:\d+}/merge',
294 294 repo_route=True)
295 295
296 296 config.add_route(
297 297 name='pullrequest_delete',
298 298 pattern='/{repo_name:.*?[^/]}/pull-request/{pull_request_id:\d+}/delete',
299 299 repo_route=True)
300 300
301 301 config.add_route(
302 302 name='pullrequest_comment_create',
303 303 pattern='/{repo_name:.*?[^/]}/pull-request/{pull_request_id:\d+}/comment',
304 304 repo_route=True)
305 305
306 306 config.add_route(
307 307 name='pullrequest_comment_delete',
308 308 pattern='/{repo_name:.*?[^/]}/pull-request/{pull_request_id:\d+}/comment/{comment_id}/delete',
309 309 repo_route=True, repo_accepted_types=['hg', 'git'])
310 310
311 311 # Settings
312 312 config.add_route(
313 313 name='edit_repo',
314 314 pattern='/{repo_name:.*?[^/]}/settings', repo_route=True)
315 315 # update is POST on edit_repo
316 316
317 317 # Settings advanced
318 318 config.add_route(
319 319 name='edit_repo_advanced',
320 320 pattern='/{repo_name:.*?[^/]}/settings/advanced', repo_route=True)
321 321 config.add_route(
322 322 name='edit_repo_advanced_delete',
323 323 pattern='/{repo_name:.*?[^/]}/settings/advanced/delete', repo_route=True)
324 324 config.add_route(
325 325 name='edit_repo_advanced_locking',
326 326 pattern='/{repo_name:.*?[^/]}/settings/advanced/locking', repo_route=True)
327 327 config.add_route(
328 328 name='edit_repo_advanced_journal',
329 329 pattern='/{repo_name:.*?[^/]}/settings/advanced/journal', repo_route=True)
330 330 config.add_route(
331 331 name='edit_repo_advanced_fork',
332 332 pattern='/{repo_name:.*?[^/]}/settings/advanced/fork', repo_route=True)
333 333
334 334 config.add_route(
335 335 name='edit_repo_advanced_hooks',
336 336 pattern='/{repo_name:.*?[^/]}/settings/advanced/hooks', repo_route=True)
337 337
338 338 # Caches
339 339 config.add_route(
340 340 name='edit_repo_caches',
341 341 pattern='/{repo_name:.*?[^/]}/settings/caches', repo_route=True)
342 342
343 343 # Permissions
344 344 config.add_route(
345 345 name='edit_repo_perms',
346 346 pattern='/{repo_name:.*?[^/]}/settings/permissions', repo_route=True)
347 347
348 # Permissions Branch (EE feature)
349 config.add_route(
350 name='edit_repo_perms_branch',
351 pattern='/{repo_name:.*?[^/]}/settings/branch_permissions', repo_route=True)
352 config.add_route(
353 name='edit_repo_perms_branch_delete',
354 pattern='/{repo_name:.*?[^/]}/settings/branch_permissions/{rule_id}/delete',
355 repo_route=True)
356
348 357 # Maintenance
349 358 config.add_route(
350 359 name='edit_repo_maintenance',
351 360 pattern='/{repo_name:.*?[^/]}/settings/maintenance', repo_route=True)
352 361
353 362 config.add_route(
354 363 name='edit_repo_maintenance_execute',
355 364 pattern='/{repo_name:.*?[^/]}/settings/maintenance/execute', repo_route=True)
356 365
357 366 # Fields
358 367 config.add_route(
359 368 name='edit_repo_fields',
360 369 pattern='/{repo_name:.*?[^/]}/settings/fields', repo_route=True)
361 370 config.add_route(
362 371 name='edit_repo_fields_create',
363 372 pattern='/{repo_name:.*?[^/]}/settings/fields/create', repo_route=True)
364 373 config.add_route(
365 374 name='edit_repo_fields_delete',
366 375 pattern='/{repo_name:.*?[^/]}/settings/fields/{field_id}/delete', repo_route=True)
367 376
368 377 # Locking
369 378 config.add_route(
370 379 name='repo_edit_toggle_locking',
371 380 pattern='/{repo_name:.*?[^/]}/settings/toggle_locking', repo_route=True)
372 381
373 382 # Remote
374 383 config.add_route(
375 384 name='edit_repo_remote',
376 385 pattern='/{repo_name:.*?[^/]}/settings/remote', repo_route=True)
377 386 config.add_route(
378 387 name='edit_repo_remote_pull',
379 388 pattern='/{repo_name:.*?[^/]}/settings/remote/pull', repo_route=True)
380 389 config.add_route(
381 390 name='edit_repo_remote_push',
382 391 pattern='/{repo_name:.*?[^/]}/settings/remote/push', repo_route=True)
383 392
384 393 # Statistics
385 394 config.add_route(
386 395 name='edit_repo_statistics',
387 396 pattern='/{repo_name:.*?[^/]}/settings/statistics', repo_route=True)
388 397 config.add_route(
389 398 name='edit_repo_statistics_reset',
390 399 pattern='/{repo_name:.*?[^/]}/settings/statistics/update', repo_route=True)
391 400
392 401 # Issue trackers
393 402 config.add_route(
394 403 name='edit_repo_issuetracker',
395 404 pattern='/{repo_name:.*?[^/]}/settings/issue_trackers', repo_route=True)
396 405 config.add_route(
397 406 name='edit_repo_issuetracker_test',
398 407 pattern='/{repo_name:.*?[^/]}/settings/issue_trackers/test', repo_route=True)
399 408 config.add_route(
400 409 name='edit_repo_issuetracker_delete',
401 410 pattern='/{repo_name:.*?[^/]}/settings/issue_trackers/delete', repo_route=True)
402 411 config.add_route(
403 412 name='edit_repo_issuetracker_update',
404 413 pattern='/{repo_name:.*?[^/]}/settings/issue_trackers/update', repo_route=True)
405 414
406 415 # VCS Settings
407 416 config.add_route(
408 417 name='edit_repo_vcs',
409 418 pattern='/{repo_name:.*?[^/]}/settings/vcs', repo_route=True)
410 419 config.add_route(
411 420 name='edit_repo_vcs_update',
412 421 pattern='/{repo_name:.*?[^/]}/settings/vcs/update', repo_route=True)
413 422
414 423 # svn pattern
415 424 config.add_route(
416 425 name='edit_repo_vcs_svn_pattern_delete',
417 426 pattern='/{repo_name:.*?[^/]}/settings/vcs/svn_pattern/delete', repo_route=True)
418 427
419 428 # Repo Review Rules (EE feature)
420 429 config.add_route(
421 430 name='repo_reviewers',
422 431 pattern='/{repo_name:.*?[^/]}/settings/review/rules', repo_route=True)
423 432
424 433 config.add_route(
425 434 name='repo_default_reviewers_data',
426 435 pattern='/{repo_name:.*?[^/]}/settings/review/default-reviewers', repo_route=True)
427 436
428 437 # Repo Automation (EE feature)
429 438 config.add_route(
430 439 name='repo_automation',
431 440 pattern='/{repo_name:.*?[^/]}/settings/automation', repo_route=True)
432 441
433 442 # Strip
434 443 config.add_route(
435 444 name='edit_repo_strip',
436 445 pattern='/{repo_name:.*?[^/]}/settings/strip', repo_route=True)
437 446
438 447 config.add_route(
439 448 name='strip_check',
440 449 pattern='/{repo_name:.*?[^/]}/settings/strip_check', repo_route=True)
441 450
442 451 config.add_route(
443 452 name='strip_execute',
444 453 pattern='/{repo_name:.*?[^/]}/settings/strip_execute', repo_route=True)
445 454
446 455 # Audit logs
447 456 config.add_route(
448 457 name='edit_repo_audit_logs',
449 458 pattern='/{repo_name:.*?[^/]}/settings/audit_logs', repo_route=True)
450 459
451 460 # ATOM/RSS Feed
452 461 config.add_route(
453 462 name='rss_feed_home',
454 463 pattern='/{repo_name:.*?[^/]}/feed/rss', repo_route=True)
455 464
456 465 config.add_route(
457 466 name='atom_feed_home',
458 467 pattern='/{repo_name:.*?[^/]}/feed/atom', repo_route=True)
459 468
460 469 # NOTE(marcink): needs to be at the end for catch-all
461 470 add_route_with_slash(
462 471 config,
463 472 name='repo_summary',
464 473 pattern='/{repo_name:.*?[^/]}', repo_route=True)
465 474
466 475 # Scan module for configuration decorators.
467 476 config.scan('.views', ignore='.tests')
Show file before | Show file after | Hide comments
@@ -1,2195 +1,2295 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 authentication and permission libraries
23 23 """
24 24
25 25 import os
26 26 import time
27 27 import inspect
28 28 import collections
29 29 import fnmatch
30 30 import hashlib
31 31 import itertools
32 32 import logging
33 33 import random
34 34 import traceback
35 35 from functools import wraps
36 36
37 37 import ipaddress
38 38
39 39 from pyramid.httpexceptions import HTTPForbidden, HTTPFound, HTTPNotFound
40 40 from sqlalchemy.orm.exc import ObjectDeletedError
41 41 from sqlalchemy.orm import joinedload
42 42 from zope.cachedescriptors.property import Lazy as LazyProperty
43 43
44 44 import rhodecode
45 45 from rhodecode.model import meta
46 46 from rhodecode.model.meta import Session
47 47 from rhodecode.model.user import UserModel
48 48 from rhodecode.model.db import (
49 49 User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember,
50 50 UserIpMap, UserApiKeys, RepoGroup, UserGroup)
51 51 from rhodecode.lib import rc_cache
52 52 from rhodecode.lib.utils2 import safe_unicode, aslist, safe_str, md5, safe_int, sha1
53 53 from rhodecode.lib.utils import (
54 54 get_repo_slug, get_repo_group_slug, get_user_group_slug)
55 55 from rhodecode.lib.caching_query import FromCache
56 56
57 57
58 58 if rhodecode.is_unix:
59 59 import bcrypt
60 60
61 61 log = logging.getLogger(__name__)
62 62
63 63 csrf_token_key = "csrf_token"
64 64
65 65
66 66 class PasswordGenerator(object):
67 67 """
68 68 This is a simple class for generating password from different sets of
69 69 characters
70 70 usage::
71 71
72 72 passwd_gen = PasswordGenerator()
73 73 #print 8-letter password containing only big and small letters
74 74 of alphabet
75 75 passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
76 76 """
77 77 ALPHABETS_NUM = r'''1234567890'''
78 78 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
79 79 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
80 80 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
81 81 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
82 82 + ALPHABETS_NUM + ALPHABETS_SPECIAL
83 83 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
84 84 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
85 85 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
86 86 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
87 87
88 88 def __init__(self, passwd=''):
89 89 self.passwd = passwd
90 90
91 91 def gen_password(self, length, type_=None):
92 92 if type_ is None:
93 93 type_ = self.ALPHABETS_FULL
94 94 self.passwd = ''.join([random.choice(type_) for _ in range(length)])
95 95 return self.passwd
96 96
97 97
98 98 class _RhodeCodeCryptoBase(object):
99 99 ENC_PREF = None
100 100
101 101 def hash_create(self, str_):
102 102 """
103 103 hash the string using
104 104
105 105 :param str_: password to hash
106 106 """
107 107 raise NotImplementedError
108 108
109 109 def hash_check_with_upgrade(self, password, hashed):
110 110 """
111 111 Returns tuple in which first element is boolean that states that
112 112 given password matches it's hashed version, and the second is new hash
113 113 of the password, in case this password should be migrated to new
114 114 cipher.
115 115 """
116 116 checked_hash = self.hash_check(password, hashed)
117 117 return checked_hash, None
118 118
119 119 def hash_check(self, password, hashed):
120 120 """
121 121 Checks matching password with it's hashed value.
122 122
123 123 :param password: password
124 124 :param hashed: password in hashed form
125 125 """
126 126 raise NotImplementedError
127 127
128 128 def _assert_bytes(self, value):
129 129 """
130 130 Passing in an `unicode` object can lead to hard to detect issues
131 131 if passwords contain non-ascii characters. Doing a type check
132 132 during runtime, so that such mistakes are detected early on.
133 133 """
134 134 if not isinstance(value, str):
135 135 raise TypeError(
136 136 "Bytestring required as input, got %r." % (value, ))
137 137
138 138
139 139 class _RhodeCodeCryptoBCrypt(_RhodeCodeCryptoBase):
140 140 ENC_PREF = ('$2a$10', '$2b$10')
141 141
142 142 def hash_create(self, str_):
143 143 self._assert_bytes(str_)
144 144 return bcrypt.hashpw(str_, bcrypt.gensalt(10))
145 145
146 146 def hash_check_with_upgrade(self, password, hashed):
147 147 """
148 148 Returns tuple in which first element is boolean that states that
149 149 given password matches it's hashed version, and the second is new hash
150 150 of the password, in case this password should be migrated to new
151 151 cipher.
152 152
153 153 This implements special upgrade logic which works like that:
154 154 - check if the given password == bcrypted hash, if yes then we
155 155 properly used password and it was already in bcrypt. Proceed
156 156 without any changes
157 157 - if bcrypt hash check is not working try with sha256. If hash compare
158 158 is ok, it means we using correct but old hashed password. indicate
159 159 hash change and proceed
160 160 """
161 161
162 162 new_hash = None
163 163
164 164 # regular pw check
165 165 password_match_bcrypt = self.hash_check(password, hashed)
166 166
167 167 # now we want to know if the password was maybe from sha256
168 168 # basically calling _RhodeCodeCryptoSha256().hash_check()
169 169 if not password_match_bcrypt:
170 170 if _RhodeCodeCryptoSha256().hash_check(password, hashed):
171 171 new_hash = self.hash_create(password) # make new bcrypt hash
172 172 password_match_bcrypt = True
173 173
174 174 return password_match_bcrypt, new_hash
175 175
176 176 def hash_check(self, password, hashed):
177 177 """
178 178 Checks matching password with it's hashed value.
179 179
180 180 :param password: password
181 181 :param hashed: password in hashed form
182 182 """
183 183 self._assert_bytes(password)
184 184 try:
185 185 return bcrypt.hashpw(password, hashed) == hashed
186 186 except ValueError as e:
187 187 # we're having a invalid salt here probably, we should not crash
188 188 # just return with False as it would be a wrong password.
189 189 log.debug('Failed to check password hash using bcrypt %s',
190 190 safe_str(e))
191 191
192 192 return False
193 193
194 194
195 195 class _RhodeCodeCryptoSha256(_RhodeCodeCryptoBase):
196 196 ENC_PREF = '_'
197 197
198 198 def hash_create(self, str_):
199 199 self._assert_bytes(str_)
200 200 return hashlib.sha256(str_).hexdigest()
201 201
202 202 def hash_check(self, password, hashed):
203 203 """
204 204 Checks matching password with it's hashed value.
205 205
206 206 :param password: password
207 207 :param hashed: password in hashed form
208 208 """
209 209 self._assert_bytes(password)
210 210 return hashlib.sha256(password).hexdigest() == hashed
211 211
212 212
213 213 class _RhodeCodeCryptoTest(_RhodeCodeCryptoBase):
214 214 ENC_PREF = '_'
215 215
216 216 def hash_create(self, str_):
217 217 self._assert_bytes(str_)
218 218 return sha1(str_)
219 219
220 220 def hash_check(self, password, hashed):
221 221 """
222 222 Checks matching password with it's hashed value.
223 223
224 224 :param password: password
225 225 :param hashed: password in hashed form
226 226 """
227 227 self._assert_bytes(password)
228 228 return sha1(password) == hashed
229 229
230 230
231 231 def crypto_backend():
232 232 """
233 233 Return the matching crypto backend.
234 234
235 235 Selection is based on if we run tests or not, we pick sha1-test backend to run
236 236 tests faster since BCRYPT is expensive to calculate
237 237 """
238 238 if rhodecode.is_test:
239 239 RhodeCodeCrypto = _RhodeCodeCryptoTest()
240 240 else:
241 241 RhodeCodeCrypto = _RhodeCodeCryptoBCrypt()
242 242
243 243 return RhodeCodeCrypto
244 244
245 245
246 246 def get_crypt_password(password):
247 247 """
248 248 Create the hash of `password` with the active crypto backend.
249 249
250 250 :param password: The cleartext password.
251 251 :type password: unicode
252 252 """
253 253 password = safe_str(password)
254 254 return crypto_backend().hash_create(password)
255 255
256 256
257 257 def check_password(password, hashed):
258 258 """
259 259 Check if the value in `password` matches the hash in `hashed`.
260 260
261 261 :param password: The cleartext password.
262 262 :type password: unicode
263 263
264 264 :param hashed: The expected hashed version of the password.
265 265 :type hashed: The hash has to be passed in in text representation.
266 266 """
267 267 password = safe_str(password)
268 268 return crypto_backend().hash_check(password, hashed)
269 269
270 270
271 271 def generate_auth_token(data, salt=None):
272 272 """
273 273 Generates API KEY from given string
274 274 """
275 275
276 276 if salt is None:
277 277 salt = os.urandom(16)
278 278 return hashlib.sha1(safe_str(data) + salt).hexdigest()
279 279
280 280
281 281 def get_came_from(request):
282 282 """
283 283 get query_string+path from request sanitized after removing auth_token
284 284 """
285 285 _req = request
286 286
287 287 path = _req.path
288 288 if 'auth_token' in _req.GET:
289 289 # sanitize the request and remove auth_token for redirection
290 290 _req.GET.pop('auth_token')
291 291 qs = _req.query_string
292 292 if qs:
293 293 path += '?' + qs
294 294
295 295 return path
296 296
297 297
298 298 class CookieStoreWrapper(object):
299 299
300 300 def __init__(self, cookie_store):
301 301 self.cookie_store = cookie_store
302 302
303 303 def __repr__(self):
304 304 return 'CookieStore<%s>' % (self.cookie_store)
305 305
306 306 def get(self, key, other=None):
307 307 if isinstance(self.cookie_store, dict):
308 308 return self.cookie_store.get(key, other)
309 309 elif isinstance(self.cookie_store, AuthUser):
310 310 return self.cookie_store.__dict__.get(key, other)
311 311
312 312
313 313 def _cached_perms_data(user_id, scope, user_is_admin,
314 314 user_inherit_default_permissions, explicit, algo,
315 315 calculate_super_admin):
316 316
317 317 permissions = PermissionCalculator(
318 318 user_id, scope, user_is_admin, user_inherit_default_permissions,
319 319 explicit, algo, calculate_super_admin)
320 320 return permissions.calculate()
321 321
322 322
323 323 class PermOrigin(object):
324 324 SUPER_ADMIN = 'superadmin'
325 325
326 326 REPO_USER = 'user:%s'
327 327 REPO_USERGROUP = 'usergroup:%s'
328 328 REPO_OWNER = 'repo.owner'
329 329 REPO_DEFAULT = 'repo.default'
330 330 REPO_DEFAULT_NO_INHERIT = 'repo.default.no.inherit'
331 331 REPO_PRIVATE = 'repo.private'
332 332
333 333 REPOGROUP_USER = 'user:%s'
334 334 REPOGROUP_USERGROUP = 'usergroup:%s'
335 335 REPOGROUP_OWNER = 'group.owner'
336 336 REPOGROUP_DEFAULT = 'group.default'
337 337 REPOGROUP_DEFAULT_NO_INHERIT = 'group.default.no.inherit'
338 338
339 339 USERGROUP_USER = 'user:%s'
340 340 USERGROUP_USERGROUP = 'usergroup:%s'
341 341 USERGROUP_OWNER = 'usergroup.owner'
342 342 USERGROUP_DEFAULT = 'usergroup.default'
343 343 USERGROUP_DEFAULT_NO_INHERIT = 'usergroup.default.no.inherit'
344 344
345 345
346 346 class PermOriginDict(dict):
347 347 """
348 348 A special dict used for tracking permissions along with their origins.
349 349
350 350 `__setitem__` has been overridden to expect a tuple(perm, origin)
351 351 `__getitem__` will return only the perm
352 352 `.perm_origin_stack` will return the stack of (perm, origin) set per key
353 353
354 354 >>> perms = PermOriginDict()
355 355 >>> perms['resource'] = 'read', 'default'
356 356 >>> perms['resource']
357 357 'read'
358 358 >>> perms['resource'] = 'write', 'admin'
359 359 >>> perms['resource']
360 360 'write'
361 361 >>> perms.perm_origin_stack
362 362 {'resource': [('read', 'default'), ('write', 'admin')]}
363 363 """
364 364
365 365 def __init__(self, *args, **kw):
366 366 dict.__init__(self, *args, **kw)
367 367 self.perm_origin_stack = collections.OrderedDict()
368 368
369 369 def __setitem__(self, key, (perm, origin)):
370 self.perm_origin_stack.setdefault(key, []).append((perm, origin))
370 self.perm_origin_stack.setdefault(key, []).append(
371 (perm, origin))
371 372 dict.__setitem__(self, key, perm)
372 373
373 374
375 class BranchPermOriginDict(PermOriginDict):
376 """
377 Dedicated branch permissions dict, with tracking of patterns and origins.
378
379 >>> perms = BranchPermOriginDict()
380 >>> perms['resource'] = '*pattern', 'read', 'default'
381 >>> perms['resource']
382 {'*pattern': 'read'}
383 >>> perms['resource'] = '*pattern', 'write', 'admin'
384 >>> perms['resource']
385 {'*pattern': 'write'}
386 >>> perms.perm_origin_stack
387 {'resource': {'*pattern': [('read', 'default'), ('write', 'admin')]}}
388 """
389 def __setitem__(self, key, (pattern, perm, origin)):
390
391 self.perm_origin_stack.setdefault(key, {}) \
392 .setdefault(pattern, []).append((perm, origin))
393
394 if key in self:
395 self[key].__setitem__(pattern, perm)
396 else:
397 patterns = collections.OrderedDict()
398 patterns[pattern] = perm
399 dict.__setitem__(self, key, patterns)
400
401
374 402 class PermissionCalculator(object):
375 403
376 404 def __init__(
377 405 self, user_id, scope, user_is_admin,
378 406 user_inherit_default_permissions, explicit, algo,
379 407 calculate_super_admin=False):
380 408
381 409 self.user_id = user_id
382 410 self.user_is_admin = user_is_admin
383 411 self.inherit_default_permissions = user_inherit_default_permissions
384 412 self.explicit = explicit
385 413 self.algo = algo
386 414 self.calculate_super_admin = calculate_super_admin
387 415
388 416 scope = scope or {}
389 417 self.scope_repo_id = scope.get('repo_id')
390 418 self.scope_repo_group_id = scope.get('repo_group_id')
391 419 self.scope_user_group_id = scope.get('user_group_id')
392 420
393 421 self.default_user_id = User.get_default_user(cache=True).user_id
394 422
395 423 self.permissions_repositories = PermOriginDict()
396 424 self.permissions_repository_groups = PermOriginDict()
397 425 self.permissions_user_groups = PermOriginDict()
426 self.permissions_repository_branches = BranchPermOriginDict()
398 427 self.permissions_global = set()
399 428
400 429 self.default_repo_perms = Permission.get_default_repo_perms(
401 430 self.default_user_id, self.scope_repo_id)
402 431 self.default_repo_groups_perms = Permission.get_default_group_perms(
403 432 self.default_user_id, self.scope_repo_group_id)
404 433 self.default_user_group_perms = \
405 434 Permission.get_default_user_group_perms(
406 435 self.default_user_id, self.scope_user_group_id)
407 436
437 # default branch perms
438 self.default_branch_repo_perms = \
439 Permission.get_default_repo_branch_perms(
440 self.default_user_id, self.scope_repo_id)
441
408 442 def calculate(self):
409 443 if self.user_is_admin and not self.calculate_super_admin:
410 444 return self._admin_permissions()
411 445
412 446 self._calculate_global_default_permissions()
413 447 self._calculate_global_permissions()
414 448 self._calculate_default_permissions()
415 449 self._calculate_repository_permissions()
450 self._calculate_repository_branch_permissions()
416 451 self._calculate_repository_group_permissions()
417 452 self._calculate_user_group_permissions()
418 453 return self._permission_structure()
419 454
420 455 def _admin_permissions(self):
421 456 """
422 457 admin user have all default rights for repositories
423 458 and groups set to admin
424 459 """
425 460 self.permissions_global.add('hg.admin')
426 461 self.permissions_global.add('hg.create.write_on_repogroup.true')
427 462
428 463 # repositories
429 464 for perm in self.default_repo_perms:
430 465 r_k = perm.UserRepoToPerm.repository.repo_name
431 466 p = 'repository.admin'
432 467 self.permissions_repositories[r_k] = p, PermOrigin.SUPER_ADMIN
433 468
434 469 # repository groups
435 470 for perm in self.default_repo_groups_perms:
436 471 rg_k = perm.UserRepoGroupToPerm.group.group_name
437 472 p = 'group.admin'
438 473 self.permissions_repository_groups[rg_k] = p, PermOrigin.SUPER_ADMIN
439 474
440 475 # user groups
441 476 for perm in self.default_user_group_perms:
442 477 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
443 478 p = 'usergroup.admin'
444 479 self.permissions_user_groups[u_k] = p, PermOrigin.SUPER_ADMIN
445 480
481 # branch permissions
482 # TODO(marcink): validate this, especially
483 # how this should work using multiple patterns specified ??
484 # looks ok, but still needs double check !!
485 for perm in self.default_branch_repo_perms:
486 r_k = perm.UserRepoToPerm.repository.repo_name
487 p = 'branch.push_force'
488 self.permissions_repository_branches[r_k] = '*', p, PermOrigin.SUPER_ADMIN
489
446 490 return self._permission_structure()
447 491
448 492 def _calculate_global_default_permissions(self):
449 493 """
450 494 global permissions taken from the default user
451 495 """
452 496 default_global_perms = UserToPerm.query()\
453 497 .filter(UserToPerm.user_id == self.default_user_id)\
454 498 .options(joinedload(UserToPerm.permission))
455 499
456 500 for perm in default_global_perms:
457 501 self.permissions_global.add(perm.permission.permission_name)
458 502
459 503 if self.user_is_admin:
460 504 self.permissions_global.add('hg.admin')
461 505 self.permissions_global.add('hg.create.write_on_repogroup.true')
462 506
463 507 def _calculate_global_permissions(self):
464 508 """
465 509 Set global system permissions with user permissions or permissions
466 510 taken from the user groups of the current user.
467 511
468 512 The permissions include repo creating, repo group creating, forking
469 513 etc.
470 514 """
471 515
472 516 # now we read the defined permissions and overwrite what we have set
473 517 # before those can be configured from groups or users explicitly.
474 518
475 # TODO: johbo: This seems to be out of sync, find out the reason
476 # for the comment below and update it.
477
478 # In case we want to extend this list we should be always in sync with
479 # User.DEFAULT_USER_PERMISSIONS definitions
519 # In case we want to extend this list we should make sure
520 # this is in sync with User.DEFAULT_USER_PERMISSIONS definitions
480 521 _configurable = frozenset([
481 522 'hg.fork.none', 'hg.fork.repository',
482 523 'hg.create.none', 'hg.create.repository',
483 524 'hg.usergroup.create.false', 'hg.usergroup.create.true',
484 525 'hg.repogroup.create.false', 'hg.repogroup.create.true',
485 'hg.create.write_on_repogroup.false',
486 'hg.create.write_on_repogroup.true',
526 'hg.create.write_on_repogroup.false', 'hg.create.write_on_repogroup.true',
487 527 'hg.inherit_default_perms.false', 'hg.inherit_default_perms.true'
488 528 ])
489 529
490 530 # USER GROUPS comes first user group global permissions
491 531 user_perms_from_users_groups = Session().query(UserGroupToPerm)\
492 532 .options(joinedload(UserGroupToPerm.permission))\
493 533 .join((UserGroupMember, UserGroupToPerm.users_group_id ==
494 534 UserGroupMember.users_group_id))\
495 535 .filter(UserGroupMember.user_id == self.user_id)\
496 536 .order_by(UserGroupToPerm.users_group_id)\
497 537 .all()
498 538
499 539 # need to group here by groups since user can be in more than
500 540 # one group, so we get all groups
501 541 _explicit_grouped_perms = [
502 542 [x, list(y)] for x, y in
503 543 itertools.groupby(user_perms_from_users_groups,
504 544 lambda _x: _x.users_group)]
505 545
506 546 for gr, perms in _explicit_grouped_perms:
507 547 # since user can be in multiple groups iterate over them and
508 548 # select the lowest permissions first (more explicit)
509 # TODO: marcink: do this^^
549 # TODO(marcink): do this^^
510 550
511 551 # group doesn't inherit default permissions so we actually set them
512 552 if not gr.inherit_default_permissions:
513 553 # NEED TO IGNORE all previously set configurable permissions
514 554 # and replace them with explicitly set from this user
515 555 # group permissions
516 556 self.permissions_global = self.permissions_global.difference(
517 557 _configurable)
518 558 for perm in perms:
519 559 self.permissions_global.add(perm.permission.permission_name)
520 560
521 561 # user explicit global permissions
522 562 user_perms = Session().query(UserToPerm)\
523 563 .options(joinedload(UserToPerm.permission))\
524 564 .filter(UserToPerm.user_id == self.user_id).all()
525 565
526 566 if not self.inherit_default_permissions:
527 567 # NEED TO IGNORE all configurable permissions and
528 568 # replace them with explicitly set from this user permissions
529 569 self.permissions_global = self.permissions_global.difference(
530 570 _configurable)
531 571 for perm in user_perms:
532 572 self.permissions_global.add(perm.permission.permission_name)
533 573
534 574 def _calculate_default_permissions(self):
535 575 """
536 Set default user permissions for repositories, repository groups
537 taken from the default user.
576 Set default user permissions for repositories, repository branches,
577 repository groups, user groups taken from the default user.
538 578
539 579 Calculate inheritance of object permissions based on what we have now
540 580 in GLOBAL permissions. We check if .false is in GLOBAL since this is
541 581 explicitly set. Inherit is the opposite of .false being there.
542 582
543 583 .. note::
544 584
545 585 the syntax is little bit odd but what we need to check here is
546 586 the opposite of .false permission being in the list so even for
547 587 inconsistent state when both .true/.false is there
548 588 .false is more important
549 589
550 590 """
551 591 user_inherit_object_permissions = not ('hg.inherit_default_perms.false'
552 592 in self.permissions_global)
553 593
554 # defaults for repositories, taken from `default` user permissions
555 # on given repo
594 # default permissions for repositories, taken from `default` user permissions
556 595 for perm in self.default_repo_perms:
557 596 r_k = perm.UserRepoToPerm.repository.repo_name
558 597 p = perm.Permission.permission_name
559 598 o = PermOrigin.REPO_DEFAULT
560 599 self.permissions_repositories[r_k] = p, o
561 600
562 601 # if we decide this user isn't inheriting permissions from
563 602 # default user we set him to .none so only explicit
564 603 # permissions work
565 604 if not user_inherit_object_permissions:
566 605 p = 'repository.none'
567 606 o = PermOrigin.REPO_DEFAULT_NO_INHERIT
568 607 self.permissions_repositories[r_k] = p, o
569 608
570 609 if perm.Repository.private and not (
571 610 perm.Repository.user_id == self.user_id):
572 611 # disable defaults for private repos,
573 612 p = 'repository.none'
574 613 o = PermOrigin.REPO_PRIVATE
575 614 self.permissions_repositories[r_k] = p, o
576 615
577 616 elif perm.Repository.user_id == self.user_id:
578 617 # set admin if owner
579 618 p = 'repository.admin'
580 619 o = PermOrigin.REPO_OWNER
581 620 self.permissions_repositories[r_k] = p, o
582 621
583 622 if self.user_is_admin:
584 623 p = 'repository.admin'
585 624 o = PermOrigin.SUPER_ADMIN
586 625 self.permissions_repositories[r_k] = p, o
587 626
588 # defaults for repository groups taken from `default` user permission
589 # on given group
627 # default permissions branch for repositories, taken from `default` user permissions
628 for perm in self.default_branch_repo_perms:
629
630 r_k = perm.UserRepoToPerm.repository.repo_name
631 p = perm.Permission.permission_name
632 pattern = perm.UserToRepoBranchPermission.branch_pattern
633 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
634
635 if not self.explicit:
636 # TODO(marcink): fix this for multiple entries
637 cur_perm = self.permissions_repository_branches.get(r_k) or 'branch.none'
638 p = self._choose_permission(p, cur_perm)
639
640 # NOTE(marcink): register all pattern/perm instances in this
641 # special dict that aggregates entries
642 self.permissions_repository_branches[r_k] = pattern, p, o
643
644 # default permissions for repository groups taken from `default` user permission
590 645 for perm in self.default_repo_groups_perms:
591 646 rg_k = perm.UserRepoGroupToPerm.group.group_name
592 647 p = perm.Permission.permission_name
593 648 o = PermOrigin.REPOGROUP_DEFAULT
594 649 self.permissions_repository_groups[rg_k] = p, o
595 650
596 651 # if we decide this user isn't inheriting permissions from default
597 652 # user we set him to .none so only explicit permissions work
598 653 if not user_inherit_object_permissions:
599 654 p = 'group.none'
600 655 o = PermOrigin.REPOGROUP_DEFAULT_NO_INHERIT
601 656 self.permissions_repository_groups[rg_k] = p, o
602 657
603 658 if perm.RepoGroup.user_id == self.user_id:
604 659 # set admin if owner
605 660 p = 'group.admin'
606 661 o = PermOrigin.REPOGROUP_OWNER
607 662 self.permissions_repository_groups[rg_k] = p, o
608 663
609 664 if self.user_is_admin:
610 665 p = 'group.admin'
611 666 o = PermOrigin.SUPER_ADMIN
612 667 self.permissions_repository_groups[rg_k] = p, o
613 668
614 # defaults for user groups taken from `default` user permission
615 # on given user group
669 # default permissions for user groups taken from `default` user permission
616 670 for perm in self.default_user_group_perms:
617 671 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
618 672 p = perm.Permission.permission_name
619 673 o = PermOrigin.USERGROUP_DEFAULT
620 674 self.permissions_user_groups[u_k] = p, o
621 675
622 676 # if we decide this user isn't inheriting permissions from default
623 677 # user we set him to .none so only explicit permissions work
624 678 if not user_inherit_object_permissions:
625 679 p = 'usergroup.none'
626 680 o = PermOrigin.USERGROUP_DEFAULT_NO_INHERIT
627 681 self.permissions_user_groups[u_k] = p, o
628 682
629 683 if perm.UserGroup.user_id == self.user_id:
630 684 # set admin if owner
631 685 p = 'usergroup.admin'
632 686 o = PermOrigin.USERGROUP_OWNER
633 687 self.permissions_user_groups[u_k] = p, o
634 688
635 689 if self.user_is_admin:
636 690 p = 'usergroup.admin'
637 691 o = PermOrigin.SUPER_ADMIN
638 692 self.permissions_user_groups[u_k] = p, o
639 693
640 694 def _calculate_repository_permissions(self):
641 695 """
642 696 Repository permissions for the current user.
643 697
644 698 Check if the user is part of user groups for this repository and
645 699 fill in the permission from it. `_choose_permission` decides of which
646 700 permission should be selected based on selected method.
647 701 """
648 702
649 703 # user group for repositories permissions
650 704 user_repo_perms_from_user_group = Permission\
651 705 .get_default_repo_perms_from_user_group(
652 706 self.user_id, self.scope_repo_id)
653 707
654 708 multiple_counter = collections.defaultdict(int)
655 709 for perm in user_repo_perms_from_user_group:
656 710 r_k = perm.UserGroupRepoToPerm.repository.repo_name
657 711 multiple_counter[r_k] += 1
658 712 p = perm.Permission.permission_name
659 713 o = PermOrigin.REPO_USERGROUP % perm.UserGroupRepoToPerm\
660 714 .users_group.users_group_name
661 715
662 716 if multiple_counter[r_k] > 1:
663 717 cur_perm = self.permissions_repositories[r_k]
664 718 p = self._choose_permission(p, cur_perm)
665 719
666 720 self.permissions_repositories[r_k] = p, o
667 721
668 722 if perm.Repository.user_id == self.user_id:
669 723 # set admin if owner
670 724 p = 'repository.admin'
671 725 o = PermOrigin.REPO_OWNER
672 726 self.permissions_repositories[r_k] = p, o
673 727
674 728 if self.user_is_admin:
675 729 p = 'repository.admin'
676 730 o = PermOrigin.SUPER_ADMIN
677 731 self.permissions_repositories[r_k] = p, o
678 732
679 733 # user explicit permissions for repositories, overrides any specified
680 734 # by the group permission
681 735 user_repo_perms = Permission.get_default_repo_perms(
682 736 self.user_id, self.scope_repo_id)
683 737 for perm in user_repo_perms:
684 738 r_k = perm.UserRepoToPerm.repository.repo_name
685 739 p = perm.Permission.permission_name
686 740 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
687 741
688 742 if not self.explicit:
689 743 cur_perm = self.permissions_repositories.get(
690 744 r_k, 'repository.none')
691 745 p = self._choose_permission(p, cur_perm)
692 746
693 747 self.permissions_repositories[r_k] = p, o
694 748
695 749 if perm.Repository.user_id == self.user_id:
696 750 # set admin if owner
697 751 p = 'repository.admin'
698 752 o = PermOrigin.REPO_OWNER
699 753 self.permissions_repositories[r_k] = p, o
700 754
701 755 if self.user_is_admin:
702 756 p = 'repository.admin'
703 757 o = PermOrigin.SUPER_ADMIN
704 758 self.permissions_repositories[r_k] = p, o
705 759
760 def _calculate_repository_branch_permissions(self):
761 # user group for repositories permissions
762 user_repo_branch_perms_from_user_group = Permission\
763 .get_default_repo_branch_perms_from_user_group(
764 self.user_id, self.scope_repo_id)
765
766 multiple_counter = collections.defaultdict(int)
767 for perm in user_repo_branch_perms_from_user_group:
768 r_k = perm.UserGroupRepoToPerm.repository.repo_name
769 p = perm.Permission.permission_name
770 pattern = perm.UserGroupToRepoBranchPermission.branch_pattern
771 o = PermOrigin.REPO_USERGROUP % perm.UserGroupRepoToPerm\
772 .users_group.users_group_name
773
774 multiple_counter[r_k] += 1
775 if multiple_counter[r_k] > 1:
776 # TODO(marcink): fix this for multi branch support, and multiple entries
777 cur_perm = self.permissions_repository_branches[r_k]
778 p = self._choose_permission(p, cur_perm)
779
780 self.permissions_repository_branches[r_k] = pattern, p, o
781
782 # user explicit branch permissions for repositories, overrides
783 # any specified by the group permission
784 user_repo_branch_perms = Permission.get_default_repo_branch_perms(
785 self.user_id, self.scope_repo_id)
786 for perm in user_repo_branch_perms:
787
788 r_k = perm.UserRepoToPerm.repository.repo_name
789 p = perm.Permission.permission_name
790 pattern = perm.UserToRepoBranchPermission.branch_pattern
791 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
792
793 if not self.explicit:
794 # TODO(marcink): fix this for multiple entries
795 cur_perm = self.permissions_repository_branches.get(r_k) or 'branch.none'
796 p = self._choose_permission(p, cur_perm)
797
798 # NOTE(marcink): register all pattern/perm instances in this
799 # special dict that aggregates entries
800 self.permissions_repository_branches[r_k] = pattern, p, o
801
802
706 803 def _calculate_repository_group_permissions(self):
707 804 """
708 805 Repository group permissions for the current user.
709 806
710 807 Check if the user is part of user groups for repository groups and
711 808 fill in the permissions from it. `_choose_permission` decides of which
712 809 permission should be selected based on selected method.
713 810 """
714 811 # user group for repo groups permissions
715 812 user_repo_group_perms_from_user_group = Permission\
716 813 .get_default_group_perms_from_user_group(
717 814 self.user_id, self.scope_repo_group_id)
718 815
719 816 multiple_counter = collections.defaultdict(int)
720 817 for perm in user_repo_group_perms_from_user_group:
721 818 rg_k = perm.UserGroupRepoGroupToPerm.group.group_name
722 819 multiple_counter[rg_k] += 1
723 820 o = PermOrigin.REPOGROUP_USERGROUP % perm.UserGroupRepoGroupToPerm\
724 821 .users_group.users_group_name
725 822 p = perm.Permission.permission_name
726 823
727 824 if multiple_counter[rg_k] > 1:
728 825 cur_perm = self.permissions_repository_groups[rg_k]
729 826 p = self._choose_permission(p, cur_perm)
730 827 self.permissions_repository_groups[rg_k] = p, o
731 828
732 829 if perm.RepoGroup.user_id == self.user_id:
733 830 # set admin if owner, even for member of other user group
734 831 p = 'group.admin'
735 832 o = PermOrigin.REPOGROUP_OWNER
736 833 self.permissions_repository_groups[rg_k] = p, o
737 834
738 835 if self.user_is_admin:
739 836 p = 'group.admin'
740 837 o = PermOrigin.SUPER_ADMIN
741 838 self.permissions_repository_groups[rg_k] = p, o
742 839
743 840 # user explicit permissions for repository groups
744 841 user_repo_groups_perms = Permission.get_default_group_perms(
745 842 self.user_id, self.scope_repo_group_id)
746 843 for perm in user_repo_groups_perms:
747 844 rg_k = perm.UserRepoGroupToPerm.group.group_name
748 845 o = PermOrigin.REPOGROUP_USER % perm.UserRepoGroupToPerm\
749 846 .user.username
750 847 p = perm.Permission.permission_name
751 848
752 849 if not self.explicit:
753 850 cur_perm = self.permissions_repository_groups.get(
754 851 rg_k, 'group.none')
755 852 p = self._choose_permission(p, cur_perm)
756 853
757 854 self.permissions_repository_groups[rg_k] = p, o
758 855
759 856 if perm.RepoGroup.user_id == self.user_id:
760 857 # set admin if owner
761 858 p = 'group.admin'
762 859 o = PermOrigin.REPOGROUP_OWNER
763 860 self.permissions_repository_groups[rg_k] = p, o
764 861
765 862 if self.user_is_admin:
766 863 p = 'group.admin'
767 864 o = PermOrigin.SUPER_ADMIN
768 865 self.permissions_repository_groups[rg_k] = p, o
769 866
770 867 def _calculate_user_group_permissions(self):
771 868 """
772 869 User group permissions for the current user.
773 870 """
774 871 # user group for user group permissions
775 872 user_group_from_user_group = Permission\
776 873 .get_default_user_group_perms_from_user_group(
777 874 self.user_id, self.scope_user_group_id)
778 875
779 876 multiple_counter = collections.defaultdict(int)
780 877 for perm in user_group_from_user_group:
781 878 ug_k = perm.UserGroupUserGroupToPerm\
782 879 .target_user_group.users_group_name
783 880 multiple_counter[ug_k] += 1
784 881 o = PermOrigin.USERGROUP_USERGROUP % perm.UserGroupUserGroupToPerm\
785 882 .user_group.users_group_name
786 883 p = perm.Permission.permission_name
787 884
788 885 if multiple_counter[ug_k] > 1:
789 886 cur_perm = self.permissions_user_groups[ug_k]
790 887 p = self._choose_permission(p, cur_perm)
791 888
792 889 self.permissions_user_groups[ug_k] = p, o
793 890
794 891 if perm.UserGroup.user_id == self.user_id:
795 892 # set admin if owner, even for member of other user group
796 893 p = 'usergroup.admin'
797 894 o = PermOrigin.USERGROUP_OWNER
798 895 self.permissions_user_groups[ug_k] = p, o
799 896
800 897 if self.user_is_admin:
801 898 p = 'usergroup.admin'
802 899 o = PermOrigin.SUPER_ADMIN
803 900 self.permissions_user_groups[ug_k] = p, o
804 901
805 902 # user explicit permission for user groups
806 903 user_user_groups_perms = Permission.get_default_user_group_perms(
807 904 self.user_id, self.scope_user_group_id)
808 905 for perm in user_user_groups_perms:
809 906 ug_k = perm.UserUserGroupToPerm.user_group.users_group_name
810 907 o = PermOrigin.USERGROUP_USER % perm.UserUserGroupToPerm\
811 908 .user.username
812 909 p = perm.Permission.permission_name
813 910
814 911 if not self.explicit:
815 912 cur_perm = self.permissions_user_groups.get(
816 913 ug_k, 'usergroup.none')
817 914 p = self._choose_permission(p, cur_perm)
818 915
819 916 self.permissions_user_groups[ug_k] = p, o
820 917
821 918 if perm.UserGroup.user_id == self.user_id:
822 919 # set admin if owner
823 920 p = 'usergroup.admin'
824 921 o = PermOrigin.USERGROUP_OWNER
825 922 self.permissions_user_groups[ug_k] = p, o
826 923
827 924 if self.user_is_admin:
828 925 p = 'usergroup.admin'
829 926 o = PermOrigin.SUPER_ADMIN
830 927 self.permissions_user_groups[ug_k] = p, o
831 928
832 929 def _choose_permission(self, new_perm, cur_perm):
833 930 new_perm_val = Permission.PERM_WEIGHTS[new_perm]
834 931 cur_perm_val = Permission.PERM_WEIGHTS[cur_perm]
835 932 if self.algo == 'higherwin':
836 933 if new_perm_val > cur_perm_val:
837 934 return new_perm
838 935 return cur_perm
839 936 elif self.algo == 'lowerwin':
840 937 if new_perm_val < cur_perm_val:
841 938 return new_perm
842 939 return cur_perm
843 940
844 941 def _permission_structure(self):
845 942 return {
846 943 'global': self.permissions_global,
847 944 'repositories': self.permissions_repositories,
945 'repository_branches': self.permissions_repository_branches,
848 946 'repositories_groups': self.permissions_repository_groups,
849 947 'user_groups': self.permissions_user_groups,
850 948 }
851 949
852 950
853 951 def allowed_auth_token_access(view_name, auth_token, whitelist=None):
854 952 """
855 953 Check if given controller_name is in whitelist of auth token access
856 954 """
857 955 if not whitelist:
858 956 from rhodecode import CONFIG
859 957 whitelist = aslist(
860 958 CONFIG.get('api_access_controllers_whitelist'), sep=',')
861 959 # backward compat translation
862 960 compat = {
863 961 # old controller, new VIEW
864 962 'ChangesetController:*': 'RepoCommitsView:*',
865 963 'ChangesetController:changeset_patch': 'RepoCommitsView:repo_commit_patch',
866 964 'ChangesetController:changeset_raw': 'RepoCommitsView:repo_commit_raw',
867 965 'FilesController:raw': 'RepoCommitsView:repo_commit_raw',
868 966 'FilesController:archivefile': 'RepoFilesView:repo_archivefile',
869 967 'GistsController:*': 'GistView:*',
870 968 }
871 969
872 970 log.debug(
873 971 'Allowed views for AUTH TOKEN access: %s' % (whitelist,))
874 972 auth_token_access_valid = False
875 973
876 974 for entry in whitelist:
877 975 token_match = True
878 976 if entry in compat:
879 977 # translate from old Controllers to Pyramid Views
880 978 entry = compat[entry]
881 979
882 980 if '@' in entry:
883 981 # specific AuthToken
884 982 entry, allowed_token = entry.split('@', 1)
885 983 token_match = auth_token == allowed_token
886 984
887 985 if fnmatch.fnmatch(view_name, entry) and token_match:
888 986 auth_token_access_valid = True
889 987 break
890 988
891 989 if auth_token_access_valid:
892 990 log.debug('view: `%s` matches entry in whitelist: %s'
893 991 % (view_name, whitelist))
894 992 else:
895 993 msg = ('view: `%s` does *NOT* match any entry in whitelist: %s'
896 994 % (view_name, whitelist))
897 995 if auth_token:
898 996 # if we use auth token key and don't have access it's a warning
899 997 log.warning(msg)
900 998 else:
901 999 log.debug(msg)
902 1000
903 1001 return auth_token_access_valid
904 1002
905 1003
906 1004 class AuthUser(object):
907 1005 """
908 1006 A simple object that handles all attributes of user in RhodeCode
909 1007
910 1008 It does lookup based on API key,given user, or user present in session
911 1009 Then it fills all required information for such user. It also checks if
912 1010 anonymous access is enabled and if so, it returns default user as logged in
913 1011 """
914 1012 GLOBAL_PERMS = [x[0] for x in Permission.PERMS]
915 1013
916 1014 def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None):
917 1015
918 1016 self.user_id = user_id
919 1017 self._api_key = api_key
920 1018
921 1019 self.api_key = None
922 1020 self.username = username
923 1021 self.ip_addr = ip_addr
924 1022 self.name = ''
925 1023 self.lastname = ''
926 1024 self.first_name = ''
927 1025 self.last_name = ''
928 1026 self.email = ''
929 1027 self.is_authenticated = False
930 1028 self.admin = False
931 1029 self.inherit_default_permissions = False
932 1030 self.password = ''
933 1031
934 1032 self.anonymous_user = None # propagated on propagate_data
935 1033 self.propagate_data()
936 1034 self._instance = None
937 1035 self._permissions_scoped_cache = {} # used to bind scoped calculation
938 1036
939 1037 @LazyProperty
940 1038 def permissions(self):
941 1039 return self.get_perms(user=self, cache=False)
942 1040
943 1041 @LazyProperty
944 1042 def permissions_safe(self):
945 1043 """
946 1044 Filtered permissions excluding not allowed repositories
947 1045 """
948 1046 perms = self.get_perms(user=self, cache=False)
949 1047
950 1048 perms['repositories'] = {
951 1049 k: v for k, v in perms['repositories'].items()
952 1050 if v != 'repository.none'}
953 1051 perms['repositories_groups'] = {
954 1052 k: v for k, v in perms['repositories_groups'].items()
955 1053 if v != 'group.none'}
956 1054 perms['user_groups'] = {
957 1055 k: v for k, v in perms['user_groups'].items()
958 1056 if v != 'usergroup.none'}
1057 perms['repository_branches'] = {
1058 k: v for k, v in perms['repository_branches'].iteritems()
1059 if v != 'branch.none'}
959 1060 return perms
960 1061
961 1062 @LazyProperty
962 1063 def permissions_full_details(self):
963 1064 return self.get_perms(
964 1065 user=self, cache=False, calculate_super_admin=True)
965 1066
966 1067 def permissions_with_scope(self, scope):
967 1068 """
968 1069 Call the get_perms function with scoped data. The scope in that function
969 1070 narrows the SQL calls to the given ID of objects resulting in fetching
970 1071 Just particular permission we want to obtain. If scope is an empty dict
971 1072 then it basically narrows the scope to GLOBAL permissions only.
972 1073
973 1074 :param scope: dict
974 1075 """
975 1076 if 'repo_name' in scope:
976 1077 obj = Repository.get_by_repo_name(scope['repo_name'])
977 1078 if obj:
978 1079 scope['repo_id'] = obj.repo_id
979 1080 _scope = collections.OrderedDict()
980 1081 _scope['repo_id'] = -1
981 1082 _scope['user_group_id'] = -1
982 1083 _scope['repo_group_id'] = -1
983 1084
984 1085 for k in sorted(scope.keys()):
985 1086 _scope[k] = scope[k]
986 1087
987 1088 # store in cache to mimic how the @LazyProperty works,
988 1089 # the difference here is that we use the unique key calculated
989 1090 # from params and values
990 1091 return self.get_perms(user=self, cache=False, scope=_scope)
991 1092
992 1093 def get_instance(self):
993 1094 return User.get(self.user_id)
994 1095
995 1096 def propagate_data(self):
996 1097 """
997 1098 Fills in user data and propagates values to this instance. Maps fetched
998 1099 user attributes to this class instance attributes
999 1100 """
1000 1101 log.debug('AuthUser: starting data propagation for new potential user')
1001 1102 user_model = UserModel()
1002 1103 anon_user = self.anonymous_user = User.get_default_user(cache=True)
1003 1104 is_user_loaded = False
1004 1105
1005 1106 # lookup by userid
1006 1107 if self.user_id is not None and self.user_id != anon_user.user_id:
1007 1108 log.debug('Trying Auth User lookup by USER ID: `%s`', self.user_id)
1008 1109 is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
1009 1110
1010 1111 # try go get user by api key
1011 1112 elif self._api_key and self._api_key != anon_user.api_key:
1012 1113 log.debug('Trying Auth User lookup by API KEY: `%s`', self._api_key)
1013 1114 is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
1014 1115
1015 1116 # lookup by username
1016 1117 elif self.username:
1017 1118 log.debug('Trying Auth User lookup by USER NAME: `%s`', self.username)
1018 1119 is_user_loaded = user_model.fill_data(self, username=self.username)
1019 1120 else:
1020 1121 log.debug('No data in %s that could been used to log in', self)
1021 1122
1022 1123 if not is_user_loaded:
1023 1124 log.debug(
1024 1125 'Failed to load user. Fallback to default user %s', anon_user)
1025 1126 # if we cannot authenticate user try anonymous
1026 1127 if anon_user.active:
1027 1128 log.debug('default user is active, using it as a session user')
1028 1129 user_model.fill_data(self, user_id=anon_user.user_id)
1029 1130 # then we set this user is logged in
1030 1131 self.is_authenticated = True
1031 1132 else:
1032 1133 log.debug('default user is NOT active')
1033 1134 # in case of disabled anonymous user we reset some of the
1034 1135 # parameters so such user is "corrupted", skipping the fill_data
1035 1136 for attr in ['user_id', 'username', 'admin', 'active']:
1036 1137 setattr(self, attr, None)
1037 1138 self.is_authenticated = False
1038 1139
1039 1140 if not self.username:
1040 1141 self.username = 'None'
1041 1142
1042 1143 log.debug('AuthUser: propagated user is now %s', self)
1043 1144
1044 1145 def get_perms(self, user, scope=None, explicit=True, algo='higherwin',
1045 1146 calculate_super_admin=False, cache=False):
1046 1147 """
1047 1148 Fills user permission attribute with permissions taken from database
1048 1149 works for permissions given for repositories, and for permissions that
1049 1150 are granted to groups
1050 1151
1051 1152 :param user: instance of User object from database
1052 1153 :param explicit: In case there are permissions both for user and a group
1053 1154 that user is part of, explicit flag will defiine if user will
1054 1155 explicitly override permissions from group, if it's False it will
1055 1156 make decision based on the algo
1056 1157 :param algo: algorithm to decide what permission should be choose if
1057 1158 it's multiple defined, eg user in two different groups. It also
1058 1159 decides if explicit flag is turned off how to specify the permission
1059 1160 for case when user is in a group + have defined separate permission
1060 1161 """
1061 1162 user_id = user.user_id
1062 1163 user_is_admin = user.is_admin
1063 1164
1064 1165 # inheritance of global permissions like create repo/fork repo etc
1065 1166 user_inherit_default_permissions = user.inherit_default_permissions
1066 1167
1067 1168 cache_seconds = safe_int(
1068 1169 rhodecode.CONFIG.get('rc_cache.cache_perms.expiration_time'))
1069 1170
1070 1171 cache_on = cache or cache_seconds > 0
1071 1172 log.debug(
1072 1173 'Computing PERMISSION tree for user %s scope `%s` '
1073 1174 'with caching: %s[TTL: %ss]' % (user, scope, cache_on, cache_seconds or 0))
1074 1175
1075 1176 cache_namespace_uid = 'cache_user_auth.{}'.format(user_id)
1076 1177 region = rc_cache.get_or_create_region('cache_perms', cache_namespace_uid)
1077 1178
1078 1179 @region.conditional_cache_on_arguments(namespace=cache_namespace_uid,
1079 1180 condition=cache_on)
1080 1181 def compute_perm_tree(cache_name,
1081 1182 user_id, scope, user_is_admin,user_inherit_default_permissions,
1082 1183 explicit, algo, calculate_super_admin):
1083 1184 return _cached_perms_data(
1084 1185 user_id, scope, user_is_admin, user_inherit_default_permissions,
1085 1186 explicit, algo, calculate_super_admin)
1086 1187
1087 1188 start = time.time()
1088 1189 result = compute_perm_tree('permissions', user_id, scope, user_is_admin,
1089 1190 user_inherit_default_permissions, explicit, algo,
1090 1191 calculate_super_admin)
1091 1192
1092 1193 result_repr = []
1093 1194 for k in result:
1094 1195 result_repr.append((k, len(result[k])))
1095 1196 total = time.time() - start
1096 1197 log.debug('PERMISSION tree for user %s computed in %.3fs: %s' % (
1097 1198 user, total, result_repr))
1098 1199
1099 1200 return result
1100 1201
1101 1202 @property
1102 1203 def is_default(self):
1103 1204 return self.username == User.DEFAULT_USER
1104 1205
1105 1206 @property
1106 1207 def is_admin(self):
1107 1208 return self.admin
1108 1209
1109 1210 @property
1110 1211 def is_user_object(self):
1111 1212 return self.user_id is not None
1112 1213
1113 1214 @property
1114 1215 def repositories_admin(self):
1115 1216 """
1116 1217 Returns list of repositories you're an admin of
1117 1218 """
1118 1219 return [
1119 1220 x[0] for x in self.permissions['repositories'].items()
1120 1221 if x[1] == 'repository.admin']
1121 1222
1122 1223 @property
1123 1224 def repository_groups_admin(self):
1124 1225 """
1125 1226 Returns list of repository groups you're an admin of
1126 1227 """
1127 1228 return [
1128 1229 x[0] for x in self.permissions['repositories_groups'].items()
1129 1230 if x[1] == 'group.admin']
1130 1231
1131 1232 @property
1132 1233 def user_groups_admin(self):
1133 1234 """
1134 1235 Returns list of user groups you're an admin of
1135 1236 """
1136 1237 return [
1137 1238 x[0] for x in self.permissions['user_groups'].items()
1138 1239 if x[1] == 'usergroup.admin']
1139 1240
1140 1241 def repo_acl_ids(self, perms=None, name_filter=None, cache=False):
1141 1242 """
1142 1243 Returns list of repository ids that user have access to based on given
1143 1244 perms. The cache flag should be only used in cases that are used for
1144 1245 display purposes, NOT IN ANY CASE for permission checks.
1145 1246 """
1146 1247 from rhodecode.model.scm import RepoList
1147 1248 if not perms:
1148 1249 perms = [
1149 1250 'repository.read', 'repository.write', 'repository.admin']
1150 1251
1151 1252 def _cached_repo_acl(user_id, perm_def, _name_filter):
1152 1253 qry = Repository.query()
1153 1254 if _name_filter:
1154 1255 ilike_expression = u'%{}%'.format(safe_unicode(_name_filter))
1155 1256 qry = qry.filter(
1156 1257 Repository.repo_name.ilike(ilike_expression))
1157 1258
1158 1259 return [x.repo_id for x in
1159 1260 RepoList(qry, perm_set=perm_def)]
1160 1261
1161 1262 return _cached_repo_acl(self.user_id, perms, name_filter)
1162 1263
1163 1264 def repo_group_acl_ids(self, perms=None, name_filter=None, cache=False):
1164 1265 """
1165 1266 Returns list of repository group ids that user have access to based on given
1166 1267 perms. The cache flag should be only used in cases that are used for
1167 1268 display purposes, NOT IN ANY CASE for permission checks.
1168 1269 """
1169 1270 from rhodecode.model.scm import RepoGroupList
1170 1271 if not perms:
1171 1272 perms = [
1172 1273 'group.read', 'group.write', 'group.admin']
1173 1274
1174 1275 def _cached_repo_group_acl(user_id, perm_def, _name_filter):
1175 1276 qry = RepoGroup.query()
1176 1277 if _name_filter:
1177 1278 ilike_expression = u'%{}%'.format(safe_unicode(_name_filter))
1178 1279 qry = qry.filter(
1179 1280 RepoGroup.group_name.ilike(ilike_expression))
1180 1281
1181 1282 return [x.group_id for x in
1182 1283 RepoGroupList(qry, perm_set=perm_def)]
1183 1284
1184 1285 return _cached_repo_group_acl(self.user_id, perms, name_filter)
1185 1286
1186 1287 def user_group_acl_ids(self, perms=None, name_filter=None, cache=False):
1187 1288 """
1188 1289 Returns list of user group ids that user have access to based on given
1189 1290 perms. The cache flag should be only used in cases that are used for
1190 1291 display purposes, NOT IN ANY CASE for permission checks.
1191 1292 """
1192 1293 from rhodecode.model.scm import UserGroupList
1193 1294 if not perms:
1194 1295 perms = [
1195 1296 'usergroup.read', 'usergroup.write', 'usergroup.admin']
1196 1297
1197 1298 def _cached_user_group_acl(user_id, perm_def, name_filter):
1198 1299 qry = UserGroup.query()
1199 1300 if name_filter:
1200 1301 ilike_expression = u'%{}%'.format(safe_unicode(name_filter))
1201 1302 qry = qry.filter(
1202 1303 UserGroup.users_group_name.ilike(ilike_expression))
1203 1304
1204 1305 return [x.users_group_id for x in
1205 1306 UserGroupList(qry, perm_set=perm_def)]
1206 1307
1207 1308 return _cached_user_group_acl(self.user_id, perms, name_filter)
1208 1309
1209 1310 @property
1210 1311 def ip_allowed(self):
1211 1312 """
1212 1313 Checks if ip_addr used in constructor is allowed from defined list of
1213 1314 allowed ip_addresses for user
1214 1315
1215 1316 :returns: boolean, True if ip is in allowed ip range
1216 1317 """
1217 1318 # check IP
1218 1319 inherit = self.inherit_default_permissions
1219 1320 return AuthUser.check_ip_allowed(self.user_id, self.ip_addr,
1220 1321 inherit_from_default=inherit)
1221 1322 @property
1222 1323 def personal_repo_group(self):
1223 1324 return RepoGroup.get_user_personal_repo_group(self.user_id)
1224 1325
1225 1326 @LazyProperty
1226 1327 def feed_token(self):
1227 1328 return self.get_instance().feed_token
1228 1329
1229 1330 @classmethod
1230 1331 def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default):
1231 1332 allowed_ips = AuthUser.get_allowed_ips(
1232 1333 user_id, cache=True, inherit_from_default=inherit_from_default)
1233 1334 if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):
1234 1335 log.debug('IP:%s for user %s is in range of %s' % (
1235 1336 ip_addr, user_id, allowed_ips))
1236 1337 return True
1237 1338 else:
1238 1339 log.info('Access for IP:%s forbidden for user %s, '
1239 1340 'not in %s' % (ip_addr, user_id, allowed_ips))
1240 1341 return False
1241 1342
1242 1343 def __repr__(self):
1243 1344 return "<AuthUser('id:%s[%s] ip:%s auth:%s')>"\
1244 1345 % (self.user_id, self.username, self.ip_addr, self.is_authenticated)
1245 1346
1246 1347 def set_authenticated(self, authenticated=True):
1247 1348 if self.user_id != self.anonymous_user.user_id:
1248 1349 self.is_authenticated = authenticated
1249 1350
1250 1351 def get_cookie_store(self):
1251 1352 return {
1252 1353 'username': self.username,
1253 1354 'password': md5(self.password or ''),
1254 1355 'user_id': self.user_id,
1255 1356 'is_authenticated': self.is_authenticated
1256 1357 }
1257 1358
1258 1359 @classmethod
1259 1360 def from_cookie_store(cls, cookie_store):
1260 1361 """
1261 1362 Creates AuthUser from a cookie store
1262 1363
1263 1364 :param cls:
1264 1365 :param cookie_store:
1265 1366 """
1266 1367 user_id = cookie_store.get('user_id')
1267 1368 username = cookie_store.get('username')
1268 1369 api_key = cookie_store.get('api_key')
1269 1370 return AuthUser(user_id, api_key, username)
1270 1371
1271 1372 @classmethod
1272 1373 def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False):
1273 1374 _set = set()
1274 1375
1275 1376 if inherit_from_default:
1276 1377 def_user_id = User.get_default_user(cache=True).user_id
1277 1378 default_ips = UserIpMap.query().filter(UserIpMap.user_id == def_user_id)
1278 1379 if cache:
1279 1380 default_ips = default_ips.options(
1280 1381 FromCache("sql_cache_short", "get_user_ips_default"))
1281 1382
1282 1383 # populate from default user
1283 1384 for ip in default_ips:
1284 1385 try:
1285 1386 _set.add(ip.ip_addr)
1286 1387 except ObjectDeletedError:
1287 1388 # since we use heavy caching sometimes it happens that
1288 1389 # we get deleted objects here, we just skip them
1289 1390 pass
1290 1391
1291 1392 # NOTE:(marcink) we don't want to load any rules for empty
1292 1393 # user_id which is the case of access of non logged users when anonymous
1293 1394 # access is disabled
1294 1395 user_ips = []
1295 1396 if user_id:
1296 1397 user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id)
1297 1398 if cache:
1298 1399 user_ips = user_ips.options(
1299 1400 FromCache("sql_cache_short", "get_user_ips_%s" % user_id))
1300 1401
1301 1402 for ip in user_ips:
1302 1403 try:
1303 1404 _set.add(ip.ip_addr)
1304 1405 except ObjectDeletedError:
1305 1406 # since we use heavy caching sometimes it happens that we get
1306 1407 # deleted objects here, we just skip them
1307 1408 pass
1308 1409 return _set or {ip for ip in ['0.0.0.0/0', '::/0']}
1309 1410
1310 1411
1311 1412 def set_available_permissions(settings):
1312 1413 """
1313 1414 This function will propagate pyramid settings with all available defined
1314 1415 permission given in db. We don't want to check each time from db for new
1315 1416 permissions since adding a new permission also requires application restart
1316 1417 ie. to decorate new views with the newly created permission
1317 1418
1318 1419 :param settings: current pyramid registry.settings
1319 1420
1320 1421 """
1321 1422 log.debug('auth: getting information about all available permissions')
1322 1423 try:
1323 1424 sa = meta.Session
1324 1425 all_perms = sa.query(Permission).all()
1325 1426 settings.setdefault('available_permissions',
1326 1427 [x.permission_name for x in all_perms])
1327 1428 log.debug('auth: set available permissions')
1328 1429 except Exception:
1329 1430 log.exception('Failed to fetch permissions from the database.')
1330 1431 raise
1331 1432
1332 1433
1333 1434 def get_csrf_token(session, force_new=False, save_if_missing=True):
1334 1435 """
1335 1436 Return the current authentication token, creating one if one doesn't
1336 1437 already exist and the save_if_missing flag is present.
1337 1438
1338 1439 :param session: pass in the pyramid session, else we use the global ones
1339 1440 :param force_new: force to re-generate the token and store it in session
1340 1441 :param save_if_missing: save the newly generated token if it's missing in
1341 1442 session
1342 1443 """
1343 1444 # NOTE(marcink): probably should be replaced with below one from pyramid 1.9
1344 1445 # from pyramid.csrf import get_csrf_token
1345 1446
1346 1447 if (csrf_token_key not in session and save_if_missing) or force_new:
1347 1448 token = hashlib.sha1(str(random.getrandbits(128))).hexdigest()
1348 1449 session[csrf_token_key] = token
1349 1450 if hasattr(session, 'save'):
1350 1451 session.save()
1351 1452 return session.get(csrf_token_key)
1352 1453
1353 1454
1354 1455 def get_request(perm_class_instance):
1355 1456 from pyramid.threadlocal import get_current_request
1356 1457 pyramid_request = get_current_request()
1357 1458 return pyramid_request
1358 1459
1359 1460
1360 1461 # CHECK DECORATORS
1361 1462 class CSRFRequired(object):
1362 1463 """
1363 1464 Decorator for authenticating a form
1364 1465
1365 1466 This decorator uses an authorization token stored in the client's
1366 1467 session for prevention of certain Cross-site request forgery (CSRF)
1367 1468 attacks (See
1368 1469 http://en.wikipedia.org/wiki/Cross-site_request_forgery for more
1369 1470 information).
1370 1471
1371 1472 For use with the ``webhelpers.secure_form`` helper functions.
1372 1473
1373 1474 """
1374 1475 def __init__(self, token=csrf_token_key, header='X-CSRF-Token',
1375 1476 except_methods=None):
1376 1477 self.token = token
1377 1478 self.header = header
1378 1479 self.except_methods = except_methods or []
1379 1480
1380 1481 def __call__(self, func):
1381 1482 return get_cython_compat_decorator(self.__wrapper, func)
1382 1483
1383 1484 def _get_csrf(self, _request):
1384 1485 return _request.POST.get(self.token, _request.headers.get(self.header))
1385 1486
1386 1487 def check_csrf(self, _request, cur_token):
1387 1488 supplied_token = self._get_csrf(_request)
1388 1489 return supplied_token and supplied_token == cur_token
1389 1490
1390 1491 def _get_request(self):
1391 1492 return get_request(self)
1392 1493
1393 1494 def __wrapper(self, func, *fargs, **fkwargs):
1394 1495 request = self._get_request()
1395 1496
1396 1497 if request.method in self.except_methods:
1397 1498 return func(*fargs, **fkwargs)
1398 1499
1399 1500 cur_token = get_csrf_token(request.session, save_if_missing=False)
1400 1501 if self.check_csrf(request, cur_token):
1401 1502 if request.POST.get(self.token):
1402 1503 del request.POST[self.token]
1403 1504 return func(*fargs, **fkwargs)
1404 1505 else:
1405 1506 reason = 'token-missing'
1406 1507 supplied_token = self._get_csrf(request)
1407 1508 if supplied_token and cur_token != supplied_token:
1408 1509 reason = 'token-mismatch [%s:%s]' % (
1409 1510 cur_token or ''[:6], supplied_token or ''[:6])
1410 1511
1411 1512 csrf_message = \
1412 1513 ("Cross-site request forgery detected, request denied. See "
1413 1514 "http://en.wikipedia.org/wiki/Cross-site_request_forgery for "
1414 1515 "more information.")
1415 1516 log.warn('Cross-site request forgery detected, request %r DENIED: %s '
1416 1517 'REMOTE_ADDR:%s, HEADERS:%s' % (
1417 1518 request, reason, request.remote_addr, request.headers))
1418 1519
1419 1520 raise HTTPForbidden(explanation=csrf_message)
1420 1521
1421 1522
1422 1523 class LoginRequired(object):
1423 1524 """
1424 1525 Must be logged in to execute this function else
1425 1526 redirect to login page
1426 1527
1427 1528 :param api_access: if enabled this checks only for valid auth token
1428 1529 and grants access based on valid token
1429 1530 """
1430 1531 def __init__(self, auth_token_access=None):
1431 1532 self.auth_token_access = auth_token_access
1432 1533
1433 1534 def __call__(self, func):
1434 1535 return get_cython_compat_decorator(self.__wrapper, func)
1435 1536
1436 1537 def _get_request(self):
1437 1538 return get_request(self)
1438 1539
1439 1540 def __wrapper(self, func, *fargs, **fkwargs):
1440 1541 from rhodecode.lib import helpers as h
1441 1542 cls = fargs[0]
1442 1543 user = cls._rhodecode_user
1443 1544 request = self._get_request()
1444 1545 _ = request.translate
1445 1546
1446 1547 loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
1447 1548 log.debug('Starting login restriction checks for user: %s' % (user,))
1448 1549 # check if our IP is allowed
1449 1550 ip_access_valid = True
1450 1551 if not user.ip_allowed:
1451 1552 h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr,))),
1452 1553 category='warning')
1453 1554 ip_access_valid = False
1454 1555
1455 1556 # check if we used an APIKEY and it's a valid one
1456 1557 # defined white-list of controllers which API access will be enabled
1457 1558 _auth_token = request.GET.get(
1458 1559 'auth_token', '') or request.GET.get('api_key', '')
1459 1560 auth_token_access_valid = allowed_auth_token_access(
1460 1561 loc, auth_token=_auth_token)
1461 1562
1462 1563 # explicit controller is enabled or API is in our whitelist
1463 1564 if self.auth_token_access or auth_token_access_valid:
1464 1565 log.debug('Checking AUTH TOKEN access for %s' % (cls,))
1465 1566 db_user = user.get_instance()
1466 1567
1467 1568 if db_user:
1468 1569 if self.auth_token_access:
1469 1570 roles = self.auth_token_access
1470 1571 else:
1471 1572 roles = [UserApiKeys.ROLE_HTTP]
1472 1573 token_match = db_user.authenticate_by_token(
1473 1574 _auth_token, roles=roles)
1474 1575 else:
1475 1576 log.debug('Unable to fetch db instance for auth user: %s', user)
1476 1577 token_match = False
1477 1578
1478 1579 if _auth_token and token_match:
1479 1580 auth_token_access_valid = True
1480 1581 log.debug('AUTH TOKEN ****%s is VALID' % (_auth_token[-4:],))
1481 1582 else:
1482 1583 auth_token_access_valid = False
1483 1584 if not _auth_token:
1484 1585 log.debug("AUTH TOKEN *NOT* present in request")
1485 1586 else:
1486 1587 log.warning(
1487 1588 "AUTH TOKEN ****%s *NOT* valid" % _auth_token[-4:])
1488 1589
1489 1590 log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))
1490 1591 reason = 'RHODECODE_AUTH' if user.is_authenticated \
1491 1592 else 'AUTH_TOKEN_AUTH'
1492 1593
1493 1594 if ip_access_valid and (
1494 1595 user.is_authenticated or auth_token_access_valid):
1495 1596 log.info(
1496 1597 'user %s authenticating with:%s IS authenticated on func %s'
1497 1598 % (user, reason, loc))
1498 1599
1499 1600 return func(*fargs, **fkwargs)
1500 1601 else:
1501 1602 log.warning(
1502 1603 'user %s authenticating with:%s NOT authenticated on '
1503 1604 'func: %s: IP_ACCESS:%s AUTH_TOKEN_ACCESS:%s'
1504 1605 % (user, reason, loc, ip_access_valid,
1505 1606 auth_token_access_valid))
1506 1607 # we preserve the get PARAM
1507 1608 came_from = get_came_from(request)
1508 1609
1509 1610 log.debug('redirecting to login page with %s' % (came_from,))
1510 1611 raise HTTPFound(
1511 1612 h.route_path('login', _query={'came_from': came_from}))
1512 1613
1513 1614
1514 1615 class NotAnonymous(object):
1515 1616 """
1516 1617 Must be logged in to execute this function else
1517 1618 redirect to login page
1518 1619 """
1519 1620
1520 1621 def __call__(self, func):
1521 1622 return get_cython_compat_decorator(self.__wrapper, func)
1522 1623
1523 1624 def _get_request(self):
1524 1625 return get_request(self)
1525 1626
1526 1627 def __wrapper(self, func, *fargs, **fkwargs):
1527 1628 import rhodecode.lib.helpers as h
1528 1629 cls = fargs[0]
1529 1630 self.user = cls._rhodecode_user
1530 1631 request = self._get_request()
1531 1632 _ = request.translate
1532 1633 log.debug('Checking if user is not anonymous @%s' % cls)
1533 1634
1534 1635 anonymous = self.user.username == User.DEFAULT_USER
1535 1636
1536 1637 if anonymous:
1537 1638 came_from = get_came_from(request)
1538 1639 h.flash(_('You need to be a registered user to '
1539 1640 'perform this action'),
1540 1641 category='warning')
1541 1642 raise HTTPFound(
1542 1643 h.route_path('login', _query={'came_from': came_from}))
1543 1644 else:
1544 1645 return func(*fargs, **fkwargs)
1545 1646
1546 1647
1547 1648 class PermsDecorator(object):
1548 1649 """
1549 1650 Base class for controller decorators, we extract the current user from
1550 1651 the class itself, which has it stored in base controllers
1551 1652 """
1552 1653
1553 1654 def __init__(self, *required_perms):
1554 1655 self.required_perms = set(required_perms)
1555 1656
1556 1657 def __call__(self, func):
1557 1658 return get_cython_compat_decorator(self.__wrapper, func)
1558 1659
1559 1660 def _get_request(self):
1560 1661 return get_request(self)
1561 1662
1562 1663 def __wrapper(self, func, *fargs, **fkwargs):
1563 1664 import rhodecode.lib.helpers as h
1564 1665 cls = fargs[0]
1565 1666 _user = cls._rhodecode_user
1566 1667 request = self._get_request()
1567 1668 _ = request.translate
1568 1669
1569 1670 log.debug('checking %s permissions %s for %s %s',
1570 1671 self.__class__.__name__, self.required_perms, cls, _user)
1571 1672
1572 1673 if self.check_permissions(_user):
1573 1674 log.debug('Permission granted for %s %s', cls, _user)
1574 1675 return func(*fargs, **fkwargs)
1575 1676
1576 1677 else:
1577 1678 log.debug('Permission denied for %s %s', cls, _user)
1578 1679 anonymous = _user.username == User.DEFAULT_USER
1579 1680
1580 1681 if anonymous:
1581 1682 came_from = get_came_from(self._get_request())
1582 1683 h.flash(_('You need to be signed in to view this page'),
1583 1684 category='warning')
1584 1685 raise HTTPFound(
1585 1686 h.route_path('login', _query={'came_from': came_from}))
1586 1687
1587 1688 else:
1588 1689 # redirect with 404 to prevent resource discovery
1589 1690 raise HTTPNotFound()
1590 1691
1591 1692 def check_permissions(self, user):
1592 1693 """Dummy function for overriding"""
1593 1694 raise NotImplementedError(
1594 1695 'You have to write this function in child class')
1595 1696
1596 1697
1597 1698 class HasPermissionAllDecorator(PermsDecorator):
1598 1699 """
1599 1700 Checks for access permission for all given predicates. All of them
1600 1701 have to be meet in order to fulfill the request
1601 1702 """
1602 1703
1603 1704 def check_permissions(self, user):
1604 1705 perms = user.permissions_with_scope({})
1605 1706 if self.required_perms.issubset(perms['global']):
1606 1707 return True
1607 1708 return False
1608 1709
1609 1710
1610 1711 class HasPermissionAnyDecorator(PermsDecorator):
1611 1712 """
1612 1713 Checks for access permission for any of given predicates. In order to
1613 1714 fulfill the request any of predicates must be meet
1614 1715 """
1615 1716
1616 1717 def check_permissions(self, user):
1617 1718 perms = user.permissions_with_scope({})
1618 1719 if self.required_perms.intersection(perms['global']):
1619 1720 return True
1620 1721 return False
1621 1722
1622 1723
1623 1724 class HasRepoPermissionAllDecorator(PermsDecorator):
1624 1725 """
1625 1726 Checks for access permission for all given predicates for specific
1626 1727 repository. All of them have to be meet in order to fulfill the request
1627 1728 """
1628 1729 def _get_repo_name(self):
1629 1730 _request = self._get_request()
1630 1731 return get_repo_slug(_request)
1631 1732
1632 1733 def check_permissions(self, user):
1633 1734 perms = user.permissions
1634 1735 repo_name = self._get_repo_name()
1635 1736
1636 1737 try:
1637 1738 user_perms = {perms['repositories'][repo_name]}
1638 1739 except KeyError:
1639 1740 log.debug('cannot locate repo with name: `%s` in permissions defs',
1640 1741 repo_name)
1641 1742 return False
1642 1743
1643 1744 log.debug('checking `%s` permissions for repo `%s`',
1644 1745 user_perms, repo_name)
1645 1746 if self.required_perms.issubset(user_perms):
1646 1747 return True
1647 1748 return False
1648 1749
1649 1750
1650 1751 class HasRepoPermissionAnyDecorator(PermsDecorator):
1651 1752 """
1652 1753 Checks for access permission for any of given predicates for specific
1653 1754 repository. In order to fulfill the request any of predicates must be meet
1654 1755 """
1655 1756 def _get_repo_name(self):
1656 1757 _request = self._get_request()
1657 1758 return get_repo_slug(_request)
1658 1759
1659 1760 def check_permissions(self, user):
1660 1761 perms = user.permissions
1661 1762 repo_name = self._get_repo_name()
1662 1763
1663 1764 try:
1664 1765 user_perms = {perms['repositories'][repo_name]}
1665 1766 except KeyError:
1666 1767 log.debug(
1667 1768 'cannot locate repo with name: `%s` in permissions defs',
1668 1769 repo_name)
1669 1770 return False
1670 1771
1671 1772 log.debug('checking `%s` permissions for repo `%s`',
1672 1773 user_perms, repo_name)
1673 1774 if self.required_perms.intersection(user_perms):
1674 1775 return True
1675 1776 return False
1676 1777
1677 1778
1678 1779 class HasRepoGroupPermissionAllDecorator(PermsDecorator):
1679 1780 """
1680 1781 Checks for access permission for all given predicates for specific
1681 1782 repository group. All of them have to be meet in order to
1682 1783 fulfill the request
1683 1784 """
1684 1785 def _get_repo_group_name(self):
1685 1786 _request = self._get_request()
1686 1787 return get_repo_group_slug(_request)
1687 1788
1688 1789 def check_permissions(self, user):
1689 1790 perms = user.permissions
1690 1791 group_name = self._get_repo_group_name()
1691 1792 try:
1692 1793 user_perms = {perms['repositories_groups'][group_name]}
1693 1794 except KeyError:
1694 1795 log.debug(
1695 1796 'cannot locate repo group with name: `%s` in permissions defs',
1696 1797 group_name)
1697 1798 return False
1698 1799
1699 1800 log.debug('checking `%s` permissions for repo group `%s`',
1700 1801 user_perms, group_name)
1701 1802 if self.required_perms.issubset(user_perms):
1702 1803 return True
1703 1804 return False
1704 1805
1705 1806
1706 1807 class HasRepoGroupPermissionAnyDecorator(PermsDecorator):
1707 1808 """
1708 1809 Checks for access permission for any of given predicates for specific
1709 1810 repository group. In order to fulfill the request any
1710 1811 of predicates must be met
1711 1812 """
1712 1813 def _get_repo_group_name(self):
1713 1814 _request = self._get_request()
1714 1815 return get_repo_group_slug(_request)
1715 1816
1716 1817 def check_permissions(self, user):
1717 1818 perms = user.permissions
1718 1819 group_name = self._get_repo_group_name()
1719 1820
1720 1821 try:
1721 1822 user_perms = {perms['repositories_groups'][group_name]}
1722 1823 except KeyError:
1723 1824 log.debug(
1724 1825 'cannot locate repo group with name: `%s` in permissions defs',
1725 1826 group_name)
1726 1827 return False
1727 1828
1728 1829 log.debug('checking `%s` permissions for repo group `%s`',
1729 1830 user_perms, group_name)
1730 1831 if self.required_perms.intersection(user_perms):
1731 1832 return True
1732 1833 return False
1733 1834
1734 1835
1735 1836 class HasUserGroupPermissionAllDecorator(PermsDecorator):
1736 1837 """
1737 1838 Checks for access permission for all given predicates for specific
1738 1839 user group. All of them have to be meet in order to fulfill the request
1739 1840 """
1740 1841 def _get_user_group_name(self):
1741 1842 _request = self._get_request()
1742 1843 return get_user_group_slug(_request)
1743 1844
1744 1845 def check_permissions(self, user):
1745 1846 perms = user.permissions
1746 1847 group_name = self._get_user_group_name()
1747 1848 try:
1748 1849 user_perms = {perms['user_groups'][group_name]}
1749 1850 except KeyError:
1750 1851 return False
1751 1852
1752 1853 if self.required_perms.issubset(user_perms):
1753 1854 return True
1754 1855 return False
1755 1856
1756 1857
1757 1858 class HasUserGroupPermissionAnyDecorator(PermsDecorator):
1758 1859 """
1759 1860 Checks for access permission for any of given predicates for specific
1760 1861 user group. In order to fulfill the request any of predicates must be meet
1761 1862 """
1762 1863 def _get_user_group_name(self):
1763 1864 _request = self._get_request()
1764 1865 return get_user_group_slug(_request)
1765 1866
1766 1867 def check_permissions(self, user):
1767 1868 perms = user.permissions
1768 1869 group_name = self._get_user_group_name()
1769 1870 try:
1770 1871 user_perms = {perms['user_groups'][group_name]}
1771 1872 except KeyError:
1772 1873 return False
1773 1874
1774 1875 if self.required_perms.intersection(user_perms):
1775 1876 return True
1776 1877 return False
1777 1878
1778 1879
1779 1880 # CHECK FUNCTIONS
1780 1881 class PermsFunction(object):
1781 1882 """Base function for other check functions"""
1782 1883
1783 1884 def __init__(self, *perms):
1784 1885 self.required_perms = set(perms)
1785 1886 self.repo_name = None
1786 1887 self.repo_group_name = None
1787 1888 self.user_group_name = None
1788 1889
1789 1890 def __bool__(self):
1790 1891 frame = inspect.currentframe()
1791 1892 stack_trace = traceback.format_stack(frame)
1792 1893 log.error('Checking bool value on a class instance of perm '
1793 1894 'function is not allowed: %s' % ''.join(stack_trace))
1794 1895 # rather than throwing errors, here we always return False so if by
1795 1896 # accident someone checks truth for just an instance it will always end
1796 1897 # up in returning False
1797 1898 return False
1798 1899 __nonzero__ = __bool__
1799 1900
1800 1901 def __call__(self, check_location='', user=None):
1801 1902 if not user:
1802 1903 log.debug('Using user attribute from global request')
1803 # TODO: remove this someday,put as user as attribute here
1804 1904 request = self._get_request()
1805 1905 user = request.user
1806 1906
1807 1907 # init auth user if not already given
1808 1908 if not isinstance(user, AuthUser):
1809 1909 log.debug('Wrapping user %s into AuthUser', user)
1810 1910 user = AuthUser(user.user_id)
1811 1911
1812 1912 cls_name = self.__class__.__name__
1813 1913 check_scope = self._get_check_scope(cls_name)
1814 1914 check_location = check_location or 'unspecified location'
1815 1915
1816 1916 log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
1817 1917 self.required_perms, user, check_scope, check_location)
1818 1918 if not user:
1819 1919 log.warning('Empty user given for permission check')
1820 1920 return False
1821 1921
1822 1922 if self.check_permissions(user):
1823 1923 log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
1824 1924 check_scope, user, check_location)
1825 1925 return True
1826 1926
1827 1927 else:
1828 1928 log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
1829 1929 check_scope, user, check_location)
1830 1930 return False
1831 1931
1832 1932 def _get_request(self):
1833 1933 return get_request(self)
1834 1934
1835 1935 def _get_check_scope(self, cls_name):
1836 1936 return {
1837 1937 'HasPermissionAll': 'GLOBAL',
1838 1938 'HasPermissionAny': 'GLOBAL',
1839 1939 'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
1840 1940 'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
1841 1941 'HasRepoGroupPermissionAll': 'repo_group:%s' % self.repo_group_name,
1842 1942 'HasRepoGroupPermissionAny': 'repo_group:%s' % self.repo_group_name,
1843 1943 'HasUserGroupPermissionAll': 'user_group:%s' % self.user_group_name,
1844 1944 'HasUserGroupPermissionAny': 'user_group:%s' % self.user_group_name,
1845 1945 }.get(cls_name, '?:%s' % cls_name)
1846 1946
1847 1947 def check_permissions(self, user):
1848 1948 """Dummy function for overriding"""
1849 1949 raise Exception('You have to write this function in child class')
1850 1950
1851 1951
1852 1952 class HasPermissionAll(PermsFunction):
1853 1953 def check_permissions(self, user):
1854 1954 perms = user.permissions_with_scope({})
1855 1955 if self.required_perms.issubset(perms.get('global')):
1856 1956 return True
1857 1957 return False
1858 1958
1859 1959
1860 1960 class HasPermissionAny(PermsFunction):
1861 1961 def check_permissions(self, user):
1862 1962 perms = user.permissions_with_scope({})
1863 1963 if self.required_perms.intersection(perms.get('global')):
1864 1964 return True
1865 1965 return False
1866 1966
1867 1967
1868 1968 class HasRepoPermissionAll(PermsFunction):
1869 1969 def __call__(self, repo_name=None, check_location='', user=None):
1870 1970 self.repo_name = repo_name
1871 1971 return super(HasRepoPermissionAll, self).__call__(check_location, user)
1872 1972
1873 1973 def _get_repo_name(self):
1874 1974 if not self.repo_name:
1875 1975 _request = self._get_request()
1876 1976 self.repo_name = get_repo_slug(_request)
1877 1977 return self.repo_name
1878 1978
1879 1979 def check_permissions(self, user):
1880 1980 self.repo_name = self._get_repo_name()
1881 1981 perms = user.permissions
1882 1982 try:
1883 1983 user_perms = {perms['repositories'][self.repo_name]}
1884 1984 except KeyError:
1885 1985 return False
1886 1986 if self.required_perms.issubset(user_perms):
1887 1987 return True
1888 1988 return False
1889 1989
1890 1990
1891 1991 class HasRepoPermissionAny(PermsFunction):
1892 1992 def __call__(self, repo_name=None, check_location='', user=None):
1893 1993 self.repo_name = repo_name
1894 1994 return super(HasRepoPermissionAny, self).__call__(check_location, user)
1895 1995
1896 1996 def _get_repo_name(self):
1897 1997 if not self.repo_name:
1898 1998 _request = self._get_request()
1899 1999 self.repo_name = get_repo_slug(_request)
1900 2000 return self.repo_name
1901 2001
1902 2002 def check_permissions(self, user):
1903 2003 self.repo_name = self._get_repo_name()
1904 2004 perms = user.permissions
1905 2005 try:
1906 2006 user_perms = {perms['repositories'][self.repo_name]}
1907 2007 except KeyError:
1908 2008 return False
1909 2009 if self.required_perms.intersection(user_perms):
1910 2010 return True
1911 2011 return False
1912 2012
1913 2013
1914 2014 class HasRepoGroupPermissionAny(PermsFunction):
1915 2015 def __call__(self, group_name=None, check_location='', user=None):
1916 2016 self.repo_group_name = group_name
1917 2017 return super(HasRepoGroupPermissionAny, self).__call__(
1918 2018 check_location, user)
1919 2019
1920 2020 def check_permissions(self, user):
1921 2021 perms = user.permissions
1922 2022 try:
1923 2023 user_perms = {perms['repositories_groups'][self.repo_group_name]}
1924 2024 except KeyError:
1925 2025 return False
1926 2026 if self.required_perms.intersection(user_perms):
1927 2027 return True
1928 2028 return False
1929 2029
1930 2030
1931 2031 class HasRepoGroupPermissionAll(PermsFunction):
1932 2032 def __call__(self, group_name=None, check_location='', user=None):
1933 2033 self.repo_group_name = group_name
1934 2034 return super(HasRepoGroupPermissionAll, self).__call__(
1935 2035 check_location, user)
1936 2036
1937 2037 def check_permissions(self, user):
1938 2038 perms = user.permissions
1939 2039 try:
1940 2040 user_perms = {perms['repositories_groups'][self.repo_group_name]}
1941 2041 except KeyError:
1942 2042 return False
1943 2043 if self.required_perms.issubset(user_perms):
1944 2044 return True
1945 2045 return False
1946 2046
1947 2047
1948 2048 class HasUserGroupPermissionAny(PermsFunction):
1949 2049 def __call__(self, user_group_name=None, check_location='', user=None):
1950 2050 self.user_group_name = user_group_name
1951 2051 return super(HasUserGroupPermissionAny, self).__call__(
1952 2052 check_location, user)
1953 2053
1954 2054 def check_permissions(self, user):
1955 2055 perms = user.permissions
1956 2056 try:
1957 2057 user_perms = {perms['user_groups'][self.user_group_name]}
1958 2058 except KeyError:
1959 2059 return False
1960 2060 if self.required_perms.intersection(user_perms):
1961 2061 return True
1962 2062 return False
1963 2063
1964 2064
1965 2065 class HasUserGroupPermissionAll(PermsFunction):
1966 2066 def __call__(self, user_group_name=None, check_location='', user=None):
1967 2067 self.user_group_name = user_group_name
1968 2068 return super(HasUserGroupPermissionAll, self).__call__(
1969 2069 check_location, user)
1970 2070
1971 2071 def check_permissions(self, user):
1972 2072 perms = user.permissions
1973 2073 try:
1974 2074 user_perms = {perms['user_groups'][self.user_group_name]}
1975 2075 except KeyError:
1976 2076 return False
1977 2077 if self.required_perms.issubset(user_perms):
1978 2078 return True
1979 2079 return False
1980 2080
1981 2081
1982 2082 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
1983 2083 class HasPermissionAnyMiddleware(object):
1984 2084 def __init__(self, *perms):
1985 2085 self.required_perms = set(perms)
1986 2086
1987 2087 def __call__(self, user, repo_name):
1988 2088 # repo_name MUST be unicode, since we handle keys in permission
1989 2089 # dict by unicode
1990 2090 repo_name = safe_unicode(repo_name)
1991 2091 user = AuthUser(user.user_id)
1992 2092 log.debug(
1993 2093 'Checking VCS protocol permissions %s for user:%s repo:`%s`',
1994 2094 self.required_perms, user, repo_name)
1995 2095
1996 2096 if self.check_permissions(user, repo_name):
1997 2097 log.debug('Permission to repo:`%s` GRANTED for user:%s @ %s',
1998 2098 repo_name, user, 'PermissionMiddleware')
1999 2099 return True
2000 2100
2001 2101 else:
2002 2102 log.debug('Permission to repo:`%s` DENIED for user:%s @ %s',
2003 2103 repo_name, user, 'PermissionMiddleware')
2004 2104 return False
2005 2105
2006 2106 def check_permissions(self, user, repo_name):
2007 2107 perms = user.permissions_with_scope({'repo_name': repo_name})
2008 2108
2009 2109 try:
2010 2110 user_perms = {perms['repositories'][repo_name]}
2011 2111 except Exception:
2012 2112 log.exception('Error while accessing user permissions')
2013 2113 return False
2014 2114
2015 2115 if self.required_perms.intersection(user_perms):
2016 2116 return True
2017 2117 return False
2018 2118
2019 2119
2020 2120 # SPECIAL VERSION TO HANDLE API AUTH
2021 2121 class _BaseApiPerm(object):
2022 2122 def __init__(self, *perms):
2023 2123 self.required_perms = set(perms)
2024 2124
2025 2125 def __call__(self, check_location=None, user=None, repo_name=None,
2026 2126 group_name=None, user_group_name=None):
2027 2127 cls_name = self.__class__.__name__
2028 2128 check_scope = 'global:%s' % (self.required_perms,)
2029 2129 if repo_name:
2030 2130 check_scope += ', repo_name:%s' % (repo_name,)
2031 2131
2032 2132 if group_name:
2033 2133 check_scope += ', repo_group_name:%s' % (group_name,)
2034 2134
2035 2135 if user_group_name:
2036 2136 check_scope += ', user_group_name:%s' % (user_group_name,)
2037 2137
2038 2138 log.debug(
2039 2139 'checking cls:%s %s %s @ %s'
2040 2140 % (cls_name, self.required_perms, check_scope, check_location))
2041 2141 if not user:
2042 2142 log.debug('Empty User passed into arguments')
2043 2143 return False
2044 2144
2045 2145 # process user
2046 2146 if not isinstance(user, AuthUser):
2047 2147 user = AuthUser(user.user_id)
2048 2148 if not check_location:
2049 2149 check_location = 'unspecified'
2050 2150 if self.check_permissions(user.permissions, repo_name, group_name,
2051 2151 user_group_name):
2052 2152 log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
2053 2153 check_scope, user, check_location)
2054 2154 return True
2055 2155
2056 2156 else:
2057 2157 log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
2058 2158 check_scope, user, check_location)
2059 2159 return False
2060 2160
2061 2161 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2062 2162 user_group_name=None):
2063 2163 """
2064 2164 implement in child class should return True if permissions are ok,
2065 2165 False otherwise
2066 2166
2067 2167 :param perm_defs: dict with permission definitions
2068 2168 :param repo_name: repo name
2069 2169 """
2070 2170 raise NotImplementedError()
2071 2171
2072 2172
2073 2173 class HasPermissionAllApi(_BaseApiPerm):
2074 2174 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2075 2175 user_group_name=None):
2076 2176 if self.required_perms.issubset(perm_defs.get('global')):
2077 2177 return True
2078 2178 return False
2079 2179
2080 2180
2081 2181 class HasPermissionAnyApi(_BaseApiPerm):
2082 2182 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2083 2183 user_group_name=None):
2084 2184 if self.required_perms.intersection(perm_defs.get('global')):
2085 2185 return True
2086 2186 return False
2087 2187
2088 2188
2089 2189 class HasRepoPermissionAllApi(_BaseApiPerm):
2090 2190 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2091 2191 user_group_name=None):
2092 2192 try:
2093 2193 _user_perms = {perm_defs['repositories'][repo_name]}
2094 2194 except KeyError:
2095 2195 log.warning(traceback.format_exc())
2096 2196 return False
2097 2197 if self.required_perms.issubset(_user_perms):
2098 2198 return True
2099 2199 return False
2100 2200
2101 2201
2102 2202 class HasRepoPermissionAnyApi(_BaseApiPerm):
2103 2203 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2104 2204 user_group_name=None):
2105 2205 try:
2106 2206 _user_perms = {perm_defs['repositories'][repo_name]}
2107 2207 except KeyError:
2108 2208 log.warning(traceback.format_exc())
2109 2209 return False
2110 2210 if self.required_perms.intersection(_user_perms):
2111 2211 return True
2112 2212 return False
2113 2213
2114 2214
2115 2215 class HasRepoGroupPermissionAnyApi(_BaseApiPerm):
2116 2216 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2117 2217 user_group_name=None):
2118 2218 try:
2119 2219 _user_perms = {perm_defs['repositories_groups'][group_name]}
2120 2220 except KeyError:
2121 2221 log.warning(traceback.format_exc())
2122 2222 return False
2123 2223 if self.required_perms.intersection(_user_perms):
2124 2224 return True
2125 2225 return False
2126 2226
2127 2227
2128 2228 class HasRepoGroupPermissionAllApi(_BaseApiPerm):
2129 2229 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2130 2230 user_group_name=None):
2131 2231 try:
2132 2232 _user_perms = {perm_defs['repositories_groups'][group_name]}
2133 2233 except KeyError:
2134 2234 log.warning(traceback.format_exc())
2135 2235 return False
2136 2236 if self.required_perms.issubset(_user_perms):
2137 2237 return True
2138 2238 return False
2139 2239
2140 2240
2141 2241 class HasUserGroupPermissionAnyApi(_BaseApiPerm):
2142 2242 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2143 2243 user_group_name=None):
2144 2244 try:
2145 2245 _user_perms = {perm_defs['user_groups'][user_group_name]}
2146 2246 except KeyError:
2147 2247 log.warning(traceback.format_exc())
2148 2248 return False
2149 2249 if self.required_perms.intersection(_user_perms):
2150 2250 return True
2151 2251 return False
2152 2252
2153 2253
2154 2254 def check_ip_access(source_ip, allowed_ips=None):
2155 2255 """
2156 2256 Checks if source_ip is a subnet of any of allowed_ips.
2157 2257
2158 2258 :param source_ip:
2159 2259 :param allowed_ips: list of allowed ips together with mask
2160 2260 """
2161 2261 log.debug('checking if ip:%s is subnet of %s' % (source_ip, allowed_ips))
2162 2262 source_ip_address = ipaddress.ip_address(safe_unicode(source_ip))
2163 2263 if isinstance(allowed_ips, (tuple, list, set)):
2164 2264 for ip in allowed_ips:
2165 2265 ip = safe_unicode(ip)
2166 2266 try:
2167 2267 network_address = ipaddress.ip_network(ip, strict=False)
2168 2268 if source_ip_address in network_address:
2169 2269 log.debug('IP %s is network %s' %
2170 2270 (source_ip_address, network_address))
2171 2271 return True
2172 2272 # for any case we cannot determine the IP, don't crash just
2173 2273 # skip it and log as error, we want to say forbidden still when
2174 2274 # sending bad IP
2175 2275 except Exception:
2176 2276 log.error(traceback.format_exc())
2177 2277 continue
2178 2278 return False
2179 2279
2180 2280
2181 2281 def get_cython_compat_decorator(wrapper, func):
2182 2282 """
2183 2283 Creates a cython compatible decorator. The previously used
2184 2284 decorator.decorator() function seems to be incompatible with cython.
2185 2285
2186 2286 :param wrapper: __wrapper method of the decorator class
2187 2287 :param func: decorated function
2188 2288 """
2189 2289 @wraps(func)
2190 2290 def local_wrapper(*args, **kwds):
2191 2291 return wrapper(func, *args, **kwds)
2192 2292 local_wrapper.__wrapped__ = func
2193 2293 return local_wrapper
2194 2294
2195 2295
Show file before | Show file after | Hide comments
@@ -1,1004 +1,1011 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2011-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21
22 22 """
23 23 Some simple helper functions
24 24 """
25 25
26 26 import collections
27 27 import datetime
28 28 import dateutil.relativedelta
29 29 import hashlib
30 30 import logging
31 31 import re
32 32 import sys
33 33 import time
34 34 import urllib
35 35 import urlobject
36 36 import uuid
37 37 import getpass
38 38
39 39 import pygments.lexers
40 40 import sqlalchemy
41 41 import sqlalchemy.engine.url
42 42 import sqlalchemy.exc
43 43 import sqlalchemy.sql
44 44 import webob
45 45 import pyramid.threadlocal
46 46
47 47 import rhodecode
48 48 from rhodecode.translation import _, _pluralize
49 49
50 50
51 51 def md5(s):
52 52 return hashlib.md5(s).hexdigest()
53 53
54 54
55 55 def md5_safe(s):
56 56 return md5(safe_str(s))
57 57
58 58
59 59 def sha1(s):
60 60 return hashlib.sha1(s).hexdigest()
61 61
62 62
63 63 def sha1_safe(s):
64 64 return sha1(safe_str(s))
65 65
66 66
67 67 def __get_lem(extra_mapping=None):
68 68 """
69 69 Get language extension map based on what's inside pygments lexers
70 70 """
71 71 d = collections.defaultdict(lambda: [])
72 72
73 73 def __clean(s):
74 74 s = s.lstrip('*')
75 75 s = s.lstrip('.')
76 76
77 77 if s.find('[') != -1:
78 78 exts = []
79 79 start, stop = s.find('['), s.find(']')
80 80
81 81 for suffix in s[start + 1:stop]:
82 82 exts.append(s[:s.find('[')] + suffix)
83 83 return [e.lower() for e in exts]
84 84 else:
85 85 return [s.lower()]
86 86
87 87 for lx, t in sorted(pygments.lexers.LEXERS.items()):
88 88 m = map(__clean, t[-2])
89 89 if m:
90 90 m = reduce(lambda x, y: x + y, m)
91 91 for ext in m:
92 92 desc = lx.replace('Lexer', '')
93 93 d[ext].append(desc)
94 94
95 95 data = dict(d)
96 96
97 97 extra_mapping = extra_mapping or {}
98 98 if extra_mapping:
99 99 for k, v in extra_mapping.items():
100 100 if k not in data:
101 101 # register new mapping2lexer
102 102 data[k] = [v]
103 103
104 104 return data
105 105
106 106
107 107 def str2bool(_str):
108 108 """
109 109 returns True/False value from given string, it tries to translate the
110 110 string into boolean
111 111
112 112 :param _str: string value to translate into boolean
113 113 :rtype: boolean
114 114 :returns: boolean from given string
115 115 """
116 116 if _str is None:
117 117 return False
118 118 if _str in (True, False):
119 119 return _str
120 120 _str = str(_str).strip().lower()
121 121 return _str in ('t', 'true', 'y', 'yes', 'on', '1')
122 122
123 123
124 124 def aslist(obj, sep=None, strip=True):
125 125 """
126 126 Returns given string separated by sep as list
127 127
128 128 :param obj:
129 129 :param sep:
130 130 :param strip:
131 131 """
132 132 if isinstance(obj, (basestring,)):
133 133 lst = obj.split(sep)
134 134 if strip:
135 135 lst = [v.strip() for v in lst]
136 136 return lst
137 137 elif isinstance(obj, (list, tuple)):
138 138 return obj
139 139 elif obj is None:
140 140 return []
141 141 else:
142 142 return [obj]
143 143
144 144
145 145 def convert_line_endings(line, mode):
146 146 """
147 147 Converts a given line "line end" accordingly to given mode
148 148
149 149 Available modes are::
150 150 0 - Unix
151 151 1 - Mac
152 152 2 - DOS
153 153
154 154 :param line: given line to convert
155 155 :param mode: mode to convert to
156 156 :rtype: str
157 157 :return: converted line according to mode
158 158 """
159 159 if mode == 0:
160 160 line = line.replace('\r\n', '\n')
161 161 line = line.replace('\r', '\n')
162 162 elif mode == 1:
163 163 line = line.replace('\r\n', '\r')
164 164 line = line.replace('\n', '\r')
165 165 elif mode == 2:
166 166 line = re.sub('\r(?!\n)|(?<!\r)\n', '\r\n', line)
167 167 return line
168 168
169 169
170 170 def detect_mode(line, default):
171 171 """
172 172 Detects line break for given line, if line break couldn't be found
173 173 given default value is returned
174 174
175 175 :param line: str line
176 176 :param default: default
177 177 :rtype: int
178 178 :return: value of line end on of 0 - Unix, 1 - Mac, 2 - DOS
179 179 """
180 180 if line.endswith('\r\n'):
181 181 return 2
182 182 elif line.endswith('\n'):
183 183 return 0
184 184 elif line.endswith('\r'):
185 185 return 1
186 186 else:
187 187 return default
188 188
189 189
190 190 def safe_int(val, default=None):
191 191 """
192 192 Returns int() of val if val is not convertable to int use default
193 193 instead
194 194
195 195 :param val:
196 196 :param default:
197 197 """
198 198
199 199 try:
200 200 val = int(val)
201 201 except (ValueError, TypeError):
202 202 val = default
203 203
204 204 return val
205 205
206 206
207 207 def safe_unicode(str_, from_encoding=None):
208 208 """
209 209 safe unicode function. Does few trick to turn str_ into unicode
210 210
211 211 In case of UnicodeDecode error, we try to return it with encoding detected
212 212 by chardet library if it fails fallback to unicode with errors replaced
213 213
214 214 :param str_: string to decode
215 215 :rtype: unicode
216 216 :returns: unicode object
217 217 """
218 218 if isinstance(str_, unicode):
219 219 return str_
220 220
221 221 if not from_encoding:
222 222 DEFAULT_ENCODINGS = aslist(rhodecode.CONFIG.get('default_encoding',
223 223 'utf8'), sep=',')
224 224 from_encoding = DEFAULT_ENCODINGS
225 225
226 226 if not isinstance(from_encoding, (list, tuple)):
227 227 from_encoding = [from_encoding]
228 228
229 229 try:
230 230 return unicode(str_)
231 231 except UnicodeDecodeError:
232 232 pass
233 233
234 234 for enc in from_encoding:
235 235 try:
236 236 return unicode(str_, enc)
237 237 except UnicodeDecodeError:
238 238 pass
239 239
240 240 try:
241 241 import chardet
242 242 encoding = chardet.detect(str_)['encoding']
243 243 if encoding is None:
244 244 raise Exception()
245 245 return str_.decode(encoding)
246 246 except (ImportError, UnicodeDecodeError, Exception):
247 247 return unicode(str_, from_encoding[0], 'replace')
248 248
249 249
250 250 def safe_str(unicode_, to_encoding=None):
251 251 """
252 252 safe str function. Does few trick to turn unicode_ into string
253 253
254 254 In case of UnicodeEncodeError, we try to return it with encoding detected
255 255 by chardet library if it fails fallback to string with errors replaced
256 256
257 257 :param unicode_: unicode to encode
258 258 :rtype: str
259 259 :returns: str object
260 260 """
261 261
262 262 # if it's not basestr cast to str
263 263 if not isinstance(unicode_, basestring):
264 264 return str(unicode_)
265 265
266 266 if isinstance(unicode_, str):
267 267 return unicode_
268 268
269 269 if not to_encoding:
270 270 DEFAULT_ENCODINGS = aslist(rhodecode.CONFIG.get('default_encoding',
271 271 'utf8'), sep=',')
272 272 to_encoding = DEFAULT_ENCODINGS
273 273
274 274 if not isinstance(to_encoding, (list, tuple)):
275 275 to_encoding = [to_encoding]
276 276
277 277 for enc in to_encoding:
278 278 try:
279 279 return unicode_.encode(enc)
280 280 except UnicodeEncodeError:
281 281 pass
282 282
283 283 try:
284 284 import chardet
285 285 encoding = chardet.detect(unicode_)['encoding']
286 286 if encoding is None:
287 287 raise UnicodeEncodeError()
288 288
289 289 return unicode_.encode(encoding)
290 290 except (ImportError, UnicodeEncodeError):
291 291 return unicode_.encode(to_encoding[0], 'replace')
292 292
293 293
294 294 def remove_suffix(s, suffix):
295 295 if s.endswith(suffix):
296 296 s = s[:-1 * len(suffix)]
297 297 return s
298 298
299 299
300 300 def remove_prefix(s, prefix):
301 301 if s.startswith(prefix):
302 302 s = s[len(prefix):]
303 303 return s
304 304
305 305
306 306 def find_calling_context(ignore_modules=None):
307 307 """
308 308 Look through the calling stack and return the frame which called
309 309 this function and is part of core module ( ie. rhodecode.* )
310 310
311 311 :param ignore_modules: list of modules to ignore eg. ['rhodecode.lib']
312 312 """
313 313
314 314 ignore_modules = ignore_modules or []
315 315
316 316 f = sys._getframe(2)
317 317 while f.f_back is not None:
318 318 name = f.f_globals.get('__name__')
319 319 if name and name.startswith(__name__.split('.')[0]):
320 320 if name not in ignore_modules:
321 321 return f
322 322 f = f.f_back
323 323 return None
324 324
325 325
326 326 def ping_connection(connection, branch):
327 327 if branch:
328 328 # "branch" refers to a sub-connection of a connection,
329 329 # we don't want to bother pinging on these.
330 330 return
331 331
332 332 # turn off "close with result". This flag is only used with
333 333 # "connectionless" execution, otherwise will be False in any case
334 334 save_should_close_with_result = connection.should_close_with_result
335 335 connection.should_close_with_result = False
336 336
337 337 try:
338 338 # run a SELECT 1. use a core select() so that
339 339 # the SELECT of a scalar value without a table is
340 340 # appropriately formatted for the backend
341 341 connection.scalar(sqlalchemy.sql.select([1]))
342 342 except sqlalchemy.exc.DBAPIError as err:
343 343 # catch SQLAlchemy's DBAPIError, which is a wrapper
344 344 # for the DBAPI's exception. It includes a .connection_invalidated
345 345 # attribute which specifies if this connection is a "disconnect"
346 346 # condition, which is based on inspection of the original exception
347 347 # by the dialect in use.
348 348 if err.connection_invalidated:
349 349 # run the same SELECT again - the connection will re-validate
350 350 # itself and establish a new connection. The disconnect detection
351 351 # here also causes the whole connection pool to be invalidated
352 352 # so that all stale connections are discarded.
353 353 connection.scalar(sqlalchemy.sql.select([1]))
354 354 else:
355 355 raise
356 356 finally:
357 357 # restore "close with result"
358 358 connection.should_close_with_result = save_should_close_with_result
359 359
360 360
361 361 def engine_from_config(configuration, prefix='sqlalchemy.', **kwargs):
362 362 """Custom engine_from_config functions."""
363 363 log = logging.getLogger('sqlalchemy.engine')
364 364 _ping_connection = configuration.pop('sqlalchemy.db1.ping_connection', None)
365 365
366 366 engine = sqlalchemy.engine_from_config(configuration, prefix, **kwargs)
367 367
368 368 def color_sql(sql):
369 369 color_seq = '\033[1;33m' # This is yellow: code 33
370 370 normal = '\x1b[0m'
371 371 return ''.join([color_seq, sql, normal])
372 372
373 373 if configuration['debug'] or _ping_connection:
374 374 sqlalchemy.event.listen(engine, "engine_connect", ping_connection)
375 375
376 376 if configuration['debug']:
377 377 # attach events only for debug configuration
378 378
379 379 def before_cursor_execute(conn, cursor, statement,
380 380 parameters, context, executemany):
381 381 setattr(conn, 'query_start_time', time.time())
382 382 log.info(color_sql(">>>>> STARTING QUERY >>>>>"))
383 383 calling_context = find_calling_context(ignore_modules=[
384 384 'rhodecode.lib.caching_query',
385 385 'rhodecode.model.settings',
386 386 ])
387 387 if calling_context:
388 388 log.info(color_sql('call context %s:%s' % (
389 389 calling_context.f_code.co_filename,
390 390 calling_context.f_lineno,
391 391 )))
392 392
393 393 def after_cursor_execute(conn, cursor, statement,
394 394 parameters, context, executemany):
395 395 delattr(conn, 'query_start_time')
396 396
397 397 sqlalchemy.event.listen(engine, "before_cursor_execute",
398 398 before_cursor_execute)
399 399 sqlalchemy.event.listen(engine, "after_cursor_execute",
400 400 after_cursor_execute)
401 401
402 402 return engine
403 403
404 404
405 405 def get_encryption_key(config):
406 406 secret = config.get('rhodecode.encrypted_values.secret')
407 407 default = config['beaker.session.secret']
408 408 return secret or default
409 409
410 410
411 411 def age(prevdate, now=None, show_short_version=False, show_suffix=True,
412 412 short_format=False):
413 413 """
414 414 Turns a datetime into an age string.
415 415 If show_short_version is True, this generates a shorter string with
416 416 an approximate age; ex. '1 day ago', rather than '1 day and 23 hours ago'.
417 417
418 418 * IMPORTANT*
419 419 Code of this function is written in special way so it's easier to
420 420 backport it to javascript. If you mean to update it, please also update
421 421 `jquery.timeago-extension.js` file
422 422
423 423 :param prevdate: datetime object
424 424 :param now: get current time, if not define we use
425 425 `datetime.datetime.now()`
426 426 :param show_short_version: if it should approximate the date and
427 427 return a shorter string
428 428 :param show_suffix:
429 429 :param short_format: show short format, eg 2D instead of 2 days
430 430 :rtype: unicode
431 431 :returns: unicode words describing age
432 432 """
433 433
434 434 def _get_relative_delta(now, prevdate):
435 435 base = dateutil.relativedelta.relativedelta(now, prevdate)
436 436 return {
437 437 'year': base.years,
438 438 'month': base.months,
439 439 'day': base.days,
440 440 'hour': base.hours,
441 441 'minute': base.minutes,
442 442 'second': base.seconds,
443 443 }
444 444
445 445 def _is_leap_year(year):
446 446 return year % 4 == 0 and (year % 100 != 0 or year % 400 == 0)
447 447
448 448 def get_month(prevdate):
449 449 return prevdate.month
450 450
451 451 def get_year(prevdate):
452 452 return prevdate.year
453 453
454 454 now = now or datetime.datetime.now()
455 455 order = ['year', 'month', 'day', 'hour', 'minute', 'second']
456 456 deltas = {}
457 457 future = False
458 458
459 459 if prevdate > now:
460 460 now_old = now
461 461 now = prevdate
462 462 prevdate = now_old
463 463 future = True
464 464 if future:
465 465 prevdate = prevdate.replace(microsecond=0)
466 466 # Get date parts deltas
467 467 for part in order:
468 468 rel_delta = _get_relative_delta(now, prevdate)
469 469 deltas[part] = rel_delta[part]
470 470
471 471 # Fix negative offsets (there is 1 second between 10:59:59 and 11:00:00,
472 472 # not 1 hour, -59 minutes and -59 seconds)
473 473 offsets = [[5, 60], [4, 60], [3, 24]]
474 474 for element in offsets: # seconds, minutes, hours
475 475 num = element[0]
476 476 length = element[1]
477 477
478 478 part = order[num]
479 479 carry_part = order[num - 1]
480 480
481 481 if deltas[part] < 0:
482 482 deltas[part] += length
483 483 deltas[carry_part] -= 1
484 484
485 485 # Same thing for days except that the increment depends on the (variable)
486 486 # number of days in the month
487 487 month_lengths = [31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31]
488 488 if deltas['day'] < 0:
489 489 if get_month(prevdate) == 2 and _is_leap_year(get_year(prevdate)):
490 490 deltas['day'] += 29
491 491 else:
492 492 deltas['day'] += month_lengths[get_month(prevdate) - 1]
493 493
494 494 deltas['month'] -= 1
495 495
496 496 if deltas['month'] < 0:
497 497 deltas['month'] += 12
498 498 deltas['year'] -= 1
499 499
500 500 # Format the result
501 501 if short_format:
502 502 fmt_funcs = {
503 503 'year': lambda d: u'%dy' % d,
504 504 'month': lambda d: u'%dm' % d,
505 505 'day': lambda d: u'%dd' % d,
506 506 'hour': lambda d: u'%dh' % d,
507 507 'minute': lambda d: u'%dmin' % d,
508 508 'second': lambda d: u'%dsec' % d,
509 509 }
510 510 else:
511 511 fmt_funcs = {
512 512 'year': lambda d: _pluralize(u'${num} year', u'${num} years', d, mapping={'num': d}).interpolate(),
513 513 'month': lambda d: _pluralize(u'${num} month', u'${num} months', d, mapping={'num': d}).interpolate(),
514 514 'day': lambda d: _pluralize(u'${num} day', u'${num} days', d, mapping={'num': d}).interpolate(),
515 515 'hour': lambda d: _pluralize(u'${num} hour', u'${num} hours', d, mapping={'num': d}).interpolate(),
516 516 'minute': lambda d: _pluralize(u'${num} minute', u'${num} minutes', d, mapping={'num': d}).interpolate(),
517 517 'second': lambda d: _pluralize(u'${num} second', u'${num} seconds', d, mapping={'num': d}).interpolate(),
518 518 }
519 519
520 520 i = 0
521 521 for part in order:
522 522 value = deltas[part]
523 523 if value != 0:
524 524
525 525 if i < 5:
526 526 sub_part = order[i + 1]
527 527 sub_value = deltas[sub_part]
528 528 else:
529 529 sub_value = 0
530 530
531 531 if sub_value == 0 or show_short_version:
532 532 _val = fmt_funcs[part](value)
533 533 if future:
534 534 if show_suffix:
535 535 return _(u'in ${ago}', mapping={'ago': _val})
536 536 else:
537 537 return _(_val)
538 538
539 539 else:
540 540 if show_suffix:
541 541 return _(u'${ago} ago', mapping={'ago': _val})
542 542 else:
543 543 return _(_val)
544 544
545 545 val = fmt_funcs[part](value)
546 546 val_detail = fmt_funcs[sub_part](sub_value)
547 547 mapping = {'val': val, 'detail': val_detail}
548 548
549 549 if short_format:
550 550 datetime_tmpl = _(u'${val}, ${detail}', mapping=mapping)
551 551 if show_suffix:
552 552 datetime_tmpl = _(u'${val}, ${detail} ago', mapping=mapping)
553 553 if future:
554 554 datetime_tmpl = _(u'in ${val}, ${detail}', mapping=mapping)
555 555 else:
556 556 datetime_tmpl = _(u'${val} and ${detail}', mapping=mapping)
557 557 if show_suffix:
558 558 datetime_tmpl = _(u'${val} and ${detail} ago', mapping=mapping)
559 559 if future:
560 560 datetime_tmpl = _(u'in ${val} and ${detail}', mapping=mapping)
561 561
562 562 return datetime_tmpl
563 563 i += 1
564 564 return _(u'just now')
565 565
566 566
567 567 def cleaned_uri(uri):
568 568 """
569 569 Quotes '[' and ']' from uri if there is only one of them.
570 570 according to RFC3986 we cannot use such chars in uri
571 571 :param uri:
572 572 :return: uri without this chars
573 573 """
574 574 return urllib.quote(uri, safe='@$:/')
575 575
576 576
577 577 def uri_filter(uri):
578 578 """
579 579 Removes user:password from given url string
580 580
581 581 :param uri:
582 582 :rtype: unicode
583 583 :returns: filtered list of strings
584 584 """
585 585 if not uri:
586 586 return ''
587 587
588 588 proto = ''
589 589
590 590 for pat in ('https://', 'http://'):
591 591 if uri.startswith(pat):
592 592 uri = uri[len(pat):]
593 593 proto = pat
594 594 break
595 595
596 596 # remove passwords and username
597 597 uri = uri[uri.find('@') + 1:]
598 598
599 599 # get the port
600 600 cred_pos = uri.find(':')
601 601 if cred_pos == -1:
602 602 host, port = uri, None
603 603 else:
604 604 host, port = uri[:cred_pos], uri[cred_pos + 1:]
605 605
606 606 return filter(None, [proto, host, port])
607 607
608 608
609 609 def credentials_filter(uri):
610 610 """
611 611 Returns a url with removed credentials
612 612
613 613 :param uri:
614 614 """
615 615
616 616 uri = uri_filter(uri)
617 617 # check if we have port
618 618 if len(uri) > 2 and uri[2]:
619 619 uri[2] = ':' + uri[2]
620 620
621 621 return ''.join(uri)
622 622
623 623
624 624 def get_clone_url(request, uri_tmpl, repo_name, repo_id, **override):
625 625 qualifed_home_url = request.route_url('home')
626 626 parsed_url = urlobject.URLObject(qualifed_home_url)
627 627 decoded_path = safe_unicode(urllib.unquote(parsed_url.path.rstrip('/')))
628 628
629 629 args = {
630 630 'scheme': parsed_url.scheme,
631 631 'user': '',
632 632 'sys_user': getpass.getuser(),
633 633 # path if we use proxy-prefix
634 634 'netloc': parsed_url.netloc+decoded_path,
635 635 'hostname': parsed_url.hostname,
636 636 'prefix': decoded_path,
637 637 'repo': repo_name,
638 638 'repoid': str(repo_id)
639 639 }
640 640 args.update(override)
641 641 args['user'] = urllib.quote(safe_str(args['user']))
642 642
643 643 for k, v in args.items():
644 644 uri_tmpl = uri_tmpl.replace('{%s}' % k, v)
645 645
646 646 # remove leading @ sign if it's present. Case of empty user
647 647 url_obj = urlobject.URLObject(uri_tmpl)
648 648 url = url_obj.with_netloc(url_obj.netloc.lstrip('@'))
649 649
650 650 return safe_unicode(url)
651 651
652 652
653 653 def get_commit_safe(repo, commit_id=None, commit_idx=None, pre_load=None):
654 654 """
655 655 Safe version of get_commit if this commit doesn't exists for a
656 656 repository it returns a Dummy one instead
657 657
658 658 :param repo: repository instance
659 659 :param commit_id: commit id as str
660 660 :param pre_load: optional list of commit attributes to load
661 661 """
662 662 # TODO(skreft): remove these circular imports
663 663 from rhodecode.lib.vcs.backends.base import BaseRepository, EmptyCommit
664 664 from rhodecode.lib.vcs.exceptions import RepositoryError
665 665 if not isinstance(repo, BaseRepository):
666 666 raise Exception('You must pass an Repository '
667 667 'object as first argument got %s', type(repo))
668 668
669 669 try:
670 670 commit = repo.get_commit(
671 671 commit_id=commit_id, commit_idx=commit_idx, pre_load=pre_load)
672 672 except (RepositoryError, LookupError):
673 673 commit = EmptyCommit()
674 674 return commit
675 675
676 676
677 677 def datetime_to_time(dt):
678 678 if dt:
679 679 return time.mktime(dt.timetuple())
680 680
681 681
682 682 def time_to_datetime(tm):
683 683 if tm:
684 684 if isinstance(tm, basestring):
685 685 try:
686 686 tm = float(tm)
687 687 except ValueError:
688 688 return
689 689 return datetime.datetime.fromtimestamp(tm)
690 690
691 691
692 692 def time_to_utcdatetime(tm):
693 693 if tm:
694 694 if isinstance(tm, basestring):
695 695 try:
696 696 tm = float(tm)
697 697 except ValueError:
698 698 return
699 699 return datetime.datetime.utcfromtimestamp(tm)
700 700
701 701
702 702 MENTIONS_REGEX = re.compile(
703 703 # ^@ or @ without any special chars in front
704 704 r'(?:^@|[^a-zA-Z0-9\-\_\.]@)'
705 705 # main body starts with letter, then can be . - _
706 706 r'([a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+)',
707 707 re.VERBOSE | re.MULTILINE)
708 708
709 709
710 710 def extract_mentioned_users(s):
711 711 """
712 712 Returns unique usernames from given string s that have @mention
713 713
714 714 :param s: string to get mentions
715 715 """
716 716 usrs = set()
717 717 for username in MENTIONS_REGEX.findall(s):
718 718 usrs.add(username)
719 719
720 720 return sorted(list(usrs), key=lambda k: k.lower())
721 721
722 722
723 723 class AttributeDictBase(dict):
724 724 def __getstate__(self):
725 725 odict = self.__dict__ # get attribute dictionary
726 726 return odict
727 727
728 728 def __setstate__(self, dict):
729 729 self.__dict__ = dict
730 730
731 731 __setattr__ = dict.__setitem__
732 732 __delattr__ = dict.__delitem__
733 733
734 734
735 735 class StrictAttributeDict(AttributeDictBase):
736 736 """
737 737 Strict Version of Attribute dict which raises an Attribute error when
738 738 requested attribute is not set
739 739 """
740 740 def __getattr__(self, attr):
741 741 try:
742 742 return self[attr]
743 743 except KeyError:
744 744 raise AttributeError('%s object has no attribute %s' % (
745 745 self.__class__, attr))
746 746
747 747
748 748 class AttributeDict(AttributeDictBase):
749 749 def __getattr__(self, attr):
750 750 return self.get(attr, None)
751 751
752 752
753 753
754 class OrderedDefaultDict(collections.OrderedDict, collections.defaultdict):
755 def __init__(self, default_factory=None, *args, **kwargs):
756 # in python3 you can omit the args to super
757 super(OrderedDefaultDict, self).__init__(*args, **kwargs)
758 self.default_factory = default_factory
759
760
754 761 def fix_PATH(os_=None):
755 762 """
756 763 Get current active python path, and append it to PATH variable to fix
757 764 issues of subprocess calls and different python versions
758 765 """
759 766 if os_ is None:
760 767 import os
761 768 else:
762 769 os = os_
763 770
764 771 cur_path = os.path.split(sys.executable)[0]
765 772 if not os.environ['PATH'].startswith(cur_path):
766 773 os.environ['PATH'] = '%s:%s' % (cur_path, os.environ['PATH'])
767 774
768 775
769 776 def obfuscate_url_pw(engine):
770 777 _url = engine or ''
771 778 try:
772 779 _url = sqlalchemy.engine.url.make_url(engine)
773 780 if _url.password:
774 781 _url.password = 'XXXXX'
775 782 except Exception:
776 783 pass
777 784 return unicode(_url)
778 785
779 786
780 787 def get_server_url(environ):
781 788 req = webob.Request(environ)
782 789 return req.host_url + req.script_name
783 790
784 791
785 792 def unique_id(hexlen=32):
786 793 alphabet = "23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjklmnpqrstuvwxyz"
787 794 return suuid(truncate_to=hexlen, alphabet=alphabet)
788 795
789 796
790 797 def suuid(url=None, truncate_to=22, alphabet=None):
791 798 """
792 799 Generate and return a short URL safe UUID.
793 800
794 801 If the url parameter is provided, set the namespace to the provided
795 802 URL and generate a UUID.
796 803
797 804 :param url to get the uuid for
798 805 :truncate_to: truncate the basic 22 UUID to shorter version
799 806
800 807 The IDs won't be universally unique any longer, but the probability of
801 808 a collision will still be very low.
802 809 """
803 810 # Define our alphabet.
804 811 _ALPHABET = alphabet or "23456789ABCDEFGHJKLMNPQRSTUVWXYZ"
805 812
806 813 # If no URL is given, generate a random UUID.
807 814 if url is None:
808 815 unique_id = uuid.uuid4().int
809 816 else:
810 817 unique_id = uuid.uuid3(uuid.NAMESPACE_URL, url).int
811 818
812 819 alphabet_length = len(_ALPHABET)
813 820 output = []
814 821 while unique_id > 0:
815 822 digit = unique_id % alphabet_length
816 823 output.append(_ALPHABET[digit])
817 824 unique_id = int(unique_id / alphabet_length)
818 825 return "".join(output)[:truncate_to]
819 826
820 827
821 828 def get_current_rhodecode_user(request=None):
822 829 """
823 830 Gets rhodecode user from request
824 831 """
825 832 pyramid_request = request or pyramid.threadlocal.get_current_request()
826 833
827 834 # web case
828 835 if pyramid_request and hasattr(pyramid_request, 'user'):
829 836 return pyramid_request.user
830 837
831 838 # api case
832 839 if pyramid_request and hasattr(pyramid_request, 'rpc_user'):
833 840 return pyramid_request.rpc_user
834 841
835 842 return None
836 843
837 844
838 845 def action_logger_generic(action, namespace=''):
839 846 """
840 847 A generic logger for actions useful to the system overview, tries to find
841 848 an acting user for the context of the call otherwise reports unknown user
842 849
843 850 :param action: logging message eg 'comment 5 deleted'
844 851 :param type: string
845 852
846 853 :param namespace: namespace of the logging message eg. 'repo.comments'
847 854 :param type: string
848 855
849 856 """
850 857
851 858 logger_name = 'rhodecode.actions'
852 859
853 860 if namespace:
854 861 logger_name += '.' + namespace
855 862
856 863 log = logging.getLogger(logger_name)
857 864
858 865 # get a user if we can
859 866 user = get_current_rhodecode_user()
860 867
861 868 logfunc = log.info
862 869
863 870 if not user:
864 871 user = '<unknown user>'
865 872 logfunc = log.warning
866 873
867 874 logfunc('Logging action by {}: {}'.format(user, action))
868 875
869 876
870 877 def escape_split(text, sep=',', maxsplit=-1):
871 878 r"""
872 879 Allows for escaping of the separator: e.g. arg='foo\, bar'
873 880
874 881 It should be noted that the way bash et. al. do command line parsing, those
875 882 single quotes are required.
876 883 """
877 884 escaped_sep = r'\%s' % sep
878 885
879 886 if escaped_sep not in text:
880 887 return text.split(sep, maxsplit)
881 888
882 889 before, _mid, after = text.partition(escaped_sep)
883 890 startlist = before.split(sep, maxsplit) # a regular split is fine here
884 891 unfinished = startlist[-1]
885 892 startlist = startlist[:-1]
886 893
887 894 # recurse because there may be more escaped separators
888 895 endlist = escape_split(after, sep, maxsplit)
889 896
890 897 # finish building the escaped value. we use endlist[0] becaue the first
891 898 # part of the string sent in recursion is the rest of the escaped value.
892 899 unfinished += sep + endlist[0]
893 900
894 901 return startlist + [unfinished] + endlist[1:] # put together all the parts
895 902
896 903
897 904 class OptionalAttr(object):
898 905 """
899 906 Special Optional Option that defines other attribute. Example::
900 907
901 908 def test(apiuser, userid=Optional(OAttr('apiuser')):
902 909 user = Optional.extract(userid)
903 910 # calls
904 911
905 912 """
906 913
907 914 def __init__(self, attr_name):
908 915 self.attr_name = attr_name
909 916
910 917 def __repr__(self):
911 918 return '<OptionalAttr:%s>' % self.attr_name
912 919
913 920 def __call__(self):
914 921 return self
915 922
916 923
917 924 # alias
918 925 OAttr = OptionalAttr
919 926
920 927
921 928 class Optional(object):
922 929 """
923 930 Defines an optional parameter::
924 931
925 932 param = param.getval() if isinstance(param, Optional) else param
926 933 param = param() if isinstance(param, Optional) else param
927 934
928 935 is equivalent of::
929 936
930 937 param = Optional.extract(param)
931 938
932 939 """
933 940
934 941 def __init__(self, type_):
935 942 self.type_ = type_
936 943
937 944 def __repr__(self):
938 945 return '<Optional:%s>' % self.type_.__repr__()
939 946
940 947 def __call__(self):
941 948 return self.getval()
942 949
943 950 def getval(self):
944 951 """
945 952 returns value from this Optional instance
946 953 """
947 954 if isinstance(self.type_, OAttr):
948 955 # use params name
949 956 return self.type_.attr_name
950 957 return self.type_
951 958
952 959 @classmethod
953 960 def extract(cls, val):
954 961 """
955 962 Extracts value from Optional() instance
956 963
957 964 :param val:
958 965 :return: original value if it's not Optional instance else
959 966 value of instance
960 967 """
961 968 if isinstance(val, cls):
962 969 return val.getval()
963 970 return val
964 971
965 972
966 973 def glob2re(pat):
967 974 """
968 975 Translate a shell PATTERN to a regular expression.
969 976
970 977 There is no way to quote meta-characters.
971 978 """
972 979
973 980 i, n = 0, len(pat)
974 981 res = ''
975 982 while i < n:
976 983 c = pat[i]
977 984 i = i+1
978 985 if c == '*':
979 986 #res = res + '.*'
980 987 res = res + '[^/]*'
981 988 elif c == '?':
982 989 #res = res + '.'
983 990 res = res + '[^/]'
984 991 elif c == '[':
985 992 j = i
986 993 if j < n and pat[j] == '!':
987 994 j = j+1
988 995 if j < n and pat[j] == ']':
989 996 j = j+1
990 997 while j < n and pat[j] != ']':
991 998 j = j+1
992 999 if j >= n:
993 1000 res = res + '\\['
994 1001 else:
995 1002 stuff = pat[i:j].replace('\\','\\\\')
996 1003 i = j+1
997 1004 if stuff[0] == '!':
998 1005 stuff = '^' + stuff[1:]
999 1006 elif stuff[0] == '^':
1000 1007 stuff = '\\' + stuff
1001 1008 res = '%s[%s]' % (res, stuff)
1002 1009 else:
1003 1010 res = res + re.escape(c)
1004 1011 return res + '\Z(?ms)'
Show file before | Show file after | Hide comments
@@ -1,4506 +1,4662 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 Database Models for RhodeCode Enterprise
23 23 """
24 24
25 25 import re
26 26 import os
27 27 import time
28 28 import hashlib
29 29 import logging
30 30 import datetime
31 31 import warnings
32 32 import ipaddress
33 33 import functools
34 34 import traceback
35 35 import collections
36 36
37 37 from sqlalchemy import (
38 38 or_, and_, not_, func, TypeDecorator, event,
39 39 Index, Sequence, UniqueConstraint, ForeignKey, CheckConstraint, Column,
40 40 Boolean, String, Unicode, UnicodeText, DateTime, Integer, LargeBinary,
41 41 Text, Float, PickleType)
42 42 from sqlalchemy.sql.expression import true, false
43 43 from sqlalchemy.sql.functions import coalesce, count # noqa
44 44 from sqlalchemy.orm import (
45 45 relationship, joinedload, class_mapper, validates, aliased)
46 46 from sqlalchemy.ext.declarative import declared_attr
47 47 from sqlalchemy.ext.hybrid import hybrid_property
48 48 from sqlalchemy.exc import IntegrityError # noqa
49 49 from sqlalchemy.dialects.mysql import LONGTEXT
50 50 from zope.cachedescriptors.property import Lazy as LazyProperty
51 51
52 52 from pyramid.threadlocal import get_current_request
53 53
54 54 from rhodecode.translation import _
55 55 from rhodecode.lib.vcs import get_vcs_instance
56 56 from rhodecode.lib.vcs.backends.base import EmptyCommit, Reference
57 57 from rhodecode.lib.utils2 import (
58 58 str2bool, safe_str, get_commit_safe, safe_unicode, sha1_safe,
59 59 time_to_datetime, aslist, Optional, safe_int, get_clone_url, AttributeDict,
60 60 glob2re, StrictAttributeDict, cleaned_uri)
61 61 from rhodecode.lib.jsonalchemy import MutationObj, MutationList, JsonType, \
62 62 JsonRaw
63 63 from rhodecode.lib.ext_json import json
64 64 from rhodecode.lib.caching_query import FromCache
65 65 from rhodecode.lib.encrypt import AESCipher
66 66
67 67 from rhodecode.model.meta import Base, Session
68 68
69 69 URL_SEP = '/'
70 70 log = logging.getLogger(__name__)
71 71
72 72 # =============================================================================
73 73 # BASE CLASSES
74 74 # =============================================================================
75 75
76 76 # this is propagated from .ini file rhodecode.encrypted_values.secret or
77 77 # beaker.session.secret if first is not set.
78 78 # and initialized at environment.py
79 79 ENCRYPTION_KEY = None
80 80
81 81 # used to sort permissions by types, '#' used here is not allowed to be in
82 82 # usernames, and it's very early in sorted string.printable table.
83 83 PERMISSION_TYPE_SORT = {
84 84 'admin': '####',
85 85 'write': '###',
86 86 'read': '##',
87 87 'none': '#',
88 88 }
89 89
90 90
91 91 def display_user_sort(obj):
92 92 """
93 93 Sort function used to sort permissions in .permissions() function of
94 94 Repository, RepoGroup, UserGroup. Also it put the default user in front
95 95 of all other resources
96 96 """
97 97
98 98 if obj.username == User.DEFAULT_USER:
99 99 return '#####'
100 100 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
101 101 return prefix + obj.username
102 102
103 103
104 104 def display_user_group_sort(obj):
105 105 """
106 106 Sort function used to sort permissions in .permissions() function of
107 107 Repository, RepoGroup, UserGroup. Also it put the default user in front
108 108 of all other resources
109 109 """
110 110
111 111 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
112 112 return prefix + obj.users_group_name
113 113
114 114
115 115 def _hash_key(k):
116 116 return sha1_safe(k)
117 117
118 118
119 119 def in_filter_generator(qry, items, limit=500):
120 120 """
121 121 Splits IN() into multiple with OR
122 122 e.g.::
123 123 cnt = Repository.query().filter(
124 124 or_(
125 125 *in_filter_generator(Repository.repo_id, range(100000))
126 126 )).count()
127 127 """
128 128 if not items:
129 129 # empty list will cause empty query which might cause security issues
130 130 # this can lead to hidden unpleasant results
131 131 items = [-1]
132 132
133 133 parts = []
134 134 for chunk in xrange(0, len(items), limit):
135 135 parts.append(
136 136 qry.in_(items[chunk: chunk + limit])
137 137 )
138 138
139 139 return parts
140 140
141 141
142 142 base_table_args = {
143 143 'extend_existing': True,
144 144 'mysql_engine': 'InnoDB',
145 145 'mysql_charset': 'utf8',
146 146 'sqlite_autoincrement': True
147 147 }
148 148
149 149
150 150 class EncryptedTextValue(TypeDecorator):
151 151 """
152 152 Special column for encrypted long text data, use like::
153 153
154 154 value = Column("encrypted_value", EncryptedValue(), nullable=False)
155 155
156 156 This column is intelligent so if value is in unencrypted form it return
157 157 unencrypted form, but on save it always encrypts
158 158 """
159 159 impl = Text
160 160
161 161 def process_bind_param(self, value, dialect):
162 162 if not value:
163 163 return value
164 164 if value.startswith('enc$aes$') or value.startswith('enc$aes_hmac$'):
165 165 # protect against double encrypting if someone manually starts
166 166 # doing
167 167 raise ValueError('value needs to be in unencrypted format, ie. '
168 168 'not starting with enc$aes')
169 169 return 'enc$aes_hmac$%s' % AESCipher(
170 170 ENCRYPTION_KEY, hmac=True).encrypt(value)
171 171
172 172 def process_result_value(self, value, dialect):
173 173 import rhodecode
174 174
175 175 if not value:
176 176 return value
177 177
178 178 parts = value.split('$', 3)
179 179 if not len(parts) == 3:
180 180 # probably not encrypted values
181 181 return value
182 182 else:
183 183 if parts[0] != 'enc':
184 184 # parts ok but without our header ?
185 185 return value
186 186 enc_strict_mode = str2bool(rhodecode.CONFIG.get(
187 187 'rhodecode.encrypted_values.strict') or True)
188 188 # at that stage we know it's our encryption
189 189 if parts[1] == 'aes':
190 190 decrypted_data = AESCipher(ENCRYPTION_KEY).decrypt(parts[2])
191 191 elif parts[1] == 'aes_hmac':
192 192 decrypted_data = AESCipher(
193 193 ENCRYPTION_KEY, hmac=True,
194 194 strict_verification=enc_strict_mode).decrypt(parts[2])
195 195 else:
196 196 raise ValueError(
197 197 'Encryption type part is wrong, must be `aes` '
198 198 'or `aes_hmac`, got `%s` instead' % (parts[1]))
199 199 return decrypted_data
200 200
201 201
202 202 class BaseModel(object):
203 203 """
204 204 Base Model for all classes
205 205 """
206 206
207 207 @classmethod
208 208 def _get_keys(cls):
209 209 """return column names for this model """
210 210 return class_mapper(cls).c.keys()
211 211
212 212 def get_dict(self):
213 213 """
214 214 return dict with keys and values corresponding
215 215 to this model data """
216 216
217 217 d = {}
218 218 for k in self._get_keys():
219 219 d[k] = getattr(self, k)
220 220
221 221 # also use __json__() if present to get additional fields
222 222 _json_attr = getattr(self, '__json__', None)
223 223 if _json_attr:
224 224 # update with attributes from __json__
225 225 if callable(_json_attr):
226 226 _json_attr = _json_attr()
227 227 for k, val in _json_attr.iteritems():
228 228 d[k] = val
229 229 return d
230 230
231 231 def get_appstruct(self):
232 232 """return list with keys and values tuples corresponding
233 233 to this model data """
234 234
235 235 lst = []
236 236 for k in self._get_keys():
237 237 lst.append((k, getattr(self, k),))
238 238 return lst
239 239
240 240 def populate_obj(self, populate_dict):
241 241 """populate model with data from given populate_dict"""
242 242
243 243 for k in self._get_keys():
244 244 if k in populate_dict:
245 245 setattr(self, k, populate_dict[k])
246 246
247 247 @classmethod
248 248 def query(cls):
249 249 return Session().query(cls)
250 250
251 251 @classmethod
252 252 def get(cls, id_):
253 253 if id_:
254 254 return cls.query().get(id_)
255 255
256 256 @classmethod
257 257 def get_or_404(cls, id_):
258 258 from pyramid.httpexceptions import HTTPNotFound
259 259
260 260 try:
261 261 id_ = int(id_)
262 262 except (TypeError, ValueError):
263 263 raise HTTPNotFound()
264 264
265 265 res = cls.query().get(id_)
266 266 if not res:
267 267 raise HTTPNotFound()
268 268 return res
269 269
270 270 @classmethod
271 271 def getAll(cls):
272 272 # deprecated and left for backward compatibility
273 273 return cls.get_all()
274 274
275 275 @classmethod
276 276 def get_all(cls):
277 277 return cls.query().all()
278 278
279 279 @classmethod
280 280 def delete(cls, id_):
281 281 obj = cls.query().get(id_)
282 282 Session().delete(obj)
283 283
284 284 @classmethod
285 285 def identity_cache(cls, session, attr_name, value):
286 286 exist_in_session = []
287 287 for (item_cls, pkey), instance in session.identity_map.items():
288 288 if cls == item_cls and getattr(instance, attr_name) == value:
289 289 exist_in_session.append(instance)
290 290 if exist_in_session:
291 291 if len(exist_in_session) == 1:
292 292 return exist_in_session[0]
293 293 log.exception(
294 294 'multiple objects with attr %s and '
295 295 'value %s found with same name: %r',
296 296 attr_name, value, exist_in_session)
297 297
298 298 def __repr__(self):
299 299 if hasattr(self, '__unicode__'):
300 300 # python repr needs to return str
301 301 try:
302 302 return safe_str(self.__unicode__())
303 303 except UnicodeDecodeError:
304 304 pass
305 305 return '<DB:%s>' % (self.__class__.__name__)
306 306
307 307
308 308 class RhodeCodeSetting(Base, BaseModel):
309 309 __tablename__ = 'rhodecode_settings'
310 310 __table_args__ = (
311 311 UniqueConstraint('app_settings_name'),
312 312 base_table_args
313 313 )
314 314
315 315 SETTINGS_TYPES = {
316 316 'str': safe_str,
317 317 'int': safe_int,
318 318 'unicode': safe_unicode,
319 319 'bool': str2bool,
320 320 'list': functools.partial(aslist, sep=',')
321 321 }
322 322 DEFAULT_UPDATE_URL = 'https://rhodecode.com/api/v1/info/versions'
323 323 GLOBAL_CONF_KEY = 'app_settings'
324 324
325 325 app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
326 326 app_settings_name = Column("app_settings_name", String(255), nullable=True, unique=None, default=None)
327 327 _app_settings_value = Column("app_settings_value", String(4096), nullable=True, unique=None, default=None)
328 328 _app_settings_type = Column("app_settings_type", String(255), nullable=True, unique=None, default=None)
329 329
330 330 def __init__(self, key='', val='', type='unicode'):
331 331 self.app_settings_name = key
332 332 self.app_settings_type = type
333 333 self.app_settings_value = val
334 334
335 335 @validates('_app_settings_value')
336 336 def validate_settings_value(self, key, val):
337 337 assert type(val) == unicode
338 338 return val
339 339
340 340 @hybrid_property
341 341 def app_settings_value(self):
342 342 v = self._app_settings_value
343 343 _type = self.app_settings_type
344 344 if _type:
345 345 _type = self.app_settings_type.split('.')[0]
346 346 # decode the encrypted value
347 347 if 'encrypted' in self.app_settings_type:
348 348 cipher = EncryptedTextValue()
349 349 v = safe_unicode(cipher.process_result_value(v, None))
350 350
351 351 converter = self.SETTINGS_TYPES.get(_type) or \
352 352 self.SETTINGS_TYPES['unicode']
353 353 return converter(v)
354 354
355 355 @app_settings_value.setter
356 356 def app_settings_value(self, val):
357 357 """
358 358 Setter that will always make sure we use unicode in app_settings_value
359 359
360 360 :param val:
361 361 """
362 362 val = safe_unicode(val)
363 363 # encode the encrypted value
364 364 if 'encrypted' in self.app_settings_type:
365 365 cipher = EncryptedTextValue()
366 366 val = safe_unicode(cipher.process_bind_param(val, None))
367 367 self._app_settings_value = val
368 368
369 369 @hybrid_property
370 370 def app_settings_type(self):
371 371 return self._app_settings_type
372 372
373 373 @app_settings_type.setter
374 374 def app_settings_type(self, val):
375 375 if val.split('.')[0] not in self.SETTINGS_TYPES:
376 376 raise Exception('type must be one of %s got %s'
377 377 % (self.SETTINGS_TYPES.keys(), val))
378 378 self._app_settings_type = val
379 379
380 380 def __unicode__(self):
381 381 return u"<%s('%s:%s[%s]')>" % (
382 382 self.__class__.__name__,
383 383 self.app_settings_name, self.app_settings_value,
384 384 self.app_settings_type
385 385 )
386 386
387 387
388 388 class RhodeCodeUi(Base, BaseModel):
389 389 __tablename__ = 'rhodecode_ui'
390 390 __table_args__ = (
391 391 UniqueConstraint('ui_key'),
392 392 base_table_args
393 393 )
394 394
395 395 HOOK_REPO_SIZE = 'changegroup.repo_size'
396 396 # HG
397 397 HOOK_PRE_PULL = 'preoutgoing.pre_pull'
398 398 HOOK_PULL = 'outgoing.pull_logger'
399 399 HOOK_PRE_PUSH = 'prechangegroup.pre_push'
400 400 HOOK_PRETX_PUSH = 'pretxnchangegroup.pre_push'
401 401 HOOK_PUSH = 'changegroup.push_logger'
402 402 HOOK_PUSH_KEY = 'pushkey.key_push'
403 403
404 404 # TODO: johbo: Unify way how hooks are configured for git and hg,
405 405 # git part is currently hardcoded.
406 406
407 407 # SVN PATTERNS
408 408 SVN_BRANCH_ID = 'vcs_svn_branch'
409 409 SVN_TAG_ID = 'vcs_svn_tag'
410 410
411 411 ui_id = Column(
412 412 "ui_id", Integer(), nullable=False, unique=True, default=None,
413 413 primary_key=True)
414 414 ui_section = Column(
415 415 "ui_section", String(255), nullable=True, unique=None, default=None)
416 416 ui_key = Column(
417 417 "ui_key", String(255), nullable=True, unique=None, default=None)
418 418 ui_value = Column(
419 419 "ui_value", String(255), nullable=True, unique=None, default=None)
420 420 ui_active = Column(
421 421 "ui_active", Boolean(), nullable=True, unique=None, default=True)
422 422
423 423 def __repr__(self):
424 424 return '<%s[%s]%s=>%s]>' % (self.__class__.__name__, self.ui_section,
425 425 self.ui_key, self.ui_value)
426 426
427 427
428 428 class RepoRhodeCodeSetting(Base, BaseModel):
429 429 __tablename__ = 'repo_rhodecode_settings'
430 430 __table_args__ = (
431 431 UniqueConstraint(
432 432 'app_settings_name', 'repository_id',
433 433 name='uq_repo_rhodecode_setting_name_repo_id'),
434 434 base_table_args
435 435 )
436 436
437 437 repository_id = Column(
438 438 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
439 439 nullable=False)
440 440 app_settings_id = Column(
441 441 "app_settings_id", Integer(), nullable=False, unique=True,
442 442 default=None, primary_key=True)
443 443 app_settings_name = Column(
444 444 "app_settings_name", String(255), nullable=True, unique=None,
445 445 default=None)
446 446 _app_settings_value = Column(
447 447 "app_settings_value", String(4096), nullable=True, unique=None,
448 448 default=None)
449 449 _app_settings_type = Column(
450 450 "app_settings_type", String(255), nullable=True, unique=None,
451 451 default=None)
452 452
453 453 repository = relationship('Repository')
454 454
455 455 def __init__(self, repository_id, key='', val='', type='unicode'):
456 456 self.repository_id = repository_id
457 457 self.app_settings_name = key
458 458 self.app_settings_type = type
459 459 self.app_settings_value = val
460 460
461 461 @validates('_app_settings_value')
462 462 def validate_settings_value(self, key, val):
463 463 assert type(val) == unicode
464 464 return val
465 465
466 466 @hybrid_property
467 467 def app_settings_value(self):
468 468 v = self._app_settings_value
469 469 type_ = self.app_settings_type
470 470 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
471 471 converter = SETTINGS_TYPES.get(type_) or SETTINGS_TYPES['unicode']
472 472 return converter(v)
473 473
474 474 @app_settings_value.setter
475 475 def app_settings_value(self, val):
476 476 """
477 477 Setter that will always make sure we use unicode in app_settings_value
478 478
479 479 :param val:
480 480 """
481 481 self._app_settings_value = safe_unicode(val)
482 482
483 483 @hybrid_property
484 484 def app_settings_type(self):
485 485 return self._app_settings_type
486 486
487 487 @app_settings_type.setter
488 488 def app_settings_type(self, val):
489 489 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
490 490 if val not in SETTINGS_TYPES:
491 491 raise Exception('type must be one of %s got %s'
492 492 % (SETTINGS_TYPES.keys(), val))
493 493 self._app_settings_type = val
494 494
495 495 def __unicode__(self):
496 496 return u"<%s('%s:%s:%s[%s]')>" % (
497 497 self.__class__.__name__, self.repository.repo_name,
498 498 self.app_settings_name, self.app_settings_value,
499 499 self.app_settings_type
500 500 )
501 501
502 502
503 503 class RepoRhodeCodeUi(Base, BaseModel):
504 504 __tablename__ = 'repo_rhodecode_ui'
505 505 __table_args__ = (
506 506 UniqueConstraint(
507 507 'repository_id', 'ui_section', 'ui_key',
508 508 name='uq_repo_rhodecode_ui_repository_id_section_key'),
509 509 base_table_args
510 510 )
511 511
512 512 repository_id = Column(
513 513 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
514 514 nullable=False)
515 515 ui_id = Column(
516 516 "ui_id", Integer(), nullable=False, unique=True, default=None,
517 517 primary_key=True)
518 518 ui_section = Column(
519 519 "ui_section", String(255), nullable=True, unique=None, default=None)
520 520 ui_key = Column(
521 521 "ui_key", String(255), nullable=True, unique=None, default=None)
522 522 ui_value = Column(
523 523 "ui_value", String(255), nullable=True, unique=None, default=None)
524 524 ui_active = Column(
525 525 "ui_active", Boolean(), nullable=True, unique=None, default=True)
526 526
527 527 repository = relationship('Repository')
528 528
529 529 def __repr__(self):
530 530 return '<%s[%s:%s]%s=>%s]>' % (
531 531 self.__class__.__name__, self.repository.repo_name,
532 532 self.ui_section, self.ui_key, self.ui_value)
533 533
534 534
535 535 class User(Base, BaseModel):
536 536 __tablename__ = 'users'
537 537 __table_args__ = (
538 538 UniqueConstraint('username'), UniqueConstraint('email'),
539 539 Index('u_username_idx', 'username'),
540 540 Index('u_email_idx', 'email'),
541 541 base_table_args
542 542 )
543 543
544 544 DEFAULT_USER = 'default'
545 545 DEFAULT_USER_EMAIL = 'anonymous@rhodecode.org'
546 546 DEFAULT_GRAVATAR_URL = 'https://secure.gravatar.com/avatar/{md5email}?d=identicon&s={size}'
547 547
548 548 user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
549 549 username = Column("username", String(255), nullable=True, unique=None, default=None)
550 550 password = Column("password", String(255), nullable=True, unique=None, default=None)
551 551 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
552 552 admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
553 553 name = Column("firstname", String(255), nullable=True, unique=None, default=None)
554 554 lastname = Column("lastname", String(255), nullable=True, unique=None, default=None)
555 555 _email = Column("email", String(255), nullable=True, unique=None, default=None)
556 556 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
557 557 last_activity = Column('last_activity', DateTime(timezone=False), nullable=True, unique=None, default=None)
558 558
559 559 extern_type = Column("extern_type", String(255), nullable=True, unique=None, default=None)
560 560 extern_name = Column("extern_name", String(255), nullable=True, unique=None, default=None)
561 561 _api_key = Column("api_key", String(255), nullable=True, unique=None, default=None)
562 562 inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
563 563 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
564 564 _user_data = Column("user_data", LargeBinary(), nullable=True) # JSON data
565 565
566 566 user_log = relationship('UserLog')
567 567 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
568 568
569 569 repositories = relationship('Repository')
570 570 repository_groups = relationship('RepoGroup')
571 571 user_groups = relationship('UserGroup')
572 572
573 573 user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
574 574 followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')
575 575
576 576 repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
577 577 repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')
578 578 user_group_to_perm = relationship('UserUserGroupToPerm', primaryjoin='UserUserGroupToPerm.user_id==User.user_id', cascade='all')
579 579
580 580 group_member = relationship('UserGroupMember', cascade='all')
581 581
582 582 notifications = relationship('UserNotification', cascade='all')
583 583 # notifications assigned to this user
584 584 user_created_notifications = relationship('Notification', cascade='all')
585 585 # comments created by this user
586 586 user_comments = relationship('ChangesetComment', cascade='all')
587 587 # user profile extra info
588 588 user_emails = relationship('UserEmailMap', cascade='all')
589 589 user_ip_map = relationship('UserIpMap', cascade='all')
590 590 user_auth_tokens = relationship('UserApiKeys', cascade='all')
591 591 user_ssh_keys = relationship('UserSshKeys', cascade='all')
592 592
593 593 # gists
594 594 user_gists = relationship('Gist', cascade='all')
595 595 # user pull requests
596 596 user_pull_requests = relationship('PullRequest', cascade='all')
597 597 # external identities
598 598 extenal_identities = relationship(
599 599 'ExternalIdentity',
600 600 primaryjoin="User.user_id==ExternalIdentity.local_user_id",
601 601 cascade='all')
602 602 # review rules
603 603 user_review_rules = relationship('RepoReviewRuleUser', cascade='all')
604 604
605 605 def __unicode__(self):
606 606 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
607 607 self.user_id, self.username)
608 608
609 609 @hybrid_property
610 610 def email(self):
611 611 return self._email
612 612
613 613 @email.setter
614 614 def email(self, val):
615 615 self._email = val.lower() if val else None
616 616
617 617 @hybrid_property
618 618 def first_name(self):
619 619 from rhodecode.lib import helpers as h
620 620 if self.name:
621 621 return h.escape(self.name)
622 622 return self.name
623 623
624 624 @hybrid_property
625 625 def last_name(self):
626 626 from rhodecode.lib import helpers as h
627 627 if self.lastname:
628 628 return h.escape(self.lastname)
629 629 return self.lastname
630 630
631 631 @hybrid_property
632 632 def api_key(self):
633 633 """
634 634 Fetch if exist an auth-token with role ALL connected to this user
635 635 """
636 636 user_auth_token = UserApiKeys.query()\
637 637 .filter(UserApiKeys.user_id == self.user_id)\
638 638 .filter(or_(UserApiKeys.expires == -1,
639 639 UserApiKeys.expires >= time.time()))\
640 640 .filter(UserApiKeys.role == UserApiKeys.ROLE_ALL).first()
641 641 if user_auth_token:
642 642 user_auth_token = user_auth_token.api_key
643 643
644 644 return user_auth_token
645 645
646 646 @api_key.setter
647 647 def api_key(self, val):
648 648 # don't allow to set API key this is deprecated for now
649 649 self._api_key = None
650 650
651 651 @property
652 652 def reviewer_pull_requests(self):
653 653 return PullRequestReviewers.query() \
654 654 .options(joinedload(PullRequestReviewers.pull_request)) \
655 655 .filter(PullRequestReviewers.user_id == self.user_id) \
656 656 .all()
657 657
658 658 @property
659 659 def firstname(self):
660 660 # alias for future
661 661 return self.name
662 662
663 663 @property
664 664 def emails(self):
665 665 other = UserEmailMap.query()\
666 666 .filter(UserEmailMap.user == self) \
667 667 .order_by(UserEmailMap.email_id.asc()) \
668 668 .all()
669 669 return [self.email] + [x.email for x in other]
670 670
671 671 @property
672 672 def auth_tokens(self):
673 673 auth_tokens = self.get_auth_tokens()
674 674 return [x.api_key for x in auth_tokens]
675 675
676 676 def get_auth_tokens(self):
677 677 return UserApiKeys.query()\
678 678 .filter(UserApiKeys.user == self)\
679 679 .order_by(UserApiKeys.user_api_key_id.asc())\
680 680 .all()
681 681
682 682 @LazyProperty
683 683 def feed_token(self):
684 684 return self.get_feed_token()
685 685
686 686 def get_feed_token(self, cache=True):
687 687 feed_tokens = UserApiKeys.query()\
688 688 .filter(UserApiKeys.user == self)\
689 689 .filter(UserApiKeys.role == UserApiKeys.ROLE_FEED)
690 690 if cache:
691 691 feed_tokens = feed_tokens.options(
692 692 FromCache("sql_cache_short", "get_user_feed_token_%s" % self.user_id))
693 693
694 694 feed_tokens = feed_tokens.all()
695 695 if feed_tokens:
696 696 return feed_tokens[0].api_key
697 697 return 'NO_FEED_TOKEN_AVAILABLE'
698 698
699 699 @classmethod
700 700 def get(cls, user_id, cache=False):
701 701 if not user_id:
702 702 return
703 703
704 704 user = cls.query()
705 705 if cache:
706 706 user = user.options(
707 707 FromCache("sql_cache_short", "get_users_%s" % user_id))
708 708 return user.get(user_id)
709 709
710 710 @classmethod
711 711 def extra_valid_auth_tokens(cls, user, role=None):
712 712 tokens = UserApiKeys.query().filter(UserApiKeys.user == user)\
713 713 .filter(or_(UserApiKeys.expires == -1,
714 714 UserApiKeys.expires >= time.time()))
715 715 if role:
716 716 tokens = tokens.filter(or_(UserApiKeys.role == role,
717 717 UserApiKeys.role == UserApiKeys.ROLE_ALL))
718 718 return tokens.all()
719 719
720 720 def authenticate_by_token(self, auth_token, roles=None, scope_repo_id=None):
721 721 from rhodecode.lib import auth
722 722
723 723 log.debug('Trying to authenticate user: %s via auth-token, '
724 724 'and roles: %s', self, roles)
725 725
726 726 if not auth_token:
727 727 return False
728 728
729 729 crypto_backend = auth.crypto_backend()
730 730
731 731 roles = (roles or []) + [UserApiKeys.ROLE_ALL]
732 732 tokens_q = UserApiKeys.query()\
733 733 .filter(UserApiKeys.user_id == self.user_id)\
734 734 .filter(or_(UserApiKeys.expires == -1,
735 735 UserApiKeys.expires >= time.time()))
736 736
737 737 tokens_q = tokens_q.filter(UserApiKeys.role.in_(roles))
738 738
739 739 plain_tokens = []
740 740 hash_tokens = []
741 741
742 742 for token in tokens_q.all():
743 743 # verify scope first
744 744 if token.repo_id:
745 745 # token has a scope, we need to verify it
746 746 if scope_repo_id != token.repo_id:
747 747 log.debug(
748 748 'Scope mismatch: token has a set repo scope: %s, '
749 749 'and calling scope is:%s, skipping further checks',
750 750 token.repo, scope_repo_id)
751 751 # token has a scope, and it doesn't match, skip token
752 752 continue
753 753
754 754 if token.api_key.startswith(crypto_backend.ENC_PREF):
755 755 hash_tokens.append(token.api_key)
756 756 else:
757 757 plain_tokens.append(token.api_key)
758 758
759 759 is_plain_match = auth_token in plain_tokens
760 760 if is_plain_match:
761 761 return True
762 762
763 763 for hashed in hash_tokens:
764 764 # TODO(marcink): this is expensive to calculate, but most secure
765 765 match = crypto_backend.hash_check(auth_token, hashed)
766 766 if match:
767 767 return True
768 768
769 769 return False
770 770
771 771 @property
772 772 def ip_addresses(self):
773 773 ret = UserIpMap.query().filter(UserIpMap.user == self).all()
774 774 return [x.ip_addr for x in ret]
775 775
776 776 @property
777 777 def username_and_name(self):
778 778 return '%s (%s %s)' % (self.username, self.first_name, self.last_name)
779 779
780 780 @property
781 781 def username_or_name_or_email(self):
782 782 full_name = self.full_name if self.full_name is not ' ' else None
783 783 return self.username or full_name or self.email
784 784
785 785 @property
786 786 def full_name(self):
787 787 return '%s %s' % (self.first_name, self.last_name)
788 788
789 789 @property
790 790 def full_name_or_username(self):
791 791 return ('%s %s' % (self.first_name, self.last_name)
792 792 if (self.first_name and self.last_name) else self.username)
793 793
794 794 @property
795 795 def full_contact(self):
796 796 return '%s %s <%s>' % (self.first_name, self.last_name, self.email)
797 797
798 798 @property
799 799 def short_contact(self):
800 800 return '%s %s' % (self.first_name, self.last_name)
801 801
802 802 @property
803 803 def is_admin(self):
804 804 return self.admin
805 805
806 806 def AuthUser(self, **kwargs):
807 807 """
808 808 Returns instance of AuthUser for this user
809 809 """
810 810 from rhodecode.lib.auth import AuthUser
811 811 return AuthUser(user_id=self.user_id, username=self.username, **kwargs)
812 812
813 813 @hybrid_property
814 814 def user_data(self):
815 815 if not self._user_data:
816 816 return {}
817 817
818 818 try:
819 819 return json.loads(self._user_data)
820 820 except TypeError:
821 821 return {}
822 822
823 823 @user_data.setter
824 824 def user_data(self, val):
825 825 if not isinstance(val, dict):
826 826 raise Exception('user_data must be dict, got %s' % type(val))
827 827 try:
828 828 self._user_data = json.dumps(val)
829 829 except Exception:
830 830 log.error(traceback.format_exc())
831 831
832 832 @classmethod
833 833 def get_by_username(cls, username, case_insensitive=False,
834 834 cache=False, identity_cache=False):
835 835 session = Session()
836 836
837 837 if case_insensitive:
838 838 q = cls.query().filter(
839 839 func.lower(cls.username) == func.lower(username))
840 840 else:
841 841 q = cls.query().filter(cls.username == username)
842 842
843 843 if cache:
844 844 if identity_cache:
845 845 val = cls.identity_cache(session, 'username', username)
846 846 if val:
847 847 return val
848 848 else:
849 849 cache_key = "get_user_by_name_%s" % _hash_key(username)
850 850 q = q.options(
851 851 FromCache("sql_cache_short", cache_key))
852 852
853 853 return q.scalar()
854 854
855 855 @classmethod
856 856 def get_by_auth_token(cls, auth_token, cache=False):
857 857 q = UserApiKeys.query()\
858 858 .filter(UserApiKeys.api_key == auth_token)\
859 859 .filter(or_(UserApiKeys.expires == -1,
860 860 UserApiKeys.expires >= time.time()))
861 861 if cache:
862 862 q = q.options(
863 863 FromCache("sql_cache_short", "get_auth_token_%s" % auth_token))
864 864
865 865 match = q.first()
866 866 if match:
867 867 return match.user
868 868
869 869 @classmethod
870 870 def get_by_email(cls, email, case_insensitive=False, cache=False):
871 871
872 872 if case_insensitive:
873 873 q = cls.query().filter(func.lower(cls.email) == func.lower(email))
874 874
875 875 else:
876 876 q = cls.query().filter(cls.email == email)
877 877
878 878 email_key = _hash_key(email)
879 879 if cache:
880 880 q = q.options(
881 881 FromCache("sql_cache_short", "get_email_key_%s" % email_key))
882 882
883 883 ret = q.scalar()
884 884 if ret is None:
885 885 q = UserEmailMap.query()
886 886 # try fetching in alternate email map
887 887 if case_insensitive:
888 888 q = q.filter(func.lower(UserEmailMap.email) == func.lower(email))
889 889 else:
890 890 q = q.filter(UserEmailMap.email == email)
891 891 q = q.options(joinedload(UserEmailMap.user))
892 892 if cache:
893 893 q = q.options(
894 894 FromCache("sql_cache_short", "get_email_map_key_%s" % email_key))
895 895 ret = getattr(q.scalar(), 'user', None)
896 896
897 897 return ret
898 898
899 899 @classmethod
900 900 def get_from_cs_author(cls, author):
901 901 """
902 902 Tries to get User objects out of commit author string
903 903
904 904 :param author:
905 905 """
906 906 from rhodecode.lib.helpers import email, author_name
907 907 # Valid email in the attribute passed, see if they're in the system
908 908 _email = email(author)
909 909 if _email:
910 910 user = cls.get_by_email(_email, case_insensitive=True)
911 911 if user:
912 912 return user
913 913 # Maybe we can match by username?
914 914 _author = author_name(author)
915 915 user = cls.get_by_username(_author, case_insensitive=True)
916 916 if user:
917 917 return user
918 918
919 919 def update_userdata(self, **kwargs):
920 920 usr = self
921 921 old = usr.user_data
922 922 old.update(**kwargs)
923 923 usr.user_data = old
924 924 Session().add(usr)
925 925 log.debug('updated userdata with ', kwargs)
926 926
927 927 def update_lastlogin(self):
928 928 """Update user lastlogin"""
929 929 self.last_login = datetime.datetime.now()
930 930 Session().add(self)
931 931 log.debug('updated user %s lastlogin', self.username)
932 932
933 933 def update_password(self, new_password):
934 934 from rhodecode.lib.auth import get_crypt_password
935 935
936 936 self.password = get_crypt_password(new_password)
937 937 Session().add(self)
938 938
939 939 @classmethod
940 940 def get_first_super_admin(cls):
941 941 user = User.query().filter(User.admin == true()).first()
942 942 if user is None:
943 943 raise Exception('FATAL: Missing administrative account!')
944 944 return user
945 945
946 946 @classmethod
947 947 def get_all_super_admins(cls):
948 948 """
949 949 Returns all admin accounts sorted by username
950 950 """
951 951 return User.query().filter(User.admin == true())\
952 952 .order_by(User.username.asc()).all()
953 953
954 954 @classmethod
955 955 def get_default_user(cls, cache=False, refresh=False):
956 956 user = User.get_by_username(User.DEFAULT_USER, cache=cache)
957 957 if user is None:
958 958 raise Exception('FATAL: Missing default account!')
959 959 if refresh:
960 960 # The default user might be based on outdated state which
961 961 # has been loaded from the cache.
962 962 # A call to refresh() ensures that the
963 963 # latest state from the database is used.
964 964 Session().refresh(user)
965 965 return user
966 966
967 967 def _get_default_perms(self, user, suffix=''):
968 968 from rhodecode.model.permission import PermissionModel
969 969 return PermissionModel().get_default_perms(user.user_perms, suffix)
970 970
971 971 def get_default_perms(self, suffix=''):
972 972 return self._get_default_perms(self, suffix)
973 973
974 974 def get_api_data(self, include_secrets=False, details='full'):
975 975 """
976 976 Common function for generating user related data for API
977 977
978 978 :param include_secrets: By default secrets in the API data will be replaced
979 979 by a placeholder value to prevent exposing this data by accident. In case
980 980 this data shall be exposed, set this flag to ``True``.
981 981
982 982 :param details: details can be 'basic|full' basic gives only a subset of
983 983 the available user information that includes user_id, name and emails.
984 984 """
985 985 user = self
986 986 user_data = self.user_data
987 987 data = {
988 988 'user_id': user.user_id,
989 989 'username': user.username,
990 990 'firstname': user.name,
991 991 'lastname': user.lastname,
992 992 'email': user.email,
993 993 'emails': user.emails,
994 994 }
995 995 if details == 'basic':
996 996 return data
997 997
998 998 auth_token_length = 40
999 999 auth_token_replacement = '*' * auth_token_length
1000 1000
1001 1001 extras = {
1002 1002 'auth_tokens': [auth_token_replacement],
1003 1003 'active': user.active,
1004 1004 'admin': user.admin,
1005 1005 'extern_type': user.extern_type,
1006 1006 'extern_name': user.extern_name,
1007 1007 'last_login': user.last_login,
1008 1008 'last_activity': user.last_activity,
1009 1009 'ip_addresses': user.ip_addresses,
1010 1010 'language': user_data.get('language')
1011 1011 }
1012 1012 data.update(extras)
1013 1013
1014 1014 if include_secrets:
1015 1015 data['auth_tokens'] = user.auth_tokens
1016 1016 return data
1017 1017
1018 1018 def __json__(self):
1019 1019 data = {
1020 1020 'full_name': self.full_name,
1021 1021 'full_name_or_username': self.full_name_or_username,
1022 1022 'short_contact': self.short_contact,
1023 1023 'full_contact': self.full_contact,
1024 1024 }
1025 1025 data.update(self.get_api_data())
1026 1026 return data
1027 1027
1028 1028
1029 1029 class UserApiKeys(Base, BaseModel):
1030 1030 __tablename__ = 'user_api_keys'
1031 1031 __table_args__ = (
1032 1032 Index('uak_api_key_idx', 'api_key', unique=True),
1033 1033 Index('uak_api_key_expires_idx', 'api_key', 'expires'),
1034 1034 base_table_args
1035 1035 )
1036 1036 __mapper_args__ = {}
1037 1037
1038 1038 # ApiKey role
1039 1039 ROLE_ALL = 'token_role_all'
1040 1040 ROLE_HTTP = 'token_role_http'
1041 1041 ROLE_VCS = 'token_role_vcs'
1042 1042 ROLE_API = 'token_role_api'
1043 1043 ROLE_FEED = 'token_role_feed'
1044 1044 ROLE_PASSWORD_RESET = 'token_password_reset'
1045 1045
1046 1046 ROLES = [ROLE_ALL, ROLE_HTTP, ROLE_VCS, ROLE_API, ROLE_FEED]
1047 1047
1048 1048 user_api_key_id = Column("user_api_key_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1049 1049 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1050 1050 api_key = Column("api_key", String(255), nullable=False, unique=True)
1051 1051 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1052 1052 expires = Column('expires', Float(53), nullable=False)
1053 1053 role = Column('role', String(255), nullable=True)
1054 1054 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1055 1055
1056 1056 # scope columns
1057 1057 repo_id = Column(
1058 1058 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
1059 1059 nullable=True, unique=None, default=None)
1060 1060 repo = relationship('Repository', lazy='joined')
1061 1061
1062 1062 repo_group_id = Column(
1063 1063 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
1064 1064 nullable=True, unique=None, default=None)
1065 1065 repo_group = relationship('RepoGroup', lazy='joined')
1066 1066
1067 1067 user = relationship('User', lazy='joined')
1068 1068
1069 1069 def __unicode__(self):
1070 1070 return u"<%s('%s')>" % (self.__class__.__name__, self.role)
1071 1071
1072 1072 def __json__(self):
1073 1073 data = {
1074 1074 'auth_token': self.api_key,
1075 1075 'role': self.role,
1076 1076 'scope': self.scope_humanized,
1077 1077 'expired': self.expired
1078 1078 }
1079 1079 return data
1080 1080
1081 1081 def get_api_data(self, include_secrets=False):
1082 1082 data = self.__json__()
1083 1083 if include_secrets:
1084 1084 return data
1085 1085 else:
1086 1086 data['auth_token'] = self.token_obfuscated
1087 1087 return data
1088 1088
1089 1089 @hybrid_property
1090 1090 def description_safe(self):
1091 1091 from rhodecode.lib import helpers as h
1092 1092 return h.escape(self.description)
1093 1093
1094 1094 @property
1095 1095 def expired(self):
1096 1096 if self.expires == -1:
1097 1097 return False
1098 1098 return time.time() > self.expires
1099 1099
1100 1100 @classmethod
1101 1101 def _get_role_name(cls, role):
1102 1102 return {
1103 1103 cls.ROLE_ALL: _('all'),
1104 1104 cls.ROLE_HTTP: _('http/web interface'),
1105 1105 cls.ROLE_VCS: _('vcs (git/hg/svn protocol)'),
1106 1106 cls.ROLE_API: _('api calls'),
1107 1107 cls.ROLE_FEED: _('feed access'),
1108 1108 }.get(role, role)
1109 1109
1110 1110 @property
1111 1111 def role_humanized(self):
1112 1112 return self._get_role_name(self.role)
1113 1113
1114 1114 def _get_scope(self):
1115 1115 if self.repo:
1116 1116 return repr(self.repo)
1117 1117 if self.repo_group:
1118 1118 return repr(self.repo_group) + ' (recursive)'
1119 1119 return 'global'
1120 1120
1121 1121 @property
1122 1122 def scope_humanized(self):
1123 1123 return self._get_scope()
1124 1124
1125 1125 @property
1126 1126 def token_obfuscated(self):
1127 1127 if self.api_key:
1128 1128 return self.api_key[:4] + "****"
1129 1129
1130 1130
1131 1131 class UserEmailMap(Base, BaseModel):
1132 1132 __tablename__ = 'user_email_map'
1133 1133 __table_args__ = (
1134 1134 Index('uem_email_idx', 'email'),
1135 1135 UniqueConstraint('email'),
1136 1136 base_table_args
1137 1137 )
1138 1138 __mapper_args__ = {}
1139 1139
1140 1140 email_id = Column("email_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1141 1141 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1142 1142 _email = Column("email", String(255), nullable=True, unique=False, default=None)
1143 1143 user = relationship('User', lazy='joined')
1144 1144
1145 1145 @validates('_email')
1146 1146 def validate_email(self, key, email):
1147 1147 # check if this email is not main one
1148 1148 main_email = Session().query(User).filter(User.email == email).scalar()
1149 1149 if main_email is not None:
1150 1150 raise AttributeError('email %s is present is user table' % email)
1151 1151 return email
1152 1152
1153 1153 @hybrid_property
1154 1154 def email(self):
1155 1155 return self._email
1156 1156
1157 1157 @email.setter
1158 1158 def email(self, val):
1159 1159 self._email = val.lower() if val else None
1160 1160
1161 1161
1162 1162 class UserIpMap(Base, BaseModel):
1163 1163 __tablename__ = 'user_ip_map'
1164 1164 __table_args__ = (
1165 1165 UniqueConstraint('user_id', 'ip_addr'),
1166 1166 base_table_args
1167 1167 )
1168 1168 __mapper_args__ = {}
1169 1169
1170 1170 ip_id = Column("ip_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1171 1171 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1172 1172 ip_addr = Column("ip_addr", String(255), nullable=True, unique=False, default=None)
1173 1173 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
1174 1174 description = Column("description", String(10000), nullable=True, unique=None, default=None)
1175 1175 user = relationship('User', lazy='joined')
1176 1176
1177 1177 @hybrid_property
1178 1178 def description_safe(self):
1179 1179 from rhodecode.lib import helpers as h
1180 1180 return h.escape(self.description)
1181 1181
1182 1182 @classmethod
1183 1183 def _get_ip_range(cls, ip_addr):
1184 1184 net = ipaddress.ip_network(safe_unicode(ip_addr), strict=False)
1185 1185 return [str(net.network_address), str(net.broadcast_address)]
1186 1186
1187 1187 def __json__(self):
1188 1188 return {
1189 1189 'ip_addr': self.ip_addr,
1190 1190 'ip_range': self._get_ip_range(self.ip_addr),
1191 1191 }
1192 1192
1193 1193 def __unicode__(self):
1194 1194 return u"<%s('user_id:%s=>%s')>" % (self.__class__.__name__,
1195 1195 self.user_id, self.ip_addr)
1196 1196
1197 1197
1198 1198 class UserSshKeys(Base, BaseModel):
1199 1199 __tablename__ = 'user_ssh_keys'
1200 1200 __table_args__ = (
1201 1201 Index('usk_ssh_key_fingerprint_idx', 'ssh_key_fingerprint'),
1202 1202
1203 1203 UniqueConstraint('ssh_key_fingerprint'),
1204 1204
1205 1205 base_table_args
1206 1206 )
1207 1207 __mapper_args__ = {}
1208 1208
1209 1209 ssh_key_id = Column('ssh_key_id', Integer(), nullable=False, unique=True, default=None, primary_key=True)
1210 1210 ssh_key_data = Column('ssh_key_data', String(10240), nullable=False, unique=None, default=None)
1211 1211 ssh_key_fingerprint = Column('ssh_key_fingerprint', String(255), nullable=False, unique=None, default=None)
1212 1212
1213 1213 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1214 1214
1215 1215 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1216 1216 accessed_on = Column('accessed_on', DateTime(timezone=False), nullable=True, default=None)
1217 1217 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1218 1218
1219 1219 user = relationship('User', lazy='joined')
1220 1220
1221 1221 def __json__(self):
1222 1222 data = {
1223 1223 'ssh_fingerprint': self.ssh_key_fingerprint,
1224 1224 'description': self.description,
1225 1225 'created_on': self.created_on
1226 1226 }
1227 1227 return data
1228 1228
1229 1229 def get_api_data(self):
1230 1230 data = self.__json__()
1231 1231 return data
1232 1232
1233 1233
1234 1234 class UserLog(Base, BaseModel):
1235 1235 __tablename__ = 'user_logs'
1236 1236 __table_args__ = (
1237 1237 base_table_args,
1238 1238 )
1239 1239
1240 1240 VERSION_1 = 'v1'
1241 1241 VERSION_2 = 'v2'
1242 1242 VERSIONS = [VERSION_1, VERSION_2]
1243 1243
1244 1244 user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1245 1245 user_id = Column("user_id", Integer(), ForeignKey('users.user_id',ondelete='SET NULL'), nullable=True, unique=None, default=None)
1246 1246 username = Column("username", String(255), nullable=True, unique=None, default=None)
1247 1247 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id', ondelete='SET NULL'), nullable=True, unique=None, default=None)
1248 1248 repository_name = Column("repository_name", String(255), nullable=True, unique=None, default=None)
1249 1249 user_ip = Column("user_ip", String(255), nullable=True, unique=None, default=None)
1250 1250 action = Column("action", Text().with_variant(Text(1200000), 'mysql'), nullable=True, unique=None, default=None)
1251 1251 action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
1252 1252
1253 1253 version = Column("version", String(255), nullable=True, default=VERSION_1)
1254 1254 user_data = Column('user_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=LONGTEXT()))))
1255 1255 action_data = Column('action_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=LONGTEXT()))))
1256 1256
1257 1257 def __unicode__(self):
1258 1258 return u"<%s('id:%s:%s')>" % (
1259 1259 self.__class__.__name__, self.repository_name, self.action)
1260 1260
1261 1261 def __json__(self):
1262 1262 return {
1263 1263 'user_id': self.user_id,
1264 1264 'username': self.username,
1265 1265 'repository_id': self.repository_id,
1266 1266 'repository_name': self.repository_name,
1267 1267 'user_ip': self.user_ip,
1268 1268 'action_date': self.action_date,
1269 1269 'action': self.action,
1270 1270 }
1271 1271
1272 1272 @hybrid_property
1273 1273 def entry_id(self):
1274 1274 return self.user_log_id
1275 1275
1276 1276 @property
1277 1277 def action_as_day(self):
1278 1278 return datetime.date(*self.action_date.timetuple()[:3])
1279 1279
1280 1280 user = relationship('User')
1281 1281 repository = relationship('Repository', cascade='')
1282 1282
1283 1283
1284 1284 class UserGroup(Base, BaseModel):
1285 1285 __tablename__ = 'users_groups'
1286 1286 __table_args__ = (
1287 1287 base_table_args,
1288 1288 )
1289 1289
1290 1290 users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1291 1291 users_group_name = Column("users_group_name", String(255), nullable=False, unique=True, default=None)
1292 1292 user_group_description = Column("user_group_description", String(10000), nullable=True, unique=None, default=None)
1293 1293 users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
1294 1294 inherit_default_permissions = Column("users_group_inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
1295 1295 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
1296 1296 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1297 1297 _group_data = Column("group_data", LargeBinary(), nullable=True) # JSON data
1298 1298
1299 1299 members = relationship('UserGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
1300 1300 users_group_to_perm = relationship('UserGroupToPerm', cascade='all')
1301 1301 users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1302 1302 users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
1303 1303 user_user_group_to_perm = relationship('UserUserGroupToPerm', cascade='all')
1304 1304 user_group_user_group_to_perm = relationship('UserGroupUserGroupToPerm ', primaryjoin="UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id", cascade='all')
1305 1305
1306 1306 user_group_review_rules = relationship('RepoReviewRuleUserGroup', cascade='all')
1307 1307 user = relationship('User', primaryjoin="User.user_id==UserGroup.user_id")
1308 1308
1309 1309 @classmethod
1310 1310 def _load_group_data(cls, column):
1311 1311 if not column:
1312 1312 return {}
1313 1313
1314 1314 try:
1315 1315 return json.loads(column) or {}
1316 1316 except TypeError:
1317 1317 return {}
1318 1318
1319 1319 @hybrid_property
1320 1320 def description_safe(self):
1321 1321 from rhodecode.lib import helpers as h
1322 1322 return h.escape(self.user_group_description)
1323 1323
1324 1324 @hybrid_property
1325 1325 def group_data(self):
1326 1326 return self._load_group_data(self._group_data)
1327 1327
1328 1328 @group_data.expression
1329 1329 def group_data(self, **kwargs):
1330 1330 return self._group_data
1331 1331
1332 1332 @group_data.setter
1333 1333 def group_data(self, val):
1334 1334 try:
1335 1335 self._group_data = json.dumps(val)
1336 1336 except Exception:
1337 1337 log.error(traceback.format_exc())
1338 1338
1339 1339 @classmethod
1340 1340 def _load_sync(cls, group_data):
1341 1341 if group_data:
1342 1342 return group_data.get('extern_type')
1343 1343
1344 1344 @property
1345 1345 def sync(self):
1346 1346 return self._load_sync(self.group_data)
1347 1347
1348 1348 def __unicode__(self):
1349 1349 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
1350 1350 self.users_group_id,
1351 1351 self.users_group_name)
1352 1352
1353 1353 @classmethod
1354 1354 def get_by_group_name(cls, group_name, cache=False,
1355 1355 case_insensitive=False):
1356 1356 if case_insensitive:
1357 1357 q = cls.query().filter(func.lower(cls.users_group_name) ==
1358 1358 func.lower(group_name))
1359 1359
1360 1360 else:
1361 1361 q = cls.query().filter(cls.users_group_name == group_name)
1362 1362 if cache:
1363 1363 q = q.options(
1364 1364 FromCache("sql_cache_short", "get_group_%s" % _hash_key(group_name)))
1365 1365 return q.scalar()
1366 1366
1367 1367 @classmethod
1368 1368 def get(cls, user_group_id, cache=False):
1369 1369 if not user_group_id:
1370 1370 return
1371 1371
1372 1372 user_group = cls.query()
1373 1373 if cache:
1374 1374 user_group = user_group.options(
1375 1375 FromCache("sql_cache_short", "get_users_group_%s" % user_group_id))
1376 1376 return user_group.get(user_group_id)
1377 1377
1378 1378 def permissions(self, with_admins=True, with_owner=True):
1379 1379 q = UserUserGroupToPerm.query().filter(UserUserGroupToPerm.user_group == self)
1380 1380 q = q.options(joinedload(UserUserGroupToPerm.user_group),
1381 1381 joinedload(UserUserGroupToPerm.user),
1382 1382 joinedload(UserUserGroupToPerm.permission),)
1383 1383
1384 1384 # get owners and admins and permissions. We do a trick of re-writing
1385 1385 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1386 1386 # has a global reference and changing one object propagates to all
1387 1387 # others. This means if admin is also an owner admin_row that change
1388 1388 # would propagate to both objects
1389 1389 perm_rows = []
1390 1390 for _usr in q.all():
1391 1391 usr = AttributeDict(_usr.user.get_dict())
1392 1392 usr.permission = _usr.permission.permission_name
1393 1393 perm_rows.append(usr)
1394 1394
1395 1395 # filter the perm rows by 'default' first and then sort them by
1396 1396 # admin,write,read,none permissions sorted again alphabetically in
1397 1397 # each group
1398 1398 perm_rows = sorted(perm_rows, key=display_user_sort)
1399 1399
1400 1400 _admin_perm = 'usergroup.admin'
1401 1401 owner_row = []
1402 1402 if with_owner:
1403 1403 usr = AttributeDict(self.user.get_dict())
1404 1404 usr.owner_row = True
1405 1405 usr.permission = _admin_perm
1406 1406 owner_row.append(usr)
1407 1407
1408 1408 super_admin_rows = []
1409 1409 if with_admins:
1410 1410 for usr in User.get_all_super_admins():
1411 1411 # if this admin is also owner, don't double the record
1412 1412 if usr.user_id == owner_row[0].user_id:
1413 1413 owner_row[0].admin_row = True
1414 1414 else:
1415 1415 usr = AttributeDict(usr.get_dict())
1416 1416 usr.admin_row = True
1417 1417 usr.permission = _admin_perm
1418 1418 super_admin_rows.append(usr)
1419 1419
1420 1420 return super_admin_rows + owner_row + perm_rows
1421 1421
1422 1422 def permission_user_groups(self):
1423 1423 q = UserGroupUserGroupToPerm.query().filter(UserGroupUserGroupToPerm.target_user_group == self)
1424 1424 q = q.options(joinedload(UserGroupUserGroupToPerm.user_group),
1425 1425 joinedload(UserGroupUserGroupToPerm.target_user_group),
1426 1426 joinedload(UserGroupUserGroupToPerm.permission),)
1427 1427
1428 1428 perm_rows = []
1429 1429 for _user_group in q.all():
1430 1430 usr = AttributeDict(_user_group.user_group.get_dict())
1431 1431 usr.permission = _user_group.permission.permission_name
1432 1432 perm_rows.append(usr)
1433 1433
1434 1434 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1435 1435 return perm_rows
1436 1436
1437 1437 def _get_default_perms(self, user_group, suffix=''):
1438 1438 from rhodecode.model.permission import PermissionModel
1439 1439 return PermissionModel().get_default_perms(user_group.users_group_to_perm, suffix)
1440 1440
1441 1441 def get_default_perms(self, suffix=''):
1442 1442 return self._get_default_perms(self, suffix)
1443 1443
1444 1444 def get_api_data(self, with_group_members=True, include_secrets=False):
1445 1445 """
1446 1446 :param include_secrets: See :meth:`User.get_api_data`, this parameter is
1447 1447 basically forwarded.
1448 1448
1449 1449 """
1450 1450 user_group = self
1451 1451 data = {
1452 1452 'users_group_id': user_group.users_group_id,
1453 1453 'group_name': user_group.users_group_name,
1454 1454 'group_description': user_group.user_group_description,
1455 1455 'active': user_group.users_group_active,
1456 1456 'owner': user_group.user.username,
1457 1457 'sync': user_group.sync,
1458 1458 'owner_email': user_group.user.email,
1459 1459 }
1460 1460
1461 1461 if with_group_members:
1462 1462 users = []
1463 1463 for user in user_group.members:
1464 1464 user = user.user
1465 1465 users.append(user.get_api_data(include_secrets=include_secrets))
1466 1466 data['users'] = users
1467 1467
1468 1468 return data
1469 1469
1470 1470
1471 1471 class UserGroupMember(Base, BaseModel):
1472 1472 __tablename__ = 'users_groups_members'
1473 1473 __table_args__ = (
1474 1474 base_table_args,
1475 1475 )
1476 1476
1477 1477 users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1478 1478 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1479 1479 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
1480 1480
1481 1481 user = relationship('User', lazy='joined')
1482 1482 users_group = relationship('UserGroup')
1483 1483
1484 1484 def __init__(self, gr_id='', u_id=''):
1485 1485 self.users_group_id = gr_id
1486 1486 self.user_id = u_id
1487 1487
1488 1488
1489 1489 class RepositoryField(Base, BaseModel):
1490 1490 __tablename__ = 'repositories_fields'
1491 1491 __table_args__ = (
1492 1492 UniqueConstraint('repository_id', 'field_key'), # no-multi field
1493 1493 base_table_args,
1494 1494 )
1495 1495
1496 1496 PREFIX = 'ex_' # prefix used in form to not conflict with already existing fields
1497 1497
1498 1498 repo_field_id = Column("repo_field_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1499 1499 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
1500 1500 field_key = Column("field_key", String(250))
1501 1501 field_label = Column("field_label", String(1024), nullable=False)
1502 1502 field_value = Column("field_value", String(10000), nullable=False)
1503 1503 field_desc = Column("field_desc", String(1024), nullable=False)
1504 1504 field_type = Column("field_type", String(255), nullable=False, unique=None)
1505 1505 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1506 1506
1507 1507 repository = relationship('Repository')
1508 1508
1509 1509 @property
1510 1510 def field_key_prefixed(self):
1511 1511 return 'ex_%s' % self.field_key
1512 1512
1513 1513 @classmethod
1514 1514 def un_prefix_key(cls, key):
1515 1515 if key.startswith(cls.PREFIX):
1516 1516 return key[len(cls.PREFIX):]
1517 1517 return key
1518 1518
1519 1519 @classmethod
1520 1520 def get_by_key_name(cls, key, repo):
1521 1521 row = cls.query()\
1522 1522 .filter(cls.repository == repo)\
1523 1523 .filter(cls.field_key == key).scalar()
1524 1524 return row
1525 1525
1526 1526
1527 1527 class Repository(Base, BaseModel):
1528 1528 __tablename__ = 'repositories'
1529 1529 __table_args__ = (
1530 1530 Index('r_repo_name_idx', 'repo_name', mysql_length=255),
1531 1531 base_table_args,
1532 1532 )
1533 1533 DEFAULT_CLONE_URI = '{scheme}://{user}@{netloc}/{repo}'
1534 1534 DEFAULT_CLONE_URI_ID = '{scheme}://{user}@{netloc}/_{repoid}'
1535 1535 DEFAULT_CLONE_URI_SSH = 'ssh://{sys_user}@{hostname}/{repo}'
1536 1536
1537 1537 STATE_CREATED = 'repo_state_created'
1538 1538 STATE_PENDING = 'repo_state_pending'
1539 1539 STATE_ERROR = 'repo_state_error'
1540 1540
1541 1541 LOCK_AUTOMATIC = 'lock_auto'
1542 1542 LOCK_API = 'lock_api'
1543 1543 LOCK_WEB = 'lock_web'
1544 1544 LOCK_PULL = 'lock_pull'
1545 1545
1546 1546 NAME_SEP = URL_SEP
1547 1547
1548 1548 repo_id = Column(
1549 1549 "repo_id", Integer(), nullable=False, unique=True, default=None,
1550 1550 primary_key=True)
1551 1551 _repo_name = Column(
1552 1552 "repo_name", Text(), nullable=False, default=None)
1553 1553 _repo_name_hash = Column(
1554 1554 "repo_name_hash", String(255), nullable=False, unique=True)
1555 1555 repo_state = Column("repo_state", String(255), nullable=True)
1556 1556
1557 1557 clone_uri = Column(
1558 1558 "clone_uri", EncryptedTextValue(), nullable=True, unique=False,
1559 1559 default=None)
1560 1560 push_uri = Column(
1561 1561 "push_uri", EncryptedTextValue(), nullable=True, unique=False,
1562 1562 default=None)
1563 1563 repo_type = Column(
1564 1564 "repo_type", String(255), nullable=False, unique=False, default=None)
1565 1565 user_id = Column(
1566 1566 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
1567 1567 unique=False, default=None)
1568 1568 private = Column(
1569 1569 "private", Boolean(), nullable=True, unique=None, default=None)
1570 1570 enable_statistics = Column(
1571 1571 "statistics", Boolean(), nullable=True, unique=None, default=True)
1572 1572 enable_downloads = Column(
1573 1573 "downloads", Boolean(), nullable=True, unique=None, default=True)
1574 1574 description = Column(
1575 1575 "description", String(10000), nullable=True, unique=None, default=None)
1576 1576 created_on = Column(
1577 1577 'created_on', DateTime(timezone=False), nullable=True, unique=None,
1578 1578 default=datetime.datetime.now)
1579 1579 updated_on = Column(
1580 1580 'updated_on', DateTime(timezone=False), nullable=True, unique=None,
1581 1581 default=datetime.datetime.now)
1582 1582 _landing_revision = Column(
1583 1583 "landing_revision", String(255), nullable=False, unique=False,
1584 1584 default=None)
1585 1585 enable_locking = Column(
1586 1586 "enable_locking", Boolean(), nullable=False, unique=None,
1587 1587 default=False)
1588 1588 _locked = Column(
1589 1589 "locked", String(255), nullable=True, unique=False, default=None)
1590 1590 _changeset_cache = Column(
1591 1591 "changeset_cache", LargeBinary(), nullable=True) # JSON data
1592 1592
1593 1593 fork_id = Column(
1594 1594 "fork_id", Integer(), ForeignKey('repositories.repo_id'),
1595 1595 nullable=True, unique=False, default=None)
1596 1596 group_id = Column(
1597 1597 "group_id", Integer(), ForeignKey('groups.group_id'), nullable=True,
1598 1598 unique=False, default=None)
1599 1599
1600 1600 user = relationship('User', lazy='joined')
1601 1601 fork = relationship('Repository', remote_side=repo_id, lazy='joined')
1602 1602 group = relationship('RepoGroup', lazy='joined')
1603 1603 repo_to_perm = relationship(
1604 1604 'UserRepoToPerm', cascade='all',
1605 1605 order_by='UserRepoToPerm.repo_to_perm_id')
1606 1606 users_group_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1607 1607 stats = relationship('Statistics', cascade='all', uselist=False)
1608 1608
1609 1609 followers = relationship(
1610 1610 'UserFollowing',
1611 1611 primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id',
1612 1612 cascade='all')
1613 1613 extra_fields = relationship(
1614 1614 'RepositoryField', cascade="all, delete, delete-orphan")
1615 1615 logs = relationship('UserLog')
1616 1616 comments = relationship(
1617 1617 'ChangesetComment', cascade="all, delete, delete-orphan")
1618 1618 pull_requests_source = relationship(
1619 1619 'PullRequest',
1620 1620 primaryjoin='PullRequest.source_repo_id==Repository.repo_id',
1621 1621 cascade="all, delete, delete-orphan")
1622 1622 pull_requests_target = relationship(
1623 1623 'PullRequest',
1624 1624 primaryjoin='PullRequest.target_repo_id==Repository.repo_id',
1625 1625 cascade="all, delete, delete-orphan")
1626 1626 ui = relationship('RepoRhodeCodeUi', cascade="all")
1627 1627 settings = relationship('RepoRhodeCodeSetting', cascade="all")
1628 1628 integrations = relationship('Integration',
1629 1629 cascade="all, delete, delete-orphan")
1630 1630
1631 1631 scoped_tokens = relationship('UserApiKeys', cascade="all")
1632 1632
1633 1633 def __unicode__(self):
1634 1634 return u"<%s('%s:%s')>" % (self.__class__.__name__, self.repo_id,
1635 1635 safe_unicode(self.repo_name))
1636 1636
1637 1637 @hybrid_property
1638 1638 def description_safe(self):
1639 1639 from rhodecode.lib import helpers as h
1640 1640 return h.escape(self.description)
1641 1641
1642 1642 @hybrid_property
1643 1643 def landing_rev(self):
1644 1644 # always should return [rev_type, rev]
1645 1645 if self._landing_revision:
1646 1646 _rev_info = self._landing_revision.split(':')
1647 1647 if len(_rev_info) < 2:
1648 1648 _rev_info.insert(0, 'rev')
1649 1649 return [_rev_info[0], _rev_info[1]]
1650 1650 return [None, None]
1651 1651
1652 1652 @landing_rev.setter
1653 1653 def landing_rev(self, val):
1654 1654 if ':' not in val:
1655 1655 raise ValueError('value must be delimited with `:` and consist '
1656 1656 'of <rev_type>:<rev>, got %s instead' % val)
1657 1657 self._landing_revision = val
1658 1658
1659 1659 @hybrid_property
1660 1660 def locked(self):
1661 1661 if self._locked:
1662 1662 user_id, timelocked, reason = self._locked.split(':')
1663 1663 lock_values = int(user_id), timelocked, reason
1664 1664 else:
1665 1665 lock_values = [None, None, None]
1666 1666 return lock_values
1667 1667
1668 1668 @locked.setter
1669 1669 def locked(self, val):
1670 1670 if val and isinstance(val, (list, tuple)):
1671 1671 self._locked = ':'.join(map(str, val))
1672 1672 else:
1673 1673 self._locked = None
1674 1674
1675 1675 @hybrid_property
1676 1676 def changeset_cache(self):
1677 1677 from rhodecode.lib.vcs.backends.base import EmptyCommit
1678 1678 dummy = EmptyCommit().__json__()
1679 1679 if not self._changeset_cache:
1680 1680 return dummy
1681 1681 try:
1682 1682 return json.loads(self._changeset_cache)
1683 1683 except TypeError:
1684 1684 return dummy
1685 1685 except Exception:
1686 1686 log.error(traceback.format_exc())
1687 1687 return dummy
1688 1688
1689 1689 @changeset_cache.setter
1690 1690 def changeset_cache(self, val):
1691 1691 try:
1692 1692 self._changeset_cache = json.dumps(val)
1693 1693 except Exception:
1694 1694 log.error(traceback.format_exc())
1695 1695
1696 1696 @hybrid_property
1697 1697 def repo_name(self):
1698 1698 return self._repo_name
1699 1699
1700 1700 @repo_name.setter
1701 1701 def repo_name(self, value):
1702 1702 self._repo_name = value
1703 1703 self._repo_name_hash = hashlib.sha1(safe_str(value)).hexdigest()
1704 1704
1705 1705 @classmethod
1706 1706 def normalize_repo_name(cls, repo_name):
1707 1707 """
1708 1708 Normalizes os specific repo_name to the format internally stored inside
1709 1709 database using URL_SEP
1710 1710
1711 1711 :param cls:
1712 1712 :param repo_name:
1713 1713 """
1714 1714 return cls.NAME_SEP.join(repo_name.split(os.sep))
1715 1715
1716 1716 @classmethod
1717 1717 def get_by_repo_name(cls, repo_name, cache=False, identity_cache=False):
1718 1718 session = Session()
1719 1719 q = session.query(cls).filter(cls.repo_name == repo_name)
1720 1720
1721 1721 if cache:
1722 1722 if identity_cache:
1723 1723 val = cls.identity_cache(session, 'repo_name', repo_name)
1724 1724 if val:
1725 1725 return val
1726 1726 else:
1727 1727 cache_key = "get_repo_by_name_%s" % _hash_key(repo_name)
1728 1728 q = q.options(
1729 1729 FromCache("sql_cache_short", cache_key))
1730 1730
1731 1731 return q.scalar()
1732 1732
1733 1733 @classmethod
1734 1734 def get_by_id_or_repo_name(cls, repoid):
1735 1735 if isinstance(repoid, (int, long)):
1736 1736 try:
1737 1737 repo = cls.get(repoid)
1738 1738 except ValueError:
1739 1739 repo = None
1740 1740 else:
1741 1741 repo = cls.get_by_repo_name(repoid)
1742 1742 return repo
1743 1743
1744 1744 @classmethod
1745 1745 def get_by_full_path(cls, repo_full_path):
1746 1746 repo_name = repo_full_path.split(cls.base_path(), 1)[-1]
1747 1747 repo_name = cls.normalize_repo_name(repo_name)
1748 1748 return cls.get_by_repo_name(repo_name.strip(URL_SEP))
1749 1749
1750 1750 @classmethod
1751 1751 def get_repo_forks(cls, repo_id):
1752 1752 return cls.query().filter(Repository.fork_id == repo_id)
1753 1753
1754 1754 @classmethod
1755 1755 def base_path(cls):
1756 1756 """
1757 1757 Returns base path when all repos are stored
1758 1758
1759 1759 :param cls:
1760 1760 """
1761 1761 q = Session().query(RhodeCodeUi)\
1762 1762 .filter(RhodeCodeUi.ui_key == cls.NAME_SEP)
1763 1763 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1764 1764 return q.one().ui_value
1765 1765
1766 1766 @classmethod
1767 1767 def get_all_repos(cls, user_id=Optional(None), group_id=Optional(None),
1768 1768 case_insensitive=True):
1769 1769 q = Repository.query()
1770 1770
1771 1771 if not isinstance(user_id, Optional):
1772 1772 q = q.filter(Repository.user_id == user_id)
1773 1773
1774 1774 if not isinstance(group_id, Optional):
1775 1775 q = q.filter(Repository.group_id == group_id)
1776 1776
1777 1777 if case_insensitive:
1778 1778 q = q.order_by(func.lower(Repository.repo_name))
1779 1779 else:
1780 1780 q = q.order_by(Repository.repo_name)
1781 1781 return q.all()
1782 1782
1783 1783 @property
1784 1784 def forks(self):
1785 1785 """
1786 1786 Return forks of this repo
1787 1787 """
1788 1788 return Repository.get_repo_forks(self.repo_id)
1789 1789
1790 1790 @property
1791 1791 def parent(self):
1792 1792 """
1793 1793 Returns fork parent
1794 1794 """
1795 1795 return self.fork
1796 1796
1797 1797 @property
1798 1798 def just_name(self):
1799 1799 return self.repo_name.split(self.NAME_SEP)[-1]
1800 1800
1801 1801 @property
1802 1802 def groups_with_parents(self):
1803 1803 groups = []
1804 1804 if self.group is None:
1805 1805 return groups
1806 1806
1807 1807 cur_gr = self.group
1808 1808 groups.insert(0, cur_gr)
1809 1809 while 1:
1810 1810 gr = getattr(cur_gr, 'parent_group', None)
1811 1811 cur_gr = cur_gr.parent_group
1812 1812 if gr is None:
1813 1813 break
1814 1814 groups.insert(0, gr)
1815 1815
1816 1816 return groups
1817 1817
1818 1818 @property
1819 1819 def groups_and_repo(self):
1820 1820 return self.groups_with_parents, self
1821 1821
1822 1822 @LazyProperty
1823 1823 def repo_path(self):
1824 1824 """
1825 1825 Returns base full path for that repository means where it actually
1826 1826 exists on a filesystem
1827 1827 """
1828 1828 q = Session().query(RhodeCodeUi).filter(
1829 1829 RhodeCodeUi.ui_key == self.NAME_SEP)
1830 1830 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1831 1831 return q.one().ui_value
1832 1832
1833 1833 @property
1834 1834 def repo_full_path(self):
1835 1835 p = [self.repo_path]
1836 1836 # we need to split the name by / since this is how we store the
1837 1837 # names in the database, but that eventually needs to be converted
1838 1838 # into a valid system path
1839 1839 p += self.repo_name.split(self.NAME_SEP)
1840 1840 return os.path.join(*map(safe_unicode, p))
1841 1841
1842 1842 @property
1843 1843 def cache_keys(self):
1844 1844 """
1845 1845 Returns associated cache keys for that repo
1846 1846 """
1847 1847 invalidation_namespace = CacheKey.REPO_INVALIDATION_NAMESPACE.format(
1848 1848 repo_id=self.repo_id)
1849 1849 return CacheKey.query()\
1850 1850 .filter(CacheKey.cache_args == invalidation_namespace)\
1851 1851 .order_by(CacheKey.cache_key)\
1852 1852 .all()
1853 1853
1854 1854 @property
1855 1855 def cached_diffs_relative_dir(self):
1856 1856 """
1857 1857 Return a relative to the repository store path of cached diffs
1858 1858 used for safe display for users, who shouldn't know the absolute store
1859 1859 path
1860 1860 """
1861 1861 return os.path.join(
1862 1862 os.path.dirname(self.repo_name),
1863 1863 self.cached_diffs_dir.split(os.path.sep)[-1])
1864 1864
1865 1865 @property
1866 1866 def cached_diffs_dir(self):
1867 1867 path = self.repo_full_path
1868 1868 return os.path.join(
1869 1869 os.path.dirname(path),
1870 1870 '.__shadow_diff_cache_repo_{}'.format(self.repo_id))
1871 1871
1872 1872 def cached_diffs(self):
1873 1873 diff_cache_dir = self.cached_diffs_dir
1874 1874 if os.path.isdir(diff_cache_dir):
1875 1875 return os.listdir(diff_cache_dir)
1876 1876 return []
1877 1877
1878 1878 def shadow_repos(self):
1879 1879 shadow_repos_pattern = '.__shadow_repo_{}'.format(self.repo_id)
1880 1880 return [
1881 1881 x for x in os.listdir(os.path.dirname(self.repo_full_path))
1882 1882 if x.startswith(shadow_repos_pattern)]
1883 1883
1884 1884 def get_new_name(self, repo_name):
1885 1885 """
1886 1886 returns new full repository name based on assigned group and new new
1887 1887
1888 1888 :param group_name:
1889 1889 """
1890 1890 path_prefix = self.group.full_path_splitted if self.group else []
1891 1891 return self.NAME_SEP.join(path_prefix + [repo_name])
1892 1892
1893 1893 @property
1894 1894 def _config(self):
1895 1895 """
1896 1896 Returns db based config object.
1897 1897 """
1898 1898 from rhodecode.lib.utils import make_db_config
1899 1899 return make_db_config(clear_session=False, repo=self)
1900 1900
1901 1901 def permissions(self, with_admins=True, with_owner=True):
1902 1902 q = UserRepoToPerm.query().filter(UserRepoToPerm.repository == self)
1903 1903 q = q.options(joinedload(UserRepoToPerm.repository),
1904 1904 joinedload(UserRepoToPerm.user),
1905 1905 joinedload(UserRepoToPerm.permission),)
1906 1906
1907 1907 # get owners and admins and permissions. We do a trick of re-writing
1908 1908 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1909 1909 # has a global reference and changing one object propagates to all
1910 1910 # others. This means if admin is also an owner admin_row that change
1911 1911 # would propagate to both objects
1912 1912 perm_rows = []
1913 1913 for _usr in q.all():
1914 1914 usr = AttributeDict(_usr.user.get_dict())
1915 1915 usr.permission = _usr.permission.permission_name
1916 usr.permission_id = _usr.repo_to_perm_id
1916 1917 perm_rows.append(usr)
1917 1918
1918 1919 # filter the perm rows by 'default' first and then sort them by
1919 1920 # admin,write,read,none permissions sorted again alphabetically in
1920 1921 # each group
1921 1922 perm_rows = sorted(perm_rows, key=display_user_sort)
1922 1923
1923 1924 _admin_perm = 'repository.admin'
1924 1925 owner_row = []
1925 1926 if with_owner:
1926 1927 usr = AttributeDict(self.user.get_dict())
1927 1928 usr.owner_row = True
1928 1929 usr.permission = _admin_perm
1930 usr.permission_id = None
1929 1931 owner_row.append(usr)
1930 1932
1931 1933 super_admin_rows = []
1932 1934 if with_admins:
1933 1935 for usr in User.get_all_super_admins():
1934 1936 # if this admin is also owner, don't double the record
1935 1937 if usr.user_id == owner_row[0].user_id:
1936 1938 owner_row[0].admin_row = True
1937 1939 else:
1938 1940 usr = AttributeDict(usr.get_dict())
1939 1941 usr.admin_row = True
1940 1942 usr.permission = _admin_perm
1943 usr.permission_id = None
1941 1944 super_admin_rows.append(usr)
1942 1945
1943 1946 return super_admin_rows + owner_row + perm_rows
1944 1947
1945 1948 def permission_user_groups(self):
1946 1949 q = UserGroupRepoToPerm.query().filter(
1947 1950 UserGroupRepoToPerm.repository == self)
1948 1951 q = q.options(joinedload(UserGroupRepoToPerm.repository),
1949 1952 joinedload(UserGroupRepoToPerm.users_group),
1950 1953 joinedload(UserGroupRepoToPerm.permission),)
1951 1954
1952 1955 perm_rows = []
1953 1956 for _user_group in q.all():
1954 1957 usr = AttributeDict(_user_group.users_group.get_dict())
1955 1958 usr.permission = _user_group.permission.permission_name
1956 1959 perm_rows.append(usr)
1957 1960
1958 1961 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1959 1962 return perm_rows
1960 1963
1961 1964 def get_api_data(self, include_secrets=False):
1962 1965 """
1963 1966 Common function for generating repo api data
1964 1967
1965 1968 :param include_secrets: See :meth:`User.get_api_data`.
1966 1969
1967 1970 """
1968 1971 # TODO: mikhail: Here there is an anti-pattern, we probably need to
1969 1972 # move this methods on models level.
1970 1973 from rhodecode.model.settings import SettingsModel
1971 1974 from rhodecode.model.repo import RepoModel
1972 1975
1973 1976 repo = self
1974 1977 _user_id, _time, _reason = self.locked
1975 1978
1976 1979 data = {
1977 1980 'repo_id': repo.repo_id,
1978 1981 'repo_name': repo.repo_name,
1979 1982 'repo_type': repo.repo_type,
1980 1983 'clone_uri': repo.clone_uri or '',
1981 1984 'push_uri': repo.push_uri or '',
1982 1985 'url': RepoModel().get_url(self),
1983 1986 'private': repo.private,
1984 1987 'created_on': repo.created_on,
1985 1988 'description': repo.description_safe,
1986 1989 'landing_rev': repo.landing_rev,
1987 1990 'owner': repo.user.username,
1988 1991 'fork_of': repo.fork.repo_name if repo.fork else None,
1989 1992 'fork_of_id': repo.fork.repo_id if repo.fork else None,
1990 1993 'enable_statistics': repo.enable_statistics,
1991 1994 'enable_locking': repo.enable_locking,
1992 1995 'enable_downloads': repo.enable_downloads,
1993 1996 'last_changeset': repo.changeset_cache,
1994 1997 'locked_by': User.get(_user_id).get_api_data(
1995 1998 include_secrets=include_secrets) if _user_id else None,
1996 1999 'locked_date': time_to_datetime(_time) if _time else None,
1997 2000 'lock_reason': _reason if _reason else None,
1998 2001 }
1999 2002
2000 2003 # TODO: mikhail: should be per-repo settings here
2001 2004 rc_config = SettingsModel().get_all_settings()
2002 2005 repository_fields = str2bool(
2003 2006 rc_config.get('rhodecode_repository_fields'))
2004 2007 if repository_fields:
2005 2008 for f in self.extra_fields:
2006 2009 data[f.field_key_prefixed] = f.field_value
2007 2010
2008 2011 return data
2009 2012
2010 2013 @classmethod
2011 2014 def lock(cls, repo, user_id, lock_time=None, lock_reason=None):
2012 2015 if not lock_time:
2013 2016 lock_time = time.time()
2014 2017 if not lock_reason:
2015 2018 lock_reason = cls.LOCK_AUTOMATIC
2016 2019 repo.locked = [user_id, lock_time, lock_reason]
2017 2020 Session().add(repo)
2018 2021 Session().commit()
2019 2022
2020 2023 @classmethod
2021 2024 def unlock(cls, repo):
2022 2025 repo.locked = None
2023 2026 Session().add(repo)
2024 2027 Session().commit()
2025 2028
2026 2029 @classmethod
2027 2030 def getlock(cls, repo):
2028 2031 return repo.locked
2029 2032
2030 2033 def is_user_lock(self, user_id):
2031 2034 if self.lock[0]:
2032 2035 lock_user_id = safe_int(self.lock[0])
2033 2036 user_id = safe_int(user_id)
2034 2037 # both are ints, and they are equal
2035 2038 return all([lock_user_id, user_id]) and lock_user_id == user_id
2036 2039
2037 2040 return False
2038 2041
2039 2042 def get_locking_state(self, action, user_id, only_when_enabled=True):
2040 2043 """
2041 2044 Checks locking on this repository, if locking is enabled and lock is
2042 2045 present returns a tuple of make_lock, locked, locked_by.
2043 2046 make_lock can have 3 states None (do nothing) True, make lock
2044 2047 False release lock, This value is later propagated to hooks, which
2045 2048 do the locking. Think about this as signals passed to hooks what to do.
2046 2049
2047 2050 """
2048 2051 # TODO: johbo: This is part of the business logic and should be moved
2049 2052 # into the RepositoryModel.
2050 2053
2051 2054 if action not in ('push', 'pull'):
2052 2055 raise ValueError("Invalid action value: %s" % repr(action))
2053 2056
2054 2057 # defines if locked error should be thrown to user
2055 2058 currently_locked = False
2056 2059 # defines if new lock should be made, tri-state
2057 2060 make_lock = None
2058 2061 repo = self
2059 2062 user = User.get(user_id)
2060 2063
2061 2064 lock_info = repo.locked
2062 2065
2063 2066 if repo and (repo.enable_locking or not only_when_enabled):
2064 2067 if action == 'push':
2065 2068 # check if it's already locked !, if it is compare users
2066 2069 locked_by_user_id = lock_info[0]
2067 2070 if user.user_id == locked_by_user_id:
2068 2071 log.debug(
2069 2072 'Got `push` action from user %s, now unlocking', user)
2070 2073 # unlock if we have push from user who locked
2071 2074 make_lock = False
2072 2075 else:
2073 2076 # we're not the same user who locked, ban with
2074 2077 # code defined in settings (default is 423 HTTP Locked) !
2075 2078 log.debug('Repo %s is currently locked by %s', repo, user)
2076 2079 currently_locked = True
2077 2080 elif action == 'pull':
2078 2081 # [0] user [1] date
2079 2082 if lock_info[0] and lock_info[1]:
2080 2083 log.debug('Repo %s is currently locked by %s', repo, user)
2081 2084 currently_locked = True
2082 2085 else:
2083 2086 log.debug('Setting lock on repo %s by %s', repo, user)
2084 2087 make_lock = True
2085 2088
2086 2089 else:
2087 2090 log.debug('Repository %s do not have locking enabled', repo)
2088 2091
2089 2092 log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s',
2090 2093 make_lock, currently_locked, lock_info)
2091 2094
2092 2095 from rhodecode.lib.auth import HasRepoPermissionAny
2093 2096 perm_check = HasRepoPermissionAny('repository.write', 'repository.admin')
2094 2097 if make_lock and not perm_check(repo_name=repo.repo_name, user=user):
2095 2098 # if we don't have at least write permission we cannot make a lock
2096 2099 log.debug('lock state reset back to FALSE due to lack '
2097 2100 'of at least read permission')
2098 2101 make_lock = False
2099 2102
2100 2103 return make_lock, currently_locked, lock_info
2101 2104
2102 2105 @property
2103 2106 def last_db_change(self):
2104 2107 return self.updated_on
2105 2108
2106 2109 @property
2107 2110 def clone_uri_hidden(self):
2108 2111 clone_uri = self.clone_uri
2109 2112 if clone_uri:
2110 2113 import urlobject
2111 2114 url_obj = urlobject.URLObject(cleaned_uri(clone_uri))
2112 2115 if url_obj.password:
2113 2116 clone_uri = url_obj.with_password('*****')
2114 2117 return clone_uri
2115 2118
2116 2119 @property
2117 2120 def push_uri_hidden(self):
2118 2121 push_uri = self.push_uri
2119 2122 if push_uri:
2120 2123 import urlobject
2121 2124 url_obj = urlobject.URLObject(cleaned_uri(push_uri))
2122 2125 if url_obj.password:
2123 2126 push_uri = url_obj.with_password('*****')
2124 2127 return push_uri
2125 2128
2126 2129 def clone_url(self, **override):
2127 2130 from rhodecode.model.settings import SettingsModel
2128 2131
2129 2132 uri_tmpl = None
2130 2133 if 'with_id' in override:
2131 2134 uri_tmpl = self.DEFAULT_CLONE_URI_ID
2132 2135 del override['with_id']
2133 2136
2134 2137 if 'uri_tmpl' in override:
2135 2138 uri_tmpl = override['uri_tmpl']
2136 2139 del override['uri_tmpl']
2137 2140
2138 2141 ssh = False
2139 2142 if 'ssh' in override:
2140 2143 ssh = True
2141 2144 del override['ssh']
2142 2145
2143 2146 # we didn't override our tmpl from **overrides
2144 2147 if not uri_tmpl:
2145 2148 rc_config = SettingsModel().get_all_settings(cache=True)
2146 2149 if ssh:
2147 2150 uri_tmpl = rc_config.get(
2148 2151 'rhodecode_clone_uri_ssh_tmpl') or self.DEFAULT_CLONE_URI_SSH
2149 2152 else:
2150 2153 uri_tmpl = rc_config.get(
2151 2154 'rhodecode_clone_uri_tmpl') or self.DEFAULT_CLONE_URI
2152 2155
2153 2156 request = get_current_request()
2154 2157 return get_clone_url(request=request,
2155 2158 uri_tmpl=uri_tmpl,
2156 2159 repo_name=self.repo_name,
2157 2160 repo_id=self.repo_id, **override)
2158 2161
2159 2162 def set_state(self, state):
2160 2163 self.repo_state = state
2161 2164 Session().add(self)
2162 2165 #==========================================================================
2163 2166 # SCM PROPERTIES
2164 2167 #==========================================================================
2165 2168
2166 2169 def get_commit(self, commit_id=None, commit_idx=None, pre_load=None):
2167 2170 return get_commit_safe(
2168 2171 self.scm_instance(), commit_id, commit_idx, pre_load=pre_load)
2169 2172
2170 2173 def get_changeset(self, rev=None, pre_load=None):
2171 2174 warnings.warn("Use get_commit", DeprecationWarning)
2172 2175 commit_id = None
2173 2176 commit_idx = None
2174 2177 if isinstance(rev, basestring):
2175 2178 commit_id = rev
2176 2179 else:
2177 2180 commit_idx = rev
2178 2181 return self.get_commit(commit_id=commit_id, commit_idx=commit_idx,
2179 2182 pre_load=pre_load)
2180 2183
2181 2184 def get_landing_commit(self):
2182 2185 """
2183 2186 Returns landing commit, or if that doesn't exist returns the tip
2184 2187 """
2185 2188 _rev_type, _rev = self.landing_rev
2186 2189 commit = self.get_commit(_rev)
2187 2190 if isinstance(commit, EmptyCommit):
2188 2191 return self.get_commit()
2189 2192 return commit
2190 2193
2191 2194 def update_commit_cache(self, cs_cache=None, config=None):
2192 2195 """
2193 2196 Update cache of last changeset for repository, keys should be::
2194 2197
2195 2198 short_id
2196 2199 raw_id
2197 2200 revision
2198 2201 parents
2199 2202 message
2200 2203 date
2201 2204 author
2202 2205
2203 2206 :param cs_cache:
2204 2207 """
2205 2208 from rhodecode.lib.vcs.backends.base import BaseChangeset
2206 2209 if cs_cache is None:
2207 2210 # use no-cache version here
2208 2211 scm_repo = self.scm_instance(cache=False, config=config)
2209 2212
2210 2213 empty = scm_repo.is_empty()
2211 2214 if not empty:
2212 2215 cs_cache = scm_repo.get_commit(
2213 2216 pre_load=["author", "date", "message", "parents"])
2214 2217 else:
2215 2218 cs_cache = EmptyCommit()
2216 2219
2217 2220 if isinstance(cs_cache, BaseChangeset):
2218 2221 cs_cache = cs_cache.__json__()
2219 2222
2220 2223 def is_outdated(new_cs_cache):
2221 2224 if (new_cs_cache['raw_id'] != self.changeset_cache['raw_id'] or
2222 2225 new_cs_cache['revision'] != self.changeset_cache['revision']):
2223 2226 return True
2224 2227 return False
2225 2228
2226 2229 # check if we have maybe already latest cached revision
2227 2230 if is_outdated(cs_cache) or not self.changeset_cache:
2228 2231 _default = datetime.datetime.utcnow()
2229 2232 last_change = cs_cache.get('date') or _default
2230 2233 if self.updated_on and self.updated_on > last_change:
2231 2234 # we check if last update is newer than the new value
2232 2235 # if yes, we use the current timestamp instead. Imagine you get
2233 2236 # old commit pushed 1y ago, we'd set last update 1y to ago.
2234 2237 last_change = _default
2235 2238 log.debug('updated repo %s with new cs cache %s',
2236 2239 self.repo_name, cs_cache)
2237 2240 self.updated_on = last_change
2238 2241 self.changeset_cache = cs_cache
2239 2242 Session().add(self)
2240 2243 Session().commit()
2241 2244 else:
2242 2245 log.debug('Skipping update_commit_cache for repo:`%s` '
2243 2246 'commit already with latest changes', self.repo_name)
2244 2247
2245 2248 @property
2246 2249 def tip(self):
2247 2250 return self.get_commit('tip')
2248 2251
2249 2252 @property
2250 2253 def author(self):
2251 2254 return self.tip.author
2252 2255
2253 2256 @property
2254 2257 def last_change(self):
2255 2258 return self.scm_instance().last_change
2256 2259
2257 2260 def get_comments(self, revisions=None):
2258 2261 """
2259 2262 Returns comments for this repository grouped by revisions
2260 2263
2261 2264 :param revisions: filter query by revisions only
2262 2265 """
2263 2266 cmts = ChangesetComment.query()\
2264 2267 .filter(ChangesetComment.repo == self)
2265 2268 if revisions:
2266 2269 cmts = cmts.filter(ChangesetComment.revision.in_(revisions))
2267 2270 grouped = collections.defaultdict(list)
2268 2271 for cmt in cmts.all():
2269 2272 grouped[cmt.revision].append(cmt)
2270 2273 return grouped
2271 2274
2272 2275 def statuses(self, revisions=None):
2273 2276 """
2274 2277 Returns statuses for this repository
2275 2278
2276 2279 :param revisions: list of revisions to get statuses for
2277 2280 """
2278 2281 statuses = ChangesetStatus.query()\
2279 2282 .filter(ChangesetStatus.repo == self)\
2280 2283 .filter(ChangesetStatus.version == 0)
2281 2284
2282 2285 if revisions:
2283 2286 # Try doing the filtering in chunks to avoid hitting limits
2284 2287 size = 500
2285 2288 status_results = []
2286 2289 for chunk in xrange(0, len(revisions), size):
2287 2290 status_results += statuses.filter(
2288 2291 ChangesetStatus.revision.in_(
2289 2292 revisions[chunk: chunk+size])
2290 2293 ).all()
2291 2294 else:
2292 2295 status_results = statuses.all()
2293 2296
2294 2297 grouped = {}
2295 2298
2296 2299 # maybe we have open new pullrequest without a status?
2297 2300 stat = ChangesetStatus.STATUS_UNDER_REVIEW
2298 2301 status_lbl = ChangesetStatus.get_status_lbl(stat)
2299 2302 for pr in PullRequest.query().filter(PullRequest.source_repo == self).all():
2300 2303 for rev in pr.revisions:
2301 2304 pr_id = pr.pull_request_id
2302 2305 pr_repo = pr.target_repo.repo_name
2303 2306 grouped[rev] = [stat, status_lbl, pr_id, pr_repo]
2304 2307
2305 2308 for stat in status_results:
2306 2309 pr_id = pr_repo = None
2307 2310 if stat.pull_request:
2308 2311 pr_id = stat.pull_request.pull_request_id
2309 2312 pr_repo = stat.pull_request.target_repo.repo_name
2310 2313 grouped[stat.revision] = [str(stat.status), stat.status_lbl,
2311 2314 pr_id, pr_repo]
2312 2315 return grouped
2313 2316
2314 2317 # ==========================================================================
2315 2318 # SCM CACHE INSTANCE
2316 2319 # ==========================================================================
2317 2320
2318 2321 def scm_instance(self, **kwargs):
2319 2322 import rhodecode
2320 2323
2321 2324 # Passing a config will not hit the cache currently only used
2322 2325 # for repo2dbmapper
2323 2326 config = kwargs.pop('config', None)
2324 2327 cache = kwargs.pop('cache', None)
2325 2328 full_cache = str2bool(rhodecode.CONFIG.get('vcs_full_cache'))
2326 2329 # if cache is NOT defined use default global, else we have a full
2327 2330 # control over cache behaviour
2328 2331 if cache is None and full_cache and not config:
2329 2332 return self._get_instance_cached()
2330 2333 return self._get_instance(cache=bool(cache), config=config)
2331 2334
2332 2335 def _get_instance_cached(self):
2333 2336 from rhodecode.lib import rc_cache
2334 2337
2335 2338 cache_namespace_uid = 'cache_repo_instance.{}'.format(self.repo_id)
2336 2339 invalidation_namespace = CacheKey.REPO_INVALIDATION_NAMESPACE.format(
2337 2340 repo_id=self.repo_id)
2338 2341 region = rc_cache.get_or_create_region('cache_repo_longterm', cache_namespace_uid)
2339 2342
2340 2343 @region.conditional_cache_on_arguments(namespace=cache_namespace_uid)
2341 2344 def get_instance_cached(repo_id, context_id):
2342 2345 return self._get_instance()
2343 2346
2344 2347 # we must use thread scoped cache here,
2345 2348 # because each thread of gevent needs it's own not shared connection and cache
2346 2349 # we also alter `args` so the cache key is individual for every green thread.
2347 2350 inv_context_manager = rc_cache.InvalidationContext(
2348 2351 uid=cache_namespace_uid, invalidation_namespace=invalidation_namespace,
2349 2352 thread_scoped=True)
2350 2353 with inv_context_manager as invalidation_context:
2351 2354 args = (self.repo_id, inv_context_manager.cache_key)
2352 2355 # re-compute and store cache if we get invalidate signal
2353 2356 if invalidation_context.should_invalidate():
2354 2357 instance = get_instance_cached.refresh(*args)
2355 2358 else:
2356 2359 instance = get_instance_cached(*args)
2357 2360
2358 2361 log.debug(
2359 2362 'Repo instance fetched in %.3fs', inv_context_manager.compute_time)
2360 2363 return instance
2361 2364
2362 2365 def _get_instance(self, cache=True, config=None):
2363 2366 config = config or self._config
2364 2367 custom_wire = {
2365 2368 'cache': cache # controls the vcs.remote cache
2366 2369 }
2367 2370 repo = get_vcs_instance(
2368 2371 repo_path=safe_str(self.repo_full_path),
2369 2372 config=config,
2370 2373 with_wire=custom_wire,
2371 2374 create=False,
2372 2375 _vcs_alias=self.repo_type)
2373 2376
2374 2377 return repo
2375 2378
2376 2379 def __json__(self):
2377 2380 return {'landing_rev': self.landing_rev}
2378 2381
2379 2382 def get_dict(self):
2380 2383
2381 2384 # Since we transformed `repo_name` to a hybrid property, we need to
2382 2385 # keep compatibility with the code which uses `repo_name` field.
2383 2386
2384 2387 result = super(Repository, self).get_dict()
2385 2388 result['repo_name'] = result.pop('_repo_name', None)
2386 2389 return result
2387 2390
2388 2391
2389 2392 class RepoGroup(Base, BaseModel):
2390 2393 __tablename__ = 'groups'
2391 2394 __table_args__ = (
2392 2395 UniqueConstraint('group_name', 'group_parent_id'),
2393 2396 CheckConstraint('group_id != group_parent_id'),
2394 2397 base_table_args,
2395 2398 )
2396 2399 __mapper_args__ = {'order_by': 'group_name'}
2397 2400
2398 2401 CHOICES_SEPARATOR = '/' # used to generate select2 choices for nested groups
2399 2402
2400 2403 group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2401 2404 group_name = Column("group_name", String(255), nullable=False, unique=True, default=None)
2402 2405 group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
2403 2406 group_description = Column("group_description", String(10000), nullable=True, unique=None, default=None)
2404 2407 enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)
2405 2408 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
2406 2409 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
2407 2410 updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
2408 2411 personal = Column('personal', Boolean(), nullable=True, unique=None, default=None)
2409 2412
2410 2413 repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')
2411 2414 users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
2412 2415 parent_group = relationship('RepoGroup', remote_side=group_id)
2413 2416 user = relationship('User')
2414 2417 integrations = relationship('Integration',
2415 2418 cascade="all, delete, delete-orphan")
2416 2419
2417 2420 def __init__(self, group_name='', parent_group=None):
2418 2421 self.group_name = group_name
2419 2422 self.parent_group = parent_group
2420 2423
2421 2424 def __unicode__(self):
2422 2425 return u"<%s('id:%s:%s')>" % (
2423 2426 self.__class__.__name__, self.group_id, self.group_name)
2424 2427
2425 2428 @hybrid_property
2426 2429 def description_safe(self):
2427 2430 from rhodecode.lib import helpers as h
2428 2431 return h.escape(self.group_description)
2429 2432
2430 2433 @classmethod
2431 2434 def _generate_choice(cls, repo_group):
2432 2435 from webhelpers.html import literal as _literal
2433 2436 _name = lambda k: _literal(cls.CHOICES_SEPARATOR.join(k))
2434 2437 return repo_group.group_id, _name(repo_group.full_path_splitted)
2435 2438
2436 2439 @classmethod
2437 2440 def groups_choices(cls, groups=None, show_empty_group=True):
2438 2441 if not groups:
2439 2442 groups = cls.query().all()
2440 2443
2441 2444 repo_groups = []
2442 2445 if show_empty_group:
2443 2446 repo_groups = [(-1, u'-- %s --' % _('No parent'))]
2444 2447
2445 2448 repo_groups.extend([cls._generate_choice(x) for x in groups])
2446 2449
2447 2450 repo_groups = sorted(
2448 2451 repo_groups, key=lambda t: t[1].split(cls.CHOICES_SEPARATOR)[0])
2449 2452 return repo_groups
2450 2453
2451 2454 @classmethod
2452 2455 def url_sep(cls):
2453 2456 return URL_SEP
2454 2457
2455 2458 @classmethod
2456 2459 def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
2457 2460 if case_insensitive:
2458 2461 gr = cls.query().filter(func.lower(cls.group_name)
2459 2462 == func.lower(group_name))
2460 2463 else:
2461 2464 gr = cls.query().filter(cls.group_name == group_name)
2462 2465 if cache:
2463 2466 name_key = _hash_key(group_name)
2464 2467 gr = gr.options(
2465 2468 FromCache("sql_cache_short", "get_group_%s" % name_key))
2466 2469 return gr.scalar()
2467 2470
2468 2471 @classmethod
2469 2472 def get_user_personal_repo_group(cls, user_id):
2470 2473 user = User.get(user_id)
2471 2474 if user.username == User.DEFAULT_USER:
2472 2475 return None
2473 2476
2474 2477 return cls.query()\
2475 2478 .filter(cls.personal == true()) \
2476 2479 .filter(cls.user == user).scalar()
2477 2480
2478 2481 @classmethod
2479 2482 def get_all_repo_groups(cls, user_id=Optional(None), group_id=Optional(None),
2480 2483 case_insensitive=True):
2481 2484 q = RepoGroup.query()
2482 2485
2483 2486 if not isinstance(user_id, Optional):
2484 2487 q = q.filter(RepoGroup.user_id == user_id)
2485 2488
2486 2489 if not isinstance(group_id, Optional):
2487 2490 q = q.filter(RepoGroup.group_parent_id == group_id)
2488 2491
2489 2492 if case_insensitive:
2490 2493 q = q.order_by(func.lower(RepoGroup.group_name))
2491 2494 else:
2492 2495 q = q.order_by(RepoGroup.group_name)
2493 2496 return q.all()
2494 2497
2495 2498 @property
2496 2499 def parents(self):
2497 2500 parents_recursion_limit = 10
2498 2501 groups = []
2499 2502 if self.parent_group is None:
2500 2503 return groups
2501 2504 cur_gr = self.parent_group
2502 2505 groups.insert(0, cur_gr)
2503 2506 cnt = 0
2504 2507 while 1:
2505 2508 cnt += 1
2506 2509 gr = getattr(cur_gr, 'parent_group', None)
2507 2510 cur_gr = cur_gr.parent_group
2508 2511 if gr is None:
2509 2512 break
2510 2513 if cnt == parents_recursion_limit:
2511 2514 # this will prevent accidental infinit loops
2512 2515 log.error(('more than %s parents found for group %s, stopping '
2513 2516 'recursive parent fetching' % (parents_recursion_limit, self)))
2514 2517 break
2515 2518
2516 2519 groups.insert(0, gr)
2517 2520 return groups
2518 2521
2519 2522 @property
2520 2523 def last_db_change(self):
2521 2524 return self.updated_on
2522 2525
2523 2526 @property
2524 2527 def children(self):
2525 2528 return RepoGroup.query().filter(RepoGroup.parent_group == self)
2526 2529
2527 2530 @property
2528 2531 def name(self):
2529 2532 return self.group_name.split(RepoGroup.url_sep())[-1]
2530 2533
2531 2534 @property
2532 2535 def full_path(self):
2533 2536 return self.group_name
2534 2537
2535 2538 @property
2536 2539 def full_path_splitted(self):
2537 2540 return self.group_name.split(RepoGroup.url_sep())
2538 2541
2539 2542 @property
2540 2543 def repositories(self):
2541 2544 return Repository.query()\
2542 2545 .filter(Repository.group == self)\
2543 2546 .order_by(Repository.repo_name)
2544 2547
2545 2548 @property
2546 2549 def repositories_recursive_count(self):
2547 2550 cnt = self.repositories.count()
2548 2551
2549 2552 def children_count(group):
2550 2553 cnt = 0
2551 2554 for child in group.children:
2552 2555 cnt += child.repositories.count()
2553 2556 cnt += children_count(child)
2554 2557 return cnt
2555 2558
2556 2559 return cnt + children_count(self)
2557 2560
2558 2561 def _recursive_objects(self, include_repos=True):
2559 2562 all_ = []
2560 2563
2561 2564 def _get_members(root_gr):
2562 2565 if include_repos:
2563 2566 for r in root_gr.repositories:
2564 2567 all_.append(r)
2565 2568 childs = root_gr.children.all()
2566 2569 if childs:
2567 2570 for gr in childs:
2568 2571 all_.append(gr)
2569 2572 _get_members(gr)
2570 2573
2571 2574 _get_members(self)
2572 2575 return [self] + all_
2573 2576
2574 2577 def recursive_groups_and_repos(self):
2575 2578 """
2576 2579 Recursive return all groups, with repositories in those groups
2577 2580 """
2578 2581 return self._recursive_objects()
2579 2582
2580 2583 def recursive_groups(self):
2581 2584 """
2582 2585 Returns all children groups for this group including children of children
2583 2586 """
2584 2587 return self._recursive_objects(include_repos=False)
2585 2588
2586 2589 def get_new_name(self, group_name):
2587 2590 """
2588 2591 returns new full group name based on parent and new name
2589 2592
2590 2593 :param group_name:
2591 2594 """
2592 2595 path_prefix = (self.parent_group.full_path_splitted if
2593 2596 self.parent_group else [])
2594 2597 return RepoGroup.url_sep().join(path_prefix + [group_name])
2595 2598
2596 2599 def permissions(self, with_admins=True, with_owner=True):
2597 2600 q = UserRepoGroupToPerm.query().filter(UserRepoGroupToPerm.group == self)
2598 2601 q = q.options(joinedload(UserRepoGroupToPerm.group),
2599 2602 joinedload(UserRepoGroupToPerm.user),
2600 2603 joinedload(UserRepoGroupToPerm.permission),)
2601 2604
2602 2605 # get owners and admins and permissions. We do a trick of re-writing
2603 2606 # objects from sqlalchemy to named-tuples due to sqlalchemy session
2604 2607 # has a global reference and changing one object propagates to all
2605 2608 # others. This means if admin is also an owner admin_row that change
2606 2609 # would propagate to both objects
2607 2610 perm_rows = []
2608 2611 for _usr in q.all():
2609 2612 usr = AttributeDict(_usr.user.get_dict())
2610 2613 usr.permission = _usr.permission.permission_name
2611 2614 perm_rows.append(usr)
2612 2615
2613 2616 # filter the perm rows by 'default' first and then sort them by
2614 2617 # admin,write,read,none permissions sorted again alphabetically in
2615 2618 # each group
2616 2619 perm_rows = sorted(perm_rows, key=display_user_sort)
2617 2620
2618 2621 _admin_perm = 'group.admin'
2619 2622 owner_row = []
2620 2623 if with_owner:
2621 2624 usr = AttributeDict(self.user.get_dict())
2622 2625 usr.owner_row = True
2623 2626 usr.permission = _admin_perm
2624 2627 owner_row.append(usr)
2625 2628
2626 2629 super_admin_rows = []
2627 2630 if with_admins:
2628 2631 for usr in User.get_all_super_admins():
2629 2632 # if this admin is also owner, don't double the record
2630 2633 if usr.user_id == owner_row[0].user_id:
2631 2634 owner_row[0].admin_row = True
2632 2635 else:
2633 2636 usr = AttributeDict(usr.get_dict())
2634 2637 usr.admin_row = True
2635 2638 usr.permission = _admin_perm
2636 2639 super_admin_rows.append(usr)
2637 2640
2638 2641 return super_admin_rows + owner_row + perm_rows
2639 2642
2640 2643 def permission_user_groups(self):
2641 2644 q = UserGroupRepoGroupToPerm.query().filter(UserGroupRepoGroupToPerm.group == self)
2642 2645 q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
2643 2646 joinedload(UserGroupRepoGroupToPerm.users_group),
2644 2647 joinedload(UserGroupRepoGroupToPerm.permission),)
2645 2648
2646 2649 perm_rows = []
2647 2650 for _user_group in q.all():
2648 2651 usr = AttributeDict(_user_group.users_group.get_dict())
2649 2652 usr.permission = _user_group.permission.permission_name
2650 2653 perm_rows.append(usr)
2651 2654
2652 2655 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2653 2656 return perm_rows
2654 2657
2655 2658 def get_api_data(self):
2656 2659 """
2657 2660 Common function for generating api data
2658 2661
2659 2662 """
2660 2663 group = self
2661 2664 data = {
2662 2665 'group_id': group.group_id,
2663 2666 'group_name': group.group_name,
2664 2667 'group_description': group.description_safe,
2665 2668 'parent_group': group.parent_group.group_name if group.parent_group else None,
2666 2669 'repositories': [x.repo_name for x in group.repositories],
2667 2670 'owner': group.user.username,
2668 2671 }
2669 2672 return data
2670 2673
2671 2674
2672 2675 class Permission(Base, BaseModel):
2673 2676 __tablename__ = 'permissions'
2674 2677 __table_args__ = (
2675 2678 Index('p_perm_name_idx', 'permission_name'),
2676 2679 base_table_args,
2677 2680 )
2678 2681
2679 2682 PERMS = [
2680 2683 ('hg.admin', _('RhodeCode Super Administrator')),
2681 2684
2682 2685 ('repository.none', _('Repository no access')),
2683 2686 ('repository.read', _('Repository read access')),
2684 2687 ('repository.write', _('Repository write access')),
2685 2688 ('repository.admin', _('Repository admin access')),
2686 2689
2687 2690 ('group.none', _('Repository group no access')),
2688 2691 ('group.read', _('Repository group read access')),
2689 2692 ('group.write', _('Repository group write access')),
2690 2693 ('group.admin', _('Repository group admin access')),
2691 2694
2692 2695 ('usergroup.none', _('User group no access')),
2693 2696 ('usergroup.read', _('User group read access')),
2694 2697 ('usergroup.write', _('User group write access')),
2695 2698 ('usergroup.admin', _('User group admin access')),
2696 2699
2700 ('branch.none', _('Branch no permissions')),
2701 ('branch.merge', _('Branch access by web merge')),
2702 ('branch.push', _('Branch access by push')),
2703 ('branch.push_force', _('Branch access by push with force')),
2704
2697 2705 ('hg.repogroup.create.false', _('Repository Group creation disabled')),
2698 2706 ('hg.repogroup.create.true', _('Repository Group creation enabled')),
2699 2707
2700 2708 ('hg.usergroup.create.false', _('User Group creation disabled')),
2701 2709 ('hg.usergroup.create.true', _('User Group creation enabled')),
2702 2710
2703 2711 ('hg.create.none', _('Repository creation disabled')),
2704 2712 ('hg.create.repository', _('Repository creation enabled')),
2705 2713 ('hg.create.write_on_repogroup.true', _('Repository creation enabled with write permission to a repository group')),
2706 2714 ('hg.create.write_on_repogroup.false', _('Repository creation disabled with write permission to a repository group')),
2707 2715
2708 2716 ('hg.fork.none', _('Repository forking disabled')),
2709 2717 ('hg.fork.repository', _('Repository forking enabled')),
2710 2718
2711 2719 ('hg.register.none', _('Registration disabled')),
2712 2720 ('hg.register.manual_activate', _('User Registration with manual account activation')),
2713 2721 ('hg.register.auto_activate', _('User Registration with automatic account activation')),
2714 2722
2715 2723 ('hg.password_reset.enabled', _('Password reset enabled')),
2716 2724 ('hg.password_reset.hidden', _('Password reset hidden')),
2717 2725 ('hg.password_reset.disabled', _('Password reset disabled')),
2718 2726
2719 2727 ('hg.extern_activate.manual', _('Manual activation of external account')),
2720 2728 ('hg.extern_activate.auto', _('Automatic activation of external account')),
2721 2729
2722 2730 ('hg.inherit_default_perms.false', _('Inherit object permissions from default user disabled')),
2723 2731 ('hg.inherit_default_perms.true', _('Inherit object permissions from default user enabled')),
2724 2732 ]
2725 2733
2726 # definition of system default permissions for DEFAULT user
2734 # definition of system default permissions for DEFAULT user, created on
2735 # system setup
2727 2736 DEFAULT_USER_PERMISSIONS = [
2737 # object perms
2728 2738 'repository.read',
2729 2739 'group.read',
2730 2740 'usergroup.read',
2741 # branch, for backward compat we need same value as before so forced pushed
2742 'branch.push_force',
2743 # global
2731 2744 'hg.create.repository',
2732 2745 'hg.repogroup.create.false',
2733 2746 'hg.usergroup.create.false',
2734 2747 'hg.create.write_on_repogroup.true',
2735 2748 'hg.fork.repository',
2736 2749 'hg.register.manual_activate',
2737 2750 'hg.password_reset.enabled',
2738 2751 'hg.extern_activate.auto',
2739 2752 'hg.inherit_default_perms.true',
2740 2753 ]
2741 2754
2742 2755 # defines which permissions are more important higher the more important
2743 2756 # Weight defines which permissions are more important.
2744 2757 # The higher number the more important.
2745 2758 PERM_WEIGHTS = {
2746 2759 'repository.none': 0,
2747 2760 'repository.read': 1,
2748 2761 'repository.write': 3,
2749 2762 'repository.admin': 4,
2750 2763
2751 2764 'group.none': 0,
2752 2765 'group.read': 1,
2753 2766 'group.write': 3,
2754 2767 'group.admin': 4,
2755 2768
2756 2769 'usergroup.none': 0,
2757 2770 'usergroup.read': 1,
2758 2771 'usergroup.write': 3,
2759 2772 'usergroup.admin': 4,
2760 2773
2774 'branch.none': 0,
2775 'branch.merge': 1,
2776 'branch.push': 3,
2777 'branch.push_force': 4,
2778
2761 2779 'hg.repogroup.create.false': 0,
2762 2780 'hg.repogroup.create.true': 1,
2763 2781
2764 2782 'hg.usergroup.create.false': 0,
2765 2783 'hg.usergroup.create.true': 1,
2766 2784
2767 2785 'hg.fork.none': 0,
2768 2786 'hg.fork.repository': 1,
2769 2787 'hg.create.none': 0,
2770 2788 'hg.create.repository': 1
2771 2789 }
2772 2790
2773 2791 permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2774 2792 permission_name = Column("permission_name", String(255), nullable=True, unique=None, default=None)
2775 2793 permission_longname = Column("permission_longname", String(255), nullable=True, unique=None, default=None)
2776 2794
2777 2795 def __unicode__(self):
2778 2796 return u"<%s('%s:%s')>" % (
2779 2797 self.__class__.__name__, self.permission_id, self.permission_name
2780 2798 )
2781 2799
2782 2800 @classmethod
2783 2801 def get_by_key(cls, key):
2784 2802 return cls.query().filter(cls.permission_name == key).scalar()
2785 2803
2786 2804 @classmethod
2787 2805 def get_default_repo_perms(cls, user_id, repo_id=None):
2788 2806 q = Session().query(UserRepoToPerm, Repository, Permission)\
2789 2807 .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\
2790 2808 .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
2791 2809 .filter(UserRepoToPerm.user_id == user_id)
2792 2810 if repo_id:
2793 2811 q = q.filter(UserRepoToPerm.repository_id == repo_id)
2794 2812 return q.all()
2795 2813
2796 2814 @classmethod
2815 def get_default_repo_branch_perms(cls, user_id, repo_id=None):
2816 q = Session().query(UserToRepoBranchPermission, UserRepoToPerm, Permission) \
2817 .join(
2818 Permission,
2819 UserToRepoBranchPermission.permission_id == Permission.permission_id) \
2820 .join(
2821 UserRepoToPerm,
2822 UserToRepoBranchPermission.rule_to_perm_id == UserRepoToPerm.repo_to_perm_id) \
2823 .filter(UserRepoToPerm.user_id == user_id)
2824
2825 if repo_id:
2826 q = q.filter(UserToRepoBranchPermission.repository_id == repo_id)
2827 return q.order_by(UserToRepoBranchPermission.rule_order).all()
2828
2829 @classmethod
2797 2830 def get_default_repo_perms_from_user_group(cls, user_id, repo_id=None):
2798 2831 q = Session().query(UserGroupRepoToPerm, Repository, Permission)\
2799 2832 .join(
2800 2833 Permission,
2801 2834 UserGroupRepoToPerm.permission_id == Permission.permission_id)\
2802 2835 .join(
2803 2836 Repository,
2804 2837 UserGroupRepoToPerm.repository_id == Repository.repo_id)\
2805 2838 .join(
2806 2839 UserGroup,
2807 2840 UserGroupRepoToPerm.users_group_id ==
2808 2841 UserGroup.users_group_id)\
2809 2842 .join(
2810 2843 UserGroupMember,
2811 2844 UserGroupRepoToPerm.users_group_id ==
2812 2845 UserGroupMember.users_group_id)\
2813 2846 .filter(
2814 2847 UserGroupMember.user_id == user_id,
2815 2848 UserGroup.users_group_active == true())
2816 2849 if repo_id:
2817 2850 q = q.filter(UserGroupRepoToPerm.repository_id == repo_id)
2818 2851 return q.all()
2819 2852
2820 2853 @classmethod
2854 def get_default_repo_branch_perms_from_user_group(cls, user_id, repo_id=None):
2855 q = Session().query(UserGroupToRepoBranchPermission, UserGroupRepoToPerm, Permission) \
2856 .join(
2857 Permission,
2858 UserGroupToRepoBranchPermission.permission_id == Permission.permission_id) \
2859 .join(
2860 UserGroupRepoToPerm,
2861 UserGroupToRepoBranchPermission.rule_to_perm_id == UserGroupRepoToPerm.users_group_to_perm_id) \
2862 .join(
2863 UserGroup,
2864 UserGroupRepoToPerm.users_group_id == UserGroup.users_group_id) \
2865 .join(
2866 UserGroupMember,
2867 UserGroupRepoToPerm.users_group_id == UserGroupMember.users_group_id) \
2868 .filter(
2869 UserGroupMember.user_id == user_id,
2870 UserGroup.users_group_active == true())
2871
2872 if repo_id:
2873 q = q.filter(UserGroupToRepoBranchPermission.repository_id == repo_id)
2874 return q.order_by(UserGroupToRepoBranchPermission.rule_order).all()
2875
2876 @classmethod
2821 2877 def get_default_group_perms(cls, user_id, repo_group_id=None):
2822 2878 q = Session().query(UserRepoGroupToPerm, RepoGroup, Permission)\
2823 .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\
2824 .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
2879 .join(
2880 Permission,
2881 UserRepoGroupToPerm.permission_id == Permission.permission_id)\
2882 .join(
2883 RepoGroup,
2884 UserRepoGroupToPerm.group_id == RepoGroup.group_id)\
2825 2885 .filter(UserRepoGroupToPerm.user_id == user_id)
2826 2886 if repo_group_id:
2827 2887 q = q.filter(UserRepoGroupToPerm.group_id == repo_group_id)
2828 2888 return q.all()
2829 2889
2830 2890 @classmethod
2831 2891 def get_default_group_perms_from_user_group(
2832 2892 cls, user_id, repo_group_id=None):
2833 2893 q = Session().query(UserGroupRepoGroupToPerm, RepoGroup, Permission)\
2834 2894 .join(
2835 2895 Permission,
2836 2896 UserGroupRepoGroupToPerm.permission_id ==
2837 2897 Permission.permission_id)\
2838 2898 .join(
2839 2899 RepoGroup,
2840 2900 UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id)\
2841 2901 .join(
2842 2902 UserGroup,
2843 2903 UserGroupRepoGroupToPerm.users_group_id ==
2844 2904 UserGroup.users_group_id)\
2845 2905 .join(
2846 2906 UserGroupMember,
2847 2907 UserGroupRepoGroupToPerm.users_group_id ==
2848 2908 UserGroupMember.users_group_id)\
2849 2909 .filter(
2850 2910 UserGroupMember.user_id == user_id,
2851 2911 UserGroup.users_group_active == true())
2852 2912 if repo_group_id:
2853 2913 q = q.filter(UserGroupRepoGroupToPerm.group_id == repo_group_id)
2854 2914 return q.all()
2855 2915
2856 2916 @classmethod
2857 2917 def get_default_user_group_perms(cls, user_id, user_group_id=None):
2858 2918 q = Session().query(UserUserGroupToPerm, UserGroup, Permission)\
2859 2919 .join((Permission, UserUserGroupToPerm.permission_id == Permission.permission_id))\
2860 2920 .join((UserGroup, UserUserGroupToPerm.user_group_id == UserGroup.users_group_id))\
2861 2921 .filter(UserUserGroupToPerm.user_id == user_id)
2862 2922 if user_group_id:
2863 2923 q = q.filter(UserUserGroupToPerm.user_group_id == user_group_id)
2864 2924 return q.all()
2865 2925
2866 2926 @classmethod
2867 2927 def get_default_user_group_perms_from_user_group(
2868 2928 cls, user_id, user_group_id=None):
2869 2929 TargetUserGroup = aliased(UserGroup, name='target_user_group')
2870 2930 q = Session().query(UserGroupUserGroupToPerm, UserGroup, Permission)\
2871 2931 .join(
2872 2932 Permission,
2873 2933 UserGroupUserGroupToPerm.permission_id ==
2874 2934 Permission.permission_id)\
2875 2935 .join(
2876 2936 TargetUserGroup,
2877 2937 UserGroupUserGroupToPerm.target_user_group_id ==
2878 2938 TargetUserGroup.users_group_id)\
2879 2939 .join(
2880 2940 UserGroup,
2881 2941 UserGroupUserGroupToPerm.user_group_id ==
2882 2942 UserGroup.users_group_id)\
2883 2943 .join(
2884 2944 UserGroupMember,
2885 2945 UserGroupUserGroupToPerm.user_group_id ==
2886 2946 UserGroupMember.users_group_id)\
2887 2947 .filter(
2888 2948 UserGroupMember.user_id == user_id,
2889 2949 UserGroup.users_group_active == true())
2890 2950 if user_group_id:
2891 2951 q = q.filter(
2892 2952 UserGroupUserGroupToPerm.user_group_id == user_group_id)
2893 2953
2894 2954 return q.all()
2895 2955
2896 2956
2897 2957 class UserRepoToPerm(Base, BaseModel):
2898 2958 __tablename__ = 'repo_to_perm'
2899 2959 __table_args__ = (
2900 2960 UniqueConstraint('user_id', 'repository_id', 'permission_id'),
2901 2961 base_table_args
2902 2962 )
2903 2963
2904 2964 repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2905 2965 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2906 2966 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2907 2967 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2908 2968
2909 2969 user = relationship('User')
2910 2970 repository = relationship('Repository')
2911 2971 permission = relationship('Permission')
2912 2972
2973 branch_perm_entry = relationship('UserToRepoBranchPermission', cascade="all, delete, delete-orphan", lazy='joined')
2974
2913 2975 @classmethod
2914 2976 def create(cls, user, repository, permission):
2915 2977 n = cls()
2916 2978 n.user = user
2917 2979 n.repository = repository
2918 2980 n.permission = permission
2919 2981 Session().add(n)
2920 2982 return n
2921 2983
2922 2984 def __unicode__(self):
2923 2985 return u'<%s => %s >' % (self.user, self.repository)
2924 2986
2925 2987
2926 2988 class UserUserGroupToPerm(Base, BaseModel):
2927 2989 __tablename__ = 'user_user_group_to_perm'
2928 2990 __table_args__ = (
2929 2991 UniqueConstraint('user_id', 'user_group_id', 'permission_id'),
2930 2992 base_table_args
2931 2993 )
2932 2994
2933 2995 user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2934 2996 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2935 2997 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2936 2998 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2937 2999
2938 3000 user = relationship('User')
2939 3001 user_group = relationship('UserGroup')
2940 3002 permission = relationship('Permission')
2941 3003
2942 3004 @classmethod
2943 3005 def create(cls, user, user_group, permission):
2944 3006 n = cls()
2945 3007 n.user = user
2946 3008 n.user_group = user_group
2947 3009 n.permission = permission
2948 3010 Session().add(n)
2949 3011 return n
2950 3012
2951 3013 def __unicode__(self):
2952 3014 return u'<%s => %s >' % (self.user, self.user_group)
2953 3015
2954 3016
2955 3017 class UserToPerm(Base, BaseModel):
2956 3018 __tablename__ = 'user_to_perm'
2957 3019 __table_args__ = (
2958 3020 UniqueConstraint('user_id', 'permission_id'),
2959 3021 base_table_args
2960 3022 )
2961 3023
2962 3024 user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2963 3025 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2964 3026 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2965 3027
2966 3028 user = relationship('User')
2967 3029 permission = relationship('Permission', lazy='joined')
2968 3030
2969 3031 def __unicode__(self):
2970 3032 return u'<%s => %s >' % (self.user, self.permission)
2971 3033
2972 3034
2973 3035 class UserGroupRepoToPerm(Base, BaseModel):
2974 3036 __tablename__ = 'users_group_repo_to_perm'
2975 3037 __table_args__ = (
2976 3038 UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),
2977 3039 base_table_args
2978 3040 )
2979 3041
2980 3042 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2981 3043 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2982 3044 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2983 3045 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2984 3046
2985 3047 users_group = relationship('UserGroup')
2986 3048 permission = relationship('Permission')
2987 3049 repository = relationship('Repository')
2988 3050
2989 3051 @classmethod
2990 3052 def create(cls, users_group, repository, permission):
2991 3053 n = cls()
2992 3054 n.users_group = users_group
2993 3055 n.repository = repository
2994 3056 n.permission = permission
2995 3057 Session().add(n)
2996 3058 return n
2997 3059
2998 3060 def __unicode__(self):
2999 3061 return u'<UserGroupRepoToPerm:%s => %s >' % (self.users_group, self.repository)
3000 3062
3001 3063
3002 3064 class UserGroupUserGroupToPerm(Base, BaseModel):
3003 3065 __tablename__ = 'user_group_user_group_to_perm'
3004 3066 __table_args__ = (
3005 3067 UniqueConstraint('target_user_group_id', 'user_group_id', 'permission_id'),
3006 3068 CheckConstraint('target_user_group_id != user_group_id'),
3007 3069 base_table_args
3008 3070 )
3009 3071
3010 3072 user_group_user_group_to_perm_id = Column("user_group_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3011 3073 target_user_group_id = Column("target_user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3012 3074 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3013 3075 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3014 3076
3015 3077 target_user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
3016 3078 user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
3017 3079 permission = relationship('Permission')
3018 3080
3019 3081 @classmethod
3020 3082 def create(cls, target_user_group, user_group, permission):
3021 3083 n = cls()
3022 3084 n.target_user_group = target_user_group
3023 3085 n.user_group = user_group
3024 3086 n.permission = permission
3025 3087 Session().add(n)
3026 3088 return n
3027 3089
3028 3090 def __unicode__(self):
3029 3091 return u'<UserGroupUserGroup:%s => %s >' % (self.target_user_group, self.user_group)
3030 3092
3031 3093
3032 3094 class UserGroupToPerm(Base, BaseModel):
3033 3095 __tablename__ = 'users_group_to_perm'
3034 3096 __table_args__ = (
3035 3097 UniqueConstraint('users_group_id', 'permission_id',),
3036 3098 base_table_args
3037 3099 )
3038 3100
3039 3101 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3040 3102 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3041 3103 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3042 3104
3043 3105 users_group = relationship('UserGroup')
3044 3106 permission = relationship('Permission')
3045 3107
3046 3108
3047 3109 class UserRepoGroupToPerm(Base, BaseModel):
3048 3110 __tablename__ = 'user_repo_group_to_perm'
3049 3111 __table_args__ = (
3050 3112 UniqueConstraint('user_id', 'group_id', 'permission_id'),
3051 3113 base_table_args
3052 3114 )
3053 3115
3054 3116 group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3055 3117 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3056 3118 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
3057 3119 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3058 3120
3059 3121 user = relationship('User')
3060 3122 group = relationship('RepoGroup')
3061 3123 permission = relationship('Permission')
3062 3124
3063 3125 @classmethod
3064 3126 def create(cls, user, repository_group, permission):
3065 3127 n = cls()
3066 3128 n.user = user
3067 3129 n.group = repository_group
3068 3130 n.permission = permission
3069 3131 Session().add(n)
3070 3132 return n
3071 3133
3072 3134
3073 3135 class UserGroupRepoGroupToPerm(Base, BaseModel):
3074 3136 __tablename__ = 'users_group_repo_group_to_perm'
3075 3137 __table_args__ = (
3076 3138 UniqueConstraint('users_group_id', 'group_id'),
3077 3139 base_table_args
3078 3140 )
3079 3141
3080 3142 users_group_repo_group_to_perm_id = Column("users_group_repo_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3081 3143 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3082 3144 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
3083 3145 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3084 3146
3085 3147 users_group = relationship('UserGroup')
3086 3148 permission = relationship('Permission')
3087 3149 group = relationship('RepoGroup')
3088 3150
3089 3151 @classmethod
3090 3152 def create(cls, user_group, repository_group, permission):
3091 3153 n = cls()
3092 3154 n.users_group = user_group
3093 3155 n.group = repository_group
3094 3156 n.permission = permission
3095 3157 Session().add(n)
3096 3158 return n
3097 3159
3098 3160 def __unicode__(self):
3099 3161 return u'<UserGroupRepoGroupToPerm:%s => %s >' % (self.users_group, self.group)
3100 3162
3101 3163
3102 3164 class Statistics(Base, BaseModel):
3103 3165 __tablename__ = 'statistics'
3104 3166 __table_args__ = (
3105 3167 base_table_args
3106 3168 )
3107 3169
3108 3170 stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3109 3171 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
3110 3172 stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
3111 3173 commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data
3112 3174 commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
3113 3175 languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data
3114 3176
3115 3177 repository = relationship('Repository', single_parent=True)
3116 3178
3117 3179
3118 3180 class UserFollowing(Base, BaseModel):
3119 3181 __tablename__ = 'user_followings'
3120 3182 __table_args__ = (
3121 3183 UniqueConstraint('user_id', 'follows_repository_id'),
3122 3184 UniqueConstraint('user_id', 'follows_user_id'),
3123 3185 base_table_args
3124 3186 )
3125 3187
3126 3188 user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3127 3189 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3128 3190 follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None)
3129 3191 follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
3130 3192 follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
3131 3193
3132 3194 user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')
3133 3195
3134 3196 follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')
3135 3197 follows_repository = relationship('Repository', order_by='Repository.repo_name')
3136 3198
3137 3199 @classmethod
3138 3200 def get_repo_followers(cls, repo_id):
3139 3201 return cls.query().filter(cls.follows_repo_id == repo_id)
3140 3202
3141 3203
3142 3204 class CacheKey(Base, BaseModel):
3143 3205 __tablename__ = 'cache_invalidation'
3144 3206 __table_args__ = (
3145 3207 UniqueConstraint('cache_key'),
3146 3208 Index('key_idx', 'cache_key'),
3147 3209 base_table_args,
3148 3210 )
3149 3211
3150 3212 CACHE_TYPE_FEED = 'FEED'
3151 3213 CACHE_TYPE_README = 'README'
3152 3214 # namespaces used to register process/thread aware caches
3153 3215 REPO_INVALIDATION_NAMESPACE = 'repo_cache:{repo_id}'
3154 3216 SETTINGS_INVALIDATION_NAMESPACE = 'system_settings'
3155 3217
3156 3218 cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3157 3219 cache_key = Column("cache_key", String(255), nullable=True, unique=None, default=None)
3158 3220 cache_args = Column("cache_args", String(255), nullable=True, unique=None, default=None)
3159 3221 cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False)
3160 3222
3161 3223 def __init__(self, cache_key, cache_args=''):
3162 3224 self.cache_key = cache_key
3163 3225 self.cache_args = cache_args
3164 3226 self.cache_active = False
3165 3227
3166 3228 def __unicode__(self):
3167 3229 return u"<%s('%s:%s[%s]')>" % (
3168 3230 self.__class__.__name__,
3169 3231 self.cache_id, self.cache_key, self.cache_active)
3170 3232
3171 3233 def _cache_key_partition(self):
3172 3234 prefix, repo_name, suffix = self.cache_key.partition(self.cache_args)
3173 3235 return prefix, repo_name, suffix
3174 3236
3175 3237 def get_prefix(self):
3176 3238 """
3177 3239 Try to extract prefix from existing cache key. The key could consist
3178 3240 of prefix, repo_name, suffix
3179 3241 """
3180 3242 # this returns prefix, repo_name, suffix
3181 3243 return self._cache_key_partition()[0]
3182 3244
3183 3245 def get_suffix(self):
3184 3246 """
3185 3247 get suffix that might have been used in _get_cache_key to
3186 3248 generate self.cache_key. Only used for informational purposes
3187 3249 in repo_edit.mako.
3188 3250 """
3189 3251 # prefix, repo_name, suffix
3190 3252 return self._cache_key_partition()[2]
3191 3253
3192 3254 @classmethod
3193 3255 def delete_all_cache(cls):
3194 3256 """
3195 3257 Delete all cache keys from database.
3196 3258 Should only be run when all instances are down and all entries
3197 3259 thus stale.
3198 3260 """
3199 3261 cls.query().delete()
3200 3262 Session().commit()
3201 3263
3202 3264 @classmethod
3203 3265 def set_invalidate(cls, cache_uid, delete=False):
3204 3266 """
3205 3267 Mark all caches of a repo as invalid in the database.
3206 3268 """
3207 3269
3208 3270 try:
3209 3271 qry = Session().query(cls).filter(cls.cache_args == cache_uid)
3210 3272 if delete:
3211 3273 qry.delete()
3212 3274 log.debug('cache objects deleted for cache args %s',
3213 3275 safe_str(cache_uid))
3214 3276 else:
3215 3277 qry.update({"cache_active": False})
3216 3278 log.debug('cache objects marked as invalid for cache args %s',
3217 3279 safe_str(cache_uid))
3218 3280
3219 3281 Session().commit()
3220 3282 except Exception:
3221 3283 log.exception(
3222 3284 'Cache key invalidation failed for cache args %s',
3223 3285 safe_str(cache_uid))
3224 3286 Session().rollback()
3225 3287
3226 3288 @classmethod
3227 3289 def get_active_cache(cls, cache_key):
3228 3290 inv_obj = cls.query().filter(cls.cache_key == cache_key).scalar()
3229 3291 if inv_obj:
3230 3292 return inv_obj
3231 3293 return None
3232 3294
3233 3295
3234 3296 class ChangesetComment(Base, BaseModel):
3235 3297 __tablename__ = 'changeset_comments'
3236 3298 __table_args__ = (
3237 3299 Index('cc_revision_idx', 'revision'),
3238 3300 base_table_args,
3239 3301 )
3240 3302
3241 3303 COMMENT_OUTDATED = u'comment_outdated'
3242 3304 COMMENT_TYPE_NOTE = u'note'
3243 3305 COMMENT_TYPE_TODO = u'todo'
3244 3306 COMMENT_TYPES = [COMMENT_TYPE_NOTE, COMMENT_TYPE_TODO]
3245 3307
3246 3308 comment_id = Column('comment_id', Integer(), nullable=False, primary_key=True)
3247 3309 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3248 3310 revision = Column('revision', String(40), nullable=True)
3249 3311 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3250 3312 pull_request_version_id = Column("pull_request_version_id", Integer(), ForeignKey('pull_request_versions.pull_request_version_id'), nullable=True)
3251 3313 line_no = Column('line_no', Unicode(10), nullable=True)
3252 3314 hl_lines = Column('hl_lines', Unicode(512), nullable=True)
3253 3315 f_path = Column('f_path', Unicode(1000), nullable=True)
3254 3316 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)
3255 3317 text = Column('text', UnicodeText().with_variant(UnicodeText(25000), 'mysql'), nullable=False)
3256 3318 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3257 3319 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3258 3320 renderer = Column('renderer', Unicode(64), nullable=True)
3259 3321 display_state = Column('display_state', Unicode(128), nullable=True)
3260 3322
3261 3323 comment_type = Column('comment_type', Unicode(128), nullable=True, default=COMMENT_TYPE_NOTE)
3262 3324 resolved_comment_id = Column('resolved_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'), nullable=True)
3263 3325 resolved_comment = relationship('ChangesetComment', remote_side=comment_id, backref='resolved_by')
3264 3326 author = relationship('User', lazy='joined')
3265 3327 repo = relationship('Repository')
3266 3328 status_change = relationship('ChangesetStatus', cascade="all, delete, delete-orphan", lazy='joined')
3267 3329 pull_request = relationship('PullRequest', lazy='joined')
3268 3330 pull_request_version = relationship('PullRequestVersion')
3269 3331
3270 3332 @classmethod
3271 3333 def get_users(cls, revision=None, pull_request_id=None):
3272 3334 """
3273 3335 Returns user associated with this ChangesetComment. ie those
3274 3336 who actually commented
3275 3337
3276 3338 :param cls:
3277 3339 :param revision:
3278 3340 """
3279 3341 q = Session().query(User)\
3280 3342 .join(ChangesetComment.author)
3281 3343 if revision:
3282 3344 q = q.filter(cls.revision == revision)
3283 3345 elif pull_request_id:
3284 3346 q = q.filter(cls.pull_request_id == pull_request_id)
3285 3347 return q.all()
3286 3348
3287 3349 @classmethod
3288 3350 def get_index_from_version(cls, pr_version, versions):
3289 3351 num_versions = [x.pull_request_version_id for x in versions]
3290 3352 try:
3291 3353 return num_versions.index(pr_version) +1
3292 3354 except (IndexError, ValueError):
3293 3355 return
3294 3356
3295 3357 @property
3296 3358 def outdated(self):
3297 3359 return self.display_state == self.COMMENT_OUTDATED
3298 3360
3299 3361 def outdated_at_version(self, version):
3300 3362 """
3301 3363 Checks if comment is outdated for given pull request version
3302 3364 """
3303 3365 return self.outdated and self.pull_request_version_id != version
3304 3366
3305 3367 def older_than_version(self, version):
3306 3368 """
3307 3369 Checks if comment is made from previous version than given
3308 3370 """
3309 3371 if version is None:
3310 3372 return self.pull_request_version_id is not None
3311 3373
3312 3374 return self.pull_request_version_id < version
3313 3375
3314 3376 @property
3315 3377 def resolved(self):
3316 3378 return self.resolved_by[0] if self.resolved_by else None
3317 3379
3318 3380 @property
3319 3381 def is_todo(self):
3320 3382 return self.comment_type == self.COMMENT_TYPE_TODO
3321 3383
3322 3384 @property
3323 3385 def is_inline(self):
3324 3386 return self.line_no and self.f_path
3325 3387
3326 3388 def get_index_version(self, versions):
3327 3389 return self.get_index_from_version(
3328 3390 self.pull_request_version_id, versions)
3329 3391
3330 3392 def __repr__(self):
3331 3393 if self.comment_id:
3332 3394 return '<DB:Comment #%s>' % self.comment_id
3333 3395 else:
3334 3396 return '<DB:Comment at %#x>' % id(self)
3335 3397
3336 3398 def get_api_data(self):
3337 3399 comment = self
3338 3400 data = {
3339 3401 'comment_id': comment.comment_id,
3340 3402 'comment_type': comment.comment_type,
3341 3403 'comment_text': comment.text,
3342 3404 'comment_status': comment.status_change,
3343 3405 'comment_f_path': comment.f_path,
3344 3406 'comment_lineno': comment.line_no,
3345 3407 'comment_author': comment.author,
3346 3408 'comment_created_on': comment.created_on
3347 3409 }
3348 3410 return data
3349 3411
3350 3412 def __json__(self):
3351 3413 data = dict()
3352 3414 data.update(self.get_api_data())
3353 3415 return data
3354 3416
3355 3417
3356 3418 class ChangesetStatus(Base, BaseModel):
3357 3419 __tablename__ = 'changeset_statuses'
3358 3420 __table_args__ = (
3359 3421 Index('cs_revision_idx', 'revision'),
3360 3422 Index('cs_version_idx', 'version'),
3361 3423 UniqueConstraint('repo_id', 'revision', 'version'),
3362 3424 base_table_args
3363 3425 )
3364 3426
3365 3427 STATUS_NOT_REVIEWED = DEFAULT = 'not_reviewed'
3366 3428 STATUS_APPROVED = 'approved'
3367 3429 STATUS_REJECTED = 'rejected'
3368 3430 STATUS_UNDER_REVIEW = 'under_review'
3369 3431
3370 3432 STATUSES = [
3371 3433 (STATUS_NOT_REVIEWED, _("Not Reviewed")), # (no icon) and default
3372 3434 (STATUS_APPROVED, _("Approved")),
3373 3435 (STATUS_REJECTED, _("Rejected")),
3374 3436 (STATUS_UNDER_REVIEW, _("Under Review")),
3375 3437 ]
3376 3438
3377 3439 changeset_status_id = Column('changeset_status_id', Integer(), nullable=False, primary_key=True)
3378 3440 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3379 3441 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None)
3380 3442 revision = Column('revision', String(40), nullable=False)
3381 3443 status = Column('status', String(128), nullable=False, default=DEFAULT)
3382 3444 changeset_comment_id = Column('changeset_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'))
3383 3445 modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now)
3384 3446 version = Column('version', Integer(), nullable=False, default=0)
3385 3447 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3386 3448
3387 3449 author = relationship('User', lazy='joined')
3388 3450 repo = relationship('Repository')
3389 3451 comment = relationship('ChangesetComment', lazy='joined')
3390 3452 pull_request = relationship('PullRequest', lazy='joined')
3391 3453
3392 3454 def __unicode__(self):
3393 3455 return u"<%s('%s[v%s]:%s')>" % (
3394 3456 self.__class__.__name__,
3395 3457 self.status, self.version, self.author
3396 3458 )
3397 3459
3398 3460 @classmethod
3399 3461 def get_status_lbl(cls, value):
3400 3462 return dict(cls.STATUSES).get(value)
3401 3463
3402 3464 @property
3403 3465 def status_lbl(self):
3404 3466 return ChangesetStatus.get_status_lbl(self.status)
3405 3467
3406 3468 def get_api_data(self):
3407 3469 status = self
3408 3470 data = {
3409 3471 'status_id': status.changeset_status_id,
3410 3472 'status': status.status,
3411 3473 }
3412 3474 return data
3413 3475
3414 3476 def __json__(self):
3415 3477 data = dict()
3416 3478 data.update(self.get_api_data())
3417 3479 return data
3418 3480
3419 3481
3420 3482 class _PullRequestBase(BaseModel):
3421 3483 """
3422 3484 Common attributes of pull request and version entries.
3423 3485 """
3424 3486
3425 3487 # .status values
3426 3488 STATUS_NEW = u'new'
3427 3489 STATUS_OPEN = u'open'
3428 3490 STATUS_CLOSED = u'closed'
3429 3491
3430 3492 title = Column('title', Unicode(255), nullable=True)
3431 3493 description = Column(
3432 3494 'description', UnicodeText().with_variant(UnicodeText(10240), 'mysql'),
3433 3495 nullable=True)
3434 3496 description_renderer = Column('description_renderer', Unicode(64), nullable=True)
3435 3497
3436 3498 # new/open/closed status of pull request (not approve/reject/etc)
3437 3499 status = Column('status', Unicode(255), nullable=False, default=STATUS_NEW)
3438 3500 created_on = Column(
3439 3501 'created_on', DateTime(timezone=False), nullable=False,
3440 3502 default=datetime.datetime.now)
3441 3503 updated_on = Column(
3442 3504 'updated_on', DateTime(timezone=False), nullable=False,
3443 3505 default=datetime.datetime.now)
3444 3506
3445 3507 @declared_attr
3446 3508 def user_id(cls):
3447 3509 return Column(
3448 3510 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
3449 3511 unique=None)
3450 3512
3451 3513 # 500 revisions max
3452 3514 _revisions = Column(
3453 3515 'revisions', UnicodeText().with_variant(UnicodeText(20500), 'mysql'))
3454 3516
3455 3517 @declared_attr
3456 3518 def source_repo_id(cls):
3457 3519 # TODO: dan: rename column to source_repo_id
3458 3520 return Column(
3459 3521 'org_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3460 3522 nullable=False)
3461 3523
3462 3524 source_ref = Column('org_ref', Unicode(255), nullable=False)
3463 3525
3464 3526 @declared_attr
3465 3527 def target_repo_id(cls):
3466 3528 # TODO: dan: rename column to target_repo_id
3467 3529 return Column(
3468 3530 'other_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3469 3531 nullable=False)
3470 3532
3471 3533 target_ref = Column('other_ref', Unicode(255), nullable=False)
3472 3534 _shadow_merge_ref = Column('shadow_merge_ref', Unicode(255), nullable=True)
3473 3535
3474 3536 # TODO: dan: rename column to last_merge_source_rev
3475 3537 _last_merge_source_rev = Column(
3476 3538 'last_merge_org_rev', String(40), nullable=True)
3477 3539 # TODO: dan: rename column to last_merge_target_rev
3478 3540 _last_merge_target_rev = Column(
3479 3541 'last_merge_other_rev', String(40), nullable=True)
3480 3542 _last_merge_status = Column('merge_status', Integer(), nullable=True)
3481 3543 merge_rev = Column('merge_rev', String(40), nullable=True)
3482 3544
3483 3545 reviewer_data = Column(
3484 3546 'reviewer_data_json', MutationObj.as_mutable(
3485 3547 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
3486 3548
3487 3549 @property
3488 3550 def reviewer_data_json(self):
3489 3551 return json.dumps(self.reviewer_data)
3490 3552
3491 3553 @hybrid_property
3492 3554 def description_safe(self):
3493 3555 from rhodecode.lib import helpers as h
3494 3556 return h.escape(self.description)
3495 3557
3496 3558 @hybrid_property
3497 3559 def revisions(self):
3498 3560 return self._revisions.split(':') if self._revisions else []
3499 3561
3500 3562 @revisions.setter
3501 3563 def revisions(self, val):
3502 3564 self._revisions = ':'.join(val)
3503 3565
3504 3566 @hybrid_property
3505 3567 def last_merge_status(self):
3506 3568 return safe_int(self._last_merge_status)
3507 3569
3508 3570 @last_merge_status.setter
3509 3571 def last_merge_status(self, val):
3510 3572 self._last_merge_status = val
3511 3573
3512 3574 @declared_attr
3513 3575 def author(cls):
3514 3576 return relationship('User', lazy='joined')
3515 3577
3516 3578 @declared_attr
3517 3579 def source_repo(cls):
3518 3580 return relationship(
3519 3581 'Repository',
3520 3582 primaryjoin='%s.source_repo_id==Repository.repo_id' % cls.__name__)
3521 3583
3522 3584 @property
3523 3585 def source_ref_parts(self):
3524 3586 return self.unicode_to_reference(self.source_ref)
3525 3587
3526 3588 @declared_attr
3527 3589 def target_repo(cls):
3528 3590 return relationship(
3529 3591 'Repository',
3530 3592 primaryjoin='%s.target_repo_id==Repository.repo_id' % cls.__name__)
3531 3593
3532 3594 @property
3533 3595 def target_ref_parts(self):
3534 3596 return self.unicode_to_reference(self.target_ref)
3535 3597
3536 3598 @property
3537 3599 def shadow_merge_ref(self):
3538 3600 return self.unicode_to_reference(self._shadow_merge_ref)
3539 3601
3540 3602 @shadow_merge_ref.setter
3541 3603 def shadow_merge_ref(self, ref):
3542 3604 self._shadow_merge_ref = self.reference_to_unicode(ref)
3543 3605
3544 3606 def unicode_to_reference(self, raw):
3545 3607 """
3546 3608 Convert a unicode (or string) to a reference object.
3547 3609 If unicode evaluates to False it returns None.
3548 3610 """
3549 3611 if raw:
3550 3612 refs = raw.split(':')
3551 3613 return Reference(*refs)
3552 3614 else:
3553 3615 return None
3554 3616
3555 3617 def reference_to_unicode(self, ref):
3556 3618 """
3557 3619 Convert a reference object to unicode.
3558 3620 If reference is None it returns None.
3559 3621 """
3560 3622 if ref:
3561 3623 return u':'.join(ref)
3562 3624 else:
3563 3625 return None
3564 3626
3565 3627 def get_api_data(self, with_merge_state=True):
3566 3628 from rhodecode.model.pull_request import PullRequestModel
3567 3629
3568 3630 pull_request = self
3569 3631 if with_merge_state:
3570 3632 merge_status = PullRequestModel().merge_status(pull_request)
3571 3633 merge_state = {
3572 3634 'status': merge_status[0],
3573 3635 'message': safe_unicode(merge_status[1]),
3574 3636 }
3575 3637 else:
3576 3638 merge_state = {'status': 'not_available',
3577 3639 'message': 'not_available'}
3578 3640
3579 3641 merge_data = {
3580 3642 'clone_url': PullRequestModel().get_shadow_clone_url(pull_request),
3581 3643 'reference': (
3582 3644 pull_request.shadow_merge_ref._asdict()
3583 3645 if pull_request.shadow_merge_ref else None),
3584 3646 }
3585 3647
3586 3648 data = {
3587 3649 'pull_request_id': pull_request.pull_request_id,
3588 3650 'url': PullRequestModel().get_url(pull_request),
3589 3651 'title': pull_request.title,
3590 3652 'description': pull_request.description,
3591 3653 'status': pull_request.status,
3592 3654 'created_on': pull_request.created_on,
3593 3655 'updated_on': pull_request.updated_on,
3594 3656 'commit_ids': pull_request.revisions,
3595 3657 'review_status': pull_request.calculated_review_status(),
3596 3658 'mergeable': merge_state,
3597 3659 'source': {
3598 3660 'clone_url': pull_request.source_repo.clone_url(),
3599 3661 'repository': pull_request.source_repo.repo_name,
3600 3662 'reference': {
3601 3663 'name': pull_request.source_ref_parts.name,
3602 3664 'type': pull_request.source_ref_parts.type,
3603 3665 'commit_id': pull_request.source_ref_parts.commit_id,
3604 3666 },
3605 3667 },
3606 3668 'target': {
3607 3669 'clone_url': pull_request.target_repo.clone_url(),
3608 3670 'repository': pull_request.target_repo.repo_name,
3609 3671 'reference': {
3610 3672 'name': pull_request.target_ref_parts.name,
3611 3673 'type': pull_request.target_ref_parts.type,
3612 3674 'commit_id': pull_request.target_ref_parts.commit_id,
3613 3675 },
3614 3676 },
3615 3677 'merge': merge_data,
3616 3678 'author': pull_request.author.get_api_data(include_secrets=False,
3617 3679 details='basic'),
3618 3680 'reviewers': [
3619 3681 {
3620 3682 'user': reviewer.get_api_data(include_secrets=False,
3621 3683 details='basic'),
3622 3684 'reasons': reasons,
3623 3685 'review_status': st[0][1].status if st else 'not_reviewed',
3624 3686 }
3625 3687 for obj, reviewer, reasons, mandatory, st in
3626 3688 pull_request.reviewers_statuses()
3627 3689 ]
3628 3690 }
3629 3691
3630 3692 return data
3631 3693
3632 3694
3633 3695 class PullRequest(Base, _PullRequestBase):
3634 3696 __tablename__ = 'pull_requests'
3635 3697 __table_args__ = (
3636 3698 base_table_args,
3637 3699 )
3638 3700
3639 3701 pull_request_id = Column(
3640 3702 'pull_request_id', Integer(), nullable=False, primary_key=True)
3641 3703
3642 3704 def __repr__(self):
3643 3705 if self.pull_request_id:
3644 3706 return '<DB:PullRequest #%s>' % self.pull_request_id
3645 3707 else:
3646 3708 return '<DB:PullRequest at %#x>' % id(self)
3647 3709
3648 3710 reviewers = relationship('PullRequestReviewers',
3649 3711 cascade="all, delete, delete-orphan")
3650 3712 statuses = relationship('ChangesetStatus',
3651 3713 cascade="all, delete, delete-orphan")
3652 3714 comments = relationship('ChangesetComment',
3653 3715 cascade="all, delete, delete-orphan")
3654 3716 versions = relationship('PullRequestVersion',
3655 3717 cascade="all, delete, delete-orphan",
3656 3718 lazy='dynamic')
3657 3719
3658 3720 @classmethod
3659 3721 def get_pr_display_object(cls, pull_request_obj, org_pull_request_obj,
3660 3722 internal_methods=None):
3661 3723
3662 3724 class PullRequestDisplay(object):
3663 3725 """
3664 3726 Special object wrapper for showing PullRequest data via Versions
3665 3727 It mimics PR object as close as possible. This is read only object
3666 3728 just for display
3667 3729 """
3668 3730
3669 3731 def __init__(self, attrs, internal=None):
3670 3732 self.attrs = attrs
3671 3733 # internal have priority over the given ones via attrs
3672 3734 self.internal = internal or ['versions']
3673 3735
3674 3736 def __getattr__(self, item):
3675 3737 if item in self.internal:
3676 3738 return getattr(self, item)
3677 3739 try:
3678 3740 return self.attrs[item]
3679 3741 except KeyError:
3680 3742 raise AttributeError(
3681 3743 '%s object has no attribute %s' % (self, item))
3682 3744
3683 3745 def __repr__(self):
3684 3746 return '<DB:PullRequestDisplay #%s>' % self.attrs.get('pull_request_id')
3685 3747
3686 3748 def versions(self):
3687 3749 return pull_request_obj.versions.order_by(
3688 3750 PullRequestVersion.pull_request_version_id).all()
3689 3751
3690 3752 def is_closed(self):
3691 3753 return pull_request_obj.is_closed()
3692 3754
3693 3755 @property
3694 3756 def pull_request_version_id(self):
3695 3757 return getattr(pull_request_obj, 'pull_request_version_id', None)
3696 3758
3697 3759 attrs = StrictAttributeDict(pull_request_obj.get_api_data())
3698 3760
3699 3761 attrs.author = StrictAttributeDict(
3700 3762 pull_request_obj.author.get_api_data())
3701 3763 if pull_request_obj.target_repo:
3702 3764 attrs.target_repo = StrictAttributeDict(
3703 3765 pull_request_obj.target_repo.get_api_data())
3704 3766 attrs.target_repo.clone_url = pull_request_obj.target_repo.clone_url
3705 3767
3706 3768 if pull_request_obj.source_repo:
3707 3769 attrs.source_repo = StrictAttributeDict(
3708 3770 pull_request_obj.source_repo.get_api_data())
3709 3771 attrs.source_repo.clone_url = pull_request_obj.source_repo.clone_url
3710 3772
3711 3773 attrs.source_ref_parts = pull_request_obj.source_ref_parts
3712 3774 attrs.target_ref_parts = pull_request_obj.target_ref_parts
3713 3775 attrs.revisions = pull_request_obj.revisions
3714 3776
3715 3777 attrs.shadow_merge_ref = org_pull_request_obj.shadow_merge_ref
3716 3778 attrs.reviewer_data = org_pull_request_obj.reviewer_data
3717 3779 attrs.reviewer_data_json = org_pull_request_obj.reviewer_data_json
3718 3780
3719 3781 return PullRequestDisplay(attrs, internal=internal_methods)
3720 3782
3721 3783 def is_closed(self):
3722 3784 return self.status == self.STATUS_CLOSED
3723 3785
3724 3786 def __json__(self):
3725 3787 return {
3726 3788 'revisions': self.revisions,
3727 3789 }
3728 3790
3729 3791 def calculated_review_status(self):
3730 3792 from rhodecode.model.changeset_status import ChangesetStatusModel
3731 3793 return ChangesetStatusModel().calculated_review_status(self)
3732 3794
3733 3795 def reviewers_statuses(self):
3734 3796 from rhodecode.model.changeset_status import ChangesetStatusModel
3735 3797 return ChangesetStatusModel().reviewers_statuses(self)
3736 3798
3737 3799 @property
3738 3800 def workspace_id(self):
3739 3801 from rhodecode.model.pull_request import PullRequestModel
3740 3802 return PullRequestModel()._workspace_id(self)
3741 3803
3742 3804 def get_shadow_repo(self):
3743 3805 workspace_id = self.workspace_id
3744 3806 vcs_obj = self.target_repo.scm_instance()
3745 3807 shadow_repository_path = vcs_obj._get_shadow_repository_path(
3746 3808 self.target_repo.repo_id, workspace_id)
3747 3809 if os.path.isdir(shadow_repository_path):
3748 3810 return vcs_obj._get_shadow_instance(shadow_repository_path)
3749 3811
3750 3812
3751 3813 class PullRequestVersion(Base, _PullRequestBase):
3752 3814 __tablename__ = 'pull_request_versions'
3753 3815 __table_args__ = (
3754 3816 base_table_args,
3755 3817 )
3756 3818
3757 3819 pull_request_version_id = Column(
3758 3820 'pull_request_version_id', Integer(), nullable=False, primary_key=True)
3759 3821 pull_request_id = Column(
3760 3822 'pull_request_id', Integer(),
3761 3823 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3762 3824 pull_request = relationship('PullRequest')
3763 3825
3764 3826 def __repr__(self):
3765 3827 if self.pull_request_version_id:
3766 3828 return '<DB:PullRequestVersion #%s>' % self.pull_request_version_id
3767 3829 else:
3768 3830 return '<DB:PullRequestVersion at %#x>' % id(self)
3769 3831
3770 3832 @property
3771 3833 def reviewers(self):
3772 3834 return self.pull_request.reviewers
3773 3835
3774 3836 @property
3775 3837 def versions(self):
3776 3838 return self.pull_request.versions
3777 3839
3778 3840 def is_closed(self):
3779 3841 # calculate from original
3780 3842 return self.pull_request.status == self.STATUS_CLOSED
3781 3843
3782 3844 def calculated_review_status(self):
3783 3845 return self.pull_request.calculated_review_status()
3784 3846
3785 3847 def reviewers_statuses(self):
3786 3848 return self.pull_request.reviewers_statuses()
3787 3849
3788 3850
3789 3851 class PullRequestReviewers(Base, BaseModel):
3790 3852 __tablename__ = 'pull_request_reviewers'
3791 3853 __table_args__ = (
3792 3854 base_table_args,
3793 3855 )
3794 3856
3795 3857 @hybrid_property
3796 3858 def reasons(self):
3797 3859 if not self._reasons:
3798 3860 return []
3799 3861 return self._reasons
3800 3862
3801 3863 @reasons.setter
3802 3864 def reasons(self, val):
3803 3865 val = val or []
3804 3866 if any(not isinstance(x, basestring) for x in val):
3805 3867 raise Exception('invalid reasons type, must be list of strings')
3806 3868 self._reasons = val
3807 3869
3808 3870 pull_requests_reviewers_id = Column(
3809 3871 'pull_requests_reviewers_id', Integer(), nullable=False,
3810 3872 primary_key=True)
3811 3873 pull_request_id = Column(
3812 3874 "pull_request_id", Integer(),
3813 3875 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3814 3876 user_id = Column(
3815 3877 "user_id", Integer(), ForeignKey('users.user_id'), nullable=True)
3816 3878 _reasons = Column(
3817 3879 'reason', MutationList.as_mutable(
3818 3880 JsonType('list', dialect_map=dict(mysql=UnicodeText(16384)))))
3819 3881
3820 3882 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
3821 3883 user = relationship('User')
3822 3884 pull_request = relationship('PullRequest')
3823 3885
3824 3886 rule_data = Column(
3825 3887 'rule_data_json',
3826 3888 JsonType(dialect_map=dict(mysql=UnicodeText(16384))))
3827 3889
3828 3890 def rule_user_group_data(self):
3829 3891 """
3830 3892 Returns the voting user group rule data for this reviewer
3831 3893 """
3832 3894
3833 3895 if self.rule_data and 'vote_rule' in self.rule_data:
3834 3896 user_group_data = {}
3835 3897 if 'rule_user_group_entry_id' in self.rule_data:
3836 3898 # means a group with voting rules !
3837 3899 user_group_data['id'] = self.rule_data['rule_user_group_entry_id']
3838 3900 user_group_data['name'] = self.rule_data['rule_name']
3839 3901 user_group_data['vote_rule'] = self.rule_data['vote_rule']
3840 3902
3841 3903 return user_group_data
3842 3904
3843 3905 def __unicode__(self):
3844 3906 return u"<%s('id:%s')>" % (self.__class__.__name__,
3845 3907 self.pull_requests_reviewers_id)
3846 3908
3847 3909
3848 3910 class Notification(Base, BaseModel):
3849 3911 __tablename__ = 'notifications'
3850 3912 __table_args__ = (
3851 3913 Index('notification_type_idx', 'type'),
3852 3914 base_table_args,
3853 3915 )
3854 3916
3855 3917 TYPE_CHANGESET_COMMENT = u'cs_comment'
3856 3918 TYPE_MESSAGE = u'message'
3857 3919 TYPE_MENTION = u'mention'
3858 3920 TYPE_REGISTRATION = u'registration'
3859 3921 TYPE_PULL_REQUEST = u'pull_request'
3860 3922 TYPE_PULL_REQUEST_COMMENT = u'pull_request_comment'
3861 3923
3862 3924 notification_id = Column('notification_id', Integer(), nullable=False, primary_key=True)
3863 3925 subject = Column('subject', Unicode(512), nullable=True)
3864 3926 body = Column('body', UnicodeText().with_variant(UnicodeText(50000), 'mysql'), nullable=True)
3865 3927 created_by = Column("created_by", Integer(), ForeignKey('users.user_id'), nullable=True)
3866 3928 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3867 3929 type_ = Column('type', Unicode(255))
3868 3930
3869 3931 created_by_user = relationship('User')
3870 3932 notifications_to_users = relationship('UserNotification', lazy='joined',
3871 3933 cascade="all, delete, delete-orphan")
3872 3934
3873 3935 @property
3874 3936 def recipients(self):
3875 3937 return [x.user for x in UserNotification.query()\
3876 3938 .filter(UserNotification.notification == self)\
3877 3939 .order_by(UserNotification.user_id.asc()).all()]
3878 3940
3879 3941 @classmethod
3880 3942 def create(cls, created_by, subject, body, recipients, type_=None):
3881 3943 if type_ is None:
3882 3944 type_ = Notification.TYPE_MESSAGE
3883 3945
3884 3946 notification = cls()
3885 3947 notification.created_by_user = created_by
3886 3948 notification.subject = subject
3887 3949 notification.body = body
3888 3950 notification.type_ = type_
3889 3951 notification.created_on = datetime.datetime.now()
3890 3952
3891 3953 # For each recipient link the created notification to his account
3892 3954 for u in recipients:
3893 3955 assoc = UserNotification()
3894 3956 assoc.user_id = u.user_id
3895 3957 assoc.notification = notification
3896 3958
3897 3959 # if created_by is inside recipients mark his notification
3898 3960 # as read
3899 3961 if u.user_id == created_by.user_id:
3900 3962 assoc.read = True
3901 3963 Session().add(assoc)
3902 3964
3903 3965 Session().add(notification)
3904 3966
3905 3967 return notification
3906 3968
3907 3969
3908 3970 class UserNotification(Base, BaseModel):
3909 3971 __tablename__ = 'user_to_notification'
3910 3972 __table_args__ = (
3911 3973 UniqueConstraint('user_id', 'notification_id'),
3912 3974 base_table_args
3913 3975 )
3914 3976
3915 3977 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)
3916 3978 notification_id = Column("notification_id", Integer(), ForeignKey('notifications.notification_id'), primary_key=True)
3917 3979 read = Column('read', Boolean, default=False)
3918 3980 sent_on = Column('sent_on', DateTime(timezone=False), nullable=True, unique=None)
3919 3981
3920 3982 user = relationship('User', lazy="joined")
3921 3983 notification = relationship('Notification', lazy="joined",
3922 3984 order_by=lambda: Notification.created_on.desc(),)
3923 3985
3924 3986 def mark_as_read(self):
3925 3987 self.read = True
3926 3988 Session().add(self)
3927 3989
3928 3990
3929 3991 class Gist(Base, BaseModel):
3930 3992 __tablename__ = 'gists'
3931 3993 __table_args__ = (
3932 3994 Index('g_gist_access_id_idx', 'gist_access_id'),
3933 3995 Index('g_created_on_idx', 'created_on'),
3934 3996 base_table_args
3935 3997 )
3936 3998
3937 3999 GIST_PUBLIC = u'public'
3938 4000 GIST_PRIVATE = u'private'
3939 4001 DEFAULT_FILENAME = u'gistfile1.txt'
3940 4002
3941 4003 ACL_LEVEL_PUBLIC = u'acl_public'
3942 4004 ACL_LEVEL_PRIVATE = u'acl_private'
3943 4005
3944 4006 gist_id = Column('gist_id', Integer(), primary_key=True)
3945 4007 gist_access_id = Column('gist_access_id', Unicode(250))
3946 4008 gist_description = Column('gist_description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
3947 4009 gist_owner = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True)
3948 4010 gist_expires = Column('gist_expires', Float(53), nullable=False)
3949 4011 gist_type = Column('gist_type', Unicode(128), nullable=False)
3950 4012 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3951 4013 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3952 4014 acl_level = Column('acl_level', Unicode(128), nullable=True)
3953 4015
3954 4016 owner = relationship('User')
3955 4017
3956 4018 def __repr__(self):
3957 4019 return '<Gist:[%s]%s>' % (self.gist_type, self.gist_access_id)
3958 4020
3959 4021 @hybrid_property
3960 4022 def description_safe(self):
3961 4023 from rhodecode.lib import helpers as h
3962 4024 return h.escape(self.gist_description)
3963 4025
3964 4026 @classmethod
3965 4027 def get_or_404(cls, id_):
3966 4028 from pyramid.httpexceptions import HTTPNotFound
3967 4029
3968 4030 res = cls.query().filter(cls.gist_access_id == id_).scalar()
3969 4031 if not res:
3970 4032 raise HTTPNotFound()
3971 4033 return res
3972 4034
3973 4035 @classmethod
3974 4036 def get_by_access_id(cls, gist_access_id):
3975 4037 return cls.query().filter(cls.gist_access_id == gist_access_id).scalar()
3976 4038
3977 4039 def gist_url(self):
3978 4040 from rhodecode.model.gist import GistModel
3979 4041 return GistModel().get_url(self)
3980 4042
3981 4043 @classmethod
3982 4044 def base_path(cls):
3983 4045 """
3984 4046 Returns base path when all gists are stored
3985 4047
3986 4048 :param cls:
3987 4049 """
3988 4050 from rhodecode.model.gist import GIST_STORE_LOC
3989 4051 q = Session().query(RhodeCodeUi)\
3990 4052 .filter(RhodeCodeUi.ui_key == URL_SEP)
3991 4053 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
3992 4054 return os.path.join(q.one().ui_value, GIST_STORE_LOC)
3993 4055
3994 4056 def get_api_data(self):
3995 4057 """
3996 4058 Common function for generating gist related data for API
3997 4059 """
3998 4060 gist = self
3999 4061 data = {
4000 4062 'gist_id': gist.gist_id,
4001 4063 'type': gist.gist_type,
4002 4064 'access_id': gist.gist_access_id,
4003 4065 'description': gist.gist_description,
4004 4066 'url': gist.gist_url(),
4005 4067 'expires': gist.gist_expires,
4006 4068 'created_on': gist.created_on,
4007 4069 'modified_at': gist.modified_at,
4008 4070 'content': None,
4009 4071 'acl_level': gist.acl_level,
4010 4072 }
4011 4073 return data
4012 4074
4013 4075 def __json__(self):
4014 4076 data = dict(
4015 4077 )
4016 4078 data.update(self.get_api_data())
4017 4079 return data
4018 4080 # SCM functions
4019 4081
4020 4082 def scm_instance(self, **kwargs):
4021 4083 full_repo_path = os.path.join(self.base_path(), self.gist_access_id)
4022 4084 return get_vcs_instance(
4023 4085 repo_path=safe_str(full_repo_path), create=False)
4024 4086
4025 4087
4026 4088 class ExternalIdentity(Base, BaseModel):
4027 4089 __tablename__ = 'external_identities'
4028 4090 __table_args__ = (
4029 4091 Index('local_user_id_idx', 'local_user_id'),
4030 4092 Index('external_id_idx', 'external_id'),
4031 4093 base_table_args
4032 4094 )
4033 4095
4034 4096 external_id = Column('external_id', Unicode(255), default=u'',
4035 4097 primary_key=True)
4036 4098 external_username = Column('external_username', Unicode(1024), default=u'')
4037 4099 local_user_id = Column('local_user_id', Integer(),
4038 4100 ForeignKey('users.user_id'), primary_key=True)
4039 4101 provider_name = Column('provider_name', Unicode(255), default=u'',
4040 4102 primary_key=True)
4041 4103 access_token = Column('access_token', String(1024), default=u'')
4042 4104 alt_token = Column('alt_token', String(1024), default=u'')
4043 4105 token_secret = Column('token_secret', String(1024), default=u'')
4044 4106
4045 4107 @classmethod
4046 4108 def by_external_id_and_provider(cls, external_id, provider_name,
4047 4109 local_user_id=None):
4048 4110 """
4049 4111 Returns ExternalIdentity instance based on search params
4050 4112
4051 4113 :param external_id:
4052 4114 :param provider_name:
4053 4115 :return: ExternalIdentity
4054 4116 """
4055 4117 query = cls.query()
4056 4118 query = query.filter(cls.external_id == external_id)
4057 4119 query = query.filter(cls.provider_name == provider_name)
4058 4120 if local_user_id:
4059 4121 query = query.filter(cls.local_user_id == local_user_id)
4060 4122 return query.first()
4061 4123
4062 4124 @classmethod
4063 4125 def user_by_external_id_and_provider(cls, external_id, provider_name):
4064 4126 """
4065 4127 Returns User instance based on search params
4066 4128
4067 4129 :param external_id:
4068 4130 :param provider_name:
4069 4131 :return: User
4070 4132 """
4071 4133 query = User.query()
4072 4134 query = query.filter(cls.external_id == external_id)
4073 4135 query = query.filter(cls.provider_name == provider_name)
4074 4136 query = query.filter(User.user_id == cls.local_user_id)
4075 4137 return query.first()
4076 4138
4077 4139 @classmethod
4078 4140 def by_local_user_id(cls, local_user_id):
4079 4141 """
4080 4142 Returns all tokens for user
4081 4143
4082 4144 :param local_user_id:
4083 4145 :return: ExternalIdentity
4084 4146 """
4085 4147 query = cls.query()
4086 4148 query = query.filter(cls.local_user_id == local_user_id)
4087 4149 return query
4088 4150
4089 4151
4090 4152 class Integration(Base, BaseModel):
4091 4153 __tablename__ = 'integrations'
4092 4154 __table_args__ = (
4093 4155 base_table_args
4094 4156 )
4095 4157
4096 4158 integration_id = Column('integration_id', Integer(), primary_key=True)
4097 4159 integration_type = Column('integration_type', String(255))
4098 4160 enabled = Column('enabled', Boolean(), nullable=False)
4099 4161 name = Column('name', String(255), nullable=False)
4100 4162 child_repos_only = Column('child_repos_only', Boolean(), nullable=False,
4101 4163 default=False)
4102 4164
4103 4165 settings = Column(
4104 4166 'settings_json', MutationObj.as_mutable(
4105 4167 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
4106 4168 repo_id = Column(
4107 4169 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
4108 4170 nullable=True, unique=None, default=None)
4109 4171 repo = relationship('Repository', lazy='joined')
4110 4172
4111 4173 repo_group_id = Column(
4112 4174 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
4113 4175 nullable=True, unique=None, default=None)
4114 4176 repo_group = relationship('RepoGroup', lazy='joined')
4115 4177
4116 4178 @property
4117 4179 def scope(self):
4118 4180 if self.repo:
4119 4181 return repr(self.repo)
4120 4182 if self.repo_group:
4121 4183 if self.child_repos_only:
4122 4184 return repr(self.repo_group) + ' (child repos only)'
4123 4185 else:
4124 4186 return repr(self.repo_group) + ' (recursive)'
4125 4187 if self.child_repos_only:
4126 4188 return 'root_repos'
4127 4189 return 'global'
4128 4190
4129 4191 def __repr__(self):
4130 4192 return '<Integration(%r, %r)>' % (self.integration_type, self.scope)
4131 4193
4132 4194
4133 4195 class RepoReviewRuleUser(Base, BaseModel):
4134 4196 __tablename__ = 'repo_review_rules_users'
4135 4197 __table_args__ = (
4136 4198 base_table_args
4137 4199 )
4138 4200
4139 4201 repo_review_rule_user_id = Column('repo_review_rule_user_id', Integer(), primary_key=True)
4140 4202 repo_review_rule_id = Column("repo_review_rule_id", Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
4141 4203 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False)
4142 4204 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4143 4205 user = relationship('User')
4144 4206
4145 4207 def rule_data(self):
4146 4208 return {
4147 4209 'mandatory': self.mandatory
4148 4210 }
4149 4211
4150 4212
4151 4213 class RepoReviewRuleUserGroup(Base, BaseModel):
4152 4214 __tablename__ = 'repo_review_rules_users_groups'
4153 4215 __table_args__ = (
4154 4216 base_table_args
4155 4217 )
4156 4218
4157 4219 VOTE_RULE_ALL = -1
4158 4220
4159 4221 repo_review_rule_users_group_id = Column('repo_review_rule_users_group_id', Integer(), primary_key=True)
4160 4222 repo_review_rule_id = Column("repo_review_rule_id", Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
4161 4223 users_group_id = Column("users_group_id", Integer(),ForeignKey('users_groups.users_group_id'), nullable=False)
4162 4224 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4163 4225 vote_rule = Column("vote_rule", Integer(), nullable=True, default=VOTE_RULE_ALL)
4164 4226 users_group = relationship('UserGroup')
4165 4227
4166 4228 def rule_data(self):
4167 4229 return {
4168 4230 'mandatory': self.mandatory,
4169 4231 'vote_rule': self.vote_rule
4170 4232 }
4171 4233
4172 4234 @property
4173 4235 def vote_rule_label(self):
4174 4236 if not self.vote_rule or self.vote_rule == self.VOTE_RULE_ALL:
4175 4237 return 'all must vote'
4176 4238 else:
4177 4239 return 'min. vote {}'.format(self.vote_rule)
4178 4240
4179 4241
4180 4242 class RepoReviewRule(Base, BaseModel):
4181 4243 __tablename__ = 'repo_review_rules'
4182 4244 __table_args__ = (
4183 4245 base_table_args
4184 4246 )
4185 4247
4186 4248 repo_review_rule_id = Column(
4187 4249 'repo_review_rule_id', Integer(), primary_key=True)
4188 4250 repo_id = Column(
4189 4251 "repo_id", Integer(), ForeignKey('repositories.repo_id'))
4190 4252 repo = relationship('Repository', backref='review_rules')
4191 4253
4192 4254 review_rule_name = Column('review_rule_name', String(255))
4193 4255 _branch_pattern = Column("branch_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4194 4256 _target_branch_pattern = Column("target_branch_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4195 4257 _file_pattern = Column("file_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4196 4258
4197 4259 use_authors_for_review = Column("use_authors_for_review", Boolean(), nullable=False, default=False)
4198 4260 forbid_author_to_review = Column("forbid_author_to_review", Boolean(), nullable=False, default=False)
4199 4261 forbid_commit_author_to_review = Column("forbid_commit_author_to_review", Boolean(), nullable=False, default=False)
4200 4262 forbid_adding_reviewers = Column("forbid_adding_reviewers", Boolean(), nullable=False, default=False)
4201 4263
4202 4264 rule_users = relationship('RepoReviewRuleUser')
4203 4265 rule_user_groups = relationship('RepoReviewRuleUserGroup')
4204 4266
4205 4267 def _validate_pattern(self, value):
4206 4268 re.compile('^' + glob2re(value) + '$')
4207 4269
4208 4270 @hybrid_property
4209 4271 def source_branch_pattern(self):
4210 4272 return self._branch_pattern or '*'
4211 4273
4212 4274 @source_branch_pattern.setter
4213 4275 def source_branch_pattern(self, value):
4214 4276 self._validate_pattern(value)
4215 4277 self._branch_pattern = value or '*'
4216 4278
4217 4279 @hybrid_property
4218 4280 def target_branch_pattern(self):
4219 4281 return self._target_branch_pattern or '*'
4220 4282
4221 4283 @target_branch_pattern.setter
4222 4284 def target_branch_pattern(self, value):
4223 4285 self._validate_pattern(value)
4224 4286 self._target_branch_pattern = value or '*'
4225 4287
4226 4288 @hybrid_property
4227 4289 def file_pattern(self):
4228 4290 return self._file_pattern or '*'
4229 4291
4230 4292 @file_pattern.setter
4231 4293 def file_pattern(self, value):
4232 4294 self._validate_pattern(value)
4233 4295 self._file_pattern = value or '*'
4234 4296
4235 4297 def matches(self, source_branch, target_branch, files_changed):
4236 4298 """
4237 4299 Check if this review rule matches a branch/files in a pull request
4238 4300
4239 4301 :param source_branch: source branch name for the commit
4240 4302 :param target_branch: target branch name for the commit
4241 4303 :param files_changed: list of file paths changed in the pull request
4242 4304 """
4243 4305
4244 4306 source_branch = source_branch or ''
4245 4307 target_branch = target_branch or ''
4246 4308 files_changed = files_changed or []
4247 4309
4248 4310 branch_matches = True
4249 4311 if source_branch or target_branch:
4250 4312 if self.source_branch_pattern == '*':
4251 4313 source_branch_match = True
4252 4314 else:
4253 4315 if self.source_branch_pattern.startswith('re:'):
4254 4316 source_pattern = self.source_branch_pattern[3:]
4255 4317 else:
4256 4318 source_pattern = '^' + glob2re(self.source_branch_pattern) + '$'
4257 4319 source_branch_regex = re.compile(source_pattern)
4258 4320 source_branch_match = bool(source_branch_regex.search(source_branch))
4259 4321 if self.target_branch_pattern == '*':
4260 4322 target_branch_match = True
4261 4323 else:
4262 4324 if self.target_branch_pattern.startswith('re:'):
4263 4325 target_pattern = self.target_branch_pattern[3:]
4264 4326 else:
4265 4327 target_pattern = '^' + glob2re(self.target_branch_pattern) + '$'
4266 4328 target_branch_regex = re.compile(target_pattern)
4267 4329 target_branch_match = bool(target_branch_regex.search(target_branch))
4268 4330
4269 4331 branch_matches = source_branch_match and target_branch_match
4270 4332
4271 4333 files_matches = True
4272 4334 if self.file_pattern != '*':
4273 4335 files_matches = False
4274 4336 if self.file_pattern.startswith('re:'):
4275 4337 file_pattern = self.file_pattern[3:]
4276 4338 else:
4277 4339 file_pattern = glob2re(self.file_pattern)
4278 4340 file_regex = re.compile(file_pattern)
4279 4341 for filename in files_changed:
4280 4342 if file_regex.search(filename):
4281 4343 files_matches = True
4282 4344 break
4283 4345
4284 4346 return branch_matches and files_matches
4285 4347
4286 4348 @property
4287 4349 def review_users(self):
4288 4350 """ Returns the users which this rule applies to """
4289 4351
4290 4352 users = collections.OrderedDict()
4291 4353
4292 4354 for rule_user in self.rule_users:
4293 4355 if rule_user.user.active:
4294 4356 if rule_user.user not in users:
4295 4357 users[rule_user.user.username] = {
4296 4358 'user': rule_user.user,
4297 4359 'source': 'user',
4298 4360 'source_data': {},
4299 4361 'data': rule_user.rule_data()
4300 4362 }
4301 4363
4302 4364 for rule_user_group in self.rule_user_groups:
4303 4365 source_data = {
4304 4366 'user_group_id': rule_user_group.users_group.users_group_id,
4305 4367 'name': rule_user_group.users_group.users_group_name,
4306 4368 'members': len(rule_user_group.users_group.members)
4307 4369 }
4308 4370 for member in rule_user_group.users_group.members:
4309 4371 if member.user.active:
4310 4372 key = member.user.username
4311 4373 if key in users:
4312 4374 # skip this member as we have him already
4313 4375 # this prevents from override the "first" matched
4314 4376 # users with duplicates in multiple groups
4315 4377 continue
4316 4378
4317 4379 users[key] = {
4318 4380 'user': member.user,
4319 4381 'source': 'user_group',
4320 4382 'source_data': source_data,
4321 4383 'data': rule_user_group.rule_data()
4322 4384 }
4323 4385
4324 4386 return users
4325 4387
4326 4388 def user_group_vote_rule(self, user_id):
4327 4389
4328 4390 rules = []
4329 4391 if not self.rule_user_groups:
4330 4392 return rules
4331 4393
4332 4394 for user_group in self.rule_user_groups:
4333 4395 user_group_members = [x.user_id for x in user_group.users_group.members]
4334 4396 if user_id in user_group_members:
4335 4397 rules.append(user_group)
4336 4398 return rules
4337 4399
4338 4400 def __repr__(self):
4339 4401 return '<RepoReviewerRule(id=%r, repo=%r)>' % (
4340 4402 self.repo_review_rule_id, self.repo)
4341 4403
4342 4404
4343 4405 class ScheduleEntry(Base, BaseModel):
4344 4406 __tablename__ = 'schedule_entries'
4345 4407 __table_args__ = (
4346 4408 UniqueConstraint('schedule_name', name='s_schedule_name_idx'),
4347 4409 UniqueConstraint('task_uid', name='s_task_uid_idx'),
4348 4410 base_table_args,
4349 4411 )
4350 4412
4351 4413 schedule_types = ['crontab', 'timedelta', 'integer']
4352 4414 schedule_entry_id = Column('schedule_entry_id', Integer(), primary_key=True)
4353 4415
4354 4416 schedule_name = Column("schedule_name", String(255), nullable=False, unique=None, default=None)
4355 4417 schedule_description = Column("schedule_description", String(10000), nullable=True, unique=None, default=None)
4356 4418 schedule_enabled = Column("schedule_enabled", Boolean(), nullable=False, unique=None, default=True)
4357 4419
4358 4420 _schedule_type = Column("schedule_type", String(255), nullable=False, unique=None, default=None)
4359 4421 schedule_definition = Column('schedule_definition_json', MutationObj.as_mutable(JsonType(default=lambda: "", dialect_map=dict(mysql=LONGTEXT()))))
4360 4422
4361 4423 schedule_last_run = Column('schedule_last_run', DateTime(timezone=False), nullable=True, unique=None, default=None)
4362 4424 schedule_total_run_count = Column('schedule_total_run_count', Integer(), nullable=True, unique=None, default=0)
4363 4425
4364 4426 # task
4365 4427 task_uid = Column("task_uid", String(255), nullable=False, unique=None, default=None)
4366 4428 task_dot_notation = Column("task_dot_notation", String(4096), nullable=False, unique=None, default=None)
4367 4429 task_args = Column('task_args_json', MutationObj.as_mutable(JsonType(default=list, dialect_map=dict(mysql=LONGTEXT()))))
4368 4430 task_kwargs = Column('task_kwargs_json', MutationObj.as_mutable(JsonType(default=dict, dialect_map=dict(mysql=LONGTEXT()))))
4369 4431
4370 4432 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
4371 4433 updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=None)
4372 4434
4373 4435 @hybrid_property
4374 4436 def schedule_type(self):
4375 4437 return self._schedule_type
4376 4438
4377 4439 @schedule_type.setter
4378 4440 def schedule_type(self, val):
4379 4441 if val not in self.schedule_types:
4380 4442 raise ValueError('Value must be on of `{}` and got `{}`'.format(
4381 4443 val, self.schedule_type))
4382 4444
4383 4445 self._schedule_type = val
4384 4446
4385 4447 @classmethod
4386 4448 def get_uid(cls, obj):
4387 4449 args = obj.task_args
4388 4450 kwargs = obj.task_kwargs
4389 4451 if isinstance(args, JsonRaw):
4390 4452 try:
4391 4453 args = json.loads(args)
4392 4454 except ValueError:
4393 4455 args = tuple()
4394 4456
4395 4457 if isinstance(kwargs, JsonRaw):
4396 4458 try:
4397 4459 kwargs = json.loads(kwargs)
4398 4460 except ValueError:
4399 4461 kwargs = dict()
4400 4462
4401 4463 dot_notation = obj.task_dot_notation
4402 4464 val = '.'.join(map(safe_str, [
4403 4465 sorted(dot_notation), args, sorted(kwargs.items())]))
4404 4466 return hashlib.sha1(val).hexdigest()
4405 4467
4406 4468 @classmethod
4407 4469 def get_by_schedule_name(cls, schedule_name):
4408 4470 return cls.query().filter(cls.schedule_name == schedule_name).scalar()
4409 4471
4410 4472 @classmethod
4411 4473 def get_by_schedule_id(cls, schedule_id):
4412 4474 return cls.query().filter(cls.schedule_entry_id == schedule_id).scalar()
4413 4475
4414 4476 @property
4415 4477 def task(self):
4416 4478 return self.task_dot_notation
4417 4479
4418 4480 @property
4419 4481 def schedule(self):
4420 4482 from rhodecode.lib.celerylib.utils import raw_2_schedule
4421 4483 schedule = raw_2_schedule(self.schedule_definition, self.schedule_type)
4422 4484 return schedule
4423 4485
4424 4486 @property
4425 4487 def args(self):
4426 4488 try:
4427 4489 return list(self.task_args or [])
4428 4490 except ValueError:
4429 4491 return list()
4430 4492
4431 4493 @property
4432 4494 def kwargs(self):
4433 4495 try:
4434 4496 return dict(self.task_kwargs or {})
4435 4497 except ValueError:
4436 4498 return dict()
4437 4499
4438 4500 def _as_raw(self, val):
4439 4501 if hasattr(val, 'de_coerce'):
4440 4502 val = val.de_coerce()
4441 4503 if val:
4442 4504 val = json.dumps(val)
4443 4505
4444 4506 return val
4445 4507
4446 4508 @property
4447 4509 def schedule_definition_raw(self):
4448 4510 return self._as_raw(self.schedule_definition)
4449 4511
4450 4512 @property
4451 4513 def args_raw(self):
4452 4514 return self._as_raw(self.task_args)
4453 4515
4454 4516 @property
4455 4517 def kwargs_raw(self):
4456 4518 return self._as_raw(self.task_kwargs)
4457 4519
4458 4520 def __repr__(self):
4459 4521 return '<DB:ScheduleEntry({}:{})>'.format(
4460 4522 self.schedule_entry_id, self.schedule_name)
4461 4523
4462 4524
4463 4525 @event.listens_for(ScheduleEntry, 'before_update')
4464 4526 def update_task_uid(mapper, connection, target):
4465 4527 target.task_uid = ScheduleEntry.get_uid(target)
4466 4528
4467 4529
4468 4530 @event.listens_for(ScheduleEntry, 'before_insert')
4469 4531 def set_task_uid(mapper, connection, target):
4470 4532 target.task_uid = ScheduleEntry.get_uid(target)
4471 4533
4472 4534
4535 class _BaseBranchPerms(BaseModel):
4536 @classmethod
4537 def compute_hash(cls, value):
4538 return sha1_safe(value)
4539
4540 @hybrid_property
4541 def branch_pattern(self):
4542 return self._branch_pattern or '*'
4543
4544 @hybrid_property
4545 def branch_hash(self):
4546 return self._branch_hash
4547
4548 def _validate_glob(self, value):
4549 re.compile('^' + glob2re(value) + '$')
4550
4551 @branch_pattern.setter
4552 def branch_pattern(self, value):
4553 self._validate_glob(value)
4554 self._branch_pattern = value or '*'
4555 # set the Hash when setting the branch pattern
4556 self._branch_hash = self.compute_hash(self._branch_pattern)
4557
4558 def matches(self, branch):
4559 """
4560 Check if this the branch matches entry
4561
4562 :param branch: branch name for the commit
4563 """
4564
4565 branch = branch or ''
4566
4567 branch_matches = True
4568 if branch:
4569 branch_regex = re.compile('^' + glob2re(self.branch_pattern) + '$')
4570 branch_matches = bool(branch_regex.search(branch))
4571
4572 return branch_matches
4573
4574
4575 class UserToRepoBranchPermission(Base, _BaseBranchPerms):
4576 __tablename__ = 'user_to_repo_branch_permissions'
4577 __table_args__ = (
4578 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4579 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4580 )
4581
4582 branch_rule_id = Column('branch_rule_id', Integer(), primary_key=True)
4583
4584 repository_id = Column('repository_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
4585 repo = relationship('Repository', backref='user_branch_perms')
4586
4587 permission_id = Column('permission_id', Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
4588 permission = relationship('Permission')
4589
4590 rule_to_perm_id = Column('rule_to_perm_id', Integer(), ForeignKey('repo_to_perm.repo_to_perm_id'), nullable=False, unique=None, default=None)
4591 user_repo_to_perm = relationship('UserRepoToPerm')
4592
4593 rule_order = Column('rule_order', Integer(), nullable=False)
4594 _branch_pattern = Column('branch_pattern', UnicodeText().with_variant(UnicodeText(2048), 'mysql'), default=u'*') # glob
4595 _branch_hash = Column('branch_hash', UnicodeText().with_variant(UnicodeText(2048), 'mysql'))
4596
4597 def __unicode__(self):
4598 return u'<UserBranchPermission(%s => %r)>' % (
4599 self.user_repo_to_perm, self.branch_pattern)
4600
4601
4602 class UserGroupToRepoBranchPermission(Base, _BaseBranchPerms):
4603 __tablename__ = 'user_group_to_repo_branch_permissions'
4604 __table_args__ = (
4605 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4606 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4607 )
4608
4609 branch_rule_id = Column('branch_rule_id', Integer(), primary_key=True)
4610
4611 repository_id = Column('repository_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
4612 repo = relationship('Repository', backref='user_group_branch_perms')
4613
4614 permission_id = Column('permission_id', Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
4615 permission = relationship('Permission')
4616
4617 rule_to_perm_id = Column('rule_to_perm_id', Integer(), ForeignKey('users_group_repo_to_perm.users_group_to_perm_id'), nullable=False, unique=None, default=None)
4618 user_group_repo_to_perm = relationship('UserGroupRepoToPerm')
4619
4620 rule_order = Column('rule_order', Integer(), nullable=False)
4621 _branch_pattern = Column('branch_pattern', UnicodeText().with_variant(UnicodeText(2048), 'mysql'), default=u'*') # glob
4622 _branch_hash = Column('branch_hash', UnicodeText().with_variant(UnicodeText(2048), 'mysql'))
4623
4624 def __unicode__(self):
4625 return u'<UserBranchPermission(%s => %r)>' % (
4626 self.user_group_repo_to_perm, self.branch_pattern)
4627
4628
4473 4629 class DbMigrateVersion(Base, BaseModel):
4474 4630 __tablename__ = 'db_migrate_version'
4475 4631 __table_args__ = (
4476 4632 base_table_args,
4477 4633 )
4478 4634
4479 4635 repository_id = Column('repository_id', String(250), primary_key=True)
4480 4636 repository_path = Column('repository_path', Text)
4481 4637 version = Column('version', Integer)
4482 4638
4483 4639 @classmethod
4484 4640 def set_version(cls, version):
4485 4641 """
4486 4642 Helper for forcing a different version, usually for debugging purposes via ishell.
4487 4643 """
4488 4644 ver = DbMigrateVersion.query().first()
4489 4645 ver.version = version
4490 4646 Session().commit()
4491 4647
4492 4648
4493 4649 class DbSession(Base, BaseModel):
4494 4650 __tablename__ = 'db_session'
4495 4651 __table_args__ = (
4496 4652 base_table_args,
4497 4653 )
4498 4654
4499 4655 def __repr__(self):
4500 4656 return '<DB:DbSession({})>'.format(self.id)
4501 4657
4502 4658 id = Column('id', Integer())
4503 4659 namespace = Column('namespace', String(255), primary_key=True)
4504 4660 accessed = Column('accessed', DateTime, nullable=False)
4505 4661 created = Column('created', DateTime, nullable=False)
4506 4662 data = Column('data', PickleType, nullable=False)
Show file before | Show file after | Hide comments
@@ -1,621 +1,635 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 this is forms validation classes
23 23 http://formencode.org/module-formencode.validators.html
24 24 for list off all availible validators
25 25
26 26 we can create our own validators
27 27
28 28 The table below outlines the options which can be used in a schema in addition to the validators themselves
29 29 pre_validators [] These validators will be applied before the schema
30 30 chained_validators [] These validators will be applied after the schema
31 31 allow_extra_fields False If True, then it is not an error when keys that aren't associated with a validator are present
32 32 filter_extra_fields False If True, then keys that aren't associated with a validator are removed
33 33 if_key_missing NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value.
34 34 ignore_key_missing False If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already
35 35
36 36
37 37 <name> = formencode.validators.<name of validator>
38 38 <name> must equal form name
39 39 list=[1,2,3,4,5]
40 40 for SELECT use formencode.All(OneOf(list), Int())
41 41
42 42 """
43 43
44 44 import deform
45 45 import logging
46 46 import formencode
47 47
48 48 from pkg_resources import resource_filename
49 49 from formencode import All, Pipe
50 50
51 51 from pyramid.threadlocal import get_current_request
52 52
53 53 from rhodecode import BACKENDS
54 54 from rhodecode.lib import helpers
55 55 from rhodecode.model import validators as v
56 56
57 57 log = logging.getLogger(__name__)
58 58
59 59
60 60 deform_templates = resource_filename('deform', 'templates')
61 61 rhodecode_templates = resource_filename('rhodecode', 'templates/forms')
62 62 search_path = (rhodecode_templates, deform_templates)
63 63
64 64
65 65 class RhodecodeFormZPTRendererFactory(deform.ZPTRendererFactory):
66 66 """ Subclass of ZPTRendererFactory to add rhodecode context variables """
67 67 def __call__(self, template_name, **kw):
68 68 kw['h'] = helpers
69 69 kw['request'] = get_current_request()
70 70 return self.load(template_name)(**kw)
71 71
72 72
73 73 form_renderer = RhodecodeFormZPTRendererFactory(search_path)
74 74 deform.Form.set_default_renderer(form_renderer)
75 75
76 76
77 77 def LoginForm(localizer):
78 78 _ = localizer
79 79
80 80 class _LoginForm(formencode.Schema):
81 81 allow_extra_fields = True
82 82 filter_extra_fields = True
83 83 username = v.UnicodeString(
84 84 strip=True,
85 85 min=1,
86 86 not_empty=True,
87 87 messages={
88 88 'empty': _(u'Please enter a login'),
89 89 'tooShort': _(u'Enter a value %(min)i characters long or more')
90 90 }
91 91 )
92 92
93 93 password = v.UnicodeString(
94 94 strip=False,
95 95 min=3,
96 96 max=72,
97 97 not_empty=True,
98 98 messages={
99 99 'empty': _(u'Please enter a password'),
100 100 'tooShort': _(u'Enter %(min)i characters or more')}
101 101 )
102 102
103 103 remember = v.StringBoolean(if_missing=False)
104 104
105 105 chained_validators = [v.ValidAuth(localizer)]
106 106 return _LoginForm
107 107
108 108
109 109 def UserForm(localizer, edit=False, available_languages=None, old_data=None):
110 110 old_data = old_data or {}
111 111 available_languages = available_languages or []
112 112 _ = localizer
113 113
114 114 class _UserForm(formencode.Schema):
115 115 allow_extra_fields = True
116 116 filter_extra_fields = True
117 117 username = All(v.UnicodeString(strip=True, min=1, not_empty=True),
118 118 v.ValidUsername(localizer, edit, old_data))
119 119 if edit:
120 120 new_password = All(
121 121 v.ValidPassword(localizer),
122 122 v.UnicodeString(strip=False, min=6, max=72, not_empty=False)
123 123 )
124 124 password_confirmation = All(
125 125 v.ValidPassword(localizer),
126 126 v.UnicodeString(strip=False, min=6, max=72, not_empty=False),
127 127 )
128 128 admin = v.StringBoolean(if_missing=False)
129 129 else:
130 130 password = All(
131 131 v.ValidPassword(localizer),
132 132 v.UnicodeString(strip=False, min=6, max=72, not_empty=True)
133 133 )
134 134 password_confirmation = All(
135 135 v.ValidPassword(localizer),
136 136 v.UnicodeString(strip=False, min=6, max=72, not_empty=False)
137 137 )
138 138
139 139 password_change = v.StringBoolean(if_missing=False)
140 140 create_repo_group = v.StringBoolean(if_missing=False)
141 141
142 142 active = v.StringBoolean(if_missing=False)
143 143 firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
144 144 lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
145 145 email = All(v.UniqSystemEmail(localizer, old_data), v.Email(not_empty=True))
146 146 extern_name = v.UnicodeString(strip=True)
147 147 extern_type = v.UnicodeString(strip=True)
148 148 language = v.OneOf(available_languages, hideList=False,
149 149 testValueList=True, if_missing=None)
150 150 chained_validators = [v.ValidPasswordsMatch(localizer)]
151 151 return _UserForm
152 152
153 153
154 154 def UserGroupForm(localizer, edit=False, old_data=None, allow_disabled=False):
155 155 old_data = old_data or {}
156 156 _ = localizer
157 157
158 158 class _UserGroupForm(formencode.Schema):
159 159 allow_extra_fields = True
160 160 filter_extra_fields = True
161 161
162 162 users_group_name = All(
163 163 v.UnicodeString(strip=True, min=1, not_empty=True),
164 164 v.ValidUserGroup(localizer, edit, old_data)
165 165 )
166 166 user_group_description = v.UnicodeString(strip=True, min=1,
167 167 not_empty=False)
168 168
169 169 users_group_active = v.StringBoolean(if_missing=False)
170 170
171 171 if edit:
172 172 # this is user group owner
173 173 user = All(
174 174 v.UnicodeString(not_empty=True),
175 175 v.ValidRepoUser(localizer, allow_disabled))
176 176 return _UserGroupForm
177 177
178 178
179 179 def RepoGroupForm(localizer, edit=False, old_data=None, available_groups=None,
180 180 can_create_in_root=False, allow_disabled=False):
181 181 _ = localizer
182 182 old_data = old_data or {}
183 183 available_groups = available_groups or []
184 184
185 185 class _RepoGroupForm(formencode.Schema):
186 186 allow_extra_fields = True
187 187 filter_extra_fields = False
188 188
189 189 group_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
190 190 v.SlugifyName(localizer),)
191 191 group_description = v.UnicodeString(strip=True, min=1,
192 192 not_empty=False)
193 193 group_copy_permissions = v.StringBoolean(if_missing=False)
194 194
195 195 group_parent_id = v.OneOf(available_groups, hideList=False,
196 196 testValueList=True, not_empty=True)
197 197 enable_locking = v.StringBoolean(if_missing=False)
198 198 chained_validators = [
199 199 v.ValidRepoGroup(localizer, edit, old_data, can_create_in_root)]
200 200
201 201 if edit:
202 202 # this is repo group owner
203 203 user = All(
204 204 v.UnicodeString(not_empty=True),
205 205 v.ValidRepoUser(localizer, allow_disabled))
206 206 return _RepoGroupForm
207 207
208 208
209 209 def RegisterForm(localizer, edit=False, old_data=None):
210 210 _ = localizer
211 211 old_data = old_data or {}
212 212
213 213 class _RegisterForm(formencode.Schema):
214 214 allow_extra_fields = True
215 215 filter_extra_fields = True
216 216 username = All(
217 217 v.ValidUsername(localizer, edit, old_data),
218 218 v.UnicodeString(strip=True, min=1, not_empty=True)
219 219 )
220 220 password = All(
221 221 v.ValidPassword(localizer),
222 222 v.UnicodeString(strip=False, min=6, max=72, not_empty=True)
223 223 )
224 224 password_confirmation = All(
225 225 v.ValidPassword(localizer),
226 226 v.UnicodeString(strip=False, min=6, max=72, not_empty=True)
227 227 )
228 228 active = v.StringBoolean(if_missing=False)
229 229 firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
230 230 lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
231 231 email = All(v.UniqSystemEmail(localizer, old_data), v.Email(not_empty=True))
232 232
233 233 chained_validators = [v.ValidPasswordsMatch(localizer)]
234 234 return _RegisterForm
235 235
236 236
237 237 def PasswordResetForm(localizer):
238 238 _ = localizer
239 239
240 240 class _PasswordResetForm(formencode.Schema):
241 241 allow_extra_fields = True
242 242 filter_extra_fields = True
243 243 email = All(v.ValidSystemEmail(localizer), v.Email(not_empty=True))
244 244 return _PasswordResetForm
245 245
246 246
247 247 def RepoForm(localizer, edit=False, old_data=None, repo_groups=None,
248 248 landing_revs=None, allow_disabled=False):
249 249 _ = localizer
250 250 old_data = old_data or {}
251 251 repo_groups = repo_groups or []
252 252 landing_revs = landing_revs or []
253 253 supported_backends = BACKENDS.keys()
254 254
255 255 class _RepoForm(formencode.Schema):
256 256 allow_extra_fields = True
257 257 filter_extra_fields = False
258 258 repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
259 259 v.SlugifyName(localizer), v.CannotHaveGitSuffix(localizer))
260 260 repo_group = All(v.CanWriteGroup(localizer, old_data),
261 261 v.OneOf(repo_groups, hideList=True))
262 262 repo_type = v.OneOf(supported_backends, required=False,
263 263 if_missing=old_data.get('repo_type'))
264 264 repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
265 265 repo_private = v.StringBoolean(if_missing=False)
266 266 repo_landing_rev = v.OneOf(landing_revs, hideList=True)
267 267 repo_copy_permissions = v.StringBoolean(if_missing=False)
268 268 clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))
269 269
270 270 repo_enable_statistics = v.StringBoolean(if_missing=False)
271 271 repo_enable_downloads = v.StringBoolean(if_missing=False)
272 272 repo_enable_locking = v.StringBoolean(if_missing=False)
273 273
274 274 if edit:
275 275 # this is repo owner
276 276 user = All(
277 277 v.UnicodeString(not_empty=True),
278 278 v.ValidRepoUser(localizer, allow_disabled))
279 279 clone_uri_change = v.UnicodeString(
280 280 not_empty=False, if_missing=v.Missing)
281 281
282 282 chained_validators = [v.ValidCloneUri(localizer),
283 283 v.ValidRepoName(localizer, edit, old_data)]
284 284 return _RepoForm
285 285
286 286
287 287 def RepoPermsForm(localizer):
288 288 _ = localizer
289 289
290 290 class _RepoPermsForm(formencode.Schema):
291 291 allow_extra_fields = True
292 292 filter_extra_fields = False
293 293 chained_validators = [v.ValidPerms(localizer, type_='repo')]
294 294 return _RepoPermsForm
295 295
296 296
297 297 def RepoGroupPermsForm(localizer, valid_recursive_choices):
298 298 _ = localizer
299 299
300 300 class _RepoGroupPermsForm(formencode.Schema):
301 301 allow_extra_fields = True
302 302 filter_extra_fields = False
303 303 recursive = v.OneOf(valid_recursive_choices)
304 304 chained_validators = [v.ValidPerms(localizer, type_='repo_group')]
305 305 return _RepoGroupPermsForm
306 306
307 307
308 308 def UserGroupPermsForm(localizer):
309 309 _ = localizer
310 310
311 311 class _UserPermsForm(formencode.Schema):
312 312 allow_extra_fields = True
313 313 filter_extra_fields = False
314 314 chained_validators = [v.ValidPerms(localizer, type_='user_group')]
315 315 return _UserPermsForm
316 316
317 317
318 318 def RepoFieldForm(localizer):
319 319 _ = localizer
320 320
321 321 class _RepoFieldForm(formencode.Schema):
322 322 filter_extra_fields = True
323 323 allow_extra_fields = True
324 324
325 325 new_field_key = All(v.FieldKey(localizer),
326 326 v.UnicodeString(strip=True, min=3, not_empty=True))
327 327 new_field_value = v.UnicodeString(not_empty=False, if_missing=u'')
328 328 new_field_type = v.OneOf(['str', 'unicode', 'list', 'tuple'],
329 329 if_missing='str')
330 330 new_field_label = v.UnicodeString(not_empty=False)
331 331 new_field_desc = v.UnicodeString(not_empty=False)
332 332 return _RepoFieldForm
333 333
334 334
335 335 def RepoForkForm(localizer, edit=False, old_data=None,
336 336 supported_backends=BACKENDS.keys(), repo_groups=None,
337 337 landing_revs=None):
338 338 _ = localizer
339 339 old_data = old_data or {}
340 340 repo_groups = repo_groups or []
341 341 landing_revs = landing_revs or []
342 342
343 343 class _RepoForkForm(formencode.Schema):
344 344 allow_extra_fields = True
345 345 filter_extra_fields = False
346 346 repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
347 347 v.SlugifyName(localizer))
348 348 repo_group = All(v.CanWriteGroup(localizer, ),
349 349 v.OneOf(repo_groups, hideList=True))
350 350 repo_type = All(v.ValidForkType(localizer, old_data), v.OneOf(supported_backends))
351 351 description = v.UnicodeString(strip=True, min=1, not_empty=True)
352 352 private = v.StringBoolean(if_missing=False)
353 353 copy_permissions = v.StringBoolean(if_missing=False)
354 354 fork_parent_id = v.UnicodeString()
355 355 chained_validators = [v.ValidForkName(localizer, edit, old_data)]
356 356 landing_rev = v.OneOf(landing_revs, hideList=True)
357 357 return _RepoForkForm
358 358
359 359
360 360 def ApplicationSettingsForm(localizer):
361 361 _ = localizer
362 362
363 363 class _ApplicationSettingsForm(formencode.Schema):
364 364 allow_extra_fields = True
365 365 filter_extra_fields = False
366 366 rhodecode_title = v.UnicodeString(strip=True, max=40, not_empty=False)
367 367 rhodecode_realm = v.UnicodeString(strip=True, min=1, not_empty=True)
368 368 rhodecode_pre_code = v.UnicodeString(strip=True, min=1, not_empty=False)
369 369 rhodecode_post_code = v.UnicodeString(strip=True, min=1, not_empty=False)
370 370 rhodecode_captcha_public_key = v.UnicodeString(strip=True, min=1, not_empty=False)
371 371 rhodecode_captcha_private_key = v.UnicodeString(strip=True, min=1, not_empty=False)
372 372 rhodecode_create_personal_repo_group = v.StringBoolean(if_missing=False)
373 373 rhodecode_personal_repo_group_pattern = v.UnicodeString(strip=True, min=1, not_empty=False)
374 374 return _ApplicationSettingsForm
375 375
376 376
377 377 def ApplicationVisualisationForm(localizer):
378 378 from rhodecode.model.db import Repository
379 379 _ = localizer
380 380
381 381 class _ApplicationVisualisationForm(formencode.Schema):
382 382 allow_extra_fields = True
383 383 filter_extra_fields = False
384 384 rhodecode_show_public_icon = v.StringBoolean(if_missing=False)
385 385 rhodecode_show_private_icon = v.StringBoolean(if_missing=False)
386 386 rhodecode_stylify_metatags = v.StringBoolean(if_missing=False)
387 387
388 388 rhodecode_repository_fields = v.StringBoolean(if_missing=False)
389 389 rhodecode_lightweight_journal = v.StringBoolean(if_missing=False)
390 390 rhodecode_dashboard_items = v.Int(min=5, not_empty=True)
391 391 rhodecode_admin_grid_items = v.Int(min=5, not_empty=True)
392 392 rhodecode_show_version = v.StringBoolean(if_missing=False)
393 393 rhodecode_use_gravatar = v.StringBoolean(if_missing=False)
394 394 rhodecode_markup_renderer = v.OneOf(['markdown', 'rst'])
395 395 rhodecode_gravatar_url = v.UnicodeString(min=3)
396 396 rhodecode_clone_uri_tmpl = v.UnicodeString(not_empty=False, if_empty=Repository.DEFAULT_CLONE_URI)
397 397 rhodecode_clone_uri_ssh_tmpl = v.UnicodeString(not_empty=False, if_empty=Repository.DEFAULT_CLONE_URI_SSH)
398 398 rhodecode_support_url = v.UnicodeString()
399 399 rhodecode_show_revision_number = v.StringBoolean(if_missing=False)
400 400 rhodecode_show_sha_length = v.Int(min=4, not_empty=True)
401 401 return _ApplicationVisualisationForm
402 402
403 403
404 404 class _BaseVcsSettingsForm(formencode.Schema):
405 405
406 406 allow_extra_fields = True
407 407 filter_extra_fields = False
408 408 hooks_changegroup_repo_size = v.StringBoolean(if_missing=False)
409 409 hooks_changegroup_push_logger = v.StringBoolean(if_missing=False)
410 410 hooks_outgoing_pull_logger = v.StringBoolean(if_missing=False)
411 411
412 412 # PR/Code-review
413 413 rhodecode_pr_merge_enabled = v.StringBoolean(if_missing=False)
414 414 rhodecode_use_outdated_comments = v.StringBoolean(if_missing=False)
415 415
416 416 # hg
417 417 extensions_largefiles = v.StringBoolean(if_missing=False)
418 418 extensions_evolve = v.StringBoolean(if_missing=False)
419 419 phases_publish = v.StringBoolean(if_missing=False)
420 420
421 421 rhodecode_hg_use_rebase_for_merging = v.StringBoolean(if_missing=False)
422 422 rhodecode_hg_close_branch_before_merging = v.StringBoolean(if_missing=False)
423 423
424 424 # git
425 425 vcs_git_lfs_enabled = v.StringBoolean(if_missing=False)
426 426 rhodecode_git_use_rebase_for_merging = v.StringBoolean(if_missing=False)
427 427 rhodecode_git_close_branch_before_merging = v.StringBoolean(if_missing=False)
428 428
429 429 # svn
430 430 vcs_svn_proxy_http_requests_enabled = v.StringBoolean(if_missing=False)
431 431 vcs_svn_proxy_http_server_url = v.UnicodeString(strip=True, if_missing=None)
432 432
433 433 # cache
434 434 rhodecode_diff_cache = v.StringBoolean(if_missing=False)
435 435
436 436
437 437 def ApplicationUiSettingsForm(localizer):
438 438 _ = localizer
439 439
440 440 class _ApplicationUiSettingsForm(_BaseVcsSettingsForm):
441 441 web_push_ssl = v.StringBoolean(if_missing=False)
442 442 paths_root_path = All(
443 443 v.ValidPath(localizer),
444 444 v.UnicodeString(strip=True, min=1, not_empty=True)
445 445 )
446 446 largefiles_usercache = All(
447 447 v.ValidPath(localizer),
448 448 v.UnicodeString(strip=True, min=2, not_empty=True))
449 449 vcs_git_lfs_store_location = All(
450 450 v.ValidPath(localizer),
451 451 v.UnicodeString(strip=True, min=2, not_empty=True))
452 452 extensions_hgsubversion = v.StringBoolean(if_missing=False)
453 453 extensions_hggit = v.StringBoolean(if_missing=False)
454 454 new_svn_branch = v.ValidSvnPattern(localizer, section='vcs_svn_branch')
455 455 new_svn_tag = v.ValidSvnPattern(localizer, section='vcs_svn_tag')
456 456 return _ApplicationUiSettingsForm
457 457
458 458
459 459 def RepoVcsSettingsForm(localizer, repo_name):
460 460 _ = localizer
461 461
462 462 class _RepoVcsSettingsForm(_BaseVcsSettingsForm):
463 463 inherit_global_settings = v.StringBoolean(if_missing=False)
464 464 new_svn_branch = v.ValidSvnPattern(localizer,
465 465 section='vcs_svn_branch', repo_name=repo_name)
466 466 new_svn_tag = v.ValidSvnPattern(localizer,
467 467 section='vcs_svn_tag', repo_name=repo_name)
468 468 return _RepoVcsSettingsForm
469 469
470 470
471 471 def LabsSettingsForm(localizer):
472 472 _ = localizer
473 473
474 474 class _LabSettingsForm(formencode.Schema):
475 475 allow_extra_fields = True
476 476 filter_extra_fields = False
477 477 return _LabSettingsForm
478 478
479 479
480 480 def ApplicationPermissionsForm(
481 481 localizer, register_choices, password_reset_choices,
482 482 extern_activate_choices):
483 483 _ = localizer
484 484
485 485 class _DefaultPermissionsForm(formencode.Schema):
486 486 allow_extra_fields = True
487 487 filter_extra_fields = True
488 488
489 489 anonymous = v.StringBoolean(if_missing=False)
490 490 default_register = v.OneOf(register_choices)
491 491 default_register_message = v.UnicodeString()
492 492 default_password_reset = v.OneOf(password_reset_choices)
493 493 default_extern_activate = v.OneOf(extern_activate_choices)
494 494 return _DefaultPermissionsForm
495 495
496 496
497 497 def ObjectPermissionsForm(localizer, repo_perms_choices, group_perms_choices,
498 498 user_group_perms_choices):
499 499 _ = localizer
500 500
501 501 class _ObjectPermissionsForm(formencode.Schema):
502 502 allow_extra_fields = True
503 503 filter_extra_fields = True
504 504 overwrite_default_repo = v.StringBoolean(if_missing=False)
505 505 overwrite_default_group = v.StringBoolean(if_missing=False)
506 506 overwrite_default_user_group = v.StringBoolean(if_missing=False)
507
507 508 default_repo_perm = v.OneOf(repo_perms_choices)
508 509 default_group_perm = v.OneOf(group_perms_choices)
509 510 default_user_group_perm = v.OneOf(user_group_perms_choices)
511
510 512 return _ObjectPermissionsForm
511 513
512 514
515 def BranchPermissionsForm(localizer, branch_perms_choices):
516 _ = localizer
517
518 class _BranchPermissionsForm(formencode.Schema):
519 allow_extra_fields = True
520 filter_extra_fields = True
521 overwrite_default_branch = v.StringBoolean(if_missing=False)
522 default_branch_perm = v.OneOf(branch_perms_choices)
523
524 return _BranchPermissionsForm
525
526
513 527 def UserPermissionsForm(localizer, create_choices, create_on_write_choices,
514 528 repo_group_create_choices, user_group_create_choices,
515 529 fork_choices, inherit_default_permissions_choices):
516 530 _ = localizer
517 531
518 532 class _DefaultPermissionsForm(formencode.Schema):
519 533 allow_extra_fields = True
520 534 filter_extra_fields = True
521 535
522 536 anonymous = v.StringBoolean(if_missing=False)
523 537
524 538 default_repo_create = v.OneOf(create_choices)
525 539 default_repo_create_on_write = v.OneOf(create_on_write_choices)
526 540 default_user_group_create = v.OneOf(user_group_create_choices)
527 541 default_repo_group_create = v.OneOf(repo_group_create_choices)
528 542 default_fork_create = v.OneOf(fork_choices)
529 543 default_inherit_default_permissions = v.OneOf(inherit_default_permissions_choices)
530 544 return _DefaultPermissionsForm
531 545
532 546
533 547 def UserIndividualPermissionsForm(localizer):
534 548 _ = localizer
535 549
536 550 class _DefaultPermissionsForm(formencode.Schema):
537 551 allow_extra_fields = True
538 552 filter_extra_fields = True
539 553
540 554 inherit_default_permissions = v.StringBoolean(if_missing=False)
541 555 return _DefaultPermissionsForm
542 556
543 557
544 558 def DefaultsForm(localizer, edit=False, old_data=None, supported_backends=BACKENDS.keys()):
545 559 _ = localizer
546 560 old_data = old_data or {}
547 561
548 562 class _DefaultsForm(formencode.Schema):
549 563 allow_extra_fields = True
550 564 filter_extra_fields = True
551 565 default_repo_type = v.OneOf(supported_backends)
552 566 default_repo_private = v.StringBoolean(if_missing=False)
553 567 default_repo_enable_statistics = v.StringBoolean(if_missing=False)
554 568 default_repo_enable_downloads = v.StringBoolean(if_missing=False)
555 569 default_repo_enable_locking = v.StringBoolean(if_missing=False)
556 570 return _DefaultsForm
557 571
558 572
559 573 def AuthSettingsForm(localizer):
560 574 _ = localizer
561 575
562 576 class _AuthSettingsForm(formencode.Schema):
563 577 allow_extra_fields = True
564 578 filter_extra_fields = True
565 579 auth_plugins = All(v.ValidAuthPlugins(localizer),
566 580 v.UniqueListFromString(localizer)(not_empty=True))
567 581 return _AuthSettingsForm
568 582
569 583
570 584 def UserExtraEmailForm(localizer):
571 585 _ = localizer
572 586
573 587 class _UserExtraEmailForm(formencode.Schema):
574 588 email = All(v.UniqSystemEmail(localizer), v.Email(not_empty=True))
575 589 return _UserExtraEmailForm
576 590
577 591
578 592 def UserExtraIpForm(localizer):
579 593 _ = localizer
580 594
581 595 class _UserExtraIpForm(formencode.Schema):
582 596 ip = v.ValidIp(localizer)(not_empty=True)
583 597 return _UserExtraIpForm
584 598
585 599
586 600 def PullRequestForm(localizer, repo_id):
587 601 _ = localizer
588 602
589 603 class ReviewerForm(formencode.Schema):
590 604 user_id = v.Int(not_empty=True)
591 605 reasons = All()
592 606 rules = All(v.UniqueList(localizer, convert=int)())
593 607 mandatory = v.StringBoolean()
594 608
595 609 class _PullRequestForm(formencode.Schema):
596 610 allow_extra_fields = True
597 611 filter_extra_fields = True
598 612
599 613 common_ancestor = v.UnicodeString(strip=True, required=True)
600 614 source_repo = v.UnicodeString(strip=True, required=True)
601 615 source_ref = v.UnicodeString(strip=True, required=True)
602 616 target_repo = v.UnicodeString(strip=True, required=True)
603 617 target_ref = v.UnicodeString(strip=True, required=True)
604 618 revisions = All(#v.NotReviewedRevisions(localizer, repo_id)(),
605 619 v.UniqueList(localizer)(not_empty=True))
606 620 review_members = formencode.ForEach(ReviewerForm())
607 621 pullrequest_title = v.UnicodeString(strip=True, required=True, min=3, max=255)
608 622 pullrequest_desc = v.UnicodeString(strip=True, required=False)
609 623 description_renderer = v.UnicodeString(strip=True, required=False)
610 624
611 625 return _PullRequestForm
612 626
613 627
614 628 def IssueTrackerPatternsForm(localizer):
615 629 _ = localizer
616 630
617 631 class _IssueTrackerPatternsForm(formencode.Schema):
618 632 allow_extra_fields = True
619 633 filter_extra_fields = False
620 634 chained_validators = [v.ValidPattern(localizer)]
621 635 return _IssueTrackerPatternsForm
Show file before | Show file after | Hide comments
@@ -1,484 +1,557 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 permissions model for RhodeCode
23 23 """
24 24
25 25
26 26 import logging
27 27 import traceback
28 28
29 29 from sqlalchemy.exc import DatabaseError
30 30
31 31 from rhodecode.model import BaseModel
32 32 from rhodecode.model.db import (
33 33 User, Permission, UserToPerm, UserRepoToPerm, UserRepoGroupToPerm,
34 UserUserGroupToPerm, UserGroup, UserGroupToPerm)
34 UserUserGroupToPerm, UserGroup, UserGroupToPerm, UserToRepoBranchPermission)
35 35 from rhodecode.lib.utils2 import str2bool, safe_int
36 36
37 37 log = logging.getLogger(__name__)
38 38
39 39
40 40 class PermissionModel(BaseModel):
41 41 """
42 42 Permissions model for RhodeCode
43 43 """
44 44
45 45 cls = Permission
46 46 global_perms = {
47 47 'default_repo_create': None,
48 48 # special case for create repos on write access to group
49 49 'default_repo_create_on_write': None,
50 50 'default_repo_group_create': None,
51 51 'default_user_group_create': None,
52 52 'default_fork_create': None,
53 53 'default_inherit_default_permissions': None,
54 54 'default_register': None,
55 55 'default_password_reset': None,
56 56 'default_extern_activate': None,
57 57
58 58 # object permissions below
59 59 'default_repo_perm': None,
60 60 'default_group_perm': None,
61 61 'default_user_group_perm': None,
62
63 # branch
64 'default_branch_perm': None,
62 65 }
63 66
64 67 def set_global_permission_choices(self, c_obj, gettext_translator):
65 68 _ = gettext_translator
66 69
67 70 c_obj.repo_perms_choices = [
68 71 ('repository.none', _('None'),),
69 72 ('repository.read', _('Read'),),
70 73 ('repository.write', _('Write'),),
71 74 ('repository.admin', _('Admin'),)]
72 75
73 76 c_obj.group_perms_choices = [
74 77 ('group.none', _('None'),),
75 78 ('group.read', _('Read'),),
76 79 ('group.write', _('Write'),),
77 80 ('group.admin', _('Admin'),)]
78 81
79 82 c_obj.user_group_perms_choices = [
80 83 ('usergroup.none', _('None'),),
81 84 ('usergroup.read', _('Read'),),
82 85 ('usergroup.write', _('Write'),),
83 86 ('usergroup.admin', _('Admin'),)]
84 87
88 c_obj.branch_perms_choices = [
89 ('branch.none', _('Protected/No Access'),),
90 ('branch.merge', _('Web merge'),),
91 ('branch.push', _('Push'),),
92 ('branch.push_force', _('Force Push'),)]
93
85 94 c_obj.register_choices = [
86 95 ('hg.register.none', _('Disabled')),
87 96 ('hg.register.manual_activate', _('Allowed with manual account activation')),
88 97 ('hg.register.auto_activate', _('Allowed with automatic account activation')),]
89 98
90 99 c_obj.password_reset_choices = [
91 100 ('hg.password_reset.enabled', _('Allow password recovery')),
92 101 ('hg.password_reset.hidden', _('Hide password recovery link')),
93 102 ('hg.password_reset.disabled', _('Disable password recovery')),]
94 103
95 104 c_obj.extern_activate_choices = [
96 105 ('hg.extern_activate.manual', _('Manual activation of external account')),
97 106 ('hg.extern_activate.auto', _('Automatic activation of external account')),]
98 107
99 108 c_obj.repo_create_choices = [
100 109 ('hg.create.none', _('Disabled')),
101 110 ('hg.create.repository', _('Enabled'))]
102 111
103 112 c_obj.repo_create_on_write_choices = [
104 113 ('hg.create.write_on_repogroup.false', _('Disabled')),
105 114 ('hg.create.write_on_repogroup.true', _('Enabled'))]
106 115
107 116 c_obj.user_group_create_choices = [
108 117 ('hg.usergroup.create.false', _('Disabled')),
109 118 ('hg.usergroup.create.true', _('Enabled'))]
110 119
111 120 c_obj.repo_group_create_choices = [
112 121 ('hg.repogroup.create.false', _('Disabled')),
113 122 ('hg.repogroup.create.true', _('Enabled'))]
114 123
115 124 c_obj.fork_choices = [
116 125 ('hg.fork.none', _('Disabled')),
117 126 ('hg.fork.repository', _('Enabled'))]
118 127
119 128 c_obj.inherit_default_permission_choices = [
120 129 ('hg.inherit_default_perms.false', _('Disabled')),
121 130 ('hg.inherit_default_perms.true', _('Enabled'))]
122 131
123 132 def get_default_perms(self, object_perms, suffix):
124 133 defaults = {}
125 134 for perm in object_perms:
126 135 # perms
127 136 if perm.permission.permission_name.startswith('repository.'):
128 137 defaults['default_repo_perm' + suffix] = perm.permission.permission_name
129 138
130 139 if perm.permission.permission_name.startswith('group.'):
131 140 defaults['default_group_perm' + suffix] = perm.permission.permission_name
132 141
133 142 if perm.permission.permission_name.startswith('usergroup.'):
134 143 defaults['default_user_group_perm' + suffix] = perm.permission.permission_name
135 144
145 # branch
146 if perm.permission.permission_name.startswith('branch.'):
147 defaults['default_branch_perm' + suffix] = perm.permission.permission_name
148
136 149 # creation of objects
137 150 if perm.permission.permission_name.startswith('hg.create.write_on_repogroup'):
138 151 defaults['default_repo_create_on_write' + suffix] = perm.permission.permission_name
139 152
140 153 elif perm.permission.permission_name.startswith('hg.create.'):
141 154 defaults['default_repo_create' + suffix] = perm.permission.permission_name
142 155
143 156 if perm.permission.permission_name.startswith('hg.fork.'):
144 157 defaults['default_fork_create' + suffix] = perm.permission.permission_name
145 158
146 159 if perm.permission.permission_name.startswith('hg.inherit_default_perms.'):
147 160 defaults['default_inherit_default_permissions' + suffix] = perm.permission.permission_name
148 161
149 162 if perm.permission.permission_name.startswith('hg.repogroup.'):
150 163 defaults['default_repo_group_create' + suffix] = perm.permission.permission_name
151 164
152 165 if perm.permission.permission_name.startswith('hg.usergroup.'):
153 166 defaults['default_user_group_create' + suffix] = perm.permission.permission_name
154 167
155 168 # registration and external account activation
156 169 if perm.permission.permission_name.startswith('hg.register.'):
157 170 defaults['default_register' + suffix] = perm.permission.permission_name
158 171
159 172 if perm.permission.permission_name.startswith('hg.password_reset.'):
160 173 defaults['default_password_reset' + suffix] = perm.permission.permission_name
161 174
162 175 if perm.permission.permission_name.startswith('hg.extern_activate.'):
163 176 defaults['default_extern_activate' + suffix] = perm.permission.permission_name
164 177
165 178 return defaults
166 179
167 180 def _make_new_user_perm(self, user, perm_name):
168 181 log.debug('Creating new user permission:%s', perm_name)
169 182 new = UserToPerm()
170 183 new.user = user
171 184 new.permission = Permission.get_by_key(perm_name)
172 185 return new
173 186
174 187 def _make_new_user_group_perm(self, user_group, perm_name):
175 188 log.debug('Creating new user group permission:%s', perm_name)
176 189 new = UserGroupToPerm()
177 190 new.users_group = user_group
178 191 new.permission = Permission.get_by_key(perm_name)
179 192 return new
180 193
181 194 def _keep_perm(self, perm_name, keep_fields):
182 195 def get_pat(field_name):
183 196 return {
184 197 # global perms
185 198 'default_repo_create': 'hg.create.',
186 199 # special case for create repos on write access to group
187 200 'default_repo_create_on_write': 'hg.create.write_on_repogroup.',
188 201 'default_repo_group_create': 'hg.repogroup.create.',
189 202 'default_user_group_create': 'hg.usergroup.create.',
190 203 'default_fork_create': 'hg.fork.',
191 204 'default_inherit_default_permissions': 'hg.inherit_default_perms.',
192 205
193 206 # application perms
194 207 'default_register': 'hg.register.',
195 208 'default_password_reset': 'hg.password_reset.',
196 209 'default_extern_activate': 'hg.extern_activate.',
197 210
198 211 # object permissions below
199 212 'default_repo_perm': 'repository.',
200 213 'default_group_perm': 'group.',
201 214 'default_user_group_perm': 'usergroup.',
215 # branch
216 'default_branch_perm': 'branch.',
217
202 218 }[field_name]
203 219 for field in keep_fields:
204 220 pat = get_pat(field)
205 221 if perm_name.startswith(pat):
206 222 return True
207 223 return False
208 224
209 225 def _clear_object_perm(self, object_perms, preserve=None):
210 226 preserve = preserve or []
211 227 _deleted = []
212 228 for perm in object_perms:
213 229 perm_name = perm.permission.permission_name
214 230 if not self._keep_perm(perm_name, keep_fields=preserve):
215 231 _deleted.append(perm_name)
216 232 self.sa.delete(perm)
217 233 return _deleted
218 234
219 235 def _clear_user_perms(self, user_id, preserve=None):
220 236 perms = self.sa.query(UserToPerm)\
221 237 .filter(UserToPerm.user_id == user_id)\
222 238 .all()
223 239 return self._clear_object_perm(perms, preserve=preserve)
224 240
225 241 def _clear_user_group_perms(self, user_group_id, preserve=None):
226 242 perms = self.sa.query(UserGroupToPerm)\
227 243 .filter(UserGroupToPerm.users_group_id == user_group_id)\
228 244 .all()
229 245 return self._clear_object_perm(perms, preserve=preserve)
230 246
231 247 def _set_new_object_perms(self, obj_type, object, form_result, preserve=None):
232 248 # clear current entries, to make this function idempotent
233 249 # it will fix even if we define more permissions or permissions
234 250 # are somehow missing
235 251 preserve = preserve or []
236 252 _global_perms = self.global_perms.copy()
237 253 if obj_type not in ['user', 'user_group']:
238 254 raise ValueError("obj_type must be on of 'user' or 'user_group'")
239 if len(_global_perms) != len(Permission.DEFAULT_USER_PERMISSIONS):
240 raise Exception('Inconsistent permissions definition')
255 global_perms = len(_global_perms)
256 default_user_perms = len(Permission.DEFAULT_USER_PERMISSIONS)
257 if global_perms != default_user_perms:
258 raise Exception(
259 'Inconsistent permissions definition. Got {} vs {}'.format(
260 global_perms, default_user_perms))
241 261
242 262 if obj_type == 'user':
243 263 self._clear_user_perms(object.user_id, preserve)
244 264 if obj_type == 'user_group':
245 265 self._clear_user_group_perms(object.users_group_id, preserve)
246 266
247 267 # now kill the keys that we want to preserve from the form.
248 268 for key in preserve:
249 269 del _global_perms[key]
250 270
251 271 for k in _global_perms.copy():
252 272 _global_perms[k] = form_result[k]
253 273
254 274 # at that stage we validate all are passed inside form_result
255 275 for _perm_key, perm_value in _global_perms.items():
256 276 if perm_value is None:
257 277 raise ValueError('Missing permission for %s' % (_perm_key,))
258 278
259 279 if obj_type == 'user':
260 280 p = self._make_new_user_perm(object, perm_value)
261 281 self.sa.add(p)
262 282 if obj_type == 'user_group':
263 283 p = self._make_new_user_group_perm(object, perm_value)
264 284 self.sa.add(p)
265 285
266 286 def _set_new_user_perms(self, user, form_result, preserve=None):
267 287 return self._set_new_object_perms(
268 288 'user', user, form_result, preserve)
269 289
270 290 def _set_new_user_group_perms(self, user_group, form_result, preserve=None):
271 291 return self._set_new_object_perms(
272 292 'user_group', user_group, form_result, preserve)
273 293
274 294 def set_new_user_perms(self, user, form_result):
275 295 # calculate what to preserve from what is given in form_result
276 296 preserve = set(self.global_perms.keys()).difference(set(form_result.keys()))
277 297 return self._set_new_user_perms(user, form_result, preserve)
278 298
279 299 def set_new_user_group_perms(self, user_group, form_result):
280 300 # calculate what to preserve from what is given in form_result
281 301 preserve = set(self.global_perms.keys()).difference(set(form_result.keys()))
282 302 return self._set_new_user_group_perms(user_group, form_result, preserve)
283 303
284 304 def create_permissions(self):
285 305 """
286 306 Create permissions for whole system
287 307 """
288 308 for p in Permission.PERMS:
289 309 if not Permission.get_by_key(p[0]):
290 310 new_perm = Permission()
291 311 new_perm.permission_name = p[0]
292 312 new_perm.permission_longname = p[0] # translation err with p[1]
293 313 self.sa.add(new_perm)
294 314
295 315 def _create_default_object_permission(self, obj_type, obj, obj_perms,
296 316 force=False):
297 317 if obj_type not in ['user', 'user_group']:
298 318 raise ValueError("obj_type must be on of 'user' or 'user_group'")
299 319
300 320 def _get_group(perm_name):
301 321 return '.'.join(perm_name.split('.')[:1])
302 322
303 323 defined_perms_groups = map(
304 324 _get_group, (x.permission.permission_name for x in obj_perms))
305 325 log.debug('GOT ALREADY DEFINED:%s', obj_perms)
306 326
307 327 if force:
308 328 self._clear_object_perm(obj_perms)
309 329 self.sa.commit()
310 330 defined_perms_groups = []
311 331 # for every default permission that needs to be created, we check if
312 332 # it's group is already defined, if it's not we create default perm
313 333 for perm_name in Permission.DEFAULT_USER_PERMISSIONS:
314 334 gr = _get_group(perm_name)
315 335 if gr not in defined_perms_groups:
316 336 log.debug('GR:%s not found, creating permission %s',
317 337 gr, perm_name)
318 338 if obj_type == 'user':
319 339 new_perm = self._make_new_user_perm(obj, perm_name)
320 340 self.sa.add(new_perm)
321 341 if obj_type == 'user_group':
322 342 new_perm = self._make_new_user_group_perm(obj, perm_name)
323 343 self.sa.add(new_perm)
324 344
325 345 def create_default_user_permissions(self, user, force=False):
326 346 """
327 347 Creates only missing default permissions for user, if force is set it
328 348 resets the default permissions for that user
329 349
330 350 :param user:
331 351 :param force:
332 352 """
333 353 user = self._get_user(user)
334 354 obj_perms = UserToPerm.query().filter(UserToPerm.user == user).all()
335 355 return self._create_default_object_permission(
336 356 'user', user, obj_perms, force)
337 357
338 358 def create_default_user_group_permissions(self, user_group, force=False):
339 359 """
340 Creates only missing default permissions for user group, if force is set it
341 resets the default permissions for that user group
360 Creates only missing default permissions for user group, if force is
361 set it resets the default permissions for that user group
342 362
343 363 :param user_group:
344 364 :param force:
345 365 """
346 366 user_group = self._get_user_group(user_group)
347 367 obj_perms = UserToPerm.query().filter(UserGroupToPerm.users_group == user_group).all()
348 368 return self._create_default_object_permission(
349 369 'user_group', user_group, obj_perms, force)
350 370
351 371 def update_application_permissions(self, form_result):
352 372 if 'perm_user_id' in form_result:
353 373 perm_user = User.get(safe_int(form_result['perm_user_id']))
354 374 else:
355 375 # used mostly to do lookup for default user
356 376 perm_user = User.get_by_username(form_result['perm_user_name'])
357 377
358 378 try:
359 379 # stage 1 set anonymous access
360 380 if perm_user.username == User.DEFAULT_USER:
361 381 perm_user.active = str2bool(form_result['anonymous'])
362 382 self.sa.add(perm_user)
363 383
364 384 # stage 2 reset defaults and set them from form data
365 385 self._set_new_user_perms(perm_user, form_result, preserve=[
366 386 'default_repo_perm',
367 387 'default_group_perm',
368 388 'default_user_group_perm',
389 'default_branch_perm',
369 390
370 391 'default_repo_group_create',
371 392 'default_user_group_create',
372 393 'default_repo_create_on_write',
373 394 'default_repo_create',
374 395 'default_fork_create',
375 396 'default_inherit_default_permissions',])
376 397
377 398 self.sa.commit()
378 399 except (DatabaseError,):
379 400 log.error(traceback.format_exc())
380 401 self.sa.rollback()
381 402 raise
382 403
383 404 def update_user_permissions(self, form_result):
384 405 if 'perm_user_id' in form_result:
385 406 perm_user = User.get(safe_int(form_result['perm_user_id']))
386 407 else:
387 408 # used mostly to do lookup for default user
388 409 perm_user = User.get_by_username(form_result['perm_user_name'])
389 410 try:
390 411 # stage 2 reset defaults and set them from form data
391 412 self._set_new_user_perms(perm_user, form_result, preserve=[
392 413 'default_repo_perm',
393 414 'default_group_perm',
394 415 'default_user_group_perm',
416 'default_branch_perm',
395 417
396 418 'default_register',
397 419 'default_password_reset',
398 420 'default_extern_activate'])
399 421 self.sa.commit()
400 422 except (DatabaseError,):
401 423 log.error(traceback.format_exc())
402 424 self.sa.rollback()
403 425 raise
404 426
405 427 def update_user_group_permissions(self, form_result):
406 428 if 'perm_user_group_id' in form_result:
407 429 perm_user_group = UserGroup.get(safe_int(form_result['perm_user_group_id']))
408 430 else:
409 431 # used mostly to do lookup for default user
410 432 perm_user_group = UserGroup.get_by_group_name(form_result['perm_user_group_name'])
411 433 try:
412 434 # stage 2 reset defaults and set them from form data
413 435 self._set_new_user_group_perms(perm_user_group, form_result, preserve=[
414 436 'default_repo_perm',
415 437 'default_group_perm',
416 438 'default_user_group_perm',
439 'default_branch_perm',
417 440
418 441 'default_register',
419 442 'default_password_reset',
420 443 'default_extern_activate'])
421 444 self.sa.commit()
422 445 except (DatabaseError,):
423 446 log.error(traceback.format_exc())
424 447 self.sa.rollback()
425 448 raise
426 449
427 450 def update_object_permissions(self, form_result):
428 451 if 'perm_user_id' in form_result:
429 452 perm_user = User.get(safe_int(form_result['perm_user_id']))
430 453 else:
431 454 # used mostly to do lookup for default user
432 455 perm_user = User.get_by_username(form_result['perm_user_name'])
433 456 try:
434 457
435 458 # stage 2 reset defaults and set them from form data
436 459 self._set_new_user_perms(perm_user, form_result, preserve=[
437 460 'default_repo_group_create',
438 461 'default_user_group_create',
439 462 'default_repo_create_on_write',
440 463 'default_repo_create',
441 464 'default_fork_create',
442 465 'default_inherit_default_permissions',
466 'default_branch_perm',
443 467
444 468 'default_register',
445 469 'default_password_reset',
446 470 'default_extern_activate'])
447 471
448 472 # overwrite default repo permissions
449 473 if form_result['overwrite_default_repo']:
450 474 _def_name = form_result['default_repo_perm'].split('repository.')[-1]
451 475 _def = Permission.get_by_key('repository.' + _def_name)
452 476 for r2p in self.sa.query(UserRepoToPerm)\
453 477 .filter(UserRepoToPerm.user == perm_user)\
454 478 .all():
455 479 # don't reset PRIVATE repositories
456 480 if not r2p.repository.private:
457 481 r2p.permission = _def
458 482 self.sa.add(r2p)
459 483
460 484 # overwrite default repo group permissions
461 485 if form_result['overwrite_default_group']:
462 486 _def_name = form_result['default_group_perm'].split('group.')[-1]
463 487 _def = Permission.get_by_key('group.' + _def_name)
464 488 for g2p in self.sa.query(UserRepoGroupToPerm)\
465 489 .filter(UserRepoGroupToPerm.user == perm_user)\
466 490 .all():
467 491 g2p.permission = _def
468 492 self.sa.add(g2p)
469 493
470 494 # overwrite default user group permissions
471 495 if form_result['overwrite_default_user_group']:
472 496 _def_name = form_result['default_user_group_perm'].split('usergroup.')[-1]
473 497 # user groups
474 498 _def = Permission.get_by_key('usergroup.' + _def_name)
475 499 for g2p in self.sa.query(UserUserGroupToPerm)\
476 500 .filter(UserUserGroupToPerm.user == perm_user)\
477 501 .all():
478 502 g2p.permission = _def
479 503 self.sa.add(g2p)
504
505 # COMMIT
480 506 self.sa.commit()
481 507 except (DatabaseError,):
482 508 log.exception('Failed to set default object permissions')
483 509 self.sa.rollback()
484 510 raise
511
512 def update_branch_permissions(self, form_result):
513 if 'perm_user_id' in form_result:
514 perm_user = User.get(safe_int(form_result['perm_user_id']))
515 else:
516 # used mostly to do lookup for default user
517 perm_user = User.get_by_username(form_result['perm_user_name'])
518 try:
519
520 # stage 2 reset defaults and set them from form data
521 self._set_new_user_perms(perm_user, form_result, preserve=[
522 'default_repo_perm',
523 'default_group_perm',
524 'default_user_group_perm',
525
526 'default_repo_group_create',
527 'default_user_group_create',
528 'default_repo_create_on_write',
529 'default_repo_create',
530 'default_fork_create',
531 'default_inherit_default_permissions',
532
533 'default_register',
534 'default_password_reset',
535 'default_extern_activate'])
536
537 # overwrite default branch permissions
538 if form_result['overwrite_default_branch']:
539 _def_name = \
540 form_result['default_branch_perm'].split('branch.')[-1]
541
542 _def = Permission.get_by_key('branch.' + _def_name)
543
544 # TODO(marcink): those are bind to repo, perms, we need to unfold user somehow from this
545 for g2p in self.sa.query(UserToRepoBranchPermission) \
546 .filter(UserToRepoBranchPermission.user == perm_user) \
547 .all():
548 g2p.permission = _def
549 self.sa.add(g2p)
550
551 # COMMIT
552 self.sa.commit()
553 except (DatabaseError,):
554 log.exception('Failed to set default branch permissions')
555 self.sa.rollback()
556 raise
557
Show file before | Show file after | Hide comments
@@ -1,392 +1,409 b''
1 1
2 2 // Contains the style definitions used for .main-content
3 3 // elements which are mainly around the admin settings.
4 4
5 5
6 6 // TODO: johbo: Integrate in a better way, this is for "main content" which
7 7 // should not have a limit on the width.
8 8 .main-content-full {
9 9 clear: both;
10 10 }
11 11
12 12
13 13 .main-content {
14 14 max-width: @maincontent-maxwidth;
15 15
16 16 h3,
17 17 // TODO: johbo: Change templates to use h3 instead of h4 here
18 18 h4 {
19 19 line-height: 1em;
20 20 }
21 21
22 22 // TODO: johbo: Check if we can do that on a global level
23 23 table {
24 24 th {
25 25 padding: 0;
26 26 }
27 27 td.field{
28 28 .help-block{
29 29 margin-left: 0;
30 30 }
31 31 }
32 32 }
33 33
34 34 // TODO: johbo: Tweak this into the general styling, for a full width
35 35 // textarea
36 36 .textarea-full {
37 37 // 2x 10px padding and 2x 1px border
38 38 margin-right: 22px;
39 39 }
40 40
41 41 }
42 42
43 43
44 44 // TODO: johbo: duplicated, think about a mixins.less
45 45 .block-left{
46 46 float: left;
47 47 }
48 48
49 49 .form {
50 50 .checkboxes {
51 51 // TODO: johbo: Should be changed in .checkboxes already
52 52 width: auto;
53 53 }
54 54
55 55 // TODO: johbo: some settings pages are broken and don't have the .buttons
56 56 // inside the .fields, tweak those templates and remove this.
57 57 .buttons {
58 58 margin-top: @textmargin;
59 59 }
60 60
61 61 .help-block {
62 62 display: block;
63 63 margin-left: @label-width;
64 64 &.pre-formatting {
65 65 white-space: pre;
66 66 }
67 67 }
68 68
69 69 .action_button {
70 70 color: @grey4;
71 71 }
72 72 }
73 73
74 74 .main-content-full-width {
75 75 .main-content;
76 76 width: 100%;
77 77 min-width: 100%;
78 78 }
79 79
80 80 .main-content-auto-width {
81 81 .main-content;
82 82 width: auto;
83 83 min-width: 100%;
84 84 max-width: inherit;
85 85 }
86 86
87 87 .field {
88 88 clear: left;
89 89 margin-bottom: @padding;
90 90
91 91 }
92 92
93 93 .input-monospace {
94 94 font-family: @font-family-monospace;
95 95 }
96 96
97 97 .fields {
98 98 label {
99 99 color: @grey2;
100 100 }
101 101
102 102 .field {
103 103 clear: right;
104 104 margin-bottom: @textmargin;
105 105 width: 100%;
106 106
107 107 .label {
108 108 float: left;
109 109 margin-right: @form-vertical-margin;
110 110 margin-top: 0;
111 111 padding-top: @input-padding-px + @border-thickness-inputs;
112 112 width: @label-width - @form-vertical-margin;
113 113 }
114 114 // used in forms for fields that show just text
115 115 .label-text {
116 116 .label;
117 117 padding-top: 5px;
118 118 }
119 .label-branch-perm {
120 .label;
121 width: 20px;
122 }
123
119 124 // Used to position content on the right side of a .label
120 125 .content,
121 126 .side-by-side-selector {
122 127 padding-top: @input-padding-px + @input-border-thickness;
123 128 }
124 129
125 130 .checkboxes,
126 131 .input,
127 132 .select,
128 133 .textarea,
129 134 .content {
130 135 float: none;
131 136 margin-left: @label-width;
132 137
133 138 .help-block {
134 139 margin-left: 0;
135 140 }
136 141 }
137 142
143 .input-branch-perm {
144 .input;
145 margin-left: 90px;
146 }
147
148 .input-branch-perm-order {
149 width: 40px;
150 }
151
138 152 .checkboxes,
139 153 .input,
140 154 .select {
141 155 .help-block {
142 156 display: block;
143 157 }
144 158 }
145 159
146 160 .checkboxes,
147 161 .radios {
148 162 // TODO: johbo: We get a 4px margin from the from-bootstrap,
149 163 // compensating here to align well with labels on the left.
150 164 padding-top: @input-padding-px + @input-border-thickness - 3px;
151 165 }
152 166
153 167 .checkbox,
154 168 .radio {
155 169 display: block;
156 170 width: auto;
157 171 }
158 172
159 173 .checkbox + .checkbox {
160 174 display: block;
161 175 }
162 176
163 177 .input,
164 178 .select {
165 179 .help-block,
166 180 .info-block {
167 181 margin-top: @form-vertical-margin / 2;
168 182 }
169 183 }
170 184
171 185 .input {
186 .branch-perm {
187 width: 80px;
188 }
172 189 .medium {
173 190 width: @fields-input-m;
174 191 }
175 192 .large {
176 193 width: @fields-input-l;
177 194 }
178 195
179 196 .text-as-placeholder {
180 197 padding-top: @input-padding-px + @border-thickness-inputs;
181 198 }
182 199 }
183 200
184 201 // TODO: johbo: Try to find a better integration of this bit.
185 202 // When using a select2 inside of a field, it should not have the
186 203 // top margin.
187 204 .select .drop-menu {
188 205 margin-top: 0;
189 206 }
190 207
191 208 .textarea {
192 209 float: none;
193 210
194 211 textarea {
195 212 // TODO: johbo: From somewhere we get a clear which does
196 213 // more harm than good here.
197 214 clear: none;
198 215 }
199 216
200 217 .CodeMirror {
201 218 // TODO: johbo: Tweak to position the .help-block nicer,
202 219 // figure out how to apply for .text-block instead.
203 220 margin-bottom: 10px;
204 221 }
205 222
206 223 // TODO: johbo: Check if we can remove the grey background on
207 224 // the global level and remove this if possible.
208 225 .help-block {
209 226 background: transparent;
210 227 padding: 0;
211 228 }
212 229 }
213 230
214 231 &.tag_patterns,
215 232 &.branch_patterns {
216 233
217 234 input {
218 235 max-width: 430px;
219 236 }
220 237 }
221 238 }
222 239
223 240 .field-sm {
224 241 .label {
225 242 padding-top: @input-padding-px / 2 + @input-border-thickness;
226 243 }
227 244 .checkboxes,
228 245 .radios {
229 246 // TODO: johbo: We get a 4px margin from the from-bootstrap,
230 247 // compensating here to align well with labels on the left.
231 248 padding-top: @input-padding-px / 2 + @input-border-thickness - 3px;
232 249 }
233 250 }
234 251
235 252 .field.customhooks {
236 253 .label {
237 254 padding-top: 0;
238 255 }
239 256 .input-wrapper {
240 257 padding-right: 25px;
241 258
242 259 input {
243 260 width: 100%;
244 261 }
245 262 }
246 263 .input {
247 264 padding-right: 25px;
248 265 }
249 266 }
250 267
251 268 .buttons {
252 269 // TODO: johbo: define variable for this value.
253 270 // Note that this should be 40px but since most elements add some
254 271 // space in the bottom, we are with 20 closer to 40.
255 272 margin-top: 20px;
256 273 clear: both;
257 274 margin-bottom: @padding;
258 275 }
259 276
260 277 .desc{
261 278 margin-right: @textmargin;
262 279 }
263 280
264 281 input,
265 282 .drop-menu {
266 283 margin-right: @padding/3;
267 284 }
268 285
269 286 }
270 287
271 288 .form-vertical .fields .field {
272 289
273 290 .label {
274 291 float: none;
275 292 width: auto;
276 293 }
277 294
278 295 .checkboxes,
279 296 .input,
280 297 .select,
281 298 .textarea {
282 299 margin-left: 0;
283 300 }
284 301
285 302 // TODO: johbo: had to tweak the width here to make it big enough for
286 303 // the license.
287 304 .textarea.editor {
288 305 max-width: none;
289 306 }
290 307
291 308 .textarea.large textarea {
292 309 min-height: 200px;
293 310 }
294 311
295 312 .help-block {
296 313 margin-left: 0;
297 314 }
298 315 }
299 316
300 317
301 318
302 319
303 320 .main-content {
304 321 .block-left;
305 322
306 323 .section {
307 324 margin-bottom: @space;
308 325 }
309 326
310 327
311 328 // Table aligning same way as forms in admin section, e.g.
312 329 // python packages table
313 330 table.formalign {
314 331 float: left;
315 332 width: auto;
316 333
317 334 .label {
318 335 width: @label-width;
319 336 }
320 337
321 338 }
322 339
323 340
324 341 table.issuetracker {
325 342
326 343 color: @text-color;
327 344
328 345 .issue-tracker-example {
329 346 color: @grey4;
330 347 }
331 348 }
332 349
333 350 .side-by-side-selector{
334 351 .left-group,
335 352 .middle-group,
336 353 .right-group{
337 354 float: left;
338 355 }
339 356
340 357 .left-group,
341 358 .right-group{
342 359 width: 45%;
343 360 text-align: center;
344 361
345 362 label{
346 363 width: 100%;
347 364 text-align: left;
348 365 }
349 366
350 367 select{
351 368 width: 100%;
352 369 background: none;
353 370 border-color: @border-highlight-color;
354 371 color: @text-color;
355 372 font-family: @text-light;
356 373 font-size: @basefontsize;
357 374 color: @grey1;
358 375 padding: @textmargin/2;
359 376 }
360 377
361 378 select:after{
362 379 content: "";
363 380 }
364 381
365 382 }
366 383
367 384 .middle-group{
368 385 width: 10%;
369 386 text-align: center;
370 387 padding-top: 4em;
371 388 i {
372 389 font-size: 18px;
373 390 cursor: pointer;
374 391 line-height: 2em;
375 392 }
376 393 }
377 394
378 395 }
379 396
380 397 .permissions_boxes{
381 398 label, .label{
382 399 margin-right: @textmargin/2;
383 400 }
384 401 }
385 402
386 403 .radios{
387 404 label{
388 405 margin-right: @textmargin;
389 406 }
390 407 }
391 408 }
392 409
Show file before | Show file after | Hide comments
@@ -1,2466 +1,2466 b''
1 1 //Primary CSS
2 2
3 3 //--- IMPORTS ------------------//
4 4
5 5 @import 'helpers';
6 6 @import 'mixins';
7 7 @import 'rcicons';
8 8 @import 'fonts';
9 9 @import 'variables';
10 10 @import 'bootstrap-variables';
11 11 @import 'form-bootstrap';
12 12 @import 'codemirror';
13 13 @import 'legacy_code_styles';
14 14 @import 'readme-box';
15 15 @import 'progress-bar';
16 16
17 17 @import 'type';
18 18 @import 'alerts';
19 19 @import 'buttons';
20 20 @import 'tags';
21 21 @import 'code-block';
22 22 @import 'examples';
23 23 @import 'login';
24 24 @import 'main-content';
25 25 @import 'select2';
26 26 @import 'comments';
27 27 @import 'panels-bootstrap';
28 28 @import 'panels';
29 29 @import 'deform';
30 30
31 31 //--- BASE ------------------//
32 32 .noscript-error {
33 33 top: 0;
34 34 left: 0;
35 35 width: 100%;
36 36 z-index: 101;
37 37 text-align: center;
38 38 font-family: @text-semibold;
39 39 font-size: 120%;
40 40 color: white;
41 41 background-color: @alert2;
42 42 padding: 5px 0 5px 0;
43 43 }
44 44
45 45 html {
46 46 display: table;
47 47 height: 100%;
48 48 width: 100%;
49 49 }
50 50
51 51 body {
52 52 display: table-cell;
53 53 width: 100%;
54 54 }
55 55
56 56 //--- LAYOUT ------------------//
57 57
58 58 .hidden{
59 59 display: none !important;
60 60 }
61 61
62 62 .box{
63 63 float: left;
64 64 width: 100%;
65 65 }
66 66
67 67 .browser-header {
68 68 clear: both;
69 69 }
70 70 .main {
71 71 clear: both;
72 72 padding:0 0 @pagepadding;
73 73 height: auto;
74 74
75 75 &:after { //clearfix
76 76 content:"";
77 77 clear:both;
78 78 width:100%;
79 79 display:block;
80 80 }
81 81 }
82 82
83 83 .action-link{
84 84 margin-left: @padding;
85 85 padding-left: @padding;
86 86 border-left: @border-thickness solid @border-default-color;
87 87 }
88 88
89 89 input + .action-link, .action-link.first{
90 90 border-left: none;
91 91 }
92 92
93 93 .action-link.last{
94 94 margin-right: @padding;
95 95 padding-right: @padding;
96 96 }
97 97
98 98 .action-link.active,
99 99 .action-link.active a{
100 100 color: @grey4;
101 101 }
102 102
103 103 .action-link.disabled {
104 104 color: @grey4;
105 105 cursor: inherit;
106 106 }
107 107
108 108 .clipboard-action {
109 109 cursor: pointer;
110 110 }
111 111
112 112 ul.simple-list{
113 113 list-style: none;
114 114 margin: 0;
115 115 padding: 0;
116 116 }
117 117
118 118 .main-content {
119 119 padding-bottom: @pagepadding;
120 120 }
121 121
122 122 .wide-mode-wrapper {
123 123 max-width:4000px !important;
124 124 }
125 125
126 126 .wrapper {
127 127 position: relative;
128 128 max-width: @wrapper-maxwidth;
129 129 margin: 0 auto;
130 130 }
131 131
132 132 #content {
133 133 clear: both;
134 134 padding: 0 @contentpadding;
135 135 }
136 136
137 137 .advanced-settings-fields{
138 138 input{
139 139 margin-left: @textmargin;
140 140 margin-right: @padding/2;
141 141 }
142 142 }
143 143
144 144 .cs_files_title {
145 145 margin: @pagepadding 0 0;
146 146 }
147 147
148 148 input.inline[type="file"] {
149 149 display: inline;
150 150 }
151 151
152 152 .error_page {
153 153 margin: 10% auto;
154 154
155 155 h1 {
156 156 color: @grey2;
157 157 }
158 158
159 159 .alert {
160 160 margin: @padding 0;
161 161 }
162 162
163 163 .error-branding {
164 164 font-family: @text-semibold;
165 165 color: @grey4;
166 166 }
167 167
168 168 .error_message {
169 169 font-family: @text-regular;
170 170 }
171 171
172 172 .sidebar {
173 173 min-height: 275px;
174 174 margin: 0;
175 175 padding: 0 0 @sidebarpadding @sidebarpadding;
176 176 border: none;
177 177 }
178 178
179 179 .main-content {
180 180 position: relative;
181 181 margin: 0 @sidebarpadding @sidebarpadding;
182 182 padding: 0 0 0 @sidebarpadding;
183 183 border-left: @border-thickness solid @grey5;
184 184
185 185 @media (max-width:767px) {
186 186 clear: both;
187 187 width: 100%;
188 188 margin: 0;
189 189 border: none;
190 190 }
191 191 }
192 192
193 193 .inner-column {
194 194 float: left;
195 195 width: 29.75%;
196 196 min-height: 150px;
197 197 margin: @sidebarpadding 2% 0 0;
198 198 padding: 0 2% 0 0;
199 199 border-right: @border-thickness solid @grey5;
200 200
201 201 @media (max-width:767px) {
202 202 clear: both;
203 203 width: 100%;
204 204 border: none;
205 205 }
206 206
207 207 ul {
208 208 padding-left: 1.25em;
209 209 }
210 210
211 211 &:last-child {
212 212 margin: @sidebarpadding 0 0;
213 213 border: none;
214 214 }
215 215
216 216 h4 {
217 217 margin: 0 0 @padding;
218 218 font-family: @text-semibold;
219 219 }
220 220 }
221 221 }
222 222 .error-page-logo {
223 223 width: 130px;
224 224 height: 160px;
225 225 }
226 226
227 227 // HEADER
228 228 .header {
229 229
230 230 // TODO: johbo: Fix login pages, so that they work without a min-height
231 231 // for the header and then remove the min-height. I chose a smaller value
232 232 // intentionally here to avoid rendering issues in the main navigation.
233 233 min-height: 49px;
234 234
235 235 position: relative;
236 236 vertical-align: bottom;
237 237 padding: 0 @header-padding;
238 238 background-color: @grey2;
239 239 color: @grey5;
240 240
241 241 .title {
242 242 overflow: visible;
243 243 }
244 244
245 245 &:before,
246 246 &:after {
247 247 content: "";
248 248 clear: both;
249 249 width: 100%;
250 250 }
251 251
252 252 // TODO: johbo: Avoids breaking "Repositories" chooser
253 253 .select2-container .select2-choice .select2-arrow {
254 254 display: none;
255 255 }
256 256 }
257 257
258 258 #header-inner {
259 259 &.title {
260 260 margin: 0;
261 261 }
262 262 &:before,
263 263 &:after {
264 264 content: "";
265 265 clear: both;
266 266 }
267 267 }
268 268
269 269 // Gists
270 270 #files_data {
271 271 clear: both; //for firefox
272 272 }
273 273 #gistid {
274 274 margin-right: @padding;
275 275 }
276 276
277 277 // Global Settings Editor
278 278 .textarea.editor {
279 279 float: left;
280 280 position: relative;
281 281 max-width: @texteditor-width;
282 282
283 283 select {
284 284 position: absolute;
285 285 top:10px;
286 286 right:0;
287 287 }
288 288
289 289 .CodeMirror {
290 290 margin: 0;
291 291 }
292 292
293 293 .help-block {
294 294 margin: 0 0 @padding;
295 295 padding:.5em;
296 296 background-color: @grey6;
297 297 &.pre-formatting {
298 298 white-space: pre;
299 299 }
300 300 }
301 301 }
302 302
303 303 ul.auth_plugins {
304 304 margin: @padding 0 @padding @legend-width;
305 305 padding: 0;
306 306
307 307 li {
308 308 margin-bottom: @padding;
309 309 line-height: 1em;
310 310 list-style-type: none;
311 311
312 312 .auth_buttons .btn {
313 313 margin-right: @padding;
314 314 }
315 315
316 316 &:before { content: none; }
317 317 }
318 318 }
319 319
320 320
321 321 // My Account PR list
322 322
323 323 #show_closed {
324 324 margin: 0 1em 0 0;
325 325 }
326 326
327 327 .pullrequestlist {
328 328 .closed {
329 329 background-color: @grey6;
330 330 }
331 331 .td-status {
332 332 padding-left: .5em;
333 333 }
334 334 .log-container .truncate {
335 335 height: 2.75em;
336 336 white-space: pre-line;
337 337 }
338 338 table.rctable .user {
339 339 padding-left: 0;
340 340 }
341 341 table.rctable {
342 342 td.td-description,
343 343 .rc-user {
344 344 min-width: auto;
345 345 }
346 346 }
347 347 }
348 348
349 349 // Pull Requests
350 350
351 351 .pullrequests_section_head {
352 352 display: block;
353 353 clear: both;
354 354 margin: @padding 0;
355 355 font-family: @text-bold;
356 356 }
357 357
358 358 .pr-origininfo, .pr-targetinfo {
359 359 position: relative;
360 360
361 361 .tag {
362 362 display: inline-block;
363 363 margin: 0 1em .5em 0;
364 364 }
365 365
366 366 .clone-url {
367 367 display: inline-block;
368 368 margin: 0 0 .5em 0;
369 369 padding: 0;
370 370 line-height: 1.2em;
371 371 }
372 372 }
373 373
374 374 .pr-mergeinfo {
375 375 min-width: 95% !important;
376 376 padding: 0 !important;
377 377 border: 0;
378 378 }
379 379 .pr-mergeinfo-copy {
380 380 padding: 0 0;
381 381 }
382 382
383 383 .pr-pullinfo {
384 384 min-width: 95% !important;
385 385 padding: 0 !important;
386 386 border: 0;
387 387 }
388 388 .pr-pullinfo-copy {
389 389 padding: 0 0;
390 390 }
391 391
392 392
393 393 #pr-title-input {
394 394 width: 72%;
395 395 font-size: 1em;
396 396 font-family: @text-bold;
397 397 margin: 0;
398 398 padding: 0 0 0 @padding/4;
399 399 line-height: 1.7em;
400 400 color: @text-color;
401 401 letter-spacing: .02em;
402 402 }
403 403
404 404 #pullrequest_title {
405 405 width: 100%;
406 406 box-sizing: border-box;
407 407 }
408 408
409 409 #pr_open_message {
410 410 border: @border-thickness solid #fff;
411 411 border-radius: @border-radius;
412 412 padding: @padding-large-vertical @padding-large-vertical @padding-large-vertical 0;
413 413 text-align: left;
414 414 overflow: hidden;
415 415 }
416 416
417 417 .pr-submit-button {
418 418 float: right;
419 419 margin: 0 0 0 5px;
420 420 }
421 421
422 422 .pr-spacing-container {
423 423 padding: 20px;
424 424 clear: both
425 425 }
426 426
427 427 #pr-description-input {
428 428 margin-bottom: 0;
429 429 }
430 430
431 431 .pr-description-label {
432 432 vertical-align: top;
433 433 }
434 434
435 435 .perms_section_head {
436 436 min-width: 625px;
437 437
438 438 h2 {
439 439 margin-bottom: 0;
440 440 }
441 441
442 442 .label-checkbox {
443 443 float: left;
444 444 }
445 445
446 446 &.field {
447 447 margin: @space 0 @padding;
448 448 }
449 449
450 450 &:first-child.field {
451 451 margin-top: 0;
452 452
453 453 .label {
454 454 margin-top: 0;
455 455 padding-top: 0;
456 456 }
457 457
458 458 .radios {
459 459 padding-top: 0;
460 460 }
461 461 }
462 462
463 463 .radios {
464 464 position: relative;
465 width: 405px;
465 width: 505px;
466 466 }
467 467 }
468 468
469 469 //--- MODULES ------------------//
470 470
471 471
472 472 // Server Announcement
473 473 #server-announcement {
474 474 width: 95%;
475 475 margin: @padding auto;
476 476 padding: @padding;
477 477 border-width: 2px;
478 478 border-style: solid;
479 479 .border-radius(2px);
480 480 font-family: @text-bold;
481 481
482 482 &.info { border-color: @alert4; background-color: @alert4-inner; }
483 483 &.warning { border-color: @alert3; background-color: @alert3-inner; }
484 484 &.error { border-color: @alert2; background-color: @alert2-inner; }
485 485 &.success { border-color: @alert1; background-color: @alert1-inner; }
486 486 &.neutral { border-color: @grey3; background-color: @grey6; }
487 487 }
488 488
489 489 // Fixed Sidebar Column
490 490 .sidebar-col-wrapper {
491 491 padding-left: @sidebar-all-width;
492 492
493 493 .sidebar {
494 494 width: @sidebar-width;
495 495 margin-left: -@sidebar-all-width;
496 496 }
497 497 }
498 498
499 499 .sidebar-col-wrapper.scw-small {
500 500 padding-left: @sidebar-small-all-width;
501 501
502 502 .sidebar {
503 503 width: @sidebar-small-width;
504 504 margin-left: -@sidebar-small-all-width;
505 505 }
506 506 }
507 507
508 508
509 509 // FOOTER
510 510 #footer {
511 511 padding: 0;
512 512 text-align: center;
513 513 vertical-align: middle;
514 514 color: @grey2;
515 515 background-color: @grey6;
516 516
517 517 p {
518 518 margin: 0;
519 519 padding: 1em;
520 520 line-height: 1em;
521 521 }
522 522
523 523 .server-instance { //server instance
524 524 display: none;
525 525 }
526 526
527 527 .title {
528 528 float: none;
529 529 margin: 0 auto;
530 530 }
531 531 }
532 532
533 533 button.close {
534 534 padding: 0;
535 535 cursor: pointer;
536 536 background: transparent;
537 537 border: 0;
538 538 .box-shadow(none);
539 539 -webkit-appearance: none;
540 540 }
541 541
542 542 .close {
543 543 float: right;
544 544 font-size: 21px;
545 545 font-family: @text-bootstrap;
546 546 line-height: 1em;
547 547 font-weight: bold;
548 548 color: @grey2;
549 549
550 550 &:hover,
551 551 &:focus {
552 552 color: @grey1;
553 553 text-decoration: none;
554 554 cursor: pointer;
555 555 }
556 556 }
557 557
558 558 // GRID
559 559 .sorting,
560 560 .sorting_desc,
561 561 .sorting_asc {
562 562 cursor: pointer;
563 563 }
564 564 .sorting_desc:after {
565 565 content: "\00A0\25B2";
566 566 font-size: .75em;
567 567 }
568 568 .sorting_asc:after {
569 569 content: "\00A0\25BC";
570 570 font-size: .68em;
571 571 }
572 572
573 573
574 574 .user_auth_tokens {
575 575
576 576 &.truncate {
577 577 white-space: nowrap;
578 578 overflow: hidden;
579 579 text-overflow: ellipsis;
580 580 }
581 581
582 582 .fields .field .input {
583 583 margin: 0;
584 584 }
585 585
586 586 input#description {
587 587 width: 100px;
588 588 margin: 0;
589 589 }
590 590
591 591 .drop-menu {
592 592 // TODO: johbo: Remove this, should work out of the box when
593 593 // having multiple inputs inline
594 594 margin: 0 0 0 5px;
595 595 }
596 596 }
597 597 #user_list_table {
598 598 .closed {
599 599 background-color: @grey6;
600 600 }
601 601 }
602 602
603 603
604 604 input {
605 605 &.disabled {
606 606 opacity: .5;
607 607 }
608 608 }
609 609
610 610 // remove extra padding in firefox
611 611 input::-moz-focus-inner { border:0; padding:0 }
612 612
613 613 .adjacent input {
614 614 margin-bottom: @padding;
615 615 }
616 616
617 617 .permissions_boxes {
618 618 display: block;
619 619 }
620 620
621 621 //TODO: lisa: this should be in tables
622 622 .show_more_col {
623 623 width: 20px;
624 624 }
625 625
626 626 //FORMS
627 627
628 628 .medium-inline,
629 629 input#description.medium-inline {
630 630 display: inline;
631 631 width: @medium-inline-input-width;
632 632 min-width: 100px;
633 633 }
634 634
635 635 select {
636 636 //reset
637 637 -webkit-appearance: none;
638 638 -moz-appearance: none;
639 639
640 640 display: inline-block;
641 641 height: 28px;
642 642 width: auto;
643 643 margin: 0 @padding @padding 0;
644 644 padding: 0 18px 0 8px;
645 645 line-height:1em;
646 646 font-size: @basefontsize;
647 647 border: @border-thickness solid @rcblue;
648 648 background:white url("../images/dt-arrow-dn.png") no-repeat 100% 50%;
649 649 color: @rcblue;
650 650
651 651 &:after {
652 652 content: "\00A0\25BE";
653 653 }
654 654
655 655 &:focus {
656 656 outline: none;
657 657 }
658 658 }
659 659
660 660 option {
661 661 &:focus {
662 662 outline: none;
663 663 }
664 664 }
665 665
666 666 input,
667 667 textarea {
668 668 padding: @input-padding;
669 669 border: @input-border-thickness solid @border-highlight-color;
670 670 .border-radius (@border-radius);
671 671 font-family: @text-light;
672 672 font-size: @basefontsize;
673 673
674 674 &.input-sm {
675 675 padding: 5px;
676 676 }
677 677
678 678 &#description {
679 679 min-width: @input-description-minwidth;
680 680 min-height: 1em;
681 681 padding: 10px;
682 682 }
683 683 }
684 684
685 685 .field-sm {
686 686 input,
687 687 textarea {
688 688 padding: 5px;
689 689 }
690 690 }
691 691
692 692 textarea {
693 693 display: block;
694 694 clear: both;
695 695 width: 100%;
696 696 min-height: 100px;
697 697 margin-bottom: @padding;
698 698 .box-sizing(border-box);
699 699 overflow: auto;
700 700 }
701 701
702 702 label {
703 703 font-family: @text-light;
704 704 }
705 705
706 706 // GRAVATARS
707 707 // centers gravatar on username to the right
708 708
709 709 .gravatar {
710 710 display: inline;
711 711 min-width: 16px;
712 712 min-height: 16px;
713 713 margin: -5px 0;
714 714 padding: 0;
715 715 line-height: 1em;
716 716 border: 1px solid @grey4;
717 717 box-sizing: content-box;
718 718
719 719 &.gravatar-large {
720 720 margin: -0.5em .25em -0.5em 0;
721 721 }
722 722
723 723 & + .user {
724 724 display: inline;
725 725 margin: 0;
726 726 padding: 0 0 0 .17em;
727 727 line-height: 1em;
728 728 }
729 729 }
730 730
731 731 .user-inline-data {
732 732 display: inline-block;
733 733 float: left;
734 734 padding-left: .5em;
735 735 line-height: 1.3em;
736 736 }
737 737
738 738 .rc-user { // gravatar + user wrapper
739 739 float: left;
740 740 position: relative;
741 741 min-width: 100px;
742 742 max-width: 200px;
743 743 min-height: (@gravatar-size + @border-thickness * 2); // account for border
744 744 display: block;
745 745 padding: 0 0 0 (@gravatar-size + @basefontsize/2 + @border-thickness * 2);
746 746
747 747
748 748 .gravatar {
749 749 display: block;
750 750 position: absolute;
751 751 top: 0;
752 752 left: 0;
753 753 min-width: @gravatar-size;
754 754 min-height: @gravatar-size;
755 755 margin: 0;
756 756 }
757 757
758 758 .user {
759 759 display: block;
760 760 max-width: 175px;
761 761 padding-top: 2px;
762 762 overflow: hidden;
763 763 text-overflow: ellipsis;
764 764 }
765 765 }
766 766
767 767 .gist-gravatar,
768 768 .journal_container {
769 769 .gravatar-large {
770 770 margin: 0 .5em -10px 0;
771 771 }
772 772 }
773 773
774 774
775 775 // ADMIN SETTINGS
776 776
777 777 // Tag Patterns
778 778 .tag_patterns {
779 779 .tag_input {
780 780 margin-bottom: @padding;
781 781 }
782 782 }
783 783
784 784 .locked_input {
785 785 position: relative;
786 786
787 787 input {
788 788 display: inline;
789 789 margin: 3px 5px 0px 0px;
790 790 }
791 791
792 792 br {
793 793 display: none;
794 794 }
795 795
796 796 .error-message {
797 797 float: left;
798 798 width: 100%;
799 799 }
800 800
801 801 .lock_input_button {
802 802 display: inline;
803 803 }
804 804
805 805 .help-block {
806 806 clear: both;
807 807 }
808 808 }
809 809
810 810 // Notifications
811 811
812 812 .notifications_buttons {
813 813 margin: 0 0 @space 0;
814 814 padding: 0;
815 815
816 816 .btn {
817 817 display: inline-block;
818 818 }
819 819 }
820 820
821 821 .notification-list {
822 822
823 823 div {
824 824 display: inline-block;
825 825 vertical-align: middle;
826 826 }
827 827
828 828 .container {
829 829 display: block;
830 830 margin: 0 0 @padding 0;
831 831 }
832 832
833 833 .delete-notifications {
834 834 margin-left: @padding;
835 835 text-align: right;
836 836 cursor: pointer;
837 837 }
838 838
839 839 .read-notifications {
840 840 margin-left: @padding/2;
841 841 text-align: right;
842 842 width: 35px;
843 843 cursor: pointer;
844 844 }
845 845
846 846 .icon-minus-sign {
847 847 color: @alert2;
848 848 }
849 849
850 850 .icon-ok-sign {
851 851 color: @alert1;
852 852 }
853 853 }
854 854
855 855 .user_settings {
856 856 float: left;
857 857 clear: both;
858 858 display: block;
859 859 width: 100%;
860 860
861 861 .gravatar_box {
862 862 margin-bottom: @padding;
863 863
864 864 &:after {
865 865 content: " ";
866 866 clear: both;
867 867 width: 100%;
868 868 }
869 869 }
870 870
871 871 .fields .field {
872 872 clear: both;
873 873 }
874 874 }
875 875
876 876 .advanced_settings {
877 877 margin-bottom: @space;
878 878
879 879 .help-block {
880 880 margin-left: 0;
881 881 }
882 882
883 883 button + .help-block {
884 884 margin-top: @padding;
885 885 }
886 886 }
887 887
888 888 // admin settings radio buttons and labels
889 889 .label-2 {
890 890 float: left;
891 891 width: @label2-width;
892 892
893 893 label {
894 894 color: @grey1;
895 895 }
896 896 }
897 897 .checkboxes {
898 898 float: left;
899 899 width: @checkboxes-width;
900 900 margin-bottom: @padding;
901 901
902 902 .checkbox {
903 903 width: 100%;
904 904
905 905 label {
906 906 margin: 0;
907 907 padding: 0;
908 908 }
909 909 }
910 910
911 911 .checkbox + .checkbox {
912 912 display: inline-block;
913 913 }
914 914
915 915 label {
916 916 margin-right: 1em;
917 917 }
918 918 }
919 919
920 920 // CHANGELOG
921 921 .container_header {
922 922 float: left;
923 923 display: block;
924 924 width: 100%;
925 925 margin: @padding 0 @padding;
926 926
927 927 #filter_changelog {
928 928 float: left;
929 929 margin-right: @padding;
930 930 }
931 931
932 932 .breadcrumbs_light {
933 933 display: inline-block;
934 934 }
935 935 }
936 936
937 937 .info_box {
938 938 float: right;
939 939 }
940 940
941 941
942 942 #graph_nodes {
943 943 padding-top: 43px;
944 944 }
945 945
946 946 #graph_content{
947 947
948 948 // adjust for table headers so that graph renders properly
949 949 // #graph_nodes padding - table cell padding
950 950 padding-top: (@space - (@basefontsize * 2.4));
951 951
952 952 &.graph_full_width {
953 953 width: 100%;
954 954 max-width: 100%;
955 955 }
956 956 }
957 957
958 958 #graph {
959 959 .flag_status {
960 960 margin: 0;
961 961 }
962 962
963 963 .pagination-left {
964 964 float: left;
965 965 clear: both;
966 966 }
967 967
968 968 .log-container {
969 969 max-width: 345px;
970 970
971 971 .message{
972 972 max-width: 340px;
973 973 }
974 974 }
975 975
976 976 .graph-col-wrapper {
977 977 padding-left: 110px;
978 978
979 979 #graph_nodes {
980 980 width: 100px;
981 981 margin-left: -110px;
982 982 float: left;
983 983 clear: left;
984 984 }
985 985 }
986 986
987 987 .load-more-commits {
988 988 text-align: center;
989 989 }
990 990 .load-more-commits:hover {
991 991 background-color: @grey7;
992 992 }
993 993 .load-more-commits {
994 994 a {
995 995 display: block;
996 996 }
997 997 }
998 998 }
999 999
1000 1000 #filter_changelog {
1001 1001 float: left;
1002 1002 }
1003 1003
1004 1004
1005 1005 //--- THEME ------------------//
1006 1006
1007 1007 #logo {
1008 1008 float: left;
1009 1009 margin: 9px 0 0 0;
1010 1010
1011 1011 .header {
1012 1012 background-color: transparent;
1013 1013 }
1014 1014
1015 1015 a {
1016 1016 display: inline-block;
1017 1017 }
1018 1018
1019 1019 img {
1020 1020 height:30px;
1021 1021 }
1022 1022 }
1023 1023
1024 1024 .logo-wrapper {
1025 1025 float:left;
1026 1026 }
1027 1027
1028 1028 .branding{
1029 1029 float: left;
1030 1030 padding: 9px 2px;
1031 1031 line-height: 1em;
1032 1032 font-size: @navigation-fontsize;
1033 1033 }
1034 1034
1035 1035 img {
1036 1036 border: none;
1037 1037 outline: none;
1038 1038 }
1039 1039 user-profile-header
1040 1040 label {
1041 1041
1042 1042 input[type="checkbox"] {
1043 1043 margin-right: 1em;
1044 1044 }
1045 1045 input[type="radio"] {
1046 1046 margin-right: 1em;
1047 1047 }
1048 1048 }
1049 1049
1050 1050 .flag_status {
1051 1051 margin: 2px 8px 6px 2px;
1052 1052 &.under_review {
1053 1053 .circle(5px, @alert3);
1054 1054 }
1055 1055 &.approved {
1056 1056 .circle(5px, @alert1);
1057 1057 }
1058 1058 &.rejected,
1059 1059 &.forced_closed{
1060 1060 .circle(5px, @alert2);
1061 1061 }
1062 1062 &.not_reviewed {
1063 1063 .circle(5px, @grey5);
1064 1064 }
1065 1065 }
1066 1066
1067 1067 .flag_status_comment_box {
1068 1068 margin: 5px 6px 0px 2px;
1069 1069 }
1070 1070 .test_pattern_preview {
1071 1071 margin: @space 0;
1072 1072
1073 1073 p {
1074 1074 margin-bottom: 0;
1075 1075 border-bottom: @border-thickness solid @border-default-color;
1076 1076 color: @grey3;
1077 1077 }
1078 1078
1079 1079 .btn {
1080 1080 margin-bottom: @padding;
1081 1081 }
1082 1082 }
1083 1083 #test_pattern_result {
1084 1084 display: none;
1085 1085 &:extend(pre);
1086 1086 padding: .9em;
1087 1087 color: @grey3;
1088 1088 background-color: @grey7;
1089 1089 border-right: @border-thickness solid @border-default-color;
1090 1090 border-bottom: @border-thickness solid @border-default-color;
1091 1091 border-left: @border-thickness solid @border-default-color;
1092 1092 }
1093 1093
1094 1094 #repo_vcs_settings {
1095 1095 #inherit_overlay_vcs_default {
1096 1096 display: none;
1097 1097 }
1098 1098 #inherit_overlay_vcs_custom {
1099 1099 display: custom;
1100 1100 }
1101 1101 &.inherited {
1102 1102 #inherit_overlay_vcs_default {
1103 1103 display: block;
1104 1104 }
1105 1105 #inherit_overlay_vcs_custom {
1106 1106 display: none;
1107 1107 }
1108 1108 }
1109 1109 }
1110 1110
1111 1111 .issue-tracker-link {
1112 1112 color: @rcblue;
1113 1113 }
1114 1114
1115 1115 // Issue Tracker Table Show/Hide
1116 1116 #repo_issue_tracker {
1117 1117 #inherit_overlay {
1118 1118 display: none;
1119 1119 }
1120 1120 #custom_overlay {
1121 1121 display: custom;
1122 1122 }
1123 1123 &.inherited {
1124 1124 #inherit_overlay {
1125 1125 display: block;
1126 1126 }
1127 1127 #custom_overlay {
1128 1128 display: none;
1129 1129 }
1130 1130 }
1131 1131 }
1132 1132 table.issuetracker {
1133 1133 &.readonly {
1134 1134 tr, td {
1135 1135 color: @grey3;
1136 1136 }
1137 1137 }
1138 1138 .edit {
1139 1139 display: none;
1140 1140 }
1141 1141 .editopen {
1142 1142 .edit {
1143 1143 display: inline;
1144 1144 }
1145 1145 .entry {
1146 1146 display: none;
1147 1147 }
1148 1148 }
1149 1149 tr td.td-action {
1150 1150 min-width: 117px;
1151 1151 }
1152 1152 td input {
1153 1153 max-width: none;
1154 1154 min-width: 30px;
1155 1155 width: 80%;
1156 1156 }
1157 1157 .issuetracker_pref input {
1158 1158 width: 40%;
1159 1159 }
1160 1160 input.edit_issuetracker_update {
1161 1161 margin-right: 0;
1162 1162 width: auto;
1163 1163 }
1164 1164 }
1165 1165
1166 1166 table.integrations {
1167 1167 .td-icon {
1168 1168 width: 20px;
1169 1169 .integration-icon {
1170 1170 height: 20px;
1171 1171 width: 20px;
1172 1172 }
1173 1173 }
1174 1174 }
1175 1175
1176 1176 .integrations {
1177 1177 a.integration-box {
1178 1178 color: @text-color;
1179 1179 &:hover {
1180 1180 .panel {
1181 1181 background: #fbfbfb;
1182 1182 }
1183 1183 }
1184 1184 .integration-icon {
1185 1185 width: 30px;
1186 1186 height: 30px;
1187 1187 margin-right: 20px;
1188 1188 float: left;
1189 1189 }
1190 1190
1191 1191 .panel-body {
1192 1192 padding: 10px;
1193 1193 }
1194 1194 .panel {
1195 1195 margin-bottom: 10px;
1196 1196 }
1197 1197 h2 {
1198 1198 display: inline-block;
1199 1199 margin: 0;
1200 1200 min-width: 140px;
1201 1201 }
1202 1202 }
1203 1203 a.integration-box.dummy-integration {
1204 1204 color: @grey4
1205 1205 }
1206 1206 }
1207 1207
1208 1208 //Permissions Settings
1209 1209 #add_perm {
1210 1210 margin: 0 0 @padding;
1211 1211 cursor: pointer;
1212 1212 }
1213 1213
1214 1214 .perm_ac {
1215 1215 input {
1216 1216 width: 95%;
1217 1217 }
1218 1218 }
1219 1219
1220 1220 .autocomplete-suggestions {
1221 1221 width: auto !important; // overrides autocomplete.js
1222 1222 margin: 0;
1223 1223 border: @border-thickness solid @rcblue;
1224 1224 border-radius: @border-radius;
1225 1225 color: @rcblue;
1226 1226 background-color: white;
1227 1227 }
1228 1228 .autocomplete-selected {
1229 1229 background: #F0F0F0;
1230 1230 }
1231 1231 .ac-container-wrap {
1232 1232 margin: 0;
1233 1233 padding: 8px;
1234 1234 border-bottom: @border-thickness solid @rclightblue;
1235 1235 list-style-type: none;
1236 1236 cursor: pointer;
1237 1237
1238 1238 &:hover {
1239 1239 background-color: @rclightblue;
1240 1240 }
1241 1241
1242 1242 img {
1243 1243 height: @gravatar-size;
1244 1244 width: @gravatar-size;
1245 1245 margin-right: 1em;
1246 1246 }
1247 1247
1248 1248 strong {
1249 1249 font-weight: normal;
1250 1250 }
1251 1251 }
1252 1252
1253 1253 // Settings Dropdown
1254 1254 .user-menu .container {
1255 1255 padding: 0 4px;
1256 1256 margin: 0;
1257 1257 }
1258 1258
1259 1259 .user-menu .gravatar {
1260 1260 cursor: pointer;
1261 1261 }
1262 1262
1263 1263 .codeblock {
1264 1264 margin-bottom: @padding;
1265 1265 clear: both;
1266 1266
1267 1267 .stats{
1268 1268 overflow: hidden;
1269 1269 }
1270 1270
1271 1271 .message{
1272 1272 textarea{
1273 1273 margin: 0;
1274 1274 }
1275 1275 }
1276 1276
1277 1277 .code-header {
1278 1278 .stats {
1279 1279 line-height: 2em;
1280 1280
1281 1281 .revision_id {
1282 1282 margin-left: 0;
1283 1283 }
1284 1284 .buttons {
1285 1285 padding-right: 0;
1286 1286 }
1287 1287 }
1288 1288
1289 1289 .item{
1290 1290 margin-right: 0.5em;
1291 1291 }
1292 1292 }
1293 1293
1294 1294 #editor_container{
1295 1295 position: relative;
1296 1296 margin: @padding;
1297 1297 }
1298 1298 }
1299 1299
1300 1300 #file_history_container {
1301 1301 display: none;
1302 1302 }
1303 1303
1304 1304 .file-history-inner {
1305 1305 margin-bottom: 10px;
1306 1306 }
1307 1307
1308 1308 // Pull Requests
1309 1309 .summary-details {
1310 1310 width: 72%;
1311 1311 }
1312 1312 .pr-summary {
1313 1313 border-bottom: @border-thickness solid @grey5;
1314 1314 margin-bottom: @space;
1315 1315 }
1316 1316 .reviewers-title {
1317 1317 width: 25%;
1318 1318 min-width: 200px;
1319 1319 }
1320 1320 .reviewers {
1321 1321 width: 25%;
1322 1322 min-width: 200px;
1323 1323 }
1324 1324 .reviewers ul li {
1325 1325 position: relative;
1326 1326 width: 100%;
1327 1327 padding-bottom: 8px;
1328 1328 }
1329 1329
1330 1330 .reviewer_entry {
1331 1331 min-height: 55px;
1332 1332 }
1333 1333
1334 1334 .reviewers_member {
1335 1335 width: 100%;
1336 1336 overflow: auto;
1337 1337 }
1338 1338 .reviewer_reason {
1339 1339 padding-left: 20px;
1340 1340 line-height: 1.5em;
1341 1341 }
1342 1342 .reviewer_status {
1343 1343 display: inline-block;
1344 1344 vertical-align: top;
1345 1345 width: 25px;
1346 1346 min-width: 25px;
1347 1347 height: 1.2em;
1348 1348 margin-top: 3px;
1349 1349 line-height: 1em;
1350 1350 }
1351 1351
1352 1352 .reviewer_name {
1353 1353 display: inline-block;
1354 1354 max-width: 83%;
1355 1355 padding-right: 20px;
1356 1356 vertical-align: middle;
1357 1357 line-height: 1;
1358 1358
1359 1359 .rc-user {
1360 1360 min-width: 0;
1361 1361 margin: -2px 1em 0 0;
1362 1362 }
1363 1363
1364 1364 .reviewer {
1365 1365 float: left;
1366 1366 }
1367 1367 }
1368 1368
1369 1369 .reviewer_member_mandatory {
1370 1370 position: absolute;
1371 1371 left: 15px;
1372 1372 top: 8px;
1373 1373 width: 16px;
1374 1374 font-size: 11px;
1375 1375 margin: 0;
1376 1376 padding: 0;
1377 1377 color: black;
1378 1378 }
1379 1379
1380 1380 .reviewer_member_mandatory_remove,
1381 1381 .reviewer_member_remove {
1382 1382 position: absolute;
1383 1383 right: 0;
1384 1384 top: 0;
1385 1385 width: 16px;
1386 1386 margin-bottom: 10px;
1387 1387 padding: 0;
1388 1388 color: black;
1389 1389 }
1390 1390
1391 1391 .reviewer_member_mandatory_remove {
1392 1392 color: @grey4;
1393 1393 }
1394 1394
1395 1395 .reviewer_member_status {
1396 1396 margin-top: 5px;
1397 1397 }
1398 1398 .pr-summary #summary{
1399 1399 width: 100%;
1400 1400 }
1401 1401 .pr-summary .action_button:hover {
1402 1402 border: 0;
1403 1403 cursor: pointer;
1404 1404 }
1405 1405 .pr-details-title {
1406 1406 padding-bottom: 8px;
1407 1407 border-bottom: @border-thickness solid @grey5;
1408 1408
1409 1409 .action_button.disabled {
1410 1410 color: @grey4;
1411 1411 cursor: inherit;
1412 1412 }
1413 1413 .action_button {
1414 1414 color: @rcblue;
1415 1415 }
1416 1416 }
1417 1417 .pr-details-content {
1418 1418 margin-top: @textmargin;
1419 1419 margin-bottom: @textmargin;
1420 1420 }
1421 1421
1422 1422 .pr-reviewer-rules {
1423 1423 padding: 10px 0px 20px 0px;
1424 1424 }
1425 1425
1426 1426 .group_members {
1427 1427 margin-top: 0;
1428 1428 padding: 0;
1429 1429 list-style: outside none none;
1430 1430
1431 1431 img {
1432 1432 height: @gravatar-size;
1433 1433 width: @gravatar-size;
1434 1434 margin-right: .5em;
1435 1435 margin-left: 3px;
1436 1436 }
1437 1437
1438 1438 .to-delete {
1439 1439 .user {
1440 1440 text-decoration: line-through;
1441 1441 }
1442 1442 }
1443 1443 }
1444 1444
1445 1445 .compare_view_commits_title {
1446 1446 .disabled {
1447 1447 cursor: inherit;
1448 1448 &:hover{
1449 1449 background-color: inherit;
1450 1450 color: inherit;
1451 1451 }
1452 1452 }
1453 1453 }
1454 1454
1455 1455 .subtitle-compare {
1456 1456 margin: -15px 0px 0px 0px;
1457 1457 }
1458 1458
1459 1459 .comments-summary-td {
1460 1460 border-top: 1px dashed @grey5;
1461 1461 }
1462 1462
1463 1463 // new entry in group_members
1464 1464 .td-author-new-entry {
1465 1465 background-color: rgba(red(@alert1), green(@alert1), blue(@alert1), 0.3);
1466 1466 }
1467 1467
1468 1468 .usergroup_member_remove {
1469 1469 width: 16px;
1470 1470 margin-bottom: 10px;
1471 1471 padding: 0;
1472 1472 color: black !important;
1473 1473 cursor: pointer;
1474 1474 }
1475 1475
1476 1476 .reviewer_ac .ac-input {
1477 1477 width: 92%;
1478 1478 margin-bottom: 1em;
1479 1479 }
1480 1480
1481 1481 .compare_view_commits tr{
1482 1482 height: 20px;
1483 1483 }
1484 1484 .compare_view_commits td {
1485 1485 vertical-align: top;
1486 1486 padding-top: 10px;
1487 1487 }
1488 1488 .compare_view_commits .author {
1489 1489 margin-left: 5px;
1490 1490 }
1491 1491
1492 1492 .compare_view_commits {
1493 1493 .color-a {
1494 1494 color: @alert1;
1495 1495 }
1496 1496
1497 1497 .color-c {
1498 1498 color: @color3;
1499 1499 }
1500 1500
1501 1501 .color-r {
1502 1502 color: @color5;
1503 1503 }
1504 1504
1505 1505 .color-a-bg {
1506 1506 background-color: @alert1;
1507 1507 }
1508 1508
1509 1509 .color-c-bg {
1510 1510 background-color: @alert3;
1511 1511 }
1512 1512
1513 1513 .color-r-bg {
1514 1514 background-color: @alert2;
1515 1515 }
1516 1516
1517 1517 .color-a-border {
1518 1518 border: 1px solid @alert1;
1519 1519 }
1520 1520
1521 1521 .color-c-border {
1522 1522 border: 1px solid @alert3;
1523 1523 }
1524 1524
1525 1525 .color-r-border {
1526 1526 border: 1px solid @alert2;
1527 1527 }
1528 1528
1529 1529 .commit-change-indicator {
1530 1530 width: 15px;
1531 1531 height: 15px;
1532 1532 position: relative;
1533 1533 left: 15px;
1534 1534 }
1535 1535
1536 1536 .commit-change-content {
1537 1537 text-align: center;
1538 1538 vertical-align: middle;
1539 1539 line-height: 15px;
1540 1540 }
1541 1541 }
1542 1542
1543 1543 .compare_view_filepath {
1544 1544 color: @grey1;
1545 1545 }
1546 1546
1547 1547 .show_more {
1548 1548 display: inline-block;
1549 1549 position: relative;
1550 1550 vertical-align: middle;
1551 1551 width: 4px;
1552 1552 height: @basefontsize;
1553 1553
1554 1554 &:after {
1555 1555 content: "\00A0\25BE";
1556 1556 display: inline-block;
1557 1557 width:10px;
1558 1558 line-height: 5px;
1559 1559 font-size: 12px;
1560 1560 cursor: pointer;
1561 1561 }
1562 1562 }
1563 1563
1564 1564 .journal_more .show_more {
1565 1565 display: inline;
1566 1566
1567 1567 &:after {
1568 1568 content: none;
1569 1569 }
1570 1570 }
1571 1571
1572 1572 .open .show_more:after,
1573 1573 .select2-dropdown-open .show_more:after {
1574 1574 .rotate(180deg);
1575 1575 margin-left: 4px;
1576 1576 }
1577 1577
1578 1578
1579 1579 .compare_view_commits .collapse_commit:after {
1580 1580 cursor: pointer;
1581 1581 content: "\00A0\25B4";
1582 1582 margin-left: -3px;
1583 1583 font-size: 17px;
1584 1584 color: @grey4;
1585 1585 }
1586 1586
1587 1587 .diff_links {
1588 1588 margin-left: 8px;
1589 1589 }
1590 1590
1591 1591 div.ancestor {
1592 1592 margin: -30px 0px;
1593 1593 }
1594 1594
1595 1595 .cs_icon_td input[type="checkbox"] {
1596 1596 display: none;
1597 1597 }
1598 1598
1599 1599 .cs_icon_td .expand_file_icon:after {
1600 1600 cursor: pointer;
1601 1601 content: "\00A0\25B6";
1602 1602 font-size: 12px;
1603 1603 color: @grey4;
1604 1604 }
1605 1605
1606 1606 .cs_icon_td .collapse_file_icon:after {
1607 1607 cursor: pointer;
1608 1608 content: "\00A0\25BC";
1609 1609 font-size: 12px;
1610 1610 color: @grey4;
1611 1611 }
1612 1612
1613 1613 /*new binary
1614 1614 NEW_FILENODE = 1
1615 1615 DEL_FILENODE = 2
1616 1616 MOD_FILENODE = 3
1617 1617 RENAMED_FILENODE = 4
1618 1618 COPIED_FILENODE = 5
1619 1619 CHMOD_FILENODE = 6
1620 1620 BIN_FILENODE = 7
1621 1621 */
1622 1622 .cs_files_expand {
1623 1623 font-size: @basefontsize + 5px;
1624 1624 line-height: 1.8em;
1625 1625 float: right;
1626 1626 }
1627 1627
1628 1628 .cs_files_expand span{
1629 1629 color: @rcblue;
1630 1630 cursor: pointer;
1631 1631 }
1632 1632 .cs_files {
1633 1633 clear: both;
1634 1634 padding-bottom: @padding;
1635 1635
1636 1636 .cur_cs {
1637 1637 margin: 10px 2px;
1638 1638 font-weight: bold;
1639 1639 }
1640 1640
1641 1641 .node {
1642 1642 float: left;
1643 1643 }
1644 1644
1645 1645 .changes {
1646 1646 float: right;
1647 1647 color: white;
1648 1648 font-size: @basefontsize - 4px;
1649 1649 margin-top: 4px;
1650 1650 opacity: 0.6;
1651 1651 filter: Alpha(opacity=60); /* IE8 and earlier */
1652 1652
1653 1653 .added {
1654 1654 background-color: @alert1;
1655 1655 float: left;
1656 1656 text-align: center;
1657 1657 }
1658 1658
1659 1659 .deleted {
1660 1660 background-color: @alert2;
1661 1661 float: left;
1662 1662 text-align: center;
1663 1663 }
1664 1664
1665 1665 .bin {
1666 1666 background-color: @alert1;
1667 1667 text-align: center;
1668 1668 }
1669 1669
1670 1670 /*new binary*/
1671 1671 .bin.bin1 {
1672 1672 background-color: @alert1;
1673 1673 text-align: center;
1674 1674 }
1675 1675
1676 1676 /*deleted binary*/
1677 1677 .bin.bin2 {
1678 1678 background-color: @alert2;
1679 1679 text-align: center;
1680 1680 }
1681 1681
1682 1682 /*mod binary*/
1683 1683 .bin.bin3 {
1684 1684 background-color: @grey2;
1685 1685 text-align: center;
1686 1686 }
1687 1687
1688 1688 /*rename file*/
1689 1689 .bin.bin4 {
1690 1690 background-color: @alert4;
1691 1691 text-align: center;
1692 1692 }
1693 1693
1694 1694 /*copied file*/
1695 1695 .bin.bin5 {
1696 1696 background-color: @alert4;
1697 1697 text-align: center;
1698 1698 }
1699 1699
1700 1700 /*chmod file*/
1701 1701 .bin.bin6 {
1702 1702 background-color: @grey2;
1703 1703 text-align: center;
1704 1704 }
1705 1705 }
1706 1706 }
1707 1707
1708 1708 .cs_files .cs_added, .cs_files .cs_A,
1709 1709 .cs_files .cs_added, .cs_files .cs_M,
1710 1710 .cs_files .cs_added, .cs_files .cs_D {
1711 1711 height: 16px;
1712 1712 padding-right: 10px;
1713 1713 margin-top: 7px;
1714 1714 text-align: left;
1715 1715 }
1716 1716
1717 1717 .cs_icon_td {
1718 1718 min-width: 16px;
1719 1719 width: 16px;
1720 1720 }
1721 1721
1722 1722 .pull-request-merge {
1723 1723 border: 1px solid @grey5;
1724 1724 padding: 10px 0px 20px;
1725 1725 margin-top: 10px;
1726 1726 margin-bottom: 20px;
1727 1727 }
1728 1728
1729 1729 .pull-request-merge ul {
1730 1730 padding: 0px 0px;
1731 1731 }
1732 1732
1733 1733 .pull-request-merge li:before{
1734 1734 content:none;
1735 1735 }
1736 1736
1737 1737 .pull-request-merge .pull-request-wrap {
1738 1738 height: auto;
1739 1739 padding: 0px 0px;
1740 1740 text-align: right;
1741 1741 }
1742 1742
1743 1743 .pull-request-merge span {
1744 1744 margin-right: 5px;
1745 1745 }
1746 1746
1747 1747 .pull-request-merge-actions {
1748 1748 min-height: 30px;
1749 1749 padding: 0px 0px;
1750 1750 }
1751 1751
1752 1752 .pull-request-merge-info {
1753 1753 padding: 0px 5px 5px 0px;
1754 1754 }
1755 1755
1756 1756 .merge-status {
1757 1757 margin-right: 5px;
1758 1758 }
1759 1759
1760 1760 .merge-message {
1761 1761 font-size: 1.2em
1762 1762 }
1763 1763
1764 1764 .merge-message.success i,
1765 1765 .merge-icon.success i {
1766 1766 color:@alert1;
1767 1767 }
1768 1768
1769 1769 .merge-message.warning i,
1770 1770 .merge-icon.warning i {
1771 1771 color: @alert3;
1772 1772 }
1773 1773
1774 1774 .merge-message.error i,
1775 1775 .merge-icon.error i {
1776 1776 color:@alert2;
1777 1777 }
1778 1778
1779 1779 .pr-versions {
1780 1780 font-size: 1.1em;
1781 1781
1782 1782 table {
1783 1783 padding: 0px 5px;
1784 1784 }
1785 1785
1786 1786 td {
1787 1787 line-height: 15px;
1788 1788 }
1789 1789
1790 1790 .flag_status {
1791 1791 margin: 0;
1792 1792 }
1793 1793
1794 1794 .compare-radio-button {
1795 1795 position: relative;
1796 1796 top: -3px;
1797 1797 }
1798 1798 }
1799 1799
1800 1800
1801 1801 #close_pull_request {
1802 1802 margin-right: 0px;
1803 1803 }
1804 1804
1805 1805 .empty_data {
1806 1806 color: @grey4;
1807 1807 }
1808 1808
1809 1809 #changeset_compare_view_content {
1810 1810 margin-bottom: @space;
1811 1811 clear: both;
1812 1812 width: 100%;
1813 1813 box-sizing: border-box;
1814 1814 .border-radius(@border-radius);
1815 1815
1816 1816 .help-block {
1817 1817 margin: @padding 0;
1818 1818 color: @text-color;
1819 1819 &.pre-formatting {
1820 1820 white-space: pre;
1821 1821 }
1822 1822 }
1823 1823
1824 1824 .empty_data {
1825 1825 margin: @padding 0;
1826 1826 }
1827 1827
1828 1828 .alert {
1829 1829 margin-bottom: @space;
1830 1830 }
1831 1831 }
1832 1832
1833 1833 .table_disp {
1834 1834 .status {
1835 1835 width: auto;
1836 1836
1837 1837 .flag_status {
1838 1838 float: left;
1839 1839 }
1840 1840 }
1841 1841 }
1842 1842
1843 1843
1844 1844 .creation_in_progress {
1845 1845 color: @grey4
1846 1846 }
1847 1847
1848 1848 .status_box_menu {
1849 1849 margin: 0;
1850 1850 }
1851 1851
1852 1852 .notification-table{
1853 1853 margin-bottom: @space;
1854 1854 display: table;
1855 1855 width: 100%;
1856 1856
1857 1857 .container{
1858 1858 display: table-row;
1859 1859
1860 1860 .notification-header{
1861 1861 border-bottom: @border-thickness solid @border-default-color;
1862 1862 }
1863 1863
1864 1864 .notification-subject{
1865 1865 display: table-cell;
1866 1866 }
1867 1867 }
1868 1868 }
1869 1869
1870 1870 // Notifications
1871 1871 .notification-header{
1872 1872 display: table;
1873 1873 width: 100%;
1874 1874 padding: floor(@basefontsize/2) 0;
1875 1875 line-height: 1em;
1876 1876
1877 1877 .desc, .delete-notifications, .read-notifications{
1878 1878 display: table-cell;
1879 1879 text-align: left;
1880 1880 }
1881 1881
1882 1882 .desc{
1883 1883 width: 1163px;
1884 1884 }
1885 1885
1886 1886 .delete-notifications, .read-notifications{
1887 1887 width: 35px;
1888 1888 min-width: 35px; //fixes when only one button is displayed
1889 1889 }
1890 1890 }
1891 1891
1892 1892 .notification-body {
1893 1893 .markdown-block,
1894 1894 .rst-block {
1895 1895 padding: @padding 0;
1896 1896 }
1897 1897
1898 1898 .notification-subject {
1899 1899 padding: @textmargin 0;
1900 1900 border-bottom: @border-thickness solid @border-default-color;
1901 1901 }
1902 1902 }
1903 1903
1904 1904
1905 1905 .notifications_buttons{
1906 1906 float: right;
1907 1907 }
1908 1908
1909 1909 #notification-status{
1910 1910 display: inline;
1911 1911 }
1912 1912
1913 1913 // Repositories
1914 1914
1915 1915 #summary.fields{
1916 1916 display: table;
1917 1917
1918 1918 .field{
1919 1919 display: table-row;
1920 1920
1921 1921 .label-summary{
1922 1922 display: table-cell;
1923 1923 min-width: @label-summary-minwidth;
1924 1924 padding-top: @padding/2;
1925 1925 padding-bottom: @padding/2;
1926 1926 padding-right: @padding/2;
1927 1927 }
1928 1928
1929 1929 .input{
1930 1930 display: table-cell;
1931 1931 padding: @padding/2;
1932 1932
1933 1933 input{
1934 1934 min-width: 29em;
1935 1935 padding: @padding/4;
1936 1936 }
1937 1937 }
1938 1938 .statistics, .downloads{
1939 1939 .disabled{
1940 1940 color: @grey4;
1941 1941 }
1942 1942 }
1943 1943 }
1944 1944 }
1945 1945
1946 1946 #summary{
1947 1947 width: 70%;
1948 1948 }
1949 1949
1950 1950
1951 1951 // Journal
1952 1952 .journal.title {
1953 1953 h5 {
1954 1954 float: left;
1955 1955 margin: 0;
1956 1956 width: 70%;
1957 1957 }
1958 1958
1959 1959 ul {
1960 1960 float: right;
1961 1961 display: inline-block;
1962 1962 margin: 0;
1963 1963 width: 30%;
1964 1964 text-align: right;
1965 1965
1966 1966 li {
1967 1967 display: inline;
1968 1968 font-size: @journal-fontsize;
1969 1969 line-height: 1em;
1970 1970
1971 1971 &:before { content: none; }
1972 1972 }
1973 1973 }
1974 1974 }
1975 1975
1976 1976 .filterexample {
1977 1977 position: absolute;
1978 1978 top: 95px;
1979 1979 left: @contentpadding;
1980 1980 color: @rcblue;
1981 1981 font-size: 11px;
1982 1982 font-family: @text-regular;
1983 1983 cursor: help;
1984 1984
1985 1985 &:hover {
1986 1986 color: @rcdarkblue;
1987 1987 }
1988 1988
1989 1989 @media (max-width:768px) {
1990 1990 position: relative;
1991 1991 top: auto;
1992 1992 left: auto;
1993 1993 display: block;
1994 1994 }
1995 1995 }
1996 1996
1997 1997
1998 1998 #journal{
1999 1999 margin-bottom: @space;
2000 2000
2001 2001 .journal_day{
2002 2002 margin-bottom: @textmargin/2;
2003 2003 padding-bottom: @textmargin/2;
2004 2004 font-size: @journal-fontsize;
2005 2005 border-bottom: @border-thickness solid @border-default-color;
2006 2006 }
2007 2007
2008 2008 .journal_container{
2009 2009 margin-bottom: @space;
2010 2010
2011 2011 .journal_user{
2012 2012 display: inline-block;
2013 2013 }
2014 2014 .journal_action_container{
2015 2015 display: block;
2016 2016 margin-top: @textmargin;
2017 2017
2018 2018 div{
2019 2019 display: inline;
2020 2020 }
2021 2021
2022 2022 div.journal_action_params{
2023 2023 display: block;
2024 2024 }
2025 2025
2026 2026 div.journal_repo:after{
2027 2027 content: "\A";
2028 2028 white-space: pre;
2029 2029 }
2030 2030
2031 2031 div.date{
2032 2032 display: block;
2033 2033 margin-bottom: @textmargin;
2034 2034 }
2035 2035 }
2036 2036 }
2037 2037 }
2038 2038
2039 2039 // Files
2040 2040 .edit-file-title {
2041 2041 border-bottom: @border-thickness solid @border-default-color;
2042 2042
2043 2043 .breadcrumbs {
2044 2044 margin-bottom: 0;
2045 2045 }
2046 2046 }
2047 2047
2048 2048 .edit-file-fieldset {
2049 2049 margin-top: @sidebarpadding;
2050 2050
2051 2051 .fieldset {
2052 2052 .left-label {
2053 2053 width: 13%;
2054 2054 }
2055 2055 .right-content {
2056 2056 width: 87%;
2057 2057 max-width: 100%;
2058 2058 }
2059 2059 .filename-label {
2060 2060 margin-top: 13px;
2061 2061 }
2062 2062 .commit-message-label {
2063 2063 margin-top: 4px;
2064 2064 }
2065 2065 .file-upload-input {
2066 2066 input {
2067 2067 display: none;
2068 2068 }
2069 2069 margin-top: 10px;
2070 2070 }
2071 2071 .file-upload-label {
2072 2072 margin-top: 10px;
2073 2073 }
2074 2074 p {
2075 2075 margin-top: 5px;
2076 2076 }
2077 2077
2078 2078 }
2079 2079 .custom-path-link {
2080 2080 margin-left: 5px;
2081 2081 }
2082 2082 #commit {
2083 2083 resize: vertical;
2084 2084 }
2085 2085 }
2086 2086
2087 2087 .delete-file-preview {
2088 2088 max-height: 250px;
2089 2089 }
2090 2090
2091 2091 .new-file,
2092 2092 #filter_activate,
2093 2093 #filter_deactivate {
2094 2094 float: left;
2095 2095 margin: 0 0 0 15px;
2096 2096 }
2097 2097
2098 2098 h3.files_location{
2099 2099 line-height: 2.4em;
2100 2100 }
2101 2101
2102 2102 .browser-nav {
2103 2103 display: table;
2104 2104 margin-bottom: @space;
2105 2105
2106 2106
2107 2107 .info_box {
2108 2108 display: inline-table;
2109 2109 height: 2.5em;
2110 2110
2111 2111 .browser-cur-rev, .info_box_elem {
2112 2112 display: table-cell;
2113 2113 vertical-align: middle;
2114 2114 }
2115 2115
2116 2116 .info_box_elem {
2117 2117 border-top: @border-thickness solid @rcblue;
2118 2118 border-bottom: @border-thickness solid @rcblue;
2119 2119
2120 2120 #at_rev, a {
2121 2121 padding: 0.6em 0.9em;
2122 2122 margin: 0;
2123 2123 .box-shadow(none);
2124 2124 border: 0;
2125 2125 height: 12px;
2126 2126 }
2127 2127
2128 2128 input#at_rev {
2129 2129 max-width: 50px;
2130 2130 text-align: right;
2131 2131 }
2132 2132
2133 2133 &.previous {
2134 2134 border: @border-thickness solid @rcblue;
2135 2135 .disabled {
2136 2136 color: @grey4;
2137 2137 cursor: not-allowed;
2138 2138 }
2139 2139 }
2140 2140
2141 2141 &.next {
2142 2142 border: @border-thickness solid @rcblue;
2143 2143 .disabled {
2144 2144 color: @grey4;
2145 2145 cursor: not-allowed;
2146 2146 }
2147 2147 }
2148 2148 }
2149 2149
2150 2150 .browser-cur-rev {
2151 2151
2152 2152 span{
2153 2153 margin: 0;
2154 2154 color: @rcblue;
2155 2155 height: 12px;
2156 2156 display: inline-block;
2157 2157 padding: 0.7em 1em ;
2158 2158 border: @border-thickness solid @rcblue;
2159 2159 margin-right: @padding;
2160 2160 }
2161 2161 }
2162 2162 }
2163 2163
2164 2164 .search_activate {
2165 2165 display: table-cell;
2166 2166 vertical-align: middle;
2167 2167
2168 2168 input, label{
2169 2169 margin: 0;
2170 2170 padding: 0;
2171 2171 }
2172 2172
2173 2173 input{
2174 2174 margin-left: @textmargin;
2175 2175 }
2176 2176
2177 2177 }
2178 2178 }
2179 2179
2180 2180 .browser-cur-rev{
2181 2181 margin-bottom: @textmargin;
2182 2182 }
2183 2183
2184 2184 #node_filter_box_loading{
2185 2185 .info_text;
2186 2186 }
2187 2187
2188 2188 .browser-search {
2189 2189 margin: -25px 0px 5px 0px;
2190 2190 }
2191 2191
2192 2192 .node-filter {
2193 2193 font-size: @repo-title-fontsize;
2194 2194 padding: 4px 0px 0px 0px;
2195 2195
2196 2196 .node-filter-path {
2197 2197 float: left;
2198 2198 color: @grey4;
2199 2199 }
2200 2200 .node-filter-input {
2201 2201 float: left;
2202 2202 margin: -2px 0px 0px 2px;
2203 2203 input {
2204 2204 padding: 2px;
2205 2205 border: none;
2206 2206 font-size: @repo-title-fontsize;
2207 2207 }
2208 2208 }
2209 2209 }
2210 2210
2211 2211
2212 2212 .browser-result{
2213 2213 td a{
2214 2214 margin-left: 0.5em;
2215 2215 display: inline-block;
2216 2216
2217 2217 em{
2218 2218 font-family: @text-bold;
2219 2219 }
2220 2220 }
2221 2221 }
2222 2222
2223 2223 .browser-highlight{
2224 2224 background-color: @grey5-alpha;
2225 2225 }
2226 2226
2227 2227
2228 2228 // Search
2229 2229
2230 2230 .search-form{
2231 2231 #q {
2232 2232 width: @search-form-width;
2233 2233 }
2234 2234 .fields{
2235 2235 margin: 0 0 @space;
2236 2236 }
2237 2237
2238 2238 label{
2239 2239 display: inline-block;
2240 2240 margin-right: @textmargin;
2241 2241 padding-top: 0.25em;
2242 2242 }
2243 2243
2244 2244
2245 2245 .results{
2246 2246 clear: both;
2247 2247 margin: 0 0 @padding;
2248 2248 }
2249 2249 }
2250 2250
2251 2251 div.search-feedback-items {
2252 2252 display: inline-block;
2253 2253 padding:0px 0px 0px 96px;
2254 2254 }
2255 2255
2256 2256 div.search-code-body {
2257 2257 background-color: #ffffff; padding: 5px 0 5px 10px;
2258 2258 pre {
2259 2259 .match { background-color: #faffa6;}
2260 2260 .break { display: block; width: 100%; background-color: #DDE7EF; color: #747474; }
2261 2261 }
2262 2262 }
2263 2263
2264 2264 .expand_commit.search {
2265 2265 .show_more.open {
2266 2266 height: auto;
2267 2267 max-height: none;
2268 2268 }
2269 2269 }
2270 2270
2271 2271 .search-results {
2272 2272
2273 2273 h2 {
2274 2274 margin-bottom: 0;
2275 2275 }
2276 2276 .codeblock {
2277 2277 border: none;
2278 2278 background: transparent;
2279 2279 }
2280 2280
2281 2281 .codeblock-header {
2282 2282 border: none;
2283 2283 background: transparent;
2284 2284 }
2285 2285
2286 2286 .code-body {
2287 2287 border: @border-thickness solid @border-default-color;
2288 2288 .border-radius(@border-radius);
2289 2289 }
2290 2290
2291 2291 .td-commit {
2292 2292 &:extend(pre);
2293 2293 border-bottom: @border-thickness solid @border-default-color;
2294 2294 }
2295 2295
2296 2296 .message {
2297 2297 height: auto;
2298 2298 max-width: 350px;
2299 2299 white-space: normal;
2300 2300 text-overflow: initial;
2301 2301 overflow: visible;
2302 2302
2303 2303 .match { background-color: #faffa6;}
2304 2304 .break { background-color: #DDE7EF; width: 100%; color: #747474; display: block; }
2305 2305 }
2306 2306
2307 2307 }
2308 2308
2309 2309 table.rctable td.td-search-results div {
2310 2310 max-width: 100%;
2311 2311 }
2312 2312
2313 2313 #tip-box, .tip-box{
2314 2314 padding: @menupadding/2;
2315 2315 display: block;
2316 2316 border: @border-thickness solid @border-highlight-color;
2317 2317 .border-radius(@border-radius);
2318 2318 background-color: white;
2319 2319 z-index: 99;
2320 2320 white-space: pre-wrap;
2321 2321 }
2322 2322
2323 2323 #linktt {
2324 2324 width: 79px;
2325 2325 }
2326 2326
2327 2327 #help_kb .modal-content{
2328 2328 max-width: 750px;
2329 2329 margin: 10% auto;
2330 2330
2331 2331 table{
2332 2332 td,th{
2333 2333 border-bottom: none;
2334 2334 line-height: 2.5em;
2335 2335 }
2336 2336 th{
2337 2337 padding-bottom: @textmargin/2;
2338 2338 }
2339 2339 td.keys{
2340 2340 text-align: center;
2341 2341 }
2342 2342 }
2343 2343
2344 2344 .block-left{
2345 2345 width: 45%;
2346 2346 margin-right: 5%;
2347 2347 }
2348 2348 .modal-footer{
2349 2349 clear: both;
2350 2350 }
2351 2351 .key.tag{
2352 2352 padding: 0.5em;
2353 2353 background-color: @rcblue;
2354 2354 color: white;
2355 2355 border-color: @rcblue;
2356 2356 .box-shadow(none);
2357 2357 }
2358 2358 }
2359 2359
2360 2360
2361 2361
2362 2362 //--- IMPORTS FOR REFACTORED STYLES ------------------//
2363 2363
2364 2364 @import 'statistics-graph';
2365 2365 @import 'tables';
2366 2366 @import 'forms';
2367 2367 @import 'diff';
2368 2368 @import 'summary';
2369 2369 @import 'navigation';
2370 2370
2371 2371 //--- SHOW/HIDE SECTIONS --//
2372 2372
2373 2373 .btn-collapse {
2374 2374 float: right;
2375 2375 text-align: right;
2376 2376 font-family: @text-light;
2377 2377 font-size: @basefontsize;
2378 2378 cursor: pointer;
2379 2379 border: none;
2380 2380 color: @rcblue;
2381 2381 }
2382 2382
2383 2383 table.rctable,
2384 2384 table.dataTable {
2385 2385 .btn-collapse {
2386 2386 float: right;
2387 2387 text-align: right;
2388 2388 }
2389 2389 }
2390 2390
2391 2391
2392 2392 // TODO: johbo: Fix for IE10, this avoids that we see a border
2393 2393 // and padding around checkboxes and radio boxes. Move to the right place,
2394 2394 // or better: Remove this once we did the form refactoring.
2395 2395 input[type=checkbox],
2396 2396 input[type=radio] {
2397 2397 padding: 0;
2398 2398 border: none;
2399 2399 }
2400 2400
2401 2401 .toggle-ajax-spinner{
2402 2402 height: 16px;
2403 2403 width: 16px;
2404 2404 }
2405 2405
2406 2406
2407 2407 .markup-form .clearfix {
2408 2408 .border-radius(@border-radius);
2409 2409 margin: 0px;
2410 2410 }
2411 2411
2412 2412 .markup-form-area {
2413 2413 padding: 8px 12px;
2414 2414 border: 1px solid @grey4;
2415 2415 .border-radius(@border-radius);
2416 2416 }
2417 2417
2418 2418 .markup-form-area-header .nav-links {
2419 2419 display: flex;
2420 2420 flex-flow: row wrap;
2421 2421 -webkit-flex-flow: row wrap;
2422 2422 width: 100%;
2423 2423 }
2424 2424
2425 2425 .markup-form-area-footer {
2426 2426 display: flex;
2427 2427 }
2428 2428
2429 2429 .markup-form-area-footer .toolbar {
2430 2430
2431 2431 }
2432 2432
2433 2433 // markup Form
2434 2434 div.markup-form {
2435 2435 margin-top: 20px;
2436 2436 }
2437 2437
2438 2438 .markup-form strong {
2439 2439 display: block;
2440 2440 margin-bottom: 15px;
2441 2441 }
2442 2442
2443 2443 .markup-form textarea {
2444 2444 width: 100%;
2445 2445 height: 100px;
2446 2446 font-family: 'Monaco', 'Courier', 'Courier New', monospace;
2447 2447 }
2448 2448
2449 2449 form.markup-form {
2450 2450 margin-top: 10px;
2451 2451 margin-left: 10px;
2452 2452 }
2453 2453
2454 2454 .markup-form .comment-block-ta,
2455 2455 .markup-form .preview-box {
2456 2456 .border-radius(@border-radius);
2457 2457 .box-sizing(border-box);
2458 2458 background-color: white;
2459 2459 }
2460 2460
2461 2461 .markup-form .preview-box.unloaded {
2462 2462 height: 50px;
2463 2463 text-align: center;
2464 2464 padding: 20px;
2465 2465 background-color: white;
2466 2466 }
Show file before | Show file after | Hide comments
@@ -1,161 +1,167 b''
1 1 @font-face {
2 2 font-family: 'rcicons';
3 3 src: url('../fonts/RCIcons/rcicons.eot?74666722');
4 4 src: url('../fonts/RCIcons/rcicons.eot?74666722#iefix') format('embedded-opentype'),
5 5 url('../fonts/RCIcons/rcicons.woff2?74666722') format('woff2'),
6 6 url('../fonts/RCIcons/rcicons.woff?74666722') format('woff'),
7 7 url('../fonts/RCIcons/rcicons.ttf?74666722') format('truetype'),
8 8 url('../fonts/RCIcons/rcicons.svg?74666722#rcicons') format('svg');
9 9 font-weight: normal;
10 10 font-style: normal;
11 11 }
12 12 /* Chrome hack: SVG is rendered more smooth in Windozze. 100% magic, uncomment if you need it. */
13 13 /* Note, that will break hinting! In other OS-es font will be not as sharp as it could be */
14 14 /*
15 15 @media screen and (-webkit-min-device-pixel-ratio:0) {
16 16 @font-face {
17 17 font-family: 'rcicons';
18 18 src: url('../fonts/RCIcons/rcicons.svg?74666722#rcicons') format('svg');
19 19 }
20 20 }
21 21 */
22 22
23 23 [class^="icon-"]:before, [class*=" icon-"]:before {
24 24 font-family: "rcicons";
25 25 font-style: normal;
26 26 font-weight: normal;
27 27 speak: none;
28 28
29 29 display: inline-block;
30 30 text-decoration: inherit;
31 31 width: 1em;
32 32 margin-right: .2em;
33 33 text-align: center;
34 34 /* opacity: .8; */
35 35
36 36 /* For safety - reset parent styles, that can break glyph codes*/
37 37 font-variant: normal;
38 38 text-transform: none;
39 39
40 40 /* fix buttons height, for twitter bootstrap */
41 41 line-height: 1em;
42 42
43 43 /* Animation center compensation - margins should be symmetric */
44 44 /* remove if not needed */
45 45 margin-left: .2em;
46 46
47 47 /* you can be more comfortable with increased icons size */
48 48 /* font-size: 120%; */
49 49
50 50 /* Font smoothing. That was taken from TWBS */
51 51 -webkit-font-smoothing: antialiased;
52 52 -moz-osx-font-smoothing: grayscale;
53 53
54 54 /* Uncomment for 3D effect */
55 55 /* text-shadow: 1px 1px 1px rgba(127, 127, 127, 0.3); */
56 56 }
57 57
58 58 .icon-no-margin::before {
59 59 margin: 0;
60 60
61 61 }
62 62 // -- ICON CLASSES -- //
63 63
64 64 .icon-bookmark:before { content: '\e803'; } /* '' */
65 65 .icon-branch:before { content: '\e804'; } /* '' */
66 66 .icon-lock:before { content: '\e806'; } /* '' */
67 67 .icon-unlock:before { content: '\e807'; } /* '' */
68 68 .icon-delete:before { content: '\e808'; } /* '' */
69 69 .icon-false:before { content: '\e808'; } /* '' */
70 70
71 71 .icon-ok:before { content: '\e809'; } /* '' */
72 72 .icon-true:before { content: '\e809'; } /* '' */
73 73
74 74 .icon-comment:before { content: '\e80a'; } /* '' */
75 75 .icon-comment-add:before { content: '\e816'; } /* '' */
76 76 .icon-comment_toggle:before { content: '\e818'; } /* '' */
77 77
78 78 .icon-feed:before { content: '\e80b'; } /* '' */
79 79
80 80 .icon-right:before { content: '\e80c'; } /* '' */
81 81 .icon-left:before { content: '\e80d'; } /* '' */
82 82
83 83 .icon-arrow_down:before { content: '\e80e'; } /* '' */
84 84 .icon-arrow_up:before { content: '\e80e'; } /* '' */
85 85
86 86 .icon-group:before { content: '\e812'; } /* '' */
87 87
88 88 .icon-fork:before { content: '\e814'; } /* '' */
89 89 .icon-merge:before { content: '\e814'; } /* '' */
90 90
91 91 .icon-more:before { content: '\e815'; } /* '' */
92 92
93 93 .icon-git-inv:before { content: '\e80f'; } /* '' */
94 94 .icon-hg-inv:before { content: '\e810'; } /* '' */
95 95 .icon-svn-inv:before { content: '\e811'; } /* '' */
96 96
97 97 .icon-git:before { content: '\e81a'; } /* '' */
98 98 .icon-hg:before { content: '\e81b'; } /* '' */
99 99 .icon-svn:before { content: '\e820'; } /* '' */
100 100
101 101 .icon-minus:before { content: '\e81c'; } /* '' */
102 102 .icon-plus:before { content: '\e81d'; } /* '' */
103 103 .icon-remove:before { content: '\e81e'; } /* '' */
104 104 .icon-remove-sign:before { content: '\e81e'; } /* '' */
105 105
106 106 .icon-rhodecode:before { content: '\e81f'; } /* '' */
107 107
108 108 .icon-tag:before { content: '\e821'; } /* '' */
109 109 .icon-copy:before { content: '\f0c5'; } /* '' */
110 110 .icon-clipboard:before { content: '\f0c5'; } /* '' */
111 111
112 112
113 113 .icon-folder:before { content: '\e813'; } /* '' */
114 114 .icon-folder-close:before { content: '\e813'; } /* '' */
115 115
116 116 .icon-directory:before { content: '\e800'; } /* '' */
117 117 .icon-directory-empty:before { content: '\f114'; } /* '' */
118 118 .icon-file-text:before { content: '\f0f6'; } /* '' */
119 119 .icon-file-text-inv:before { content: '\f15c'; } /* '' */
120 120 .icon-file-code:before { content: '\f1c9'; } /* '' */
121 121
122 122 // MERGED ICONS
123 123
124 124 .icon-repo-private:before { &:extend(.icon-lock:before); }
125 125 .icon-repo-lock:before { &:extend(.icon-lock:before); }
126 126 .icon-unlock-alt:before { &:extend(.icon-unlock:before); }
127 127 .icon-repo-unlock:before { &:extend(.icon-unlock:before); }
128 128 .icon-repo-public:before { &:extend(.icon-unlock:before); }
129 129 .icon-rss-sign:before { &:extend(.icon-feed:before); }
130 130 .icon-code-fork:before { &:extend(.icon-fork:before); }
131 131
132 132 // TRANSFORM
133 133 .icon-arrow_up:before {transform: rotate(180deg);}
134 134 .icon-merge:before {transform: rotate(180deg);}
135 135
136 136 // -- END ICON CLASSES -- //
137 137
138 138
139 139 //--- ICONS STYLING ------------------//
140 140
141 141 .icon-git { color: @color4 !important; }
142 142 .icon-hg { color: @color8 !important; }
143 143 .icon-svn { color: @color1 !important; }
144 144 .icon-git-inv { color: @color4 !important; }
145 145 .icon-hg-inv { color: @color8 !important; }
146 146 .icon-svn-inv { color: @color1 !important; }
147 147 .icon-repo-lock { color: #FF0000; }
148 148 .icon-repo-unlock { color: #FF0000; }
149 149
150 150 .repo-switcher-dropdown .select2-result-label {
151 151 .icon-git:before {
152 152 &:extend(.icon-git-transparent:before);
153 153 }
154 154 .icon-hg:before {
155 155 &:extend(.icon-hg-transparent:before);
156 156 color: @alert4;
157 157 }
158 158 .icon-svn:before {
159 159 &:extend(.icon-svn-transparent:before);
160 160 }
161 161 }
162
163 .icon-user-group:before {
164 &:extend(.icon-group:before);
165 margin: 0;
166 font-size: 16px;
167 }
Show file before | Show file after | Hide comments
@@ -1,127 +1,135 b''
1 1 // tags.less
2 2 // For use in RhodeCode applications;
3 3 // see style guide documentation for guidelines.
4 4
5 5 // TAGS
6 6 .tag,
7 7 .tagtag {
8 8 display: inline-block;
9 9 min-height: 0;
10 10 margin: 0 auto;
11 11 padding: .25em;
12 12 text-align: center;
13 13 font-size: (-1 + @basefontsize); //fit in tables
14 14 line-height: .9em;
15 15 border: none;
16 16 .border-radius(@border-radius);
17 17 font-family: @text-regular;
18 18 background-image: none;
19 19 color: @grey4;
20 20 .border ( @border-thickness-tags, @grey4 );
21 21 white-space: nowrap;
22 22 a {
23 23 color: inherit;
24 24 text-decoration: underline;
25 25
26 26 i,
27 27 [class^="icon-"]:before,
28 28 [class*=" icon-"]:before {
29 29 text-decoration: none;
30 30 }
31 31 }
32 32 }
33 33
34 34 .tag0 { .border ( @border-thickness-tags, @grey4 ); color:@grey4; }
35 35 .tag1 { .border ( @border-thickness-tags, @color1 ); color:@color1; }
36 36 .tag2 { .border ( @border-thickness-tags, @color2 ); color:@color2; }
37 37 .tag3 { .border ( @border-thickness-tags, @color3 ); color:@color3; }
38 38 .tag4 { .border ( @border-thickness-tags, @color4 ); color:@color4; }
39 39 .tag5 { .border ( @border-thickness-tags, @color5 ); color:@color5; }
40 40 .tag6 { .border ( @border-thickness-tags, @color6 ); color:@color6; }
41 41 .tag7 { .border ( @border-thickness-tags, @color7 ); color:@color7; }
42 42 .tag8 { .border ( @border-thickness-tags, @color8 ); color:@color8; }
43 43
44 44 .metatag-list {
45 45 margin: 0;
46 46 padding: 0;
47 47
48 48 li {
49 49 margin: 0 0 @padding;
50 50 line-height: 1em;
51 51 list-style-type: none;
52 52
53 53 &:before { content: none; }
54 54 }
55 55 }
56 56
57 57 .branchtag, .booktag {
58 58 &:extend(.tag);
59 59
60 60
61 61 a {
62 62 color:inherit;
63 63 }
64 64 }
65 65
66 66 .metatag {
67 67 &:extend(.tag);
68 68 a {
69 69 color:inherit;
70 70 text-decoration: underline;
71 71 }
72 72 }
73 73
74 74 [tag="generic"] { &:extend(.tag0); }
75 75 [tag="label"] { &:extend(.tag0); }
76 76
77 77 [tag="state featured"] { &:extend(.tag1); }
78 78 [tag="state dev"] { &:extend(.tag1); }
79 79 [tag="ref base"] { &:extend(.tag1); }
80 80
81 81 [tag="state stable"] { &:extend(.tag2); }
82 82 [tag="state stale"] { &:extend(.tag2); }
83 83
84 84 [tag="ref requires"] { &:extend(.tag3); }
85 85
86 86 [tag="state dead"] { &:extend(.tag4); }
87 87 [tag="state deprecated"] { &:extend(.tag4); }
88 88
89 89 [tag="ref conflicts"] { &:extend(.tag4); }
90 90
91 91 [tag="license"] { &:extend(.tag6); }
92 92
93 93 [tag="lang"] { &:extend(.tag7); }
94 94 [tag="language"] { &:extend(.tag7); }
95 95 [tag="ref recommends"] { &:extend(.tag7); }
96 96
97 97 [tag="see"] { &:extend(.tag8); }
98 98 [tag="url"] { &:extend(.tag8); }
99 99
100 100
101 101 .perm_overriden {
102 102 text-decoration: line-through;
103 103 opacity: 0.6;
104 104 }
105 105
106 106 .perm_tag {
107 107 &:extend(.tag);
108 108
109 109 &.read {
110 110 &:extend(.tag1);
111 111 }
112
113 112 &.write {
114 113 &:extend(.tag4);
115 114 }
116 115 &.admin {
117 116 &:extend(.tag5);
118 117 }
118 &.merge {
119 &:extend(.tag1);
120 }
121 &.push {
122 &:extend(.tag4);
123 }
124 &.push_force {
125 &:extend(.tag5);
126 }
119 127 }
120 128
121 129 .phase-draft {
122 130 color: @color3
123 131 }
124 132
125 133 .phase-secret {
126 134 color:@grey3
127 135 }
Show file before | Show file after | Hide comments
@@ -1,331 +1,334 b''
1 1
2 2 /******************************************************************************
3 3 * *
4 4 * DO NOT CHANGE THIS FILE MANUALLY *
5 5 * *
6 6 * *
7 7 * This file is automatically generated when the app starts up with *
8 8 * generate_js_files = true *
9 9 * *
10 10 * To add a route here pass jsroute=True to the route definition in the app *
11 11 * *
12 12 ******************************************************************************/
13 13 function registerRCRoutes() {
14 14 // routes registration
15 15 pyroutes.register('favicon', '/favicon.ico', []);
16 16 pyroutes.register('robots', '/robots.txt', []);
17 17 pyroutes.register('auth_home', '/_admin/auth*traverse', []);
18 18 pyroutes.register('global_integrations_new', '/_admin/integrations/new', []);
19 19 pyroutes.register('global_integrations_home', '/_admin/integrations', []);
20 20 pyroutes.register('global_integrations_list', '/_admin/integrations/%(integration)s', ['integration']);
21 21 pyroutes.register('global_integrations_create', '/_admin/integrations/%(integration)s/new', ['integration']);
22 22 pyroutes.register('global_integrations_edit', '/_admin/integrations/%(integration)s/%(integration_id)s', ['integration', 'integration_id']);
23 23 pyroutes.register('repo_group_integrations_home', '/%(repo_group_name)s/_settings/integrations', ['repo_group_name']);
24 24 pyroutes.register('repo_group_integrations_new', '/%(repo_group_name)s/_settings/integrations/new', ['repo_group_name']);
25 25 pyroutes.register('repo_group_integrations_list', '/%(repo_group_name)s/_settings/integrations/%(integration)s', ['repo_group_name', 'integration']);
26 26 pyroutes.register('repo_group_integrations_create', '/%(repo_group_name)s/_settings/integrations/%(integration)s/new', ['repo_group_name', 'integration']);
27 27 pyroutes.register('repo_group_integrations_edit', '/%(repo_group_name)s/_settings/integrations/%(integration)s/%(integration_id)s', ['repo_group_name', 'integration', 'integration_id']);
28 28 pyroutes.register('repo_integrations_home', '/%(repo_name)s/settings/integrations', ['repo_name']);
29 29 pyroutes.register('repo_integrations_new', '/%(repo_name)s/settings/integrations/new', ['repo_name']);
30 30 pyroutes.register('repo_integrations_list', '/%(repo_name)s/settings/integrations/%(integration)s', ['repo_name', 'integration']);
31 31 pyroutes.register('repo_integrations_create', '/%(repo_name)s/settings/integrations/%(integration)s/new', ['repo_name', 'integration']);
32 32 pyroutes.register('repo_integrations_edit', '/%(repo_name)s/settings/integrations/%(integration)s/%(integration_id)s', ['repo_name', 'integration', 'integration_id']);
33 33 pyroutes.register('ops_ping', '/_admin/ops/ping', []);
34 34 pyroutes.register('ops_error_test', '/_admin/ops/error', []);
35 35 pyroutes.register('ops_redirect_test', '/_admin/ops/redirect', []);
36 36 pyroutes.register('ops_ping_legacy', '/_admin/ping', []);
37 37 pyroutes.register('ops_error_test_legacy', '/_admin/error_test', []);
38 38 pyroutes.register('admin_home', '/_admin', []);
39 39 pyroutes.register('admin_audit_logs', '/_admin/audit_logs', []);
40 40 pyroutes.register('admin_audit_log_entry', '/_admin/audit_logs/%(audit_log_id)s', ['audit_log_id']);
41 41 pyroutes.register('pull_requests_global_0', '/_admin/pull_requests/%(pull_request_id)s', ['pull_request_id']);
42 42 pyroutes.register('pull_requests_global_1', '/_admin/pull-requests/%(pull_request_id)s', ['pull_request_id']);
43 43 pyroutes.register('pull_requests_global', '/_admin/pull-request/%(pull_request_id)s', ['pull_request_id']);
44 44 pyroutes.register('admin_settings_open_source', '/_admin/settings/open_source', []);
45 45 pyroutes.register('admin_settings_vcs_svn_generate_cfg', '/_admin/settings/vcs/svn_generate_cfg', []);
46 46 pyroutes.register('admin_settings_system', '/_admin/settings/system', []);
47 47 pyroutes.register('admin_settings_system_update', '/_admin/settings/system/updates', []);
48 48 pyroutes.register('admin_settings_exception_tracker', '/_admin/settings/exceptions', []);
49 49 pyroutes.register('admin_settings_exception_tracker_delete_all', '/_admin/settings/exceptions/delete', []);
50 50 pyroutes.register('admin_settings_exception_tracker_show', '/_admin/settings/exceptions/%(exception_id)s', ['exception_id']);
51 51 pyroutes.register('admin_settings_exception_tracker_delete', '/_admin/settings/exceptions/%(exception_id)s/delete', ['exception_id']);
52 52 pyroutes.register('admin_settings_sessions', '/_admin/settings/sessions', []);
53 53 pyroutes.register('admin_settings_sessions_cleanup', '/_admin/settings/sessions/cleanup', []);
54 54 pyroutes.register('admin_settings_process_management', '/_admin/settings/process_management', []);
55 55 pyroutes.register('admin_settings_process_management_data', '/_admin/settings/process_management/data', []);
56 56 pyroutes.register('admin_settings_process_management_signal', '/_admin/settings/process_management/signal', []);
57 57 pyroutes.register('admin_settings_process_management_master_signal', '/_admin/settings/process_management/master_signal', []);
58 58 pyroutes.register('admin_defaults_repositories', '/_admin/defaults/repositories', []);
59 59 pyroutes.register('admin_defaults_repositories_update', '/_admin/defaults/repositories/update', []);
60 60 pyroutes.register('admin_settings', '/_admin/settings', []);
61 61 pyroutes.register('admin_settings_update', '/_admin/settings/update', []);
62 62 pyroutes.register('admin_settings_global', '/_admin/settings/global', []);
63 63 pyroutes.register('admin_settings_global_update', '/_admin/settings/global/update', []);
64 64 pyroutes.register('admin_settings_vcs', '/_admin/settings/vcs', []);
65 65 pyroutes.register('admin_settings_vcs_update', '/_admin/settings/vcs/update', []);
66 66 pyroutes.register('admin_settings_vcs_svn_pattern_delete', '/_admin/settings/vcs/svn_pattern_delete', []);
67 67 pyroutes.register('admin_settings_mapping', '/_admin/settings/mapping', []);
68 68 pyroutes.register('admin_settings_mapping_update', '/_admin/settings/mapping/update', []);
69 69 pyroutes.register('admin_settings_visual', '/_admin/settings/visual', []);
70 70 pyroutes.register('admin_settings_visual_update', '/_admin/settings/visual/update', []);
71 71 pyroutes.register('admin_settings_issuetracker', '/_admin/settings/issue-tracker', []);
72 72 pyroutes.register('admin_settings_issuetracker_update', '/_admin/settings/issue-tracker/update', []);
73 73 pyroutes.register('admin_settings_issuetracker_test', '/_admin/settings/issue-tracker/test', []);
74 74 pyroutes.register('admin_settings_issuetracker_delete', '/_admin/settings/issue-tracker/delete', []);
75 75 pyroutes.register('admin_settings_email', '/_admin/settings/email', []);
76 76 pyroutes.register('admin_settings_email_update', '/_admin/settings/email/update', []);
77 77 pyroutes.register('admin_settings_hooks', '/_admin/settings/hooks', []);
78 78 pyroutes.register('admin_settings_hooks_update', '/_admin/settings/hooks/update', []);
79 79 pyroutes.register('admin_settings_hooks_delete', '/_admin/settings/hooks/delete', []);
80 80 pyroutes.register('admin_settings_search', '/_admin/settings/search', []);
81 81 pyroutes.register('admin_settings_labs', '/_admin/settings/labs', []);
82 82 pyroutes.register('admin_settings_labs_update', '/_admin/settings/labs/update', []);
83 83 pyroutes.register('admin_settings_automation', '/_admin/_admin/settings/automation', []);
84 84 pyroutes.register('admin_permissions_application', '/_admin/permissions/application', []);
85 85 pyroutes.register('admin_permissions_application_update', '/_admin/permissions/application/update', []);
86 86 pyroutes.register('admin_permissions_global', '/_admin/permissions/global', []);
87 87 pyroutes.register('admin_permissions_global_update', '/_admin/permissions/global/update', []);
88 88 pyroutes.register('admin_permissions_object', '/_admin/permissions/object', []);
89 89 pyroutes.register('admin_permissions_object_update', '/_admin/permissions/object/update', []);
90 pyroutes.register('admin_permissions_branch', '/_admin/permissions/branch', []);
90 91 pyroutes.register('admin_permissions_ips', '/_admin/permissions/ips', []);
91 92 pyroutes.register('admin_permissions_overview', '/_admin/permissions/overview', []);
92 93 pyroutes.register('admin_permissions_auth_token_access', '/_admin/permissions/auth_token_access', []);
93 94 pyroutes.register('admin_permissions_ssh_keys', '/_admin/permissions/ssh_keys', []);
94 95 pyroutes.register('admin_permissions_ssh_keys_data', '/_admin/permissions/ssh_keys/data', []);
95 96 pyroutes.register('admin_permissions_ssh_keys_update', '/_admin/permissions/ssh_keys/update', []);
96 97 pyroutes.register('users', '/_admin/users', []);
97 98 pyroutes.register('users_data', '/_admin/users_data', []);
98 99 pyroutes.register('users_create', '/_admin/users/create', []);
99 100 pyroutes.register('users_new', '/_admin/users/new', []);
100 101 pyroutes.register('user_edit', '/_admin/users/%(user_id)s/edit', ['user_id']);
101 102 pyroutes.register('user_edit_advanced', '/_admin/users/%(user_id)s/edit/advanced', ['user_id']);
102 103 pyroutes.register('user_edit_global_perms', '/_admin/users/%(user_id)s/edit/global_permissions', ['user_id']);
103 104 pyroutes.register('user_edit_global_perms_update', '/_admin/users/%(user_id)s/edit/global_permissions/update', ['user_id']);
104 105 pyroutes.register('user_update', '/_admin/users/%(user_id)s/update', ['user_id']);
105 106 pyroutes.register('user_delete', '/_admin/users/%(user_id)s/delete', ['user_id']);
106 107 pyroutes.register('user_force_password_reset', '/_admin/users/%(user_id)s/password_reset', ['user_id']);
107 108 pyroutes.register('user_create_personal_repo_group', '/_admin/users/%(user_id)s/create_repo_group', ['user_id']);
108 109 pyroutes.register('edit_user_auth_tokens', '/_admin/users/%(user_id)s/edit/auth_tokens', ['user_id']);
109 110 pyroutes.register('edit_user_auth_tokens_add', '/_admin/users/%(user_id)s/edit/auth_tokens/new', ['user_id']);
110 111 pyroutes.register('edit_user_auth_tokens_delete', '/_admin/users/%(user_id)s/edit/auth_tokens/delete', ['user_id']);
111 112 pyroutes.register('edit_user_ssh_keys', '/_admin/users/%(user_id)s/edit/ssh_keys', ['user_id']);
112 113 pyroutes.register('edit_user_ssh_keys_generate_keypair', '/_admin/users/%(user_id)s/edit/ssh_keys/generate', ['user_id']);
113 114 pyroutes.register('edit_user_ssh_keys_add', '/_admin/users/%(user_id)s/edit/ssh_keys/new', ['user_id']);
114 115 pyroutes.register('edit_user_ssh_keys_delete', '/_admin/users/%(user_id)s/edit/ssh_keys/delete', ['user_id']);
115 116 pyroutes.register('edit_user_emails', '/_admin/users/%(user_id)s/edit/emails', ['user_id']);
116 117 pyroutes.register('edit_user_emails_add', '/_admin/users/%(user_id)s/edit/emails/new', ['user_id']);
117 118 pyroutes.register('edit_user_emails_delete', '/_admin/users/%(user_id)s/edit/emails/delete', ['user_id']);
118 119 pyroutes.register('edit_user_ips', '/_admin/users/%(user_id)s/edit/ips', ['user_id']);
119 120 pyroutes.register('edit_user_ips_add', '/_admin/users/%(user_id)s/edit/ips/new', ['user_id']);
120 121 pyroutes.register('edit_user_ips_delete', '/_admin/users/%(user_id)s/edit/ips/delete', ['user_id']);
121 122 pyroutes.register('edit_user_perms_summary', '/_admin/users/%(user_id)s/edit/permissions_summary', ['user_id']);
122 123 pyroutes.register('edit_user_perms_summary_json', '/_admin/users/%(user_id)s/edit/permissions_summary/json', ['user_id']);
123 124 pyroutes.register('edit_user_groups_management', '/_admin/users/%(user_id)s/edit/groups_management', ['user_id']);
124 125 pyroutes.register('edit_user_groups_management_updates', '/_admin/users/%(user_id)s/edit/edit_user_groups_management/updates', ['user_id']);
125 126 pyroutes.register('edit_user_audit_logs', '/_admin/users/%(user_id)s/edit/audit', ['user_id']);
126 127 pyroutes.register('edit_user_caches', '/_admin/users/%(user_id)s/edit/caches', ['user_id']);
127 128 pyroutes.register('edit_user_caches_update', '/_admin/users/%(user_id)s/edit/caches/update', ['user_id']);
128 129 pyroutes.register('user_groups', '/_admin/user_groups', []);
129 130 pyroutes.register('user_groups_data', '/_admin/user_groups_data', []);
130 131 pyroutes.register('user_groups_new', '/_admin/user_groups/new', []);
131 132 pyroutes.register('user_groups_create', '/_admin/user_groups/create', []);
132 133 pyroutes.register('repos', '/_admin/repos', []);
133 134 pyroutes.register('repo_new', '/_admin/repos/new', []);
134 135 pyroutes.register('repo_create', '/_admin/repos/create', []);
135 136 pyroutes.register('repo_groups', '/_admin/repo_groups', []);
136 137 pyroutes.register('repo_group_new', '/_admin/repo_group/new', []);
137 138 pyroutes.register('repo_group_create', '/_admin/repo_group/create', []);
138 139 pyroutes.register('channelstream_connect', '/_admin/channelstream/connect', []);
139 140 pyroutes.register('channelstream_subscribe', '/_admin/channelstream/subscribe', []);
140 141 pyroutes.register('channelstream_proxy', '/_channelstream', []);
141 142 pyroutes.register('login', '/_admin/login', []);
142 143 pyroutes.register('logout', '/_admin/logout', []);
143 144 pyroutes.register('register', '/_admin/register', []);
144 145 pyroutes.register('reset_password', '/_admin/password_reset', []);
145 146 pyroutes.register('reset_password_confirmation', '/_admin/password_reset_confirmation', []);
146 147 pyroutes.register('home', '/', []);
147 148 pyroutes.register('user_autocomplete_data', '/_users', []);
148 149 pyroutes.register('user_group_autocomplete_data', '/_user_groups', []);
149 150 pyroutes.register('repo_list_data', '/_repos', []);
150 151 pyroutes.register('goto_switcher_data', '/_goto_data', []);
151 152 pyroutes.register('markup_preview', '/_markup_preview', []);
152 153 pyroutes.register('journal', '/_admin/journal', []);
153 154 pyroutes.register('journal_rss', '/_admin/journal/rss', []);
154 155 pyroutes.register('journal_atom', '/_admin/journal/atom', []);
155 156 pyroutes.register('journal_public', '/_admin/public_journal', []);
156 157 pyroutes.register('journal_public_atom', '/_admin/public_journal/atom', []);
157 158 pyroutes.register('journal_public_atom_old', '/_admin/public_journal_atom', []);
158 159 pyroutes.register('journal_public_rss', '/_admin/public_journal/rss', []);
159 160 pyroutes.register('journal_public_rss_old', '/_admin/public_journal_rss', []);
160 161 pyroutes.register('toggle_following', '/_admin/toggle_following', []);
161 162 pyroutes.register('repo_creating', '/%(repo_name)s/repo_creating', ['repo_name']);
162 163 pyroutes.register('repo_creating_check', '/%(repo_name)s/repo_creating_check', ['repo_name']);
163 164 pyroutes.register('repo_summary_explicit', '/%(repo_name)s/summary', ['repo_name']);
164 165 pyroutes.register('repo_summary_commits', '/%(repo_name)s/summary-commits', ['repo_name']);
165 166 pyroutes.register('repo_commit', '/%(repo_name)s/changeset/%(commit_id)s', ['repo_name', 'commit_id']);
166 167 pyroutes.register('repo_commit_children', '/%(repo_name)s/changeset_children/%(commit_id)s', ['repo_name', 'commit_id']);
167 168 pyroutes.register('repo_commit_parents', '/%(repo_name)s/changeset_parents/%(commit_id)s', ['repo_name', 'commit_id']);
168 169 pyroutes.register('repo_commit_raw', '/%(repo_name)s/changeset-diff/%(commit_id)s', ['repo_name', 'commit_id']);
169 170 pyroutes.register('repo_commit_patch', '/%(repo_name)s/changeset-patch/%(commit_id)s', ['repo_name', 'commit_id']);
170 171 pyroutes.register('repo_commit_download', '/%(repo_name)s/changeset-download/%(commit_id)s', ['repo_name', 'commit_id']);
171 172 pyroutes.register('repo_commit_data', '/%(repo_name)s/changeset-data/%(commit_id)s', ['repo_name', 'commit_id']);
172 173 pyroutes.register('repo_commit_comment_create', '/%(repo_name)s/changeset/%(commit_id)s/comment/create', ['repo_name', 'commit_id']);
173 174 pyroutes.register('repo_commit_comment_preview', '/%(repo_name)s/changeset/%(commit_id)s/comment/preview', ['repo_name', 'commit_id']);
174 175 pyroutes.register('repo_commit_comment_delete', '/%(repo_name)s/changeset/%(commit_id)s/comment/%(comment_id)s/delete', ['repo_name', 'commit_id', 'comment_id']);
175 176 pyroutes.register('repo_commit_raw_deprecated', '/%(repo_name)s/raw-changeset/%(commit_id)s', ['repo_name', 'commit_id']);
176 177 pyroutes.register('repo_archivefile', '/%(repo_name)s/archive/%(fname)s', ['repo_name', 'fname']);
177 178 pyroutes.register('repo_files_diff', '/%(repo_name)s/diff/%(f_path)s', ['repo_name', 'f_path']);
178 179 pyroutes.register('repo_files_diff_2way_redirect', '/%(repo_name)s/diff-2way/%(f_path)s', ['repo_name', 'f_path']);
179 180 pyroutes.register('repo_files', '/%(repo_name)s/files/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
180 181 pyroutes.register('repo_files:default_path', '/%(repo_name)s/files/%(commit_id)s/', ['repo_name', 'commit_id']);
181 182 pyroutes.register('repo_files:default_commit', '/%(repo_name)s/files', ['repo_name']);
182 183 pyroutes.register('repo_files:rendered', '/%(repo_name)s/render/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
183 184 pyroutes.register('repo_files:annotated', '/%(repo_name)s/annotate/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
184 185 pyroutes.register('repo_files:annotated_previous', '/%(repo_name)s/annotate-previous/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
185 186 pyroutes.register('repo_nodetree_full', '/%(repo_name)s/nodetree_full/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
186 187 pyroutes.register('repo_nodetree_full:default_path', '/%(repo_name)s/nodetree_full/%(commit_id)s/', ['repo_name', 'commit_id']);
187 188 pyroutes.register('repo_files_nodelist', '/%(repo_name)s/nodelist/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
188 189 pyroutes.register('repo_file_raw', '/%(repo_name)s/raw/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
189 190 pyroutes.register('repo_file_download', '/%(repo_name)s/download/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
190 191 pyroutes.register('repo_file_download:legacy', '/%(repo_name)s/rawfile/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
191 192 pyroutes.register('repo_file_history', '/%(repo_name)s/history/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
192 193 pyroutes.register('repo_file_authors', '/%(repo_name)s/authors/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
193 194 pyroutes.register('repo_files_remove_file', '/%(repo_name)s/remove_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
194 195 pyroutes.register('repo_files_delete_file', '/%(repo_name)s/delete_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
195 196 pyroutes.register('repo_files_edit_file', '/%(repo_name)s/edit_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
196 197 pyroutes.register('repo_files_update_file', '/%(repo_name)s/update_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
197 198 pyroutes.register('repo_files_add_file', '/%(repo_name)s/add_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
198 199 pyroutes.register('repo_files_create_file', '/%(repo_name)s/create_file/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
199 200 pyroutes.register('repo_refs_data', '/%(repo_name)s/refs-data', ['repo_name']);
200 201 pyroutes.register('repo_refs_changelog_data', '/%(repo_name)s/refs-data-changelog', ['repo_name']);
201 202 pyroutes.register('repo_stats', '/%(repo_name)s/repo_stats/%(commit_id)s', ['repo_name', 'commit_id']);
202 203 pyroutes.register('repo_changelog', '/%(repo_name)s/changelog', ['repo_name']);
203 204 pyroutes.register('repo_changelog_file', '/%(repo_name)s/changelog/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
204 205 pyroutes.register('repo_changelog_elements', '/%(repo_name)s/changelog_elements', ['repo_name']);
205 206 pyroutes.register('repo_changelog_elements_file', '/%(repo_name)s/changelog_elements/%(commit_id)s/%(f_path)s', ['repo_name', 'commit_id', 'f_path']);
206 207 pyroutes.register('repo_compare_select', '/%(repo_name)s/compare', ['repo_name']);
207 208 pyroutes.register('repo_compare', '/%(repo_name)s/compare/%(source_ref_type)s@%(source_ref)s...%(target_ref_type)s@%(target_ref)s', ['repo_name', 'source_ref_type', 'source_ref', 'target_ref_type', 'target_ref']);
208 209 pyroutes.register('tags_home', '/%(repo_name)s/tags', ['repo_name']);
209 210 pyroutes.register('branches_home', '/%(repo_name)s/branches', ['repo_name']);
210 211 pyroutes.register('bookmarks_home', '/%(repo_name)s/bookmarks', ['repo_name']);
211 212 pyroutes.register('repo_fork_new', '/%(repo_name)s/fork', ['repo_name']);
212 213 pyroutes.register('repo_fork_create', '/%(repo_name)s/fork/create', ['repo_name']);
213 214 pyroutes.register('repo_forks_show_all', '/%(repo_name)s/forks', ['repo_name']);
214 215 pyroutes.register('repo_forks_data', '/%(repo_name)s/forks/data', ['repo_name']);
215 216 pyroutes.register('pullrequest_show', '/%(repo_name)s/pull-request/%(pull_request_id)s', ['repo_name', 'pull_request_id']);
216 217 pyroutes.register('pullrequest_show_all', '/%(repo_name)s/pull-request', ['repo_name']);
217 218 pyroutes.register('pullrequest_show_all_data', '/%(repo_name)s/pull-request-data', ['repo_name']);
218 219 pyroutes.register('pullrequest_repo_refs', '/%(repo_name)s/pull-request/refs/%(target_repo_name)s', ['repo_name', 'target_repo_name']);
219 220 pyroutes.register('pullrequest_repo_destinations', '/%(repo_name)s/pull-request/repo-destinations', ['repo_name']);
220 221 pyroutes.register('pullrequest_new', '/%(repo_name)s/pull-request/new', ['repo_name']);
221 222 pyroutes.register('pullrequest_create', '/%(repo_name)s/pull-request/create', ['repo_name']);
222 223 pyroutes.register('pullrequest_update', '/%(repo_name)s/pull-request/%(pull_request_id)s/update', ['repo_name', 'pull_request_id']);
223 224 pyroutes.register('pullrequest_merge', '/%(repo_name)s/pull-request/%(pull_request_id)s/merge', ['repo_name', 'pull_request_id']);
224 225 pyroutes.register('pullrequest_delete', '/%(repo_name)s/pull-request/%(pull_request_id)s/delete', ['repo_name', 'pull_request_id']);
225 226 pyroutes.register('pullrequest_comment_create', '/%(repo_name)s/pull-request/%(pull_request_id)s/comment', ['repo_name', 'pull_request_id']);
226 227 pyroutes.register('pullrequest_comment_delete', '/%(repo_name)s/pull-request/%(pull_request_id)s/comment/%(comment_id)s/delete', ['repo_name', 'pull_request_id', 'comment_id']);
227 228 pyroutes.register('edit_repo', '/%(repo_name)s/settings', ['repo_name']);
228 229 pyroutes.register('edit_repo_advanced', '/%(repo_name)s/settings/advanced', ['repo_name']);
229 230 pyroutes.register('edit_repo_advanced_delete', '/%(repo_name)s/settings/advanced/delete', ['repo_name']);
230 231 pyroutes.register('edit_repo_advanced_locking', '/%(repo_name)s/settings/advanced/locking', ['repo_name']);
231 232 pyroutes.register('edit_repo_advanced_journal', '/%(repo_name)s/settings/advanced/journal', ['repo_name']);
232 233 pyroutes.register('edit_repo_advanced_fork', '/%(repo_name)s/settings/advanced/fork', ['repo_name']);
233 234 pyroutes.register('edit_repo_advanced_hooks', '/%(repo_name)s/settings/advanced/hooks', ['repo_name']);
234 235 pyroutes.register('edit_repo_caches', '/%(repo_name)s/settings/caches', ['repo_name']);
235 236 pyroutes.register('edit_repo_perms', '/%(repo_name)s/settings/permissions', ['repo_name']);
237 pyroutes.register('edit_repo_perms_branch', '/%(repo_name)s/settings/branch_permissions', ['repo_name']);
238 pyroutes.register('edit_repo_perms_branch_delete', '/%(repo_name)s/settings/branch_permissions/%(rule_id)s/delete', ['repo_name', 'rule_id']);
236 239 pyroutes.register('edit_repo_maintenance', '/%(repo_name)s/settings/maintenance', ['repo_name']);
237 240 pyroutes.register('edit_repo_maintenance_execute', '/%(repo_name)s/settings/maintenance/execute', ['repo_name']);
238 241 pyroutes.register('edit_repo_fields', '/%(repo_name)s/settings/fields', ['repo_name']);
239 242 pyroutes.register('edit_repo_fields_create', '/%(repo_name)s/settings/fields/create', ['repo_name']);
240 243 pyroutes.register('edit_repo_fields_delete', '/%(repo_name)s/settings/fields/%(field_id)s/delete', ['repo_name', 'field_id']);
241 244 pyroutes.register('repo_edit_toggle_locking', '/%(repo_name)s/settings/toggle_locking', ['repo_name']);
242 245 pyroutes.register('edit_repo_remote', '/%(repo_name)s/settings/remote', ['repo_name']);
243 246 pyroutes.register('edit_repo_remote_pull', '/%(repo_name)s/settings/remote/pull', ['repo_name']);
244 247 pyroutes.register('edit_repo_remote_push', '/%(repo_name)s/settings/remote/push', ['repo_name']);
245 248 pyroutes.register('edit_repo_statistics', '/%(repo_name)s/settings/statistics', ['repo_name']);
246 249 pyroutes.register('edit_repo_statistics_reset', '/%(repo_name)s/settings/statistics/update', ['repo_name']);
247 250 pyroutes.register('edit_repo_issuetracker', '/%(repo_name)s/settings/issue_trackers', ['repo_name']);
248 251 pyroutes.register('edit_repo_issuetracker_test', '/%(repo_name)s/settings/issue_trackers/test', ['repo_name']);
249 252 pyroutes.register('edit_repo_issuetracker_delete', '/%(repo_name)s/settings/issue_trackers/delete', ['repo_name']);
250 253 pyroutes.register('edit_repo_issuetracker_update', '/%(repo_name)s/settings/issue_trackers/update', ['repo_name']);
251 254 pyroutes.register('edit_repo_vcs', '/%(repo_name)s/settings/vcs', ['repo_name']);
252 255 pyroutes.register('edit_repo_vcs_update', '/%(repo_name)s/settings/vcs/update', ['repo_name']);
253 256 pyroutes.register('edit_repo_vcs_svn_pattern_delete', '/%(repo_name)s/settings/vcs/svn_pattern/delete', ['repo_name']);
254 257 pyroutes.register('repo_reviewers', '/%(repo_name)s/settings/review/rules', ['repo_name']);
255 258 pyroutes.register('repo_default_reviewers_data', '/%(repo_name)s/settings/review/default-reviewers', ['repo_name']);
256 259 pyroutes.register('repo_automation', '/%(repo_name)s/settings/automation', ['repo_name']);
257 260 pyroutes.register('edit_repo_strip', '/%(repo_name)s/settings/strip', ['repo_name']);
258 261 pyroutes.register('strip_check', '/%(repo_name)s/settings/strip_check', ['repo_name']);
259 262 pyroutes.register('strip_execute', '/%(repo_name)s/settings/strip_execute', ['repo_name']);
260 263 pyroutes.register('edit_repo_audit_logs', '/%(repo_name)s/settings/audit_logs', ['repo_name']);
261 264 pyroutes.register('rss_feed_home', '/%(repo_name)s/feed/rss', ['repo_name']);
262 265 pyroutes.register('atom_feed_home', '/%(repo_name)s/feed/atom', ['repo_name']);
263 266 pyroutes.register('repo_summary', '/%(repo_name)s', ['repo_name']);
264 267 pyroutes.register('repo_summary_slash', '/%(repo_name)s/', ['repo_name']);
265 268 pyroutes.register('edit_repo_group', '/%(repo_group_name)s/_edit', ['repo_group_name']);
266 269 pyroutes.register('edit_repo_group_advanced', '/%(repo_group_name)s/_settings/advanced', ['repo_group_name']);
267 270 pyroutes.register('edit_repo_group_advanced_delete', '/%(repo_group_name)s/_settings/advanced/delete', ['repo_group_name']);
268 271 pyroutes.register('edit_repo_group_perms', '/%(repo_group_name)s/_settings/permissions', ['repo_group_name']);
269 272 pyroutes.register('edit_repo_group_perms_update', '/%(repo_group_name)s/_settings/permissions/update', ['repo_group_name']);
270 273 pyroutes.register('repo_group_home', '/%(repo_group_name)s', ['repo_group_name']);
271 274 pyroutes.register('repo_group_home_slash', '/%(repo_group_name)s/', ['repo_group_name']);
272 275 pyroutes.register('user_group_members_data', '/_admin/user_groups/%(user_group_id)s/members', ['user_group_id']);
273 276 pyroutes.register('edit_user_group_perms_summary', '/_admin/user_groups/%(user_group_id)s/edit/permissions_summary', ['user_group_id']);
274 277 pyroutes.register('edit_user_group_perms_summary_json', '/_admin/user_groups/%(user_group_id)s/edit/permissions_summary/json', ['user_group_id']);
275 278 pyroutes.register('edit_user_group', '/_admin/user_groups/%(user_group_id)s/edit', ['user_group_id']);
276 279 pyroutes.register('user_groups_update', '/_admin/user_groups/%(user_group_id)s/update', ['user_group_id']);
277 280 pyroutes.register('edit_user_group_global_perms', '/_admin/user_groups/%(user_group_id)s/edit/global_permissions', ['user_group_id']);
278 281 pyroutes.register('edit_user_group_global_perms_update', '/_admin/user_groups/%(user_group_id)s/edit/global_permissions/update', ['user_group_id']);
279 282 pyroutes.register('edit_user_group_perms', '/_admin/user_groups/%(user_group_id)s/edit/permissions', ['user_group_id']);
280 283 pyroutes.register('edit_user_group_perms_update', '/_admin/user_groups/%(user_group_id)s/edit/permissions/update', ['user_group_id']);
281 284 pyroutes.register('edit_user_group_advanced', '/_admin/user_groups/%(user_group_id)s/edit/advanced', ['user_group_id']);
282 285 pyroutes.register('edit_user_group_advanced_sync', '/_admin/user_groups/%(user_group_id)s/edit/advanced/sync', ['user_group_id']);
283 286 pyroutes.register('user_groups_delete', '/_admin/user_groups/%(user_group_id)s/delete', ['user_group_id']);
284 287 pyroutes.register('search', '/_admin/search', []);
285 288 pyroutes.register('search_repo', '/%(repo_name)s/search', ['repo_name']);
286 289 pyroutes.register('user_profile', '/_profiles/%(username)s', ['username']);
287 290 pyroutes.register('user_group_profile', '/_profile_user_group/%(user_group_name)s', ['user_group_name']);
288 291 pyroutes.register('my_account_profile', '/_admin/my_account/profile', []);
289 292 pyroutes.register('my_account_edit', '/_admin/my_account/edit', []);
290 293 pyroutes.register('my_account_update', '/_admin/my_account/update', []);
291 294 pyroutes.register('my_account_password', '/_admin/my_account/password', []);
292 295 pyroutes.register('my_account_password_update', '/_admin/my_account/password/update', []);
293 296 pyroutes.register('my_account_auth_tokens', '/_admin/my_account/auth_tokens', []);
294 297 pyroutes.register('my_account_auth_tokens_add', '/_admin/my_account/auth_tokens/new', []);
295 298 pyroutes.register('my_account_auth_tokens_delete', '/_admin/my_account/auth_tokens/delete', []);
296 299 pyroutes.register('my_account_ssh_keys', '/_admin/my_account/ssh_keys', []);
297 300 pyroutes.register('my_account_ssh_keys_generate', '/_admin/my_account/ssh_keys/generate', []);
298 301 pyroutes.register('my_account_ssh_keys_add', '/_admin/my_account/ssh_keys/new', []);
299 302 pyroutes.register('my_account_ssh_keys_delete', '/_admin/my_account/ssh_keys/delete', []);
300 303 pyroutes.register('my_account_user_group_membership', '/_admin/my_account/user_group_membership', []);
301 304 pyroutes.register('my_account_emails', '/_admin/my_account/emails', []);
302 305 pyroutes.register('my_account_emails_add', '/_admin/my_account/emails/new', []);
303 306 pyroutes.register('my_account_emails_delete', '/_admin/my_account/emails/delete', []);
304 307 pyroutes.register('my_account_repos', '/_admin/my_account/repos', []);
305 308 pyroutes.register('my_account_watched', '/_admin/my_account/watched', []);
306 309 pyroutes.register('my_account_perms', '/_admin/my_account/perms', []);
307 310 pyroutes.register('my_account_notifications', '/_admin/my_account/notifications', []);
308 311 pyroutes.register('my_account_notifications_toggle_visibility', '/_admin/my_account/toggle_visibility', []);
309 312 pyroutes.register('my_account_pullrequests', '/_admin/my_account/pull_requests', []);
310 313 pyroutes.register('my_account_pullrequests_data', '/_admin/my_account/pull_requests/data', []);
311 314 pyroutes.register('notifications_show_all', '/_admin/notifications', []);
312 315 pyroutes.register('notifications_mark_all_read', '/_admin/notifications/mark_all_read', []);
313 316 pyroutes.register('notifications_show', '/_admin/notifications/%(notification_id)s', ['notification_id']);
314 317 pyroutes.register('notifications_update', '/_admin/notifications/%(notification_id)s/update', ['notification_id']);
315 318 pyroutes.register('notifications_delete', '/_admin/notifications/%(notification_id)s/delete', ['notification_id']);
316 319 pyroutes.register('my_account_notifications_test_channelstream', '/_admin/my_account/test_channelstream', []);
317 320 pyroutes.register('gists_show', '/_admin/gists', []);
318 321 pyroutes.register('gists_new', '/_admin/gists/new', []);
319 322 pyroutes.register('gists_create', '/_admin/gists/create', []);
320 323 pyroutes.register('gist_show', '/_admin/gists/%(gist_id)s', ['gist_id']);
321 324 pyroutes.register('gist_delete', '/_admin/gists/%(gist_id)s/delete', ['gist_id']);
322 325 pyroutes.register('gist_edit', '/_admin/gists/%(gist_id)s/edit', ['gist_id']);
323 326 pyroutes.register('gist_edit_check_revision', '/_admin/gists/%(gist_id)s/edit/check_revision', ['gist_id']);
324 327 pyroutes.register('gist_update', '/_admin/gists/%(gist_id)s/update', ['gist_id']);
325 328 pyroutes.register('gist_show_rev', '/_admin/gists/%(gist_id)s/%(revision)s', ['gist_id', 'revision']);
326 329 pyroutes.register('gist_show_formatted', '/_admin/gists/%(gist_id)s/%(revision)s/%(format)s', ['gist_id', 'revision', 'format']);
327 330 pyroutes.register('gist_show_formatted_path', '/_admin/gists/%(gist_id)s/%(revision)s/%(format)s/%(f_path)s', ['gist_id', 'revision', 'format', 'f_path']);
328 331 pyroutes.register('debug_style_home', '/_admin/debug_style', []);
329 332 pyroutes.register('debug_style_template', '/_admin/debug_style/t/%(t_path)s', ['t_path']);
330 333 pyroutes.register('apiv2', '/_admin/api', []);
331 334 }
Show file before | Show file after | Hide comments
@@ -1,75 +1,75 b''
1 1 ## -*- coding: utf-8 -*-
2 2
3 3 <div class="panel panel-default">
4 4 <div class="panel-heading">
5 5 <h3 class="panel-title">${_('User Group Membership')}</h3>
6 6 </div>
7 7
8 8 <div class="panel-body">
9 9 <div class="groups_management">
10 10 <div id="repos_list_wrap">
11 11 <table id="user_group_list_table" class="display"></table>
12 12 </div>
13 13 </div>
14 14 </div>
15 15 </div>
16 16
17 17
18 18 <script>
19 19 var api;
20 20 $(document).ready(function() {
21 21
22 22 var get_datatable_count = function(){
23 23 $('#user_group_count').text(api.page.info().recordsDisplay);
24 24 };
25 25
26 26 $('#user_group_list_table').on('click', 'a.editor_remove', function (e) {
27 27 e.preventDefault();
28 28 var row = api.row($(this).closest('tr'));
29 29 row.remove().draw();
30 30 } );
31 31
32 32 $('#user_group_list_table').DataTable({
33 33 data: ${c.user_groups|n},
34 34 dom: 'rtp',
35 35 pageLength: ${c.visual.admin_grid_items},
36 36 order: [[ 0, "asc" ]],
37 37 columns: [
38 38 { data: {"_": "group_name",
39 39 "sort": "group_name"}, title: "${_('Name')}", className: "td-componentname," ,
40 40 render: function (data,type,full,meta)
41 {return '<div><i class="icon-group" title="User group">'+data+'</i></div>'}},
41 {return '<div><i class="icon-user-group" title="User group">'+data+'</i></div>'}},
42 42
43 43 { data: {"_": "group_description",
44 44 "sort": "group_description"}, title: "${_('Description')}", className: "td-description" },
45 45 { data: {"_": "users_group_id"}, className: "td-user",
46 46 render: function (data,type,full,meta)
47 47 {return '<input type="hidden" name="users_group_id" value="'+data+'">'}},
48 48 { data: {"_": "active",
49 49 "sort": "active"}, title: "${_('Active')}", className: "td-active"},
50 50 { data: {"_": "owner_data"}, title: "${_('Owner')}", className: "td-user",
51 51 render: function (data,type,full,meta)
52 52 {return '<div class="rc-user tooltip">'+
53 53 '<img class="gravatar" src="'+ data.owner_icon +'" height="16" width="16">'+
54 54 data.owner +'</div>'
55 55 }
56 56 }
57 57 ],
58 58 language: {
59 59 paginate: DEFAULT_GRID_PAGINATION,
60 60 emptyTable: _gettext("No user groups available yet.")
61 61 },
62 62 "initComplete": function( settings, json ) {
63 63 var data_grid = $('#user_group_list_table').dataTable();
64 64 api = data_grid.api();
65 65 get_datatable_count();
66 66 }
67 67 });
68 68
69 69 // update the counter when doing search
70 70 $('#user_group_list_table').on( 'search.dt', function (e,settings) {
71 71 get_datatable_count();
72 72 });
73 73
74 74 });
75 75 </script> No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,62 +1,65 b''
1 1 ## -*- coding: utf-8 -*-
2 2 <%inherit file="/base/base.mako"/>
3 3
4 4 <%def name="title()">
5 5 ${_('Permissions Administration')}
6 6 %if c.rhodecode_name:
7 7 &middot; ${h.branding(c.rhodecode_name)}
8 8 %endif
9 9 </%def>
10 10
11 11 <%def name="breadcrumbs_links()">
12 12 ${h.link_to(_('Admin'),h.route_path('admin_home'))}
13 13 &raquo;
14 14 ${_('Permissions')}
15 15 </%def>
16 16
17 17 <%def name="menu_bar_nav()">
18 18 ${self.menu_items(active='admin')}
19 19 </%def>
20 20
21 21
22 22 <%def name="main()">
23 23 <div class="box">
24 24 <div class="title">
25 25 ${self.breadcrumbs()}
26 26 </div>
27 27
28 28 <div class="sidebar-col-wrapper scw-small">
29 29 ##main
30 30 <div class="sidebar">
31 31 <ul class="nav nav-pills nav-stacked">
32 32 <li class="${'active' if c.active=='application' else ''}">
33 33 <a href="${h.route_path('admin_permissions_application')}">${_('Application')}</a>
34 34 </li>
35 35 <li class="${'active' if c.active=='global' else ''}">
36 36 <a href="${h.route_path('admin_permissions_global')}">${_('Global')}</a>
37 37 </li>
38 38 <li class="${'active' if c.active=='objects' else ''}">
39 39 <a href="${h.route_path('admin_permissions_object')}">${_('Object')}</a>
40 40 </li>
41 <li class="${'active' if c.active=='branch' else ''}">
42 <a href="${h.route_path('admin_permissions_branch')}">${_('Branch')}</a>
43 </li>
41 44 <li class="${'active' if c.active=='ips' else ''}">
42 45 <a href="${h.route_path('admin_permissions_ips')}">${_('IP Whitelist')}</a>
43 46 </li>
44 47 <li class="${'active' if c.active=='auth_token_access' else ''}">
45 48 <a href="${h.route_path('admin_permissions_auth_token_access')}">${_('AuthToken Access')}</a>
46 49 </li>
47 50 <li class="${'active' if c.active=='ssh_keys' else ''}">
48 51 <a href="${h.route_path('admin_permissions_ssh_keys')}">${_('SSH Keys')}</a>
49 52 </li>
50 53 <li class="${'active' if c.active=='perms' else ''}">
51 54 <a href="${h.route_path('admin_permissions_overview')}">${_('Overview')}</a>
52 55 </li>
53 56 </ul>
54 57 </div>
55 58
56 59 <div class="main-content-full-width">
57 60 <%include file="/admin/permissions/permissions_${c.active}.mako"/>
58 61 </div>
59 62 </div>
60 63 </div>
61 64
62 65 </%def>
Show file before | Show file after | Hide comments
@@ -1,77 +1,80 b''
1 1 <div class="panel panel-default">
2 2 <div class="panel-heading">
3 3 <h3 class="panel-title">${_('Default Permissions for Repositories, User Groups and Repository Groups.')}</h3>
4 4 </div>
5 5 <div class="panel-body">
6 <p>${_('Default system permissions. Each permissions management entity will be created with the following default settings. Check the overwrite checkbox to force any permission changes on already existing settings.')}
6 <p>
7 ${_('Default access permissions. This defines permissions for the `default` user from which other users inherit permissions.')}
8 <br/>
9 ${_('Check the overwrite checkbox to force change all previously defined permissions for `default` user to the new selected value.')}
7 10 </p>
8 11 ${h.secure_form(h.route_path('admin_permissions_object_update'), request=request)}
9 12 <div class="form">
10 13 <div class="fields">
11 14 <div class="field">
12 15 <div class="label">
13 16 <label for="default_repo_perm">${_('Repository')}:</label>
14 17 </div>
15 18 <div class="select">
16 19 ${h.select('default_repo_perm','',c.repo_perms_choices)}
17 20
18 21 ${h.checkbox('overwrite_default_repo','true')}
19 22 <label for="overwrite_default_repo">
20 23 <span class="tooltip" title="${h.tooltip(_('All default permissions on each repository will be reset to chosen permission, note that all custom default permission on repositories will be lost'))}">
21 24 ${_('Overwrite Existing Settings')}
22 25 </span>
23 26 </label>
24 27 </div>
25 28 </div>
26 29 <div class="field">
27 30 <div class="label">
28 31 <label for="default_group_perm">${_('Repository Groups')}:</label>
29 32 </div>
30 33 <div class="select">
31 34 ${h.select('default_group_perm','',c.group_perms_choices)}
32 35 ${h.checkbox('overwrite_default_group','true')}
33 36 <label for="overwrite_default_group">
34 37 <span class="tooltip" title="${h.tooltip(_('All default permissions on each repository group will be reset to chosen permission, note that all custom default permission on repository groups will be lost'))}">
35 38 ${_('Overwrite Existing Settings')}
36 39 </span>
37 40 </label>
38 41 </div>
39 42 </div>
40 43 <div class="field">
41 44 <div class="label">
42 45 <label for="default_group_perm">${_('User Groups')}:</label>
43 46 </div>
44 47 <div class="select">
45 48 ${h.select('default_user_group_perm','',c.user_group_perms_choices)}
46 49 ${h.checkbox('overwrite_default_user_group','true')}
47 50 <label for="overwrite_default_user_group">
48 <span class="tooltip" title="${h.tooltip(_('All default permissions on each user group will be reset to chosen permission, note that all custom default permission on repository groups will be lost'))}">
51 <span class="tooltip" title="${h.tooltip(_('All default permissions on each user group will be reset to chosen permission, note that all custom default permission on user groups will be lost'))}">
49 52 ${_('Overwrite Existing Settings')}
50 53 </span>
51 54 </label>
52 55 </div>
53 56 </div>
54 57
55 58 <div class="buttons">
56 59 ${h.submit('save',_('Save'),class_="btn")}
57 60 ${h.reset('reset',_('Reset'),class_="btn")}
58 61 </div>
59 62 </div>
60 63 </div>
61 64 ${h.end_form()}
62 65 </div>
63 66 </div>
64 67
65 68 <script>
66 69 $(document).ready(function(){
67 70 var select2Options = {
68 71 containerCssClass: 'drop-menu',
69 72 dropdownCssClass: 'drop-menu-dropdown',
70 73 dropdownAutoWidth: true,
71 74 minimumResultsForSearch: -1
72 75 };
73 76 $("#default_repo_perm").select2(select2Options);
74 77 $("#default_group_perm").select2(select2Options);
75 78 $("#default_user_group_perm").select2(select2Options);
76 79 });
77 80 </script>
Show file before | Show file after | Hide comments
@@ -1,146 +1,156 b''
1 1 <%namespace name="base" file="/base/base.mako"/>
2 2
3 3 <div class="panel panel-default">
4 4 <div class="panel-heading">
5 5 <h3 class="panel-title">${_('Repository Group Permissions')}</h3>
6 6 </div>
7 7 <div class="panel-body">
8 8 ${h.secure_form(h.route_path('edit_repo_group_perms_update', repo_group_name=c.repo_group.group_name), request=request)}
9 9 <table id="permissions_manage" class="rctable permissions">
10 10 <tr>
11 11 <th class="td-radio">${_('None')}</th>
12 12 <th class="td-radio">${_('Read')}</th>
13 13 <th class="td-radio">${_('Write')}</th>
14 14 <th class="td-radio">${_('Admin')}</th>
15 15 <th class="td-owner">${_('User/User Group')}</th>
16 16 <th></th>
17 17 </tr>
18 18 ## USERS
19 19 %for _user in c.repo_group.permissions():
20 20 %if getattr(_user, 'admin_row', None) or getattr(_user, 'owner_row', None):
21 21 <tr class="perm_admin_row">
22 22 <td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.none', disabled="disabled")}</td>
23 23 <td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.read', disabled="disabled")}</td>
24 24 <td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.write', disabled="disabled")}</td>
25 25 <td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.admin', 'repository.admin', disabled="disabled")}</td>
26 26 <td class="td-user">
27 27 ${base.gravatar(_user.email, 16)}
28 28 ${h.link_to_user(_user.username)}
29 29 %if getattr(_user, 'admin_row', None):
30 30 (${_('super admin')})
31 31 %endif
32 32 %if getattr(_user, 'owner_row', None):
33 33 (${_('owner')})
34 34 %endif
35 35 </td>
36 36 <td></td>
37 37 </tr>
38 38 %else:
39 39 <tr>
40 40 ##forbid revoking permission from yourself, except if you're an super admin
41 41 %if c.rhodecode_user.user_id != _user.user_id or c.rhodecode_user.is_admin:
42 42 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'group.none', checked=_user.permission=='group.none')}</td>
43 43 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'group.read', checked=_user.permission=='group.read')}</td>
44 44 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'group.write', checked=_user.permission=='group.write')}</td>
45 45 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'group.admin', checked=_user.permission=='group.admin')}</td>
46 46 <td class="td-user">
47 47 ${base.gravatar(_user.email, 16)}
48 48 <span class="user">
49 49 % if _user.username == h.DEFAULT_USER:
50 50 ${h.DEFAULT_USER} <span class="user-perm-help-text"> - ${_('permission for all other users')}</span>
51 51 % else:
52 52 ${h.link_to_user(_user.username)}
53 53 % endif
54 54 </span>
55 55 </td>
56 56 <td class="td-action">
57 57 %if _user.username != h.DEFAULT_USER:
58 58 <span class="btn btn-link btn-danger revoke_perm"
59 59 member="${_user.user_id}" member_type="user">
60 <i class="icon-remove"></i> ${_('Revoke')}
60 ${_('Revoke')}
61 61 </span>
62 62 %endif
63 63 </td>
64 64 %else:
65 65 ## special case for current user permissions, we make sure he cannot take his own permissions
66 66 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'group.none', disabled="disabled")}</td>
67 67 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'group.read', disabled="disabled")}</td>
68 68 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'group.write', disabled="disabled")}</td>
69 69 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'group.admin', disabled="disabled")}</td>
70 70 <td class="td-user">
71 71 ${base.gravatar(_user.email, 16)}
72 72 <span class="user">
73 73 % if _user.username == h.DEFAULT_USER:
74 74 ${h.DEFAULT_USER} <span class="user-perm-help-text"> - ${_('permission for all other users')}</span>
75 75 % else:
76 76 ${h.link_to_user(_user.username)}
77 77 % endif
78 78 <span class="user-perm-help-text">(${_('delegated admin')})</span>
79 79 </span>
80 80 </td>
81 81 <td></td>
82 82 %endif
83 83 </tr>
84 84 %endif
85 85 %endfor
86 86
87 87 ## USER GROUPS
88 88 %for _user_group in c.repo_group.permission_user_groups():
89 89 <tr id="id${id(_user_group.users_group_name)}">
90 90 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'group.none', checked=_user_group.permission=='group.none')}</td>
91 91 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'group.read', checked=_user_group.permission=='group.read')}</td>
92 92 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'group.write', checked=_user_group.permission=='group.write')}</td>
93 93 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'group.admin', checked=_user_group.permission=='group.admin')}</td>
94 94 <td class="td-componentname">
95 <i class="icon-group" ></i>
95 <i class="icon-user-group"></i>
96 96 %if h.HasPermissionAny('hg.admin')():
97 97 <a href="${h.route_path('edit_user_group',user_group_id=_user_group.users_group_id)}">
98 98 ${_user_group.users_group_name}
99 99 </a>
100 100 %else:
101 101 ${h.link_to_group(_user_group.users_group_name)}
102 102 %endif
103 103 </td>
104 104 <td class="td-action">
105 105 <span class="btn btn-link btn-danger revoke_perm"
106 106 member="${_user_group.users_group_id}" member_type="user_group">
107 <i class="icon-remove"></i> ${_('Revoke')}
107 ${_('Revoke')}
108 108 </span>
109 109 </td>
110 110 </tr>
111 111 %endfor
112 112
113 113 <tr class="new_members" id="add_perm_input"></tr>
114 <tr>
115 <td></td>
116 <td></td>
117 <td></td>
118 <td></td>
119 <td></td>
120 <td>
121 <span id="add_perm" class="link">
122 ${_('Add user/user group')}
123 </span>
124 </td>
125 </tr>
114 126 </table>
115 <div id="add_perm" class="link">
116 ${_('Add new')}
117 </div>
127
118 128 <div class="fields">
119 129 <div class="field">
120 130 <div class="label label-radio">
121 131 ${_('Apply to children')}:
122 132 </div>
123 133 <div class="radios">
124 134 ${h.radio('recursive', 'none', label=_('None'), checked="checked")}
125 135 ${h.radio('recursive', 'groups', label=_('Repository Groups'))}
126 136 ${h.radio('recursive', 'repos', label=_('Repositories'))}
127 137 ${h.radio('recursive', 'all', label=_('Both'))}
128 138 <span class="help-block">${_('Set or revoke permissions to selected types of children of this group, including non-private repositories and other groups if chosen.')}</span>
129 139 </div>
130 140 </div>
131 141 </div>
132 142 <div class="buttons">
133 143 ${h.submit('save',_('Save'),class_="btn btn-primary")}
134 144 ${h.reset('reset',_('Reset'),class_="btn btn-danger")}
135 145 </div>
136 146 ${h.end_form()}
137 147 </div>
138 148 </div>
139 149 <script type="text/javascript">
140 150 $('#add_perm').on('click', function(e){
141 151 addNewPermInput($(this), 'group');
142 152 });
143 153 $('.revoke_perm').on('click', function(e){
144 154 markRevokePermInput($(this), 'group');
145 155 })
146 156 </script>
Show file before | Show file after | Hide comments
@@ -1,105 +1,108 b''
1 1 ## -*- coding: utf-8 -*-
2 2 ##
3 3 ## See also repo_settings.html
4 4 ##
5 5 <%inherit file="/base/base.mako"/>
6 6
7 7 <%def name="title()">
8 8 ${_('%s repository settings') % c.rhodecode_db_repo.repo_name}
9 9 %if c.rhodecode_name:
10 10 &middot; ${h.branding(c.rhodecode_name)}
11 11 %endif
12 12 </%def>
13 13
14 14 <%def name="breadcrumbs_links()">
15 15 ${_('Settings')}
16 16 </%def>
17 17
18 18 <%def name="menu_bar_nav()">
19 19 ${self.menu_items(active='repositories')}
20 20 </%def>
21 21
22 22 <%def name="menu_bar_subnav()">
23 23 ${self.repo_menu(active='options')}
24 24 </%def>
25 25
26 26 <%def name="main_content()">
27 27 % if hasattr(c, 'repo_edit_template'):
28 28 <%include file="${c.repo_edit_template}"/>
29 29 % else:
30 30 <%include file="/admin/repos/repo_edit_${c.active}.mako"/>
31 31 % endif
32 32 </%def>
33 33
34 34
35 35 <%def name="main()">
36 36 <div class="box">
37 37 <div class="title">
38 38 ${self.repo_page_title(c.rhodecode_db_repo)}
39 39 ${self.breadcrumbs()}
40 40 </div>
41 41
42 42 <div class="sidebar-col-wrapper scw-small">
43 43 <div class="sidebar">
44 44 <ul class="nav nav-pills nav-stacked">
45 45 <li class="${'active' if c.active=='settings' else ''}">
46 46 <a href="${h.route_path('edit_repo', repo_name=c.repo_name)}">${_('Settings')}</a>
47 47 </li>
48 48 <li class="${'active' if c.active=='permissions' else ''}">
49 49 <a href="${h.route_path('edit_repo_perms', repo_name=c.repo_name)}">${_('Permissions')}</a>
50 50 </li>
51 <li class="${'active' if c.active=='permissions_branch' else ''}">
52 <a href="${h.route_path('edit_repo_perms_branch', repo_name=c.repo_name)}">${_('Branch Permissions')}</a>
53 </li>
51 54 <li class="${'active' if c.active=='advanced' else ''}">
52 55 <a href="${h.route_path('edit_repo_advanced', repo_name=c.repo_name)}">${_('Advanced')}</a>
53 56 </li>
54 57 <li class="${'active' if c.active=='vcs' else ''}">
55 58 <a href="${h.route_path('edit_repo_vcs', repo_name=c.repo_name)}">${_('VCS')}</a>
56 59 </li>
57 60 <li class="${'active' if c.active=='fields' else ''}">
58 61 <a href="${h.route_path('edit_repo_fields', repo_name=c.repo_name)}">${_('Extra Fields')}</a>
59 62 </li>
60 63 <li class="${'active' if c.active=='issuetracker' else ''}">
61 64 <a href="${h.route_path('edit_repo_issuetracker', repo_name=c.repo_name)}">${_('Issue Tracker')}</a>
62 65 </li>
63 66 <li class="${'active' if c.active=='caches' else ''}">
64 67 <a href="${h.route_path('edit_repo_caches', repo_name=c.repo_name)}">${_('Caches')}</a>
65 68 </li>
66 69 %if c.rhodecode_db_repo.repo_type != 'svn':
67 70 <li class="${'active' if c.active=='remote' else ''}">
68 71 <a href="${h.route_path('edit_repo_remote', repo_name=c.repo_name)}">${_('Remote sync')}</a>
69 72 </li>
70 73 %endif
71 74 <li class="${'active' if c.active=='statistics' else ''}">
72 75 <a href="${h.route_path('edit_repo_statistics', repo_name=c.repo_name)}">${_('Statistics')}</a>
73 76 </li>
74 77 <li class="${'active' if c.active=='integrations' else ''}">
75 78 <a href="${h.route_path('repo_integrations_home', repo_name=c.repo_name)}">${_('Integrations')}</a>
76 79 </li>
77 80 %if c.rhodecode_db_repo.repo_type != 'svn':
78 81 <li class="${'active' if c.active=='reviewers' else ''}">
79 82 <a href="${h.route_path('repo_reviewers', repo_name=c.repo_name)}">${_('Reviewer Rules')}</a>
80 83 </li>
81 84 %endif
82 85 <li class="${'active' if c.active=='automation' else ''}">
83 86 <a href="${h.route_path('repo_automation', repo_name=c.repo_name)}">${_('Automation')}</a>
84 87 </li>
85 88 <li class="${'active' if c.active=='maintenance' else ''}">
86 89 <a href="${h.route_path('edit_repo_maintenance', repo_name=c.repo_name)}">${_('Maintenance')}</a>
87 90 </li>
88 91 <li class="${'active' if c.active=='strip' else ''}">
89 92 <a href="${h.route_path('edit_repo_strip', repo_name=c.repo_name)}">${_('Strip')}</a>
90 93 </li>
91 94 <li class="${'active' if c.active=='audit' else ''}">
92 95 <a href="${h.route_path('edit_repo_audit_logs', repo_name=c.repo_name)}">${_('Audit logs')}</a>
93 96 </li>
94 97
95 98 </ul>
96 99 </div>
97 100
98 101 <div class="main-content-full-width">
99 102 ${self.main_content()}
100 103 </div>
101 104
102 105 </div>
103 106 </div>
104 107
105 108 </%def> No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,123 +1,135 b''
1 1 <%namespace name="base" file="/base/base.mako"/>
2 2
3 3 <div class="panel panel-default">
4 4 <div class="panel-heading">
5 5 <h3 class="panel-title">${_('Repository Permissions')}</h3>
6 6 </div>
7 7 <div class="panel-body">
8 8 ${h.secure_form(h.route_path('edit_repo_perms', repo_name=c.repo_name), request=request)}
9 9 <table id="permissions_manage" class="rctable permissions">
10 10 <tr>
11 11 <th class="td-radio">${_('None')}</th>
12 12 <th class="td-radio">${_('Read')}</th>
13 13 <th class="td-radio">${_('Write')}</th>
14 14 <th class="td-radio">${_('Admin')}</th>
15 15 <th class="td-owner">${_('User/User Group')}</th>
16 16 <th></th>
17 17 </tr>
18 18 ## USERS
19 19 %for _user in c.rhodecode_db_repo.permissions():
20 20 %if getattr(_user, 'admin_row', None) or getattr(_user, 'owner_row', None):
21 21 <tr class="perm_admin_row">
22 22 <td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.none', disabled="disabled")}</td>
23 23 <td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.read', disabled="disabled")}</td>
24 24 <td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.write', disabled="disabled")}</td>
25 25 <td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.admin', 'repository.admin', disabled="disabled")}</td>
26 26 <td class="td-user">
27 27 ${base.gravatar(_user.email, 16)}
28 28 ${h.link_to_user(_user.username)}
29 29 %if getattr(_user, 'admin_row', None):
30 30 (${_('super admin')})
31 31 %endif
32 32 %if getattr(_user, 'owner_row', None):
33 33 (${_('owner')})
34 34 %endif
35 35 </td>
36 36 <td></td>
37 37 </tr>
38 38 %elif _user.username == h.DEFAULT_USER and c.rhodecode_db_repo.private:
39 39 <tr>
40 40 <td colspan="4">
41 41 <span class="private_repo_msg">
42 42 <strong title="${h.tooltip(_user.permission)}">${_('private repository')}</strong>
43 43 </span>
44 44 </td>
45 45 <td class="private_repo_msg">
46 46 ${base.gravatar(h.DEFAULT_USER_EMAIL, 16)}
47 47 ${h.DEFAULT_USER} - ${_('only users/user groups explicitly added here will have access')}</td>
48 48 <td></td>
49 49 </tr>
50 50 %else:
51 51 <tr>
52 52 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'repository.none', checked=_user.permission=='repository.none')}</td>
53 53 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'repository.read', checked=_user.permission=='repository.read')}</td>
54 54 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'repository.write', checked=_user.permission=='repository.write')}</td>
55 55 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'repository.admin', checked=_user.permission=='repository.admin')}</td>
56 56 <td class="td-user">
57 57 ${base.gravatar(_user.email, 16)}
58 58 <span class="user">
59 59 % if _user.username == h.DEFAULT_USER:
60 60 ${h.DEFAULT_USER} <span class="user-perm-help-text"> - ${_('permission for all other users')}</span>
61 61 % else:
62 62 ${h.link_to_user(_user.username)}
63 63 % endif
64 64 </span>
65 65 </td>
66 66 <td class="td-action">
67 67 %if _user.username != h.DEFAULT_USER:
68 68 <span class="btn btn-link btn-danger revoke_perm"
69 69 member="${_user.user_id}" member_type="user">
70 <i class="icon-remove"></i> ${_('Revoke')}
70 ${_('Revoke')}
71 71 </span>
72 72 %endif
73 73 </td>
74 74 </tr>
75 75 %endif
76 76 %endfor
77 77
78 78 ## USER GROUPS
79 79 %for _user_group in c.rhodecode_db_repo.permission_user_groups():
80 80 <tr>
81 81 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.none', checked=_user_group.permission=='repository.none')}</td>
82 82 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.read', checked=_user_group.permission=='repository.read')}</td>
83 83 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.write', checked=_user_group.permission=='repository.write')}</td>
84 84 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.admin', checked=_user_group.permission=='repository.admin')}</td>
85 85 <td class="td-componentname">
86 <i class="icon-group" ></i>
86 <i class="icon-user-group"></i>
87 87 %if h.HasPermissionAny('hg.admin')():
88 88 <a href="${h.route_path('edit_user_group',user_group_id=_user_group.users_group_id)}">
89 89 ${_user_group.users_group_name}
90 90 </a>
91 91 %else:
92 92 ${h.link_to_group(_user_group.users_group_name)}
93 93 %endif
94 94 </td>
95 95 <td class="td-action">
96 96 <span class="btn btn-link btn-danger revoke_perm"
97 97 member="${_user_group.users_group_id}" member_type="user_group">
98 <i class="icon-remove"></i> ${_('Revoke')}
98 ${_('Revoke')}
99 99 </span>
100 100 </td>
101 101 </tr>
102 102 %endfor
103 103 <tr class="new_members" id="add_perm_input"></tr>
104
105 <tr>
106 <td></td>
107 <td></td>
108 <td></td>
109 <td></td>
110 <td></td>
111 <td>
112 <span id="add_perm" class="link">
113 ${_('Add user/user group')}
114 </span>
115 </td>
116 </tr>
117
104 118 </table>
105 <div id="add_perm" class="link">
106 ${_('Add new')}
107 </div>
119
108 120 <div class="buttons">
109 121 ${h.submit('save',_('Save'),class_="btn btn-primary")}
110 122 ${h.reset('reset',_('Reset'),class_="btn btn-danger")}
111 123 </div>
112 124 ${h.end_form()}
113 125 </div>
114 126 </div>
115 127
116 128 <script type="text/javascript">
117 129 $('#add_perm').on('click', function(e){
118 130 addNewPermInput($(this), 'repository');
119 131 });
120 132 $('.revoke_perm').on('click', function(e){
121 133 markRevokePermInput($(this), 'repository');
122 134 });
123 135 </script>
Show file before | Show file after | Hide comments
@@ -1,134 +1,144 b''
1 1 <%namespace name="base" file="/base/base.mako"/>
2 2
3 3 <div class="panel panel-default">
4 4 <div class="panel-heading">
5 5 <h3 class="panel-title">${_('User Group Permissions')}</h3>
6 6 </div>
7 7 <div class="panel-body">
8 8 ${h.secure_form(h.route_path('edit_user_group_perms_update', user_group_id=c.user_group.users_group_id), request=request)}
9 9 <table id="permissions_manage" class="rctable permissions">
10 10 <tr>
11 11 <th class="td-radio">${_('None')}</th>
12 12 <th class="td-radio">${_('Read')}</th>
13 13 <th class="td-radio">${_('Write')}</th>
14 14 <th class="td-radio">${_('Admin')}</th>
15 15 <th>${_('User/User Group')}</th>
16 16 <th></th>
17 17 </tr>
18 18 ## USERS
19 19 %for _user in c.user_group.permissions():
20 20 %if getattr(_user, 'admin_row', None) or getattr(_user, 'owner_row', None):
21 21 <tr class="perm_admin_row">
22 22 <td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.none', disabled="disabled")}</td>
23 23 <td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.read', disabled="disabled")}</td>
24 24 <td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.write', disabled="disabled")}</td>
25 25 <td class="td-radio">${h.radio('admin_perm_%s' % _user.user_id,'repository.admin', 'repository.admin', disabled="disabled")}</td>
26 26 <td class="td-user">
27 27 ${base.gravatar(_user.email, 16)}
28 28 <span class="user">
29 29 ${h.link_to_user(_user.username)}
30 30 %if getattr(_user, 'admin_row', None):
31 31 (${_('super admin')})
32 32 %endif
33 33 %if getattr(_user, 'owner_row', None):
34 34 (${_('owner')})
35 35 %endif
36 36 </span>
37 37 </td>
38 38 <td></td>
39 39 </tr>
40 40 %else:
41 41 ##forbid revoking permission from yourself, except if you're an super admin
42 42 <tr>
43 43 %if c.rhodecode_user.user_id != _user.user_id or c.rhodecode_user.is_admin:
44 44 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'usergroup.none')}</td>
45 45 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'usergroup.read')}</td>
46 46 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'usergroup.write')}</td>
47 47 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'usergroup.admin')}</td>
48 48 <td class="td-user">
49 49 ${base.gravatar(_user.email, 16)}
50 50 <span class="user">
51 51 % if _user.username == h.DEFAULT_USER:
52 52 ${h.DEFAULT_USER} <span class="user-perm-help-text"> - ${_('permission for all other users')}</span>
53 53 % else:
54 54 ${h.link_to_user(_user.username)}
55 55 % endif
56 56 </span>
57 57 </td>
58 58 <td class="td-action">
59 59 %if _user.username != h.DEFAULT_USER:
60 60 <span class="btn btn-link btn-danger revoke_perm"
61 61 member="${_user.user_id}" member_type="user">
62 <i class="icon-remove"></i> ${_('revoke')}
62 ${_('Revoke')}
63 63 </span>
64 64 %endif
65 65 </td>
66 66 %else:
67 67 ## special case for current user permissions, we make sure he cannot take his own permissions
68 68 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'usergroup.none', disabled="disabled")}</td>
69 69 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'usergroup.read', disabled="disabled")}</td>
70 70 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'usergroup.write', disabled="disabled")}</td>
71 71 <td class="td-radio">${h.radio('u_perm_%s' % _user.user_id,'usergroup.admin', disabled="disabled")}</td>
72 72 <td class="td-user">
73 73 ${base.gravatar(_user.email, 16)}
74 74 <span class="user">
75 75 % if _user.username == h.DEFAULT_USER:
76 76 ${h.DEFAULT_USER} <span class="user-perm-help-text"> - ${_('permission for all other users')}</span>
77 77 % else:
78 78 ${h.link_to_user(_user.username)}
79 79 % endif
80 80 <span class="user-perm-help-text">(${_('delegated admin')})</span>
81 81 </span>
82 82 </td>
83 83 <td></td>
84 84 %endif
85 85 </tr>
86 86 %endif
87 87 %endfor
88 88
89 89 ## USER GROUPS
90 90 %for _user_group in c.user_group.permission_user_groups():
91 91 <tr>
92 92 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'usergroup.none')}</td>
93 93 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'usergroup.read')}</td>
94 94 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'usergroup.write')}</td>
95 95 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'usergroup.admin')}</td>
96 96 <td class="td-user">
97 <i class="icon-group" ></i>
97 <i class="icon-user-group"></i>
98 98 %if h.HasPermissionAny('hg.admin')():
99 99 <a href="${h.route_path('edit_user_group',user_group_id=_user_group.users_group_id)}">
100 100 ${_user_group.users_group_name}
101 101 </a>
102 102 %else:
103 103 ${h.link_to_group(_user_group.users_group_name)}
104 104 %endif
105 105 </td>
106 106 <td class="td-action">
107 107 <span class="btn btn-link btn-danger revoke_perm"
108 108 member="${_user_group.users_group_id}" member_type="user_group">
109 <i class="icon-remove"></i> ${_('revoke')}
109 ${_('Revoke')}
110 110 </span>
111 111 </td>
112 112 </tr>
113 113 %endfor
114 114 <tr class="new_members" id="add_perm_input"></tr>
115 <tr>
116 <td></td>
117 <td></td>
118 <td></td>
119 <td></td>
120 <td></td>
121 <td>
122 <span id="add_perm" class="link">
123 ${_('Add user/user group')}
124 </span>
125 </td>
126 </tr>
115 127 </table>
116 <div id="add_perm" class="link">
117 ${_('Add new')}
118 </div>
128
119 129 <div class="buttons">
120 130 ${h.submit('save',_('Save'),class_="btn btn-primary")}
121 131 ${h.reset('reset',_('Reset'),class_="btn btn-danger")}
122 132 </div>
123 133 ${h.end_form()}
124 134 </div>
125 135 </div>
126 136
127 137 <script type="text/javascript">
128 138 $('#add_perm').on('click', function(e){
129 139 addNewPermInput($(this), 'usergroup');
130 140 });
131 141 $('.revoke_perm').on('click', function(e){
132 142 markRevokePermInput($(this), 'usergroup');
133 143 });
134 144 </script>
Show file before | Show file after | Hide comments
@@ -1,147 +1,147 b''
1 1 ## -*- coding: utf-8 -*-
2 2
3 3
4 4 <div class="panel panel-default">
5 5 <div class="panel-heading">
6 6 <h3 class="panel-title">${_('User groups administration')}</h3>
7 7 </div>
8 8 <div class="panel-body">
9 9 <div class="fields">
10 10 <div class="field">
11 11 <div class="label label-checkbox">
12 12 <label for="users_group_active">${_('Add `%s` to user group') % c.user.username}:</label>
13 13 </div>
14 14 <div class="input">
15 15 ${h.text('add_user_to_group', placeholder="user group name", class_="medium")}
16 16 </div>
17 17
18 18 </div>
19 19 </div>
20 20
21 21 <div class="groups_management">
22 22 ${h.secure_form(h.route_path('edit_user_groups_management_updates', user_id=c.user.user_id), request=request)}
23 23 <div id="repos_list_wrap">
24 24 <table id="user_group_list_table" class="display"></table>
25 25 </div>
26 26 <div class="buttons">
27 27 ${h.submit('save',_('Save'),class_="btn")}
28 28 </div>
29 29 ${h.end_form()}
30 30 </div>
31 31 </div>
32 32 </div>
33 33 <script>
34 34 var api;
35 35 $(document).ready(function() {
36 36
37 37 var get_datatable_count = function(){
38 38 $('#user_group_count').text(api.page.info().recordsDisplay);
39 39 };
40 40
41 41 $('#user_group_list_table').on('click', 'a.editor_remove', function (e) {
42 42 e.preventDefault();
43 43 var row = api.row($(this).closest('tr'));
44 44 row.remove().draw();
45 45 } );
46 46
47 47 $('#user_group_list_table').DataTable({
48 48 data: ${c.groups|n},
49 49 dom: 'rtp',
50 50 pageLength: ${c.visual.admin_grid_items},
51 51 order: [[ 0, "asc" ]],
52 52 columns: [
53 53 { data: {"_": "group_name",
54 54 "sort": "group_name"}, title: "${_('Name')}", className: "td-componentname," ,
55 55 render: function (data,type,full,meta)
56 {return '<div><i class="icon-group" title="User group">'+data+'</i></div>'}},
56 {return '<div><i class="icon-user-group" title="User group">'+data+'</i></div>'}},
57 57
58 58 { data: {"_": "group_description",
59 59 "sort": "group_description"}, title: "${_('Description')}", className: "td-description" },
60 60 { data: {"_": "users_group_id"}, className: "td-user",
61 61 render: function (data,type,full,meta)
62 62 {return '<input type="hidden" name="users_group_id" value="'+data+'">'}},
63 63 { data: {"_": "active",
64 64 "sort": "active"}, title: "${_('Active')}", className: "td-active"},
65 65 { data: {"_": "owner_data"}, title: "${_('Owner')}", className: "td-user",
66 66 render: function (data,type,full,meta)
67 67 {return '<div class="rc-user tooltip">'+
68 68 '<img class="gravatar" src="'+ data.owner_icon +'" height="16" width="16">'+
69 69 data.owner +'</div>'
70 70 }
71 71 },
72 72 { data: null,
73 73 title: "${_('Action')}",
74 74 className: "td-action",
75 75 defaultContent: '-'
76 76 }
77 77 ],
78 78 language: {
79 79 paginate: DEFAULT_GRID_PAGINATION,
80 80 emptyTable: _gettext("No user groups available yet.")
81 81 },
82 82 "initComplete": function( settings, json ) {
83 83 var data_grid = $('#user_group_list_table').dataTable();
84 84 api = data_grid.api();
85 85 get_datatable_count();
86 86 }
87 87 });
88 88
89 89 // update the counter when doing search
90 90 $('#user_group_list_table').on( 'search.dt', function (e,settings) {
91 91 get_datatable_count();
92 92 });
93 93
94 94 // filter, filter both grids
95 95 $('#q_filter').on( 'keyup', function () {
96 96 var user_api = $('#user_group_list_table').dataTable().api();
97 97 user_api
98 98 .columns(0)
99 99 .search(this.value)
100 100 .draw();
101 101 });
102 102
103 103 // refilter table if page load via back button
104 104 $("#q_filter").trigger('keyup');
105 105
106 106 });
107 107
108 108 $('#language').select2({
109 109 'containerCssClass': "drop-menu",
110 110 'dropdownCssClass': "drop-menu-dropdown",
111 111 'dropdownAutoWidth': true
112 112 });
113 113
114 114
115 115
116 116 $(document).ready(function(){
117 117 $("#group_parent_id").select2({
118 118 'containerCssClass': "drop-menu",
119 119 'dropdownCssClass': "drop-menu-dropdown",
120 120 'dropdownAutoWidth': true
121 121 });
122 122
123 123 $('#add_user_to_group').autocomplete({
124 124 serviceUrl: pyroutes.url('user_group_autocomplete_data'),
125 125 minChars:2,
126 126 maxHeight:400,
127 127 width:300,
128 128 deferRequestBy: 300, //miliseconds
129 129 showNoSuggestionNotice: true,
130 130 params: { user_groups:true },
131 131 formatResult: autocompleteFormatResult,
132 132 lookupFilter: autocompleteFilterResult,
133 133 onSelect: function(element, suggestion){
134 134 var owner = {owner_icon: suggestion.owner_icon, owner:suggestion.owner};
135 135 api.row.add(
136 136 {"active": suggestion.active,
137 137 "owner_data": owner,
138 138 "users_group_id": suggestion.id,
139 139 "group_description": suggestion.description,
140 140 "group_name": suggestion.value}).draw();
141 141 }
142 142 });
143 143 })
144 144
145 145 </script>
146 146
147 147
Show file before | Show file after | Hide comments
@@ -1,268 +1,353 b''
1 1 ## snippet for displaying permissions overview for users
2 2 ## usage:
3 3 ## <%namespace name="p" file="/base/perms_summary.mako"/>
4 4 ## ${p.perms_summary(c.perm_user.permissions)}
5 5
6 6 <%def name="perms_summary(permissions, show_all=False, actions=True, side_link=None)">
7 <% section_to_label = {
8 'global': 'Global Permissions',
9 'repository_branches': 'Repository Branch Rules',
10 'repositories': 'Repository Permissions',
11 'user_groups': 'User Group Permissions',
12 'repositories_groups': 'Repository Group Permissions',
13 } %>
7 14 <div id="perms" class="table fields">
8 %for section in sorted(permissions.keys()):
15 %for section in sorted(permissions.keys(), key=lambda item: {'global': 0, 'repository_branches': 1}.get(item, 1000)):
9 16 <div class="panel panel-default">
10 <div class="panel-heading">
11 <h3 class="panel-title">${section.replace("_"," ").capitalize()}</h3>
17 <div class="panel-heading" id="${section.replace("_","-")}-permissions">
18 <h3 class="panel-title">${section_to_label.get(section, section)} - ${len(permissions[section])}
19 <a class="permalink" href="#${section.replace("_","-")}-permissions"></a>
20 </h3>
12 21 % if side_link:
13 22 <div class="pull-right">
14 23 <a href="${side_link}">${_('in JSON format')}</a>
15 24 </div>
16 25 % endif
17 26 </div>
18 27 <div class="panel-body">
19 28 <div class="perms_section_head field">
20 29 <div class="radios">
21 %if section != 'global':
30 % if section == 'repository_branches':
22 31 <span class="permissions_boxes">
23 32 <span class="desc">${_('show')}: </span>
24 ${h.checkbox('perms_filter_none_%s' % section, 'none', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='none')} <label for="${'perms_filter_none_%s' % section}"><span class="perm_tag none">${_('none')}</span></label>
25 ${h.checkbox('perms_filter_read_%s' % section, 'read', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='read')} <label for="${'perms_filter_read_%s' % section}"><span class="perm_tag read">${_('read')}</span></label>
26 ${h.checkbox('perms_filter_write_%s' % section, 'write', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='write')} <label for="${'perms_filter_write_%s' % section}"> <span class="perm_tag write">${_('write')}</span></label>
27 ${h.checkbox('perms_filter_admin_%s' % section, 'admin', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='admin')} <label for="${'perms_filter_admin_%s' % section}"><span class="perm_tag admin">${_('admin')}</span></label>
33 ${h.checkbox('perms_filter_none_%s' % section, 'none', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='none')} <label for="${'perms_filter_none_{}'.format(section)}"><span class="perm_tag none">${_('none')}</span></label>
34 ${h.checkbox('perms_filter_merge_%s' % section, 'merge', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='merge')} <label for="${'perms_filter_merge_{}'.format(section)}"><span class="perm_tag merge">${_('merge')}</span></label>
35 ${h.checkbox('perms_filter_push_%s' % section, 'push', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='push')} <label for="${'perms_filter_push_{}'.format(section)}"> <span class="perm_tag push">${_('push')}</span></label>
36 ${h.checkbox('perms_filter_push_force_%s' % section, 'push_force', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='push_force')} <label for="${'perms_filter_push_force_{}'.format(section)}"><span class="perm_tag push_force">${_('push force')}</span></label>
28 37 </span>
29 %endif
38 % elif section != 'global':
39 <span class="permissions_boxes">
40 <span class="desc">${_('show')}: </span>
41 ${h.checkbox('perms_filter_none_%s' % section, 'none', '', class_='perm_filter filter_%s' % section, section=section, perm_type='none')} <label for="${'perms_filter_none_{}'.format(section)}"><span class="perm_tag none">${_('none')}</span></label>
42 ${h.checkbox('perms_filter_read_%s' % section, 'read', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='read')} <label for="${'perms_filter_read_{}'.format(section)}"><span class="perm_tag read">${_('read')}</span></label>
43 ${h.checkbox('perms_filter_write_%s' % section, 'write', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='write')} <label for="${'perms_filter_write_{}'.format(section)}"> <span class="perm_tag write">${_('write')}</span></label>
44 ${h.checkbox('perms_filter_admin_%s' % section, 'admin', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='admin')} <label for="${'perms_filter_admin_{}'.format(section)}"><span class="perm_tag admin">${_('admin')}</span></label>
45 </span>
46 % endif
47
30 48 </div>
31 49 </div>
32 50 <div class="field">
33 51 %if not permissions[section]:
34 52 <p class="empty_data help-block">${_('No permissions defined')}</p>
35 53 %else:
36 54 <div id='tbl_list_wrap_${section}'>
37 55 <table id="tbl_list_${section}" class="rctable">
38 56 ## global permission box
39 57 %if section == 'global':
40 58 <thead>
41 59 <tr>
42 60 <th colspan="2" class="left">${_('Permission')}</th>
43 61 %if actions:
44 62 <th colspan="2">${_('Edit Permission')}</th>
45 63 %endif
46 64 </thead>
47 65 <tbody>
48 66
49 67 <%
50 68 def get_section_perms(prefix, opts):
51 69 _selected = []
52 70 for op in opts:
53 71 if op.startswith(prefix) and not op.startswith('hg.create.write_on_repogroup'):
54 72 _selected.append(op)
55 73 admin = 'hg.admin' in opts
56 74 _selected_vals = [x.partition(prefix)[-1] for x in _selected]
57 75 return admin, _selected_vals, _selected
58 76 %>
59 77
60 78 <%def name="glob(lbl, val, val_lbl=None, edit_url=None, edit_global_url=None)">
61 79 <tr>
62 80 <td class="td-tags">
63 81 ${lbl}
64 82 </td>
65 83 <td class="td-tags">
66 84 %if val[0]:
67 85 %if not val_lbl:
68 86 ## super admin case
69 87 True
70 88 %else:
71 89 <span class="perm_tag admin">${val_lbl}.admin</span>
72 90 %endif
73 91 %else:
74 92 %if not val_lbl:
75 ${
76 {'false': False,
93 ${{'false': False,
77 94 'true': True,
78 95 'none': False,
79 'repository': True}.get(val[1][0] if 0 < len(val[1]) else 'false')
80 }
96 'repository': True}.get(val[1][0] if 0 < len(val[1]) else 'false')}
81 97 %else:
82 98 <span class="perm_tag ${val[1][0]}">${val_lbl}.${val[1][0]}</span>
83 99 %endif
84 100 %endif
85 101 </td>
86 102 %if actions:
87 103
88 104 % if edit_url or edit_global_url:
89 105
90 106 <td class="td-action">
91 107 % if edit_url:
92 108 <a href="${edit_url}">${_('edit')}</a>
93 109 % else:
94 110 -
95 111 % endif
96 112 </td>
97 113
98 114 <td class="td-action">
99 115 % if edit_global_url:
100 116 <a href="${edit_global_url}">${_('edit global')}</a>
101 117 % else:
102 118 -
103 119 % endif
104 120 </td>
105 121
106 122 % else:
107 123 <td class="td-action"></td>
108 124 <td class="td-action">
109 125 <a href="${h.route_path('admin_permissions_global')}">${_('edit global')}</a>
110 126 <td class="td-action">
111 127 % endif
112 128
113 129 %endif
114 130 </tr>
115 131 </%def>
116 132
117 133 ${glob(_('Repository default permission'), get_section_perms('repository.', permissions[section]), 'repository',
118 134 edit_url=None, edit_global_url=h.route_path('admin_permissions_object'))}
119 135
120 136 ${glob(_('Repository group default permission'), get_section_perms('group.', permissions[section]), 'group',
121 137 edit_url=None, edit_global_url=h.route_path('admin_permissions_object'))}
122 138
123 139 ${glob(_('User group default permission'), get_section_perms('usergroup.', permissions[section]), 'usergroup',
124 140 edit_url=None, edit_global_url=h.route_path('admin_permissions_object'))}
125 141
126 142 ${glob(_('Super admin'), get_section_perms('hg.admin', permissions[section]),
127 143 edit_url=h.route_path('user_edit', user_id=c.user.user_id, _anchor='admin'), edit_global_url=None)}
128 144
129 145 ${glob(_('Inherit permissions'), get_section_perms('hg.inherit_default_perms.', permissions[section]),
130 146 edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=None)}
131 147
132 148 ${glob(_('Create repositories'), get_section_perms('hg.create.', permissions[section]),
133 149 edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=h.route_path('admin_permissions_object'))}
134 150
135 151 ${glob(_('Fork repositories'), get_section_perms('hg.fork.', permissions[section]),
136 152 edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=h.route_path('admin_permissions_object'))}
137 153
138 154 ${glob(_('Create repository groups'), get_section_perms('hg.repogroup.create.', permissions[section]),
139 155 edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=h.route_path('admin_permissions_object'))}
140 156
141 157 ${glob(_('Create user groups'), get_section_perms('hg.usergroup.create.', permissions[section]),
142 158 edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=h.route_path('admin_permissions_object'))}
143 159
144 160 </tbody>
161 ## Branch perms
162 %elif section == 'repository_branches':
163 <thead>
164 <tr>
165 <th>${_('Name')}</th>
166 <th>${_('Pattern')}</th>
167 <th>${_('Permission')}</th>
168 %if actions:
169 <th>${_('Edit Branch Permission')}</th>
170 %endif
171 </thead>
172 <tbody class="section_${section}">
173 <%
174 def name_sorter(permissions):
175 def custom_sorter(item):
176 return item[0]
177 return sorted(permissions, key=custom_sorter)
178
179 def branch_sorter(permissions):
180 def custom_sorter(item):
181 ## none, merge, push, push_force
182 section = item[1].split('.')[-1]
183 section_importance = {'none': u'0',
184 'merge': u'1',
185 'push': u'2',
186 'push_force': u'3'}.get(section)
187 ## sort by importance + name
188 return section_importance + item[0]
189 return sorted(permissions, key=custom_sorter)
190 %>
191 %for k, section_perms in name_sorter(permissions[section].items()):
192 % for pattern, perm in branch_sorter(section_perms.items()):
193 <tr class="perm_row ${'{}_{}'.format(section, perm.split('.')[-1])}">
194 <td class="td-name">
195 <a href="${h.route_path('repo_summary',repo_name=k)}">${k}</a>
196 </td>
197 <td>${pattern}</td>
198 <td class="td-tags">
199 ## TODO: calculate origin somehow
200 ## % for i, ((_pat, perm), origin) in enumerate((permissions[section].perm_origin_stack[k])):
201
202 <div>
203 <% i = 0 %>
204 <% origin = 'unknown' %>
205 <% _css_class = i > 0 and 'perm_overriden' or '' %>
206
207 <span class="${_css_class} perm_tag ${perm.split('.')[-1]}">
208 ${perm}
209 ##(${origin})
210 </span>
211 </div>
212 ## % endfor
213 </td>
214 %if actions:
215 <td class="td-action">
216 <a href="${h.route_path('edit_repo_perms_branch',repo_name=k)}">${_('edit')}</a>
217 </td>
218 %endif
219 </tr>
220 % endfor
221 %endfor
222 </tbody>
223
224 ## Repos/Repo Groups/users groups perms
145 225 %else:
226
146 227 ## none/read/write/admin permissions on groups/repos etc
147 228 <thead>
148 229 <tr>
149 230 <th>${_('Name')}</th>
150 231 <th>${_('Permission')}</th>
151 232 %if actions:
152 233 <th>${_('Edit Permission')}</th>
153 234 %endif
154 235 </thead>
155 236 <tbody class="section_${section}">
156 237 <%
157 238 def sorter(permissions):
158 239 def custom_sorter(item):
159 240 ## read/write/admin
160 241 section = item[1].split('.')[-1]
161 242 section_importance = {'none': u'0',
162 243 'read': u'1',
163 244 'write':u'2',
164 245 'admin':u'3'}.get(section)
165 246 ## sort by group importance+name
166 247 return section_importance+item[0]
167 248 return sorted(permissions, key=custom_sorter)
168 249 %>
169 250 %for k, section_perm in sorter(permissions[section].items()):
170 %if section_perm.split('.')[-1] != 'none' or show_all:
171 <tr class="perm_row ${'%s_%s' % (section, section_perm.split('.')[-1])}">
251 <% perm_value = section_perm.split('.')[-1] %>
252 <% _css_class = 'display:none' if perm_value in ['none'] else '' %>
253
254 %if perm_value != 'none' or show_all:
255 <tr class="perm_row ${'{}_{}'.format(section, section_perm.split('.')[-1])}" style="${_css_class}">
172 256 <td class="td-name">
173 257 %if section == 'repositories':
174 258 <a href="${h.route_path('repo_summary',repo_name=k)}">${k}</a>
175 259 %elif section == 'repositories_groups':
176 260 <a href="${h.route_path('repo_group_home', repo_group_name=k)}">${k}</a>
177 261 %elif section == 'user_groups':
178 262 ##<a href="${h.route_path('edit_user_group',user_group_id=k)}">${k}</a>
179 263 ${k}
180 264 %endif
181 265 </td>
182 266 <td class="td-tags">
183 267 %if hasattr(permissions[section], 'perm_origin_stack'):
184 268 <div>
185 269 %for i, (perm, origin) in enumerate(reversed(permissions[section].perm_origin_stack[k])):
186
270 <% _css_class = i > 0 and 'perm_overriden' or '' %>
187 271 % if i > 0:
188 272 <div style="color: #979797">
189 273 <i class="icon-arrow_up"></i>
190 274 ${_('overridden by')}
191 275 <i class="icon-arrow_up"></i>
192 276 </div>
193 277 % endif
194 278
195 279 <div>
196 <span class="${i > 0 and 'perm_overriden' or ''} perm_tag ${perm.split('.')[-1]}">
280 <span class="${_css_class} perm_tag ${perm.split('.')[-1]}">
197 281 ${perm} (${origin})
198 282 </span>
199 283 </div>
200 284
201 285 %endfor
202 286 </div>
203 287 %else:
204 288 <span class="perm_tag ${section_perm.split('.')[-1]}">${section_perm}</span>
205 289 %endif
206 290 </td>
207 291 %if actions:
208 292 <td class="td-action">
209 293 %if section == 'repositories':
210 294 <a href="${h.route_path('edit_repo_perms',repo_name=k,_anchor='permissions_manage')}">${_('edit')}</a>
211 295 %elif section == 'repositories_groups':
212 296 <a href="${h.route_path('edit_repo_group_perms',repo_group_name=k,_anchor='permissions_manage')}">${_('edit')}</a>
213 297 %elif section == 'user_groups':
214 298 ##<a href="${h.route_path('edit_user_group',user_group_id=k)}">${_('edit')}</a>
215 299 %endif
216 300 </td>
217 301 %endif
218 302 </tr>
219 303 %endif
220 304 %endfor
221 305
222 306 <tr id="empty_${section}" class="noborder" style="display:none;">
223 <td colspan="6">${_('No permission defined')}</td>
307 <td colspan="6">${_('No matching permission defined')}</td>
224 308 </tr>
225 309
226 310 </tbody>
227 311 %endif
228 312 </table>
229 313 </div>
230 314 %endif
231 315 </div>
232 316 </div>
233 317 </div>
234 318 %endfor
235 319 </div>
236 320
237 321 <script>
238 322 $(document).ready(function(){
239 var show_empty = function(section){
323 var showEmpty = function(section){
240 324 var visible = $('.section_{0} tr.perm_row:visible'.format(section)).length;
241 if(visible == 0){
325 if(visible === 0){
242 326 $('#empty_{0}'.format(section)).show();
243 327 }
244 328 else{
245 329 $('#empty_{0}'.format(section)).hide();
246 330 }
247 331 };
332
248 333 $('.perm_filter').on('change', function(e){
249 334 var self = this;
250 335 var section = $(this).attr('section');
251 336
252 337 var opts = {};
253 338 var elems = $('.filter_' + section).each(function(el){
254 339 var perm_type = $(this).attr('perm_type');
255 340 var checked = this.checked;
256 341 opts[perm_type] = checked;
257 342 if(checked){
258 343 $('.'+section+'_'+perm_type).show();
259 344 }
260 345 else{
261 346 $('.'+section+'_'+perm_type).hide();
262 347 }
263 348 });
264 show_empty(section);
349 showEmpty(section);
265 350 })
266 351 })
267 352 </script>
268 353 </%def>
Show file before | Show file after | Hide comments
@@ -1,425 +1,425 b''
1 1 ## DATA TABLE RE USABLE ELEMENTS
2 2 ## usage:
3 3 ## <%namespace name="dt" file="/data_table/_dt_elements.mako"/>
4 4 <%namespace name="base" file="/base/base.mako"/>
5 5
6 6 <%def name="metatags_help()">
7 7 <table>
8 8 <%
9 9 example_tags = [
10 10 ('state','[stable]'),
11 11 ('state','[stale]'),
12 12 ('state','[featured]'),
13 13 ('state','[dev]'),
14 14 ('state','[dead]'),
15 15 ('state','[deprecated]'),
16 16
17 17 ('label','[personal]'),
18 18 ('generic','[v2.0.0]'),
19 19
20 20 ('lang','[lang =&gt; JavaScript]'),
21 21 ('license','[license =&gt; LicenseName]'),
22 22
23 23 ('ref','[requires =&gt; RepoName]'),
24 24 ('ref','[recommends =&gt; GroupName]'),
25 25 ('ref','[conflicts =&gt; SomeName]'),
26 26 ('ref','[base =&gt; SomeName]'),
27 27 ('url','[url =&gt; [linkName](https://rhodecode.com)]'),
28 28 ('see','[see =&gt; http://rhodecode.com]'),
29 29 ]
30 30 %>
31 31 % for tag_type, tag in example_tags:
32 32 <tr>
33 33 <td>${tag|n}</td>
34 34 <td>${h.style_metatag(tag_type, tag)|n}</td>
35 35 </tr>
36 36 % endfor
37 37 </table>
38 38 </%def>
39 39
40 40 ## REPOSITORY RENDERERS
41 41 <%def name="quick_menu(repo_name)">
42 42 <i class="icon-more"></i>
43 43 <div class="menu_items_container hidden">
44 44 <ul class="menu_items">
45 45 <li>
46 46 <a title="${_('Summary')}" href="${h.route_path('repo_summary',repo_name=repo_name)}">
47 47 <span>${_('Summary')}</span>
48 48 </a>
49 49 </li>
50 50 <li>
51 51 <a title="${_('Changelog')}" href="${h.route_path('repo_changelog',repo_name=repo_name)}">
52 52 <span>${_('Changelog')}</span>
53 53 </a>
54 54 </li>
55 55 <li>
56 56 <a title="${_('Files')}" href="${h.route_path('repo_files:default_commit',repo_name=repo_name)}">
57 57 <span>${_('Files')}</span>
58 58 </a>
59 59 </li>
60 60 <li>
61 61 <a title="${_('Fork')}" href="${h.route_path('repo_fork_new',repo_name=repo_name)}">
62 62 <span>${_('Fork')}</span>
63 63 </a>
64 64 </li>
65 65 </ul>
66 66 </div>
67 67 </%def>
68 68
69 69 <%def name="repo_name(name,rtype,rstate,private,fork_of,short_name=False,admin=False)">
70 70 <%
71 71 def get_name(name,short_name=short_name):
72 72 if short_name:
73 73 return name.split('/')[-1]
74 74 else:
75 75 return name
76 76 %>
77 77 <div class="${'repo_state_pending' if rstate == 'repo_state_pending' else ''} truncate">
78 78 ##NAME
79 79 <a href="${h.route_path('edit_repo',repo_name=name) if admin else h.route_path('repo_summary',repo_name=name)}">
80 80
81 81 ##TYPE OF REPO
82 82 %if h.is_hg(rtype):
83 83 <span title="${_('Mercurial repository')}"><i class="icon-hg" style="font-size: 14px;"></i></span>
84 84 %elif h.is_git(rtype):
85 85 <span title="${_('Git repository')}"><i class="icon-git" style="font-size: 14px"></i></span>
86 86 %elif h.is_svn(rtype):
87 87 <span title="${_('Subversion repository')}"><i class="icon-svn" style="font-size: 14px"></i></span>
88 88 %endif
89 89
90 90 ##PRIVATE/PUBLIC
91 91 %if private and c.visual.show_private_icon:
92 92 <i class="icon-lock" title="${_('Private repository')}"></i>
93 93 %elif not private and c.visual.show_public_icon:
94 94 <i class="icon-unlock-alt" title="${_('Public repository')}"></i>
95 95 %else:
96 96 <span></span>
97 97 %endif
98 98 ${get_name(name)}
99 99 </a>
100 100 %if fork_of:
101 101 <a href="${h.route_path('repo_summary',repo_name=fork_of.repo_name)}"><i class="icon-code-fork"></i></a>
102 102 %endif
103 103 %if rstate == 'repo_state_pending':
104 104 <span class="creation_in_progress tooltip" title="${_('This repository is being created in a background task')}">
105 105 (${_('creating...')})
106 106 </span>
107 107 %endif
108 108 </div>
109 109 </%def>
110 110
111 111 <%def name="repo_desc(description, stylify_metatags)">
112 112 <%
113 113 tags, description = h.extract_metatags(description)
114 114 %>
115 115
116 116 <div class="truncate-wrap">
117 117 % if stylify_metatags:
118 118 % for tag_type, tag in tags:
119 119 ${h.style_metatag(tag_type, tag)|n}
120 120 % endfor
121 121 % endif
122 122 ${description}
123 123 </div>
124 124
125 125 </%def>
126 126
127 127 <%def name="last_change(last_change)">
128 128 ${h.age_component(last_change, time_is_local=True)}
129 129 </%def>
130 130
131 131 <%def name="revision(name,rev,tip,author,last_msg, commit_date)">
132 132 <div>
133 133 %if rev >= 0:
134 134 <code><a title="${h.tooltip('%s\n%s\n\n%s' % (author, commit_date, last_msg))}" class="tooltip" href="${h.route_path('repo_commit',repo_name=name,commit_id=tip)}">${'r%s:%s' % (rev,h.short_id(tip))}</a></code>
135 135 %else:
136 136 ${_('No commits yet')}
137 137 %endif
138 138 </div>
139 139 </%def>
140 140
141 141 <%def name="rss(name)">
142 142 %if c.rhodecode_user.username != h.DEFAULT_USER:
143 143 <a title="${h.tooltip(_('Subscribe to %s rss feed')% name)}" href="${h.route_path('rss_feed_home', repo_name=name, _query=dict(auth_token=c.rhodecode_user.feed_token))}"><i class="icon-rss-sign"></i></a>
144 144 %else:
145 145 <a title="${h.tooltip(_('Subscribe to %s rss feed')% name)}" href="${h.route_path('rss_feed_home', repo_name=name)}"><i class="icon-rss-sign"></i></a>
146 146 %endif
147 147 </%def>
148 148
149 149 <%def name="atom(name)">
150 150 %if c.rhodecode_user.username != h.DEFAULT_USER:
151 151 <a title="${h.tooltip(_('Subscribe to %s atom feed')% name)}" href="${h.route_path('atom_feed_home', repo_name=name, _query=dict(auth_token=c.rhodecode_user.feed_token))}"><i class="icon-rss-sign"></i></a>
152 152 %else:
153 153 <a title="${h.tooltip(_('Subscribe to %s atom feed')% name)}" href="${h.route_path('atom_feed_home', repo_name=name)}"><i class="icon-rss-sign"></i></a>
154 154 %endif
155 155 </%def>
156 156
157 157 <%def name="user_gravatar(email, size=16)">
158 158 <div class="rc-user tooltip" title="${h.tooltip(h.author_string(email))}">
159 159 ${base.gravatar(email, 16)}
160 160 </div>
161 161 </%def>
162 162
163 163 <%def name="repo_actions(repo_name, super_user=True)">
164 164 <div>
165 165 <div class="grid_edit">
166 166 <a href="${h.route_path('edit_repo',repo_name=repo_name)}" title="${_('Edit')}">
167 167 <i class="icon-pencil"></i>Edit</a>
168 168 </div>
169 169 <div class="grid_delete">
170 170 ${h.secure_form(h.route_path('edit_repo_advanced_delete', repo_name=repo_name), request=request)}
171 171 ${h.submit('remove_%s' % repo_name,_('Delete'),class_="btn btn-link btn-danger",
172 172 onclick="return confirm('"+_('Confirm to delete this repository: %s') % repo_name+"');")}
173 173 ${h.end_form()}
174 174 </div>
175 175 </div>
176 176 </%def>
177 177
178 178 <%def name="repo_state(repo_state)">
179 179 <div>
180 180 %if repo_state == 'repo_state_pending':
181 181 <div class="tag tag4">${_('Creating')}</div>
182 182 %elif repo_state == 'repo_state_created':
183 183 <div class="tag tag1">${_('Created')}</div>
184 184 %else:
185 185 <div class="tag alert2" title="${h.tooltip(repo_state)}">invalid</div>
186 186 %endif
187 187 </div>
188 188 </%def>
189 189
190 190
191 191 ## REPO GROUP RENDERERS
192 192 <%def name="quick_repo_group_menu(repo_group_name)">
193 193 <i class="icon-more"></i>
194 194 <div class="menu_items_container hidden">
195 195 <ul class="menu_items">
196 196 <li>
197 197 <a href="${h.route_path('repo_group_home', repo_group_name=repo_group_name)}">${_('Summary')}</a>
198 198 </li>
199 199
200 200 </ul>
201 201 </div>
202 202 </%def>
203 203
204 204 <%def name="repo_group_name(repo_group_name, children_groups=None)">
205 205 <div>
206 206 <a href="${h.route_path('repo_group_home', repo_group_name=repo_group_name)}">
207 207 <i class="icon-folder-close" title="${_('Repository group')}" style="font-size: 16px"></i>
208 208 %if children_groups:
209 209 ${h.literal(' &raquo; '.join(children_groups))}
210 210 %else:
211 211 ${repo_group_name}
212 212 %endif
213 213 </a>
214 214 </div>
215 215 </%def>
216 216
217 217 <%def name="repo_group_desc(description, personal, stylify_metatags)">
218 218
219 219 <%
220 220 tags, description = h.extract_metatags(description)
221 221 %>
222 222
223 223 <div class="truncate-wrap">
224 224 % if personal:
225 225 <div class="metatag" tag="personal">${_('personal')}</div>
226 226 % endif
227 227
228 228 % if stylify_metatags:
229 229 % for tag_type, tag in tags:
230 230 ${h.style_metatag(tag_type, tag)|n}
231 231 % endfor
232 232 % endif
233 233 ${description}
234 234 </div>
235 235
236 236 </%def>
237 237
238 238 <%def name="repo_group_actions(repo_group_id, repo_group_name, gr_count)">
239 239 <div class="grid_edit">
240 240 <a href="${h.route_path('edit_repo_group',repo_group_name=repo_group_name)}" title="${_('Edit')}">Edit</a>
241 241 </div>
242 242 <div class="grid_delete">
243 243 ${h.secure_form(h.route_path('edit_repo_group_advanced_delete', repo_group_name=repo_group_name), request=request)}
244 244 ${h.submit('remove_%s' % repo_group_name,_('Delete'),class_="btn btn-link btn-danger",
245 245 onclick="return confirm('"+_ungettext('Confirm to delete this group: %s with %s repository','Confirm to delete this group: %s with %s repositories',gr_count) % (repo_group_name, gr_count)+"');")}
246 246 ${h.end_form()}
247 247 </div>
248 248 </%def>
249 249
250 250
251 251 <%def name="user_actions(user_id, username)">
252 252 <div class="grid_edit">
253 253 <a href="${h.route_path('user_edit',user_id=user_id)}" title="${_('Edit')}">
254 254 <i class="icon-pencil"></i>${_('Edit')}</a>
255 255 </div>
256 256 <div class="grid_delete">
257 257 ${h.secure_form(h.route_path('user_delete', user_id=user_id), request=request)}
258 258 ${h.submit('remove_',_('Delete'),id="remove_user_%s" % user_id, class_="btn btn-link btn-danger",
259 259 onclick="return confirm('"+_('Confirm to delete this user: %s') % username+"');")}
260 260 ${h.end_form()}
261 261 </div>
262 262 </%def>
263 263
264 264 <%def name="user_group_actions(user_group_id, user_group_name)">
265 265 <div class="grid_edit">
266 266 <a href="${h.route_path('edit_user_group', user_group_id=user_group_id)}" title="${_('Edit')}">Edit</a>
267 267 </div>
268 268 <div class="grid_delete">
269 269 ${h.secure_form(h.route_path('user_groups_delete', user_group_id=user_group_id), request=request)}
270 270 ${h.submit('remove_',_('Delete'),id="remove_group_%s" % user_group_id, class_="btn btn-link btn-danger",
271 271 onclick="return confirm('"+_('Confirm to delete this user group: %s') % user_group_name+"');")}
272 272 ${h.end_form()}
273 273 </div>
274 274 </%def>
275 275
276 276
277 277 <%def name="user_name(user_id, username)">
278 278 ${h.link_to(h.person(username, 'username_or_name_or_email'), h.route_path('user_edit', user_id=user_id))}
279 279 </%def>
280 280
281 281 <%def name="user_profile(username)">
282 282 ${base.gravatar_with_user(username, 16)}
283 283 </%def>
284 284
285 285 <%def name="user_group_name(user_group_name)">
286 286 <div>
287 <i class="icon-group" title="${_('User group')}"></i>
287 <i class="icon-user-group" title="${_('User group')}"></i>
288 288 ${h.link_to_group(user_group_name)}
289 289 </div>
290 290 </%def>
291 291
292 292
293 293 ## GISTS
294 294
295 295 <%def name="gist_gravatar(full_contact)">
296 296 <div class="gist_gravatar">
297 297 ${base.gravatar(full_contact, 30)}
298 298 </div>
299 299 </%def>
300 300
301 301 <%def name="gist_access_id(gist_access_id, full_contact)">
302 302 <div>
303 303 <b>
304 304 <a href="${h.route_path('gist_show', gist_id=gist_access_id)}">gist: ${gist_access_id}</a>
305 305 </b>
306 306 </div>
307 307 </%def>
308 308
309 309 <%def name="gist_author(full_contact, created_on, expires)">
310 310 ${base.gravatar_with_user(full_contact, 16)}
311 311 </%def>
312 312
313 313
314 314 <%def name="gist_created(created_on)">
315 315 <div class="created">
316 316 ${h.age_component(created_on, time_is_local=True)}
317 317 </div>
318 318 </%def>
319 319
320 320 <%def name="gist_expires(expires)">
321 321 <div class="created">
322 322 %if expires == -1:
323 323 ${_('never')}
324 324 %else:
325 325 ${h.age_component(h.time_to_utcdatetime(expires))}
326 326 %endif
327 327 </div>
328 328 </%def>
329 329
330 330 <%def name="gist_type(gist_type)">
331 331 %if gist_type != 'public':
332 332 <div class="tag">${_('Private')}</div>
333 333 %endif
334 334 </%def>
335 335
336 336 <%def name="gist_description(gist_description)">
337 337 ${gist_description}
338 338 </%def>
339 339
340 340
341 341 ## PULL REQUESTS GRID RENDERERS
342 342
343 343 <%def name="pullrequest_target_repo(repo_name)">
344 344 <div class="truncate">
345 345 ${h.link_to(repo_name,h.route_path('repo_summary',repo_name=repo_name))}
346 346 </div>
347 347 </%def>
348 348 <%def name="pullrequest_status(status)">
349 349 <div class="${'flag_status %s' % status} pull-left"></div>
350 350 </%def>
351 351
352 352 <%def name="pullrequest_title(title, description)">
353 353 ${title}
354 354 </%def>
355 355
356 356 <%def name="pullrequest_comments(comments_nr)">
357 357 <i class="icon-comment"></i> ${comments_nr}
358 358 </%def>
359 359
360 360 <%def name="pullrequest_name(pull_request_id, target_repo_name, short=False)">
361 361 <a href="${h.route_path('pullrequest_show',repo_name=target_repo_name,pull_request_id=pull_request_id)}">
362 362 % if short:
363 363 #${pull_request_id}
364 364 % else:
365 365 ${_('Pull request #%(pr_number)s') % {'pr_number': pull_request_id,}}
366 366 % endif
367 367 </a>
368 368 </%def>
369 369
370 370 <%def name="pullrequest_updated_on(updated_on)">
371 371 ${h.age_component(h.time_to_utcdatetime(updated_on))}
372 372 </%def>
373 373
374 374 <%def name="pullrequest_author(full_contact)">
375 375 ${base.gravatar_with_user(full_contact, 16)}
376 376 </%def>
377 377
378 378
379 379 <%def name="markup_form(form_id, form_text='', help_text=None)">
380 380
381 381 <div class="markup-form">
382 382 <div class="markup-form-area">
383 383 <div class="markup-form-area-header">
384 384 <ul class="nav-links clearfix">
385 385 <li class="active">
386 386 <a href="#edit-text" tabindex="-1" id="edit-btn_${form_id}">${_('Write')}</a>
387 387 </li>
388 388 <li class="">
389 389 <a href="#preview-text" tabindex="-1" id="preview-btn_${form_id}">${_('Preview')}</a>
390 390 </li>
391 391 </ul>
392 392 </div>
393 393
394 394 <div class="markup-form-area-write" style="display: block;">
395 395 <div id="edit-container_${form_id}">
396 396 <textarea id="${form_id}" name="${form_id}" class="comment-block-ta ac-input">${form_text if form_text else ''}</textarea>
397 397 </div>
398 398 <div id="preview-container_${form_id}" class="clearfix" style="display: none;">
399 399 <div id="preview-box_${form_id}" class="preview-box"></div>
400 400 </div>
401 401 </div>
402 402
403 403 <div class="markup-form-area-footer">
404 404 <div class="toolbar">
405 405 <div class="toolbar-text">
406 406 ${(_('Parsed using %s syntax') % (
407 407 ('<a href="%s">%s</a>' % (h.route_url('%s_help' % c.visual.default_renderer), c.visual.default_renderer.upper())),
408 408 )
409 409 )|n}
410 410 </div>
411 411 </div>
412 412 </div>
413 413 </div>
414 414
415 415 <div class="markup-form-footer">
416 416 % if help_text:
417 417 <span class="help-block">${help_text}</span>
418 418 % endif
419 419 </div>
420 420 </div>
421 421 <script type="text/javascript">
422 422 new MarkupForm('${form_id}');
423 423 </script>
424 424
425 425 </%def>
Show file before | Show file after | Hide comments
@@ -1,545 +1,545 b''
1 1 ## -*- coding: utf-8 -*-
2 2 <%inherit file="/debug_style/index.html"/>
3 3
4 4 <%def name="breadcrumbs_links()">
5 5 ${h.link_to(_('Style'), h.route_path('debug_style_home'))}
6 6 &raquo;
7 7 ${c.active}
8 8 </%def>
9 9
10 10
11 11 <%def name="real_main()">
12 12 <div class="box">
13 13 <div class="title">
14 14 ${self.breadcrumbs()}
15 15 </div>
16 16
17 17 <div class='sidebar-col-wrapper'>
18 18 ##main
19 19 ${self.sidebar()}
20 20
21 21 <div class="main-content">
22 22
23 23 <div style="opacity:.5">
24 24
25 25 <h2>Simple tables</h2>
26 26
27 27 <p>These styles will be adjusted later to provide a baseline style
28 28 for all tables without classes added, whether part of the
29 29 application or not. Currently, some of the
30 30 application-specific styles are applied to this table.</p>
31 31 <p>This is a baseline style for all tables, whether part of the
32 32 application or not. It has no class applied for styling. Use
33 33 the "rctable" class as outlined before for tables which are
34 34 part of the RhodeCode application.</p>
35 35 <table>
36 36 <tbody>
37 37 <tr>
38 38 <th>Header A</th>
39 39 <th>Header B</th>
40 40 <th>Header C</th>
41 41 <th>Header D</th>
42 42 </tr>
43 43 <tr>
44 44 <td>Content of col A</td>
45 45 <td>Content of col B</td>
46 46 <td>Content of col C</td>
47 47 <td>Content of col D</td>
48 48 </tr>
49 49 <tr>
50 50 <td>Content of col A</td>
51 51 <td>Content of col B</td>
52 52 <td>Content of col C</td>
53 53 <td>Content of col D</td>
54 54 </tr>
55 55 <tr>
56 56 <td>Content of col A</td>
57 57 <td>Content of col B</td>
58 58 <td>Content of col C</td>
59 59 <td>Content of col D</td>
60 60 </tr>
61 61 <tr>
62 62 <td>Content of col A</td>
63 63 <td>Content of col B</td>
64 64 <td>Content of col C</td>
65 65 <td>Content of col D</td>
66 66 </tr>
67 67 </tbody>
68 68 </table>
69 69 </div>
70 70
71 71
72 72
73 73
74 74 <h2>RC application table with examples</h2>
75 75
76 76 <p>This is a standard table which applies the rhodecode-specific styling to be used
77 77 throughout the application; it has <code>&lt;table class="rctable"&gt;</code>.
78 78 <br/>
79 79 By default, table data is not truncated, and wraps inside of the <code>&lt;td&gt
80 80 ;</code>. To prevent wrapping and contain data on one line, use the <code>&lt;
81 81 class="truncate-wrap"&gt;</code> on the <code>&lt;td&gt;</code>, and <code>span
82 82 class="truncate"</code> around the specific data to be truncated.
83 83 </p>
84 84 <p>
85 85 Ellipsis is added via CSS. Please always add a row of headers using <code>&lt;th
86 86 &gt;</code> to the top of a table.
87 87 </p>
88 88
89 89 ## TODO: johbo: in case we have more tables with examples, we should
90 90 ## create a generic class here.
91 91 <table class="rctable issuetracker">
92 92 <thead>
93 93 <tr>
94 94 <th>Header A</th>
95 95 <th>Header B</th>
96 96 <th>Header C</th>
97 97 <th>Header D</th>
98 98 </tr>
99 99 </thead>
100 100 <tbody>
101 101 <tr>
102 102 <td class="issue-tracker-example">
103 103 Example of col A
104 104 </td>
105 105 <td class="issue-tracker-example">
106 106 Example of col B
107 107 </td>
108 108 <td class="issue-tracker-example">
109 109 Example of col C
110 110 </td>
111 111 <td class="issue-tracker-example">
112 112 Example of col D
113 113 </td>
114 114 </tr>
115 115 <tr>
116 116 <td>Content of col A</td>
117 117 <td>Content of col B</td>
118 118 <td>Content of col C which is very long and will not be
119 119 truncated because sometimes people just want to write
120 120 really, really long commit messages which explain what
121 121 they did in excruciating detail and you really, really
122 122 want to read them.</td>
123 123 <td>Content of col D</td>
124 124 </tr>
125 125 <tr>
126 126 <td>Content of col A</td>
127 127 <td>Content of col B</td>
128 128 <td>Content of col C</td>
129 129 <td class="truncate-wrap"><span class="truncate">Truncated
130 130 content of column D truncate truncate truncatetruncate
131 131 truncate truncate</span></td>
132 132 </tr>
133 133 </tbody>
134 134 </table>
135 135
136 136 <h2>RC application table data classes</h2>
137 137
138 138 <p>The following tables contain documentation of all existing table data classes.
139 139 Please update when new classes are made.
140 140 </p>
141 141 <table class="rctable examples">
142 142 <thead>
143 143 <tr>
144 144 <th>Class</th>
145 145 <th>Description</th>
146 146 <th>Example</th>
147 147 </tr>
148 148 </thead>
149 149 <tbody>
150 150 <td>td-user</td>
151 151 <td>Any username/gravatar combination (see also Icons style).</td>
152 152 <td class="td-user author">
153 153 <img class="gravatar" alt="gravatar" src="https://secure.gravatar.com/avatar/0c9a7e6674b6f0b35d98dbe073e3f0ab?d=identicon&amp;s=32" height="16" width="16">
154 154 <span title="Oliver Strobel <oliver@rhodecode.com>" class="user">ostrobel (Oliver Strobel)</span>
155 155 </td>
156 156 </tr>
157 157 <tr>
158 158 <td>td-hash</td>
159 159 <td>Any hash; a commit, revision, etc. Use <code>&lt;pre&gt;</code> and header 'Commit'</td>
160 160 <td class="td-commit">
161 161 <pre><a href="/anothercpythonforkkkk/files/8d6b27837c6979983b037693fe975cdbb761b500/">r93699:8d6b27837c69</a></pre>
162 162 </td>
163 163 </tr>
164 164 <tr>
165 165 <td>td-rss</td>
166 166 <td>RSS feed link icon</td>
167 167 <td class="td-rss">
168 168 <a title="Subscribe to rss feed" href="/feed/rss"><i class="icon-rss-sign"></i></a>
169 169 </td>
170 170 </tr>
171 171 <tr>
172 172 <td>td-componentname</td>
173 173 <td>Any group, file, gist, or directory name.</td>
174 174 <td class="td-componentname">
175 175 <a href="/cpythonfork">
176 176 <span title="Mercurial repository"><i class="icon-hg"></i></span>
177 177 <i class="icon-unlock-alt" title="Public repository"></i>
178 178 rhodecode-dev-restyle-fork
179 179 </a>
180 180 </td>
181 181 </tr>
182 182 <tr>
183 183 <td>td-tags</td>
184 184 <td>Any cell containing tags, including branches and bookmarks.</td>
185 185 <td class="td-tags">
186 186 <span class="branchtag tag" title="Branch default">
187 187 <a href="/rhodecode-dev-restyle- fork/changelog?branch=default"><i class="icon-code-fork"></i>default</a>
188 188 </span>
189 189 </td>
190 190 </tr>
191 191 <tr>
192 192 <td>tags-truncate</td>
193 193 <td>Used to truncate a cell containing tags; avoid if possible.</td>
194 194 <td class="td-tags truncate-wrap">
195 195 <div class="truncate tags-truncate">
196 196 <div class="autoexpand">
197 197 <span class="tagtag tag" title="Tag tip">
198 198 <a href="/rhodecode-dev-restyle-fork/files/e519d5a0e71466d27257ddff921c4a13c540408e/"><i class="icon-tag"></i>tip</a>
199 199 </span>
200 200 <span class="branchtag tag" title="Branch default">
201 201 <a href="/rhodecode-dev-restyle-fork/changelog?branch=default"><i class="icon-code-fork"></i>default</a>
202 202 </span>
203 203 <span class="branchtag tag" title="Branch default">
204 204 <a href="/rhodecode-dev-restyle-fork/changelog?branch=default"><i class="icon-code-fork"></i>default</a>
205 205 </span>
206 206 </div>
207 207 </div>
208 208 </td>
209 209 </tr>
210 210 <tr>
211 211 <td>td-ip</td>
212 212 <td>Any ip address.</td>
213 213 <td class="td-ip">
214 214 172.16.115.168
215 215 </td>
216 216 </tr>
217 217 <tr>
218 218 <td>td-type</td>
219 219 <td>A state or an auth type.</td>
220 220 <td class="td-type">
221 221 rhodecode
222 222 </td>
223 223 </tr>
224 224 <tr>
225 225 <td>td-authtoken</td>
226 226 <td>For auth tokens. Use truncate classes for hover expand; see html.</td>
227 227 <td class="truncate-wrap td-authtoken">
228 228 <div class="truncate autoexpand">
229 229 <code>688df65b87d3ad16ae9f8fc6338a551d40f41c7a</code>
230 230 </div>
231 231 </td>
232 232 </tr>
233 233 <tr>
234 234 <td>td-action</td>
235 235 <td>Buttons which perform an action.</td>
236 236 <td class="td-action">
237 237 <div class="grid_edit">
238 238 <a href="/_admin/users/2/edit" title="edit">
239 239 <i class="icon-pencil"></i>Edit</a>
240 240 </div>
241 241 <div class="grid_delete">
242 242 <form action="/_admin/users/2" method="post">
243 243 <i class="icon-remove-sign"></i>
244 244 <input class="btn btn-danger btn-link" id="remove_user_2" name="remove_" type="submit" value="delete">
245 245 </form>
246 246 </div>
247 247 </td>
248 248 </tr>
249 249 <tr>
250 250 <td>td-radio</td>
251 251 <td>Radio buttons for a form. Centers element.</td>
252 252 <td class="td-radio">
253 253 <input type="radio" checked="checked" value="" name="1" id="read"></td>
254 254 </tr>
255 255 <tr>
256 256 <td>td-checkbox</td>
257 257 <td>Checkbox for a form. Centers element.</td>
258 258 <td class="td-checkbox">
259 259 <input type="checkbox" checked="checked" value="" name="1" id="read"></td>
260 260 </tr>
261 261 <tr>
262 262 <tr>
263 263 <td>td-buttons</td>
264 264 <td>Buttons.</td>
265 265 <td class="td-buttons">
266 266 <span class="btn btn-mini btn-primary">feed access</span>
267 267 </td>
268 268 </tr>
269 269 <tr>
270 270 <td>td-compare</td>
271 271 <td>Radio buttons to compare commits.</td>
272 272 <td class=" td-compare">
273 273 <input class="compare-radio-button" type="radio" name="compare_source" value="2.0">
274 274 <input class="compare-radio-button" type="radio" name="compare_target" value="2.0">
275 275 </td>
276 276 </tr>
277 277 <tr>
278 278 <td>td-comments</td>
279 279 <td>Comments indicator icon.</td>
280 280 <td>
281 281 <i class="icon-comment"></i> 0
282 282 </td>
283 283 </tr>
284 284 <tr>
285 285 <td>td-status</td>
286 286 <td>Status indicator icon.</td>
287 287 <td class="td-description">
288 288 <div class="flag_status under_review pull-left"></div>
289 289 </td>
290 290 </tr>
291 291 </tbody>
292 292 </table>
293 293 <table class="dataTable rctable examples">
294 294 <tbody>
295 295 <tr>
296 296 <td>quick_repo_menu</td>
297 297 <td>Hidden menu generated by dataTable.</td>
298 298 <td class="quick_repo_menu">
299 299 <i class="icon-more"></i>
300 300 <div class="menu_items_container" style="display: none;">
301 301 <ul class="menu_items">
302 302 <li>
303 303 <a title="Summary" href="/anothercpythonforkkkk-fork">
304 304 <span>Summary</span>
305 305 </a>
306 306 </li>
307 307 <li>
308 308 <a title="Changelog" href="/anothercpythonforkkkk-fork/changelog">
309 309 <span>Changelog</span>
310 310 </a>
311 311 </li>
312 312 <li>
313 313 <a title="Files" href="/anothercpythonforkkkk-fork/files/tip/">
314 314 <span>Files</span>
315 315 </a>
316 316 </li>
317 317 <li>
318 318 <a title="Fork" href="/anothercpythonforkkkk-fork/fork">
319 319 <span>Fork</span>
320 320 </a>
321 321 </li>
322 322 </ul>
323 323 </div>
324 324 </td>
325 325 <td></td>
326 326 </tr>
327 327 </tbody>
328 328 </table>
329 329 <script>quick_repo_menu();</script>
330 330 <table class="rctable examples">
331 331 <tbody>
332 332 <tr>
333 333 <td>td-description</td>
334 334 <td>Any description. They may be rather long, and using the expand_commit outlined below is recommended.</td>
335 335 <td class="td-description">
336 336 Ultrices mattis! Enim pellentesque lacus, sit magna natoque risus turpis ut, auctor ultrices facilisis dapibus odio? Parturient! Porta egestas nascetur, quis, elementum dolor, in magna ac dis sit etiam turpis, scelerisque! Integer tristique aliquam.
337 337 </td>
338 338 </tr>
339 339 </tbody>
340 340 </table>
341 341 <table id="changesets" class="rctable examples end">
342 342 <tbody>
343 343 <tr>
344 344 <td>expand_commit</td>
345 345 <td>Expands a long message; see html+js.</td>
346 346 <td class="expand_commit" data-commit-id="2ffc6faabc7a9c790b1b452943a3f0c047b8b436" title="Expand commit message">
347 347 <div class="show_more_col">
348 348 <i class="show_more"></i>
349 349 </div>
350 350 </td>
351 351 <td class="mid td-description">
352 352 <div class="log-container truncate-wrap">
353 353 <div id="c-2ffc6faabc7a9c790b1b452943a3f0c047b8b436" class="message truncate" data-message-raw="tests: Test echo method on the server object
354 354
355 355 This only works for Pyro4 so far, have to extend it still for HTTP to work.">tests: Test echo method on the server object
356 356
357 357 This only works for Pyro4 so far, have to extend it still for HTTP to work.</div>
358 358 </div>
359 359 </td>
360 360 </tr>
361 361 </tbody>
362 362 </table>
363 363 <script type="text/javascript">
364 364 var cache = {};
365 365 $('.expand_commit').on('click',function(e){
366 366 var target_expand = $(this);
367 367 var cid = target_expand.data('commitId');
368 368
369 369 if (target_expand.hasClass('open')){
370 370 $('#c-'+cid).css({'height': '1.5em', 'white-space': 'nowrap', 'text-overflow': 'ellipsis', 'overflow':'hidden'});
371 371 $('#t-'+cid).css({'height': '1.5em', 'max-height': '1.5em', 'text-overflow': 'ellipsis', 'overflow':'hidden', 'white-space':'nowrap'});
372 372 target_expand.removeClass('open');
373 373 }
374 374 else {
375 375 $('#c-'+cid).css({'height': 'auto', 'white-space': 'pre-line', 'text-overflow': 'initial', 'overflow':'visible'});
376 376 $('#t-'+cid).css({'height': 'auto', 'max-height': 'none', 'text-overflow': 'initial', 'overflow':'visible', 'white-space':'normal'});
377 377 target_expand.addClass('open');
378 378 }
379 379 });
380 380
381 381 </script>
382 382 <p>The following classes currently do not have unique styles applied.</p>
383 383 <table class="rctable examples end">
384 384 <tbody>
385 385 <tr>
386 386 <td>td-regex</td>
387 387 <td>Regex patterns</td>
388 388 <td class="td-regex">(?:#)(?P<issue_id>\d+)</td>
389 389 </tr>
390 390 <tr>
391 391 <td>td-url</td>
392 392 <td>Any URL.</td>
393 393 <td class="td-url">https://rhodecode.com</td>
394 394 </tr>
395 395 <tr>
396 396 <td>td-journalaction</td>
397 397 <td>Action listed in a journal</td>
398 398 <td class="td-journalaction">started following repository supervisor-fork-4</td>
399 399 </tr>
400 400 <tr>
401 401 <td>td-iprange</td>
402 402 <td>Any ip address.</td>
403 403 <td class="td-ip">127.0.0.1-127.0.0.10</td>
404 404 </tr>
405 405 <tr>
406 406 <td>td-exp</td>
407 407 <td>Expiration time.</td>
408 408 <td class="td-exp">never</td>
409 409 </tr>
410 410 <tr>
411 411 <td>td-prefix</td>
412 412 <td>Prefixes outlined in settings.</td>
413 413 <td class="td-prefix">ubuntu-92539</td>
414 414 </tr>
415 415 <tr>
416 416 <td>td-cachekey</td>
417 417 <td>Cache key value.</td>
418 418 <td class="td-cachekey">ubuntu-92539supervisor</td>
419 419 </tr>
420 420 <tr>
421 421 <td>td-email</td>
422 422 <td>Any email address.</td>
423 423 <td class="td-email">example@rhodecode.com</td>
424 424 </tr>
425 425 <tr>
426 426 <td>td-active</td>
427 427 <td>Shows active state with icon-true/icon-false.</td>
428 428 <td class="td-active"><i class="icon-false"></i></td>
429 429 </tr>
430 430 <tr>
431 431 <td>td-size</td>
432 432 <td>File, repo, or directory size.</td>
433 433 <td class="td-size">89 MB</td>
434 434 </tr>
435 435 <tr>
436 436 <td>td-number</td>
437 437 <td>Any numerical data.</td>
438 438 <td class="td-number">42</td>
439 439 </tr>
440 440 <tr>
441 441 <td>td-message</td>
442 442 <td>Any commit message. Often treated with the truncate class used for descriptions as well.</td>
443 443 <td class="td-message">Updated the files</td>
444 444 </tr>
445 445 </tbody>
446 446 </table>
447 447
448 448
449 449 <h2>Permissions table</h2>
450 450
451 451 <p>
452 452 This is a special-case table; it has
453 453 <code>table class="rctable permissions"</code>
454 454 where "rctable" applies the rhodecode styling as above, and
455 455 "permissions" adds an extra layer of customization specific to
456 456 permissions tables. Other special-case tables may exist or be
457 457 created if necessary.
458 458 </p>
459 459
460 460 <table class="rctable permissions">
461 461 <tr>
462 462 <th class="td-radio">none</th>
463 463 <th class="td-radio">read</th>
464 464 <th class="td-radio">write</th>
465 465 <th class="td-radio">admin</th>
466 466 <th>user/user group</th>
467 467 <th></th>
468 468 </tr>
469 469 <tr class="perm_admin_row">
470 470 <td class="td-radio"><input type="radio" value="repository.none"
471 471 name="admin_perm_2" id="admin_perm_2_repositorynone"
472 472 disabled="disabled"></td>
473 473 <td class="td-radio"><input type="radio" value="repository.read"
474 474 name="admin_perm_2" id="admin_perm_2_repositoryread"
475 475 disabled="disabled"></td>
476 476 <td class="td-radio"><input type="radio" value="repository.write"
477 477 name="admin_perm_2" id="admin_perm_2_repositorywrite"
478 478 disabled="disabled"></td>
479 479 <td class="td-radio"><input type="radio" value="repository.admin"
480 480 name="admin_perm_2" id="admin_perm_2_repositoryadmin"
481 481 disabled="disabled" checked="checked"></td>
482 482 <td>
483 483 <img class="gravatar" src="https://secure.gravatar.com/avatar/be9d18f611892a738e54f2a3a171e2f9?d=identicon&amp;s=32" height="16" width="16">
484 484 <span class="user">dev (super admin) (owner)</span>
485 485 </td>
486 486 <td></td>
487 487 </tr>
488 488 <tr>
489 489 <td colspan="4">
490 490 <span class="private_repo_msg">
491 491 private repository
492 492 </span>
493 493 </td>
494 494 <td class="private_repo_msg">
495 495 <i class="icon-user"></i>
496 496 default - only people explicitly added here will have access</td>
497 497 <td></td>
498 498 </tr>
499 499 <tr>
500 500 <td class="td-radio"><input type="radio" value="repository.none"
501 501 name="u_perm_1" id="u_perm_1_repositorynone"></td>
502 502 <td class="td-radio"><input type="radio" checked="checked"
503 503 value="repository.read" name="u_perm_1"
504 504 id="u_perm_1_repositoryread"></td>
505 505 <td class="td-radio"><input type="radio" value="repository.write"
506 506 name="u_perm_1" id="u_perm_1_repositorywrite"></td>
507 507 <td class="td-radio"><input type="radio" value="repository.admin"
508 508 name="u_perm_1" id="u_perm_1_repositoryadmin"></td>
509 509 <td>
510 510 <img class="gravatar" src="/_static/rhodecode/images/user30.png" height="16" width="16">
511 511 <span class="user">default</span>
512 512 </td>
513 513 <td></td>
514 514 </tr>
515 515 <tr>
516 516 <td class="td-radio"><input type="radio" value="repository.none"
517 517 name="u_perm_2" id="u_perm_2_repositorynone"></td>
518 518 <td class="td-radio"><input type="radio" checked="checked"
519 519 value="repository.read" name="u_perm_2"
520 520 id="u_perm_2_repositoryread"></td>
521 521 <td class="td-radio"><input type="radio" value="repository.write"
522 522 name="u_perm_2" id="u_perm_2_repositorywrite"></td>
523 523 <td class="td-radio"><input type="radio" value="repository.admin"
524 524 name="u_perm_2" id="u_perm_2_repositoryadmin"></td>
525 525 <td>
526 526 <img class="gravatar" src="https://secure.gravatar.com/avatar/be9d18f611892a738e54f2a3a171e2f9?d=identicon&amp;s=32" height="16" width="16">
527 527 <a class="user" href="/_admin/users/2/edit">dev</a>
528 528 </td>
529 529 <td>
530 530 <span member_type="user" member="2"
531 531 class="btn action_button btn-link btn-danger">revoke</span>
532 532 </td>
533 533 </tr>
534 534 </tbody>
535 535 </table>
536 536 <div class="link" id="add_perm">
537 Add new
537 Add user/user group
538 538 </div>
539 539
540 540
541 541
542 542 </div>
543 543 </div>
544 544 </div>
545 545 </%def>
Show file before | Show file after | Hide comments
@@ -1,33 +1,32 b''
1 1 <tal:def tal:define="title title|field.title;
2 2 description description|field.description;
3 3 errormsg errormsg|field.errormsg;
4 4 item_template item_template|field.widget.item_template"
5 5 i18n:domain="deform">
6 6
7 7 <div class="panel panel-default">
8 8 <div class="panel-heading">${title}</div>
9 9 <div class="panel-body">
10 10
11 <div tal:condition="errormsg"
12 class="clearfix alert alert-danger">
13 <p i18n:translate="">
11 <div tal:condition="errormsg" class="clearfix alert alert-error">
12 <span i18n:translate="">
14 13 There was a problem with this section
15 </p>
16 <p>${errormsg}</p>
14 </span>
15 <div>${errormsg}</div>
17 16 </div>
18 17
19 18 <div tal:condition="description">
20 19 ${description}
21 20 </div>
22 21
23 22 ${field.start_mapping()}
24 23 <div tal:repeat="child field.children"
25 24 tal:replace="structure child.render_template(item_template)" >
26 25 </div>
27 26 ${field.end_mapping()}
28 27
29 28 <div style="clear: both"></div>
30 29 </div>
31 30 </div>
32 31
33 32 </tal:def> No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,717 +1,735 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import pytest
22 22
23 23 from rhodecode.lib.auth import AuthUser
24 24 from rhodecode.model.db import (
25 25 RepoGroup, User, UserGroupRepoGroupToPerm, Permission, UserToPerm,
26 26 UserGroupToPerm)
27 27 from rhodecode.model.meta import Session
28 28 from rhodecode.model.permission import PermissionModel
29 29 from rhodecode.model.repo import RepoModel
30 30 from rhodecode.model.repo_group import RepoGroupModel
31 31 from rhodecode.model.user import UserModel
32 32 from rhodecode.model.user_group import UserGroupModel
33 33 from rhodecode.tests.fixture import Fixture
34 34
35 35
36 36 fixture = Fixture()
37 37
38 38
39 39 @pytest.fixture
40 40 def repo_name(backend_hg):
41 41 return backend_hg.repo_name
42 42
43 43
44 44 class TestPermissions(object):
45 45
46 46 @pytest.fixture(scope='class', autouse=True)
47 47 def default_permissions(self, request, baseapp):
48 48 # recreate default user to get a clean start
49 49 PermissionModel().create_default_user_permissions(
50 50 user=User.DEFAULT_USER, force=True)
51 51 Session().commit()
52 52
53 53 @pytest.fixture(autouse=True)
54 54 def prepare_users(self, request):
55 55 # TODO: User creation is a duplicate of test_nofitications, check
56 56 # if that can be unified
57 57 self.u1 = UserModel().create_or_update(
58 58 username=u'u1', password=u'qweqwe',
59 59 email=u'u1@rhodecode.org', firstname=u'u1', lastname=u'u1'
60 60 )
61 61 self.u2 = UserModel().create_or_update(
62 62 username=u'u2', password=u'qweqwe',
63 63 email=u'u2@rhodecode.org', firstname=u'u2', lastname=u'u2'
64 64 )
65 65 self.u3 = UserModel().create_or_update(
66 66 username=u'u3', password=u'qweqwe',
67 67 email=u'u3@rhodecode.org', firstname=u'u3', lastname=u'u3'
68 68 )
69 69 self.anon = User.get_default_user()
70 70 self.a1 = UserModel().create_or_update(
71 71 username=u'a1', password=u'qweqwe',
72 72 email=u'a1@rhodecode.org', firstname=u'a1', lastname=u'a1',
73 73 admin=True
74 74 )
75 75 Session().commit()
76 76
77 77 request.addfinalizer(self.cleanup)
78 78
79 79 def cleanup(self):
80 80 if hasattr(self, 'test_repo'):
81 81 RepoModel().delete(repo=self.test_repo)
82 82
83 83 if hasattr(self, 'g1'):
84 84 RepoGroupModel().delete(self.g1.group_id)
85 85 if hasattr(self, 'g2'):
86 86 RepoGroupModel().delete(self.g2.group_id)
87 87
88 88 UserModel().delete(self.u1)
89 89 UserModel().delete(self.u2)
90 90 UserModel().delete(self.u3)
91 91 UserModel().delete(self.a1)
92 92
93 93 if hasattr(self, 'ug1'):
94 94 UserGroupModel().delete(self.ug1, force=True)
95 95
96 96 Session().commit()
97 97
98 98 def test_default_perms_set(self, repo_name):
99 99 assert repo_perms(self.u1)[repo_name] == 'repository.read'
100 100 new_perm = 'repository.write'
101 101 RepoModel().grant_user_permission(repo=repo_name, user=self.u1,
102 102 perm=new_perm)
103 103 Session().commit()
104 104 assert repo_perms(self.u1)[repo_name] == new_perm
105 105
106 106 def test_default_admin_perms_set(self, repo_name):
107 107 assert repo_perms(self.a1)[repo_name] == 'repository.admin'
108 108 RepoModel().grant_user_permission(repo=repo_name, user=self.a1,
109 109 perm='repository.write')
110 110 Session().commit()
111 111 # cannot really downgrade admins permissions !? they still gets set as
112 112 # admin !
113 113 assert repo_perms(self.a1)[repo_name] == 'repository.admin'
114 114
115 115 def test_default_group_perms(self, repo_name):
116 116 self.g1 = fixture.create_repo_group('test1', skip_if_exists=True)
117 117 self.g2 = fixture.create_repo_group('test2', skip_if_exists=True)
118 118
119 119 assert repo_perms(self.u1)[repo_name] == 'repository.read'
120 120 assert group_perms(self.u1) == {
121 121 'test1': 'group.read', 'test2': 'group.read'}
122 122 assert global_perms(self.u1) == set(
123 123 Permission.DEFAULT_USER_PERMISSIONS)
124 124
125 125 def test_default_admin_group_perms(self, repo_name):
126 126 self.g1 = fixture.create_repo_group('test1', skip_if_exists=True)
127 127 self.g2 = fixture.create_repo_group('test2', skip_if_exists=True)
128 128
129 129 assert repo_perms(self.a1)[repo_name] == 'repository.admin'
130 130 assert group_perms(self.a1) == {
131 131 'test1': 'group.admin', 'test2': 'group.admin'}
132 132
133 133 def test_default_owner_repo_perms(self, backend, user_util, test_repo):
134 134 user = user_util.create_user()
135 135 repo = test_repo('minimal', backend.alias)
136 136 org_owner = repo.user
137 137 assert repo_perms(user)[repo.repo_name] == 'repository.read'
138 138
139 139 repo.user = user
140 140 assert repo_perms(user)[repo.repo_name] == 'repository.admin'
141 141 repo.user = org_owner
142 142
143 def test_default_owner_branch_perms(self, user_util, test_user_group):
144 user = user_util.create_user()
145 assert branch_perms(user) == {}
146
143 147 def test_default_owner_repo_group_perms(self, user_util, test_repo_group):
144 148 user = user_util.create_user()
145 149 org_owner = test_repo_group.user
146 150
147 151 assert group_perms(user)[test_repo_group.group_name] == 'group.read'
148 152
149 153 test_repo_group.user = user
150 154 assert group_perms(user)[test_repo_group.group_name] == 'group.admin'
151 155 test_repo_group.user = org_owner
152 156
153 157 def test_default_owner_user_group_perms(self, user_util, test_user_group):
154 158 user = user_util.create_user()
155 159 org_owner = test_user_group.user
156 160
157 161 assert user_group_perms(user)[test_user_group.users_group_name] == 'usergroup.read'
158 162
159 163 test_user_group.user = user
160 164 assert user_group_perms(user)[test_user_group.users_group_name] == 'usergroup.admin'
161 165
162 166 test_user_group.user = org_owner
163 167
164 168 def test_propagated_permission_from_users_group_by_explicit_perms_exist(
165 169 self, repo_name):
166 170 # make group
167 171 self.ug1 = fixture.create_user_group('G1')
168 172 UserGroupModel().add_user_to_group(self.ug1, self.u1)
169 173
170 174 # set permission to lower
171 175 new_perm = 'repository.none'
172 176 RepoModel().grant_user_permission(
173 177 repo=repo_name, user=self.u1, perm=new_perm)
174 178 Session().commit()
175 179 assert repo_perms(self.u1)[repo_name] == new_perm
176 180
177 181 # grant perm for group this should not override permission from user
178 182 # since it has explicitly set
179 183 new_perm_gr = 'repository.write'
180 184 RepoModel().grant_user_group_permission(
181 185 repo=repo_name, group_name=self.ug1, perm=new_perm_gr)
182 186
183 187 assert repo_perms(self.u1)[repo_name] == new_perm
184 188 assert group_perms(self.u1) == {}
185 189
186 190 def test_propagated_permission_from_users_group(self, repo_name):
187 191 # make group
188 192 self.ug1 = fixture.create_user_group('G1')
189 193 UserGroupModel().add_user_to_group(self.ug1, self.u3)
190 194
191 195 # grant perm for group
192 196 # this should override default permission from user
193 197 new_perm_gr = 'repository.write'
194 198 RepoModel().grant_user_group_permission(
195 199 repo=repo_name, group_name=self.ug1, perm=new_perm_gr)
196 200
197 201 assert repo_perms(self.u3)[repo_name] == new_perm_gr
198 202 assert group_perms(self.u3) == {}
199 203
200 204 def test_propagated_permission_from_users_group_lower_weight(
201 205 self, repo_name):
202 206 # make group with user
203 207 self.ug1 = fixture.create_user_group('G1')
204 208 UserGroupModel().add_user_to_group(self.ug1, self.u1)
205 209
206 210 # set permission to lower
207 211 new_perm_h = 'repository.write'
208 212 RepoModel().grant_user_permission(
209 213 repo=repo_name, user=self.u1, perm=new_perm_h)
210 214 Session().commit()
211 215
212 216 assert repo_perms(self.u1)[repo_name] == new_perm_h
213 217
214 218 # grant perm for group this should NOT override permission from user
215 219 # since it's lower than granted
216 220 new_perm_l = 'repository.read'
217 221 RepoModel().grant_user_group_permission(
218 222 repo=repo_name, group_name=self.ug1, perm=new_perm_l)
219 223
220 224 assert repo_perms(self.u1)[repo_name] == new_perm_h
221 225 assert group_perms(self.u1) == {}
222 226
223 227 def test_repo_in_group_permissions(self):
224 228 self.g1 = fixture.create_repo_group('group1', skip_if_exists=True)
225 229 self.g2 = fixture.create_repo_group('group2', skip_if_exists=True)
226 230 # both perms should be read !
227 231 assert group_perms(self.u1) == \
228 232 {u'group1': u'group.read', u'group2': u'group.read'}
229 233
230 234 assert group_perms(self.anon) == \
231 235 {u'group1': u'group.read', u'group2': u'group.read'}
232 236
233 237 # Change perms to none for both groups
234 238 RepoGroupModel().grant_user_permission(
235 239 repo_group=self.g1, user=self.anon, perm='group.none')
236 240 RepoGroupModel().grant_user_permission(
237 241 repo_group=self.g2, user=self.anon, perm='group.none')
238 242
239 243 assert group_perms(self.u1) == \
240 244 {u'group1': u'group.none', u'group2': u'group.none'}
241 245 assert group_perms(self.anon) == \
242 246 {u'group1': u'group.none', u'group2': u'group.none'}
243 247
244 248 # add repo to group
245 249 name = RepoGroup.url_sep().join([self.g1.group_name, 'test_perm'])
246 250 self.test_repo = fixture.create_repo(name=name,
247 251 repo_type='hg',
248 252 repo_group=self.g1,
249 253 cur_user=self.u1,)
250 254
251 255 assert group_perms(self.u1) == \
252 256 {u'group1': u'group.none', u'group2': u'group.none'}
253 257 assert group_perms(self.anon) == \
254 258 {u'group1': u'group.none', u'group2': u'group.none'}
255 259
256 260 # grant permission for u2 !
257 261 RepoGroupModel().grant_user_permission(
258 262 repo_group=self.g1, user=self.u2, perm='group.read')
259 263 RepoGroupModel().grant_user_permission(
260 264 repo_group=self.g2, user=self.u2, perm='group.read')
261 265 Session().commit()
262 266 assert self.u1 != self.u2
263 267
264 268 # u1 and anon should have not change perms while u2 should !
265 269 assert group_perms(self.u1) == \
266 270 {u'group1': u'group.none', u'group2': u'group.none'}
267 271 assert group_perms(self.u2) == \
268 272 {u'group1': u'group.read', u'group2': u'group.read'}
269 273 assert group_perms(self.anon) == \
270 274 {u'group1': u'group.none', u'group2': u'group.none'}
271 275
272 276 def test_repo_group_user_as_user_group_member(self):
273 277 # create Group1
274 278 self.g1 = fixture.create_repo_group('group1', skip_if_exists=True)
275 279 assert group_perms(self.anon) == {u'group1': u'group.read'}
276 280
277 281 # set default permission to none
278 282 RepoGroupModel().grant_user_permission(
279 283 repo_group=self.g1, user=self.anon, perm='group.none')
280 284 # make group
281 285 self.ug1 = fixture.create_user_group('G1')
282 286 # add user to group
283 287 UserGroupModel().add_user_to_group(self.ug1, self.u1)
284 288 Session().commit()
285 289
286 290 # check if user is in the group
287 291 ug1 = UserGroupModel().get(self.ug1.users_group_id)
288 292 members = [x.user_id for x in ug1.members]
289 293 assert members == [self.u1.user_id]
290 294 # add some user to that group
291 295
292 296 # check his permissions
293 297 assert group_perms(self.anon) == {u'group1': u'group.none'}
294 298 assert group_perms(self.u1) == {u'group1': u'group.none'}
295 299
296 300 # grant ug1 read permissions for
297 301 RepoGroupModel().grant_user_group_permission(
298 302 repo_group=self.g1, group_name=self.ug1, perm='group.read')
299 303 Session().commit()
300 304
301 305 # check if the
302 306 obj = Session().query(UserGroupRepoGroupToPerm)\
303 307 .filter(UserGroupRepoGroupToPerm.group == self.g1)\
304 308 .filter(UserGroupRepoGroupToPerm.users_group == self.ug1)\
305 309 .scalar()
306 310 assert obj.permission.permission_name == 'group.read'
307 311
308 312 assert group_perms(self.anon) == {u'group1': u'group.none'}
309 313 assert group_perms(self.u1) == {u'group1': u'group.read'}
310 314
311 315 def test_inherited_permissions_from_default_on_user_enabled(self):
312 316 # enable fork and create on default user
313 317 _form_result = {
314 318 'default_repo_create': 'hg.create.repository',
315 319 'default_fork_create': 'hg.fork.repository'
316 320 }
317 321 PermissionModel().set_new_user_perms(
318 322 User.get_default_user(), _form_result)
319 323 Session().commit()
320 324
321 325 # make sure inherit flag is turned on
322 326 self.u1.inherit_default_permissions = True
323 327 Session().commit()
324 328
325 329 # this user will have inherited permissions from default user
326 330 assert global_perms(self.u1) == default_perms()
327 331
328 332 def test_inherited_permissions_from_default_on_user_disabled(self):
329 333 # disable fork and create on default user
330 334 _form_result = {
331 335 'default_repo_create': 'hg.create.none',
332 336 'default_fork_create': 'hg.fork.none'
333 337 }
334 338 PermissionModel().set_new_user_perms(
335 339 User.get_default_user(), _form_result)
336 340 Session().commit()
337 341
338 342 # make sure inherit flag is turned on
339 343 self.u1.inherit_default_permissions = True
340 344 Session().commit()
341 345
342 346 # this user will have inherited permissions from default user
343 347 expected_perms = default_perms(
344 348 added=['hg.create.none', 'hg.fork.none'],
345 349 removed=['hg.create.repository', 'hg.fork.repository'])
346 350 assert global_perms(self.u1) == expected_perms
347 351
348 352 def test_non_inherited_permissions_from_default_on_user_enabled(self):
349 353 user_model = UserModel()
350 354 # enable fork and create on default user
351 355 usr = User.DEFAULT_USER
352 356 user_model.revoke_perm(usr, 'hg.create.none')
353 357 user_model.grant_perm(usr, 'hg.create.repository')
354 358 user_model.revoke_perm(usr, 'hg.fork.none')
355 359 user_model.grant_perm(usr, 'hg.fork.repository')
356 360
357 361 # disable global perms on specific user
358 362 user_model.revoke_perm(self.u1, 'hg.create.repository')
359 363 user_model.grant_perm(self.u1, 'hg.create.none')
360 364 user_model.revoke_perm(self.u1, 'hg.fork.repository')
361 365 user_model.grant_perm(self.u1, 'hg.fork.none')
362 366
367 # TODO(marcink): check branch permissions now ?
368
363 369 # make sure inherit flag is turned off
364 370 self.u1.inherit_default_permissions = False
365 371 Session().commit()
366 372
367 373 # this user will have non inherited permissions from he's
368 374 # explicitly set permissions
369 assert global_perms(self.u1) == set([
375 assert global_perms(self.u1) == {
370 376 'hg.create.none',
371 377 'hg.fork.none',
372 378 'hg.register.manual_activate',
373 379 'hg.password_reset.enabled',
374 380 'hg.extern_activate.auto',
375 381 'repository.read',
376 382 'group.read',
377 383 'usergroup.read',
378 ])
384 'branch.push_force',
385 }
379 386
380 387 def test_non_inherited_permissions_from_default_on_user_disabled(self):
381 388 user_model = UserModel()
382 389 # disable fork and create on default user
383 390 usr = User.DEFAULT_USER
384 391 user_model.revoke_perm(usr, 'hg.create.repository')
385 392 user_model.grant_perm(usr, 'hg.create.none')
386 393 user_model.revoke_perm(usr, 'hg.fork.repository')
387 394 user_model.grant_perm(usr, 'hg.fork.none')
388 395
389 396 # enable global perms on specific user
390 397 user_model.revoke_perm(self.u1, 'hg.create.none')
391 398 user_model.grant_perm(self.u1, 'hg.create.repository')
392 399 user_model.revoke_perm(self.u1, 'hg.fork.none')
393 400 user_model.grant_perm(self.u1, 'hg.fork.repository')
394 401
395 402 # make sure inherit flag is turned off
396 403 self.u1.inherit_default_permissions = False
397 404 Session().commit()
398 405
406 # TODO(marcink): check branch perms
407
399 408 # this user will have non inherited permissions from he's
400 409 # explicitly set permissions
401 assert global_perms(self.u1) == set([
410 assert global_perms(self.u1) == {
402 411 'hg.create.repository',
403 412 'hg.fork.repository',
404 413 'hg.register.manual_activate',
405 414 'hg.password_reset.enabled',
406 415 'hg.extern_activate.auto',
407 416 'repository.read',
408 417 'group.read',
409 418 'usergroup.read',
410 ])
419 'branch.push_force',
420 }
411 421
412 422 @pytest.mark.parametrize('perm, expected_perm', [
413 423 ('hg.inherit_default_perms.false', 'repository.none', ),
414 424 ('hg.inherit_default_perms.true', 'repository.read', ),
415 425 ])
416 426 def test_inherited_permissions_on_objects(self, perm, expected_perm):
417 427 _form_result = {
418 428 'default_inherit_default_permissions': perm,
419 429 }
420 430 PermissionModel().set_new_user_perms(
421 431 User.get_default_user(), _form_result)
422 432 Session().commit()
423 433
424 434 # make sure inherit flag is turned on
425 435 self.u1.inherit_default_permissions = True
426 436 Session().commit()
427 437
438 # TODO(marcink): check branch perms
439
428 440 # this user will have inherited permissions from default user
429 assert global_perms(self.u1) == set([
441 assert global_perms(self.u1) == {
430 442 'hg.create.none',
431 443 'hg.fork.none',
432 444 'hg.register.manual_activate',
433 445 'hg.password_reset.enabled',
434 446 'hg.extern_activate.auto',
435 447 'repository.read',
436 448 'group.read',
437 449 'usergroup.read',
450 'branch.push_force',
438 451 'hg.create.write_on_repogroup.true',
439 452 'hg.usergroup.create.false',
440 453 'hg.repogroup.create.false',
441 perm,
442 ])
454 perm
455 }
443 456
444 457 assert set(repo_perms(self.u1).values()) == set([expected_perm])
445 458
446 459 def test_repo_owner_permissions_not_overwritten_by_group(self):
447 460 # create repo as USER,
448 461 self.test_repo = fixture.create_repo(name='myownrepo',
449 462 repo_type='hg',
450 463 cur_user=self.u1)
451 464
452 465 # he has permissions of admin as owner
453 466 assert repo_perms(self.u1)['myownrepo'] == 'repository.admin'
454 467
455 468 # set his permission as user group, he should still be admin
456 469 self.ug1 = fixture.create_user_group('G1')
457 470 UserGroupModel().add_user_to_group(self.ug1, self.u1)
458 471 RepoModel().grant_user_group_permission(
459 472 self.test_repo,
460 473 group_name=self.ug1,
461 474 perm='repository.none')
462 475 Session().commit()
463 476
464 477 assert repo_perms(self.u1)['myownrepo'] == 'repository.admin'
465 478
466 479 def test_repo_owner_permissions_not_overwritten_by_others(self):
467 480 # create repo as USER,
468 481 self.test_repo = fixture.create_repo(name='myownrepo',
469 482 repo_type='hg',
470 483 cur_user=self.u1)
471 484
472 485 # he has permissions of admin as owner
473 486 assert repo_perms(self.u1)['myownrepo'] == 'repository.admin'
474 487
475 488 # set his permission as user, he should still be admin
476 489 RepoModel().grant_user_permission(
477 490 self.test_repo, user=self.u1, perm='repository.none')
478 491 Session().commit()
479 492
480 493 assert repo_perms(self.u1)['myownrepo'] == 'repository.admin'
481 494
482 495 def test_repo_group_owner_permissions_not_overwritten_by_group(self):
483 496 # "u1" shall be owner without any special permission assigned
484 497 self.g1 = fixture.create_repo_group('test1')
485 498
486 499 # Make user group and grant a permission to user group
487 500 self.ug1 = fixture.create_user_group('G1')
488 501 UserGroupModel().add_user_to_group(self.ug1, self.u1)
489 502 RepoGroupModel().grant_user_group_permission(
490 503 repo_group=self.g1, group_name=self.ug1, perm='group.write')
491 504
492 505 # Verify that user does not get any special permission if he is not
493 506 # owner
494 507 assert group_perms(self.u1) == {'test1': 'group.write'}
495 508
496 509 # Make him owner of the repo group
497 510 self.g1.user = self.u1
498 511 assert group_perms(self.u1) == {'test1': 'group.admin'}
499 512
500 513 def test_repo_group_owner_permissions_not_overwritten_by_others(self):
501 514 # "u1" shall be owner without any special permission assigned
502 515 self.g1 = fixture.create_repo_group('test1')
503 516 RepoGroupModel().grant_user_permission(
504 517 repo_group=self.g1, user=self.u1, perm='group.write')
505 518
506 519 # Verify that user does not get any special permission if he is not
507 520 # owner
508 521 assert group_perms(self.u1) == {'test1': 'group.write'}
509 522
510 523 # Make him owner of the repo group
511 524 self.g1.user = self.u1
512 525 assert group_perms(self.u1) == {u'test1': 'group.admin'}
513 526
514 527 def _test_def_user_perm_equal(
515 528 self, user, change_factor=0, compare_keys=None):
516 529 perms = UserToPerm.query().filter(UserToPerm.user == user).all()
517 530 assert len(perms) == \
518 531 len(Permission.DEFAULT_USER_PERMISSIONS) + change_factor
519 532 if compare_keys:
520 533 assert set(
521 534 x.permissions.permission_name for x in perms) == compare_keys
522 535
523 536 def _test_def_user_group_perm_equal(
524 537 self, user_group, change_factor=0, compare_keys=None):
525 538 perms = UserGroupToPerm.query().filter(
526 539 UserGroupToPerm.users_group == user_group).all()
527 540 assert len(perms) == \
528 541 len(Permission.DEFAULT_USER_PERMISSIONS) + change_factor
529 542 if compare_keys:
530 543 assert set(
531 544 x.permissions.permission_name for x in perms) == compare_keys
532 545
533 546 def test_set_default_permissions(self):
534 547 PermissionModel().create_default_user_permissions(user=self.u1)
535 548 self._test_def_user_perm_equal(user=self.u1)
536 549
537 550 def test_set_default_permissions_after_one_is_missing(self):
538 551 PermissionModel().create_default_user_permissions(user=self.u1)
539 552 self._test_def_user_perm_equal(user=self.u1)
540 553 # now we delete one, it should be re-created after another call
541 554 perms = UserToPerm.query().filter(UserToPerm.user == self.u1).all()
542 555 Session().delete(perms[0])
543 556 Session().commit()
544 557
545 558 self._test_def_user_perm_equal(user=self.u1, change_factor=-1)
546 559
547 560 # create missing one !
548 561 PermissionModel().create_default_user_permissions(user=self.u1)
549 562 self._test_def_user_perm_equal(user=self.u1)
550 563
551 564 @pytest.mark.parametrize("perm, modify_to", [
552 565 ('repository.read', 'repository.none'),
553 566 ('group.read', 'group.none'),
554 567 ('usergroup.read', 'usergroup.none'),
555 568 ('hg.create.repository', 'hg.create.none'),
556 569 ('hg.fork.repository', 'hg.fork.none'),
557 570 ('hg.register.manual_activate', 'hg.register.auto_activate',)
558 571 ])
559 572 def test_set_default_permissions_after_modification(self, perm, modify_to):
560 573 PermissionModel().create_default_user_permissions(user=self.u1)
561 574 self._test_def_user_perm_equal(user=self.u1)
562 575
563 576 old = Permission.get_by_key(perm)
564 577 new = Permission.get_by_key(modify_to)
565 578 assert old is not None
566 579 assert new is not None
567 580
568 581 # now modify permissions
569 582 p = UserToPerm.query().filter(
570 583 UserToPerm.user == self.u1).filter(
571 584 UserToPerm.permission == old).one()
572 585 p.permission = new
573 586 Session().add(p)
574 587 Session().commit()
575 588
576 589 PermissionModel().create_default_user_permissions(user=self.u1)
577 590 self._test_def_user_perm_equal(user=self.u1)
578 591
579 592 def test_clear_user_perms(self):
580 593 PermissionModel().create_default_user_permissions(user=self.u1)
581 594 self._test_def_user_perm_equal(user=self.u1)
582 595
583 596 # now clear permissions
584 597 cleared = PermissionModel()._clear_user_perms(self.u1.user_id)
585 598 self._test_def_user_perm_equal(user=self.u1,
586 599 change_factor=len(cleared)*-1)
587 600
588 601 def test_clear_user_group_perms(self):
589 602 self.ug1 = fixture.create_user_group('G1')
590 603 PermissionModel().create_default_user_group_permissions(
591 604 user_group=self.ug1)
592 605 self._test_def_user_group_perm_equal(user_group=self.ug1)
593 606
594 607 # now clear permissions
595 608 cleared = PermissionModel()._clear_user_group_perms(
596 609 self.ug1.users_group_id)
597 610 self._test_def_user_group_perm_equal(user_group=self.ug1,
598 611 change_factor=len(cleared)*-1)
599 612
600 613 @pytest.mark.parametrize("form_result", [
601 614 {},
602 615 {'default_repo_create': 'hg.create.repository'},
603 616 {'default_repo_create': 'hg.create.repository',
604 617 'default_repo_perm': 'repository.read'},
605 618 {'default_repo_create': 'hg.create.none',
606 619 'default_repo_perm': 'repository.write',
607 620 'default_fork_create': 'hg.fork.none'},
608 621 ])
609 622 def test_set_new_user_permissions(self, form_result):
610 623 _form_result = {}
611 624 _form_result.update(form_result)
612 625 PermissionModel().set_new_user_perms(self.u1, _form_result)
613 626 Session().commit()
614 627 change_factor = -1 * (len(Permission.DEFAULT_USER_PERMISSIONS)
615 628 - len(form_result.keys()))
616 629 self._test_def_user_perm_equal(
617 630 self.u1, change_factor=change_factor)
618 631
619 632 @pytest.mark.parametrize("form_result", [
620 633 {},
621 634 {'default_repo_create': 'hg.create.repository'},
622 635 {'default_repo_create': 'hg.create.repository',
623 636 'default_repo_perm': 'repository.read'},
624 637 {'default_repo_create': 'hg.create.none',
625 638 'default_repo_perm': 'repository.write',
626 639 'default_fork_create': 'hg.fork.none'},
627 640 ])
628 641 def test_set_new_user_group_permissions(self, form_result):
629 642 _form_result = {}
630 643 _form_result.update(form_result)
631 644 self.ug1 = fixture.create_user_group('G1')
632 645 PermissionModel().set_new_user_group_perms(self.ug1, _form_result)
633 646 Session().commit()
634 647 change_factor = -1 * (len(Permission.DEFAULT_USER_PERMISSIONS)
635 648 - len(form_result.keys()))
636 649 self._test_def_user_group_perm_equal(
637 650 self.ug1, change_factor=change_factor)
638 651
639 652 @pytest.mark.parametrize("group_active, expected_perm", [
640 653 (True, 'repository.admin'),
641 654 (False, 'repository.read'),
642 655 ])
643 656 def test_get_default_repo_perms_from_user_group_with_active_group(
644 657 self, backend, user_util, group_active, expected_perm):
645 658 repo = backend.create_repo()
646 659 user = user_util.create_user()
647 660 user_group = user_util.create_user_group(
648 661 members=[user], users_group_active=group_active)
649 662
650 663 user_util.grant_user_group_permission_to_repo(
651 664 repo, user_group, 'repository.admin')
652 665 permissions = repo_perms(user)
653 666 repo_permission = permissions.get(repo.repo_name)
654 667 assert repo_permission == expected_perm
655 668
656 669 @pytest.mark.parametrize("group_active, expected_perm", [
657 670 (True, 'group.admin'),
658 671 (False, 'group.read')
659 672 ])
660 673 def test_get_default_group_perms_from_user_group_with_active_group(
661 674 self, user_util, group_active, expected_perm):
662 675 user = user_util.create_user()
663 676 repo_group = user_util.create_repo_group()
664 677 user_group = user_util.create_user_group(
665 678 members=[user], users_group_active=group_active)
666 679
667 680 user_util.grant_user_group_permission_to_repo_group(
668 681 repo_group, user_group, 'group.admin')
669 682 permissions = group_perms(user)
670 683 group_permission = permissions.get(repo_group.name)
671 684 assert group_permission == expected_perm
672 685
673 686 @pytest.mark.parametrize("group_active, expected_perm", [
674 687 (True, 'usergroup.admin'),
675 688 (False, 'usergroup.read')
676 689 ])
677 690 def test_get_default_user_group_perms_from_user_group_with_active_group(
678 691 self, user_util, group_active, expected_perm):
679 692 user = user_util.create_user()
680 693 user_group = user_util.create_user_group(
681 694 members=[user], users_group_active=group_active)
682 695 target_user_group = user_util.create_user_group()
683 696
684 697 user_util.grant_user_group_permission_to_user_group(
685 698 target_user_group, user_group, 'usergroup.admin')
686 699 permissions = user_group_perms(user)
687 700 group_permission = permissions.get(target_user_group.users_group_name)
688 701 assert group_permission == expected_perm
689 702
690 703
691 704 def repo_perms(user):
692 705 auth_user = AuthUser(user_id=user.user_id)
693 706 return auth_user.permissions['repositories']
694 707
695 708
709 def branch_perms(user):
710 auth_user = AuthUser(user_id=user.user_id)
711 return auth_user.permissions['repository_branches']
712
713
696 714 def group_perms(user):
697 715 auth_user = AuthUser(user_id=user.user_id)
698 716 return auth_user.permissions['repositories_groups']
699 717
700 718
701 719 def user_group_perms(user):
702 720 auth_user = AuthUser(user_id=user.user_id)
703 721 return auth_user.permissions['user_groups']
704 722
705 723
706 724 def global_perms(user):
707 725 auth_user = AuthUser(user_id=user.user_id)
708 726 return auth_user.permissions['global']
709 727
710 728
711 729 def default_perms(added=None, removed=None):
712 730 expected_perms = set(Permission.DEFAULT_USER_PERMISSIONS)
713 731 if removed:
714 732 expected_perms.difference_update(removed)
715 733 if added:
716 734 expected_perms.update(added)
717 735 return expected_perms
Show file before | Show file after | Hide comments
@@ -1,70 +1,70 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import pytest
22 22
23 23 from rhodecode.tests.vcs.conftest import BackendTestMixin
24 24 from rhodecode.lib.vcs.exceptions import (
25 25 TagAlreadyExistError, TagDoesNotExistError)
26 26
27 27
28 28 pytestmark = pytest.mark.backends("git", "hg")
29 29
30 30
31 31 @pytest.mark.usefixtures("vcs_repository_support")
32 32 class TestTags(BackendTestMixin):
33 33
34 34 def test_new_tag(self):
35 35 tip = self.repo.get_commit()
36 36 tagsize = len(self.repo.tags)
37 37 tag = self.repo.tag('last-commit', 'joe', tip.raw_id)
38 38
39 39 assert len(self.repo.tags) == tagsize + 1
40 40 for top, __, __ in tip.walk():
41 41 assert top == tag.get_node(top.path)
42 42
43 43 def test_tag_already_exist(self):
44 44 tip = self.repo.get_commit()
45 45 self.repo.tag('last-commit', 'joe', tip.raw_id)
46 46
47 47 with pytest.raises(TagAlreadyExistError):
48 48 self.repo.tag('last-commit', 'joe', tip.raw_id)
49 49
50 50 commit = self.repo.get_commit(commit_idx=0)
51 51 with pytest.raises(TagAlreadyExistError):
52 52 self.repo.tag('last-commit', 'jane', commit.raw_id)
53 53
54 54 def test_remove_tag(self):
55 55 tip = self.repo.get_commit()
56 56 self.repo.tag('last-commit', 'joe', tip.raw_id)
57 57 tagsize = len(self.repo.tags)
58 58
59 59 self.repo.remove_tag('last-commit', user='evil joe')
60 60 assert len(self.repo.tags) == tagsize - 1
61 61
62 62 def test_remove_tag_which_does_not_exist(self):
63 63 with pytest.raises(TagDoesNotExistError):
64 64 self.repo.remove_tag('last-commit', user='evil joe')
65 65
66 66 def test_name_with_slash(self):
67 67 self.repo.tag('19/10/11', 'joe')
68 68 assert '19/10/11' in self.repo.tags
69 self.repo.tag('11', 'joe')
70 assert '11' in self.repo.tags
69 self.repo.tag('rel.11', 'joe')
70 assert 'rel.11' in self.repo.tags
General Comments 0
You need to be logged in to leave comments. Login now